Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   WProtectManager unter ProgramData und 337-Games in der Startleiste (https://www.trojaner-board.de/151888-wprotectmanager-programdata-337-games-startleiste.html)

steveeeee 01.04.2014 18:00
WProtectManager unter ProgramData und 337-Games in der Startleiste
 
Hallo zusammen,

ich habe mir wohl etwas eingefangen :/. Seit wenigen Tagen meldet sich mein AntiVir etwa alle zwei Stunden und weist mich darauf hin, dass es einen Virusverdacht bei einer Datei gibt. Hier der Bericht von AntiVir:

Zitat:
Beginne mit der Suche in 'C:\ProgramData\WPM\update\update.exe'
C:\ProgramData\WPM\update\update.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen2
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54c076f6.qua' verschoben!
Vor zwei Tagen hat sich dann plötzlich mein Browser (Chrome) geschlossen und ich habe ein neues Symbol "337-Games" in der Schnellstartleiste gefunden. Darüber wird der Chrome-Browser aufgerufen und öffnet besagte Seite (337games.com oder so).
Habe mich dann auf die Suche nach Lösungen begeben und folgende Threads bei euch gefunden:

http://www.trojaner-board.de/151640-...e-rechner.html
und
http://www.trojaner-board.de/146622-...-verdacht.html

Habe dann analog dazu ComboFix laufen lassen (bitte nicht hauen, ich weiss es wurde nicht MIR explizit empfohlen).
Anschliessend habe ich mit RevoUninstaller das Programm "337-Games" deinstalliert.
Auch Malwarebytes Anti-Malware ist fündig geworden.
Mittlerweile bestehen keine ernsten Probleme mehr. Doch habe ich eben bemerkt, dass ich den "AntiVit-Echtzeitschutz" nicht mehr deaktivieren kann. Es erscheint folgende Meldung:

http://i58.tinypic.com/10qjtd3.jpg


Die Logs habe ich als Archiv angehängt ;)


Vielen Dank im Voraus für Eure Hilfestellungen!

steve

schrauber 01.04.2014 18:33
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

steveeeee 01.04.2014 19:08
defogger_disable.txt
Zitat:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:25 on 01/04/2014 (steve)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-
FRST.txt

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by steve (administrator) on steve-PC on 01-04-2014 18:31:55
Running from C:\Users\steve\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
(Seiko Epson Corporation) C:\Windows\system32\EscSvc64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(VIA Technologies, Inc.) C:\VIA_XHCI\usb3Monitor.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Google Inc.) C:\Users\steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Dropbox, Inc.) C:\Users\steve\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\system32\wbem\WMIADAP.EXE
(Google Inc.) C:\Users\steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\program files (x86)\avira\antivir desktop\ipmGui.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [VIAxHCUtl] - C:\VIA_XHCI\usb3Monitor.exe [331776 2011-07-12] (VIA Technologies, Inc.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [170496 2012-10-15] (Sun Microsystems, Inc.)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [39136 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [825560 2012-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM-x32\...\RunOnce: [GBTUpd] - C:\Program Files (x86)\Gigabyte\UpdManager\PreRun.exe [297480 2008-04-03] (PreRun)
HKU\S-1-5-21-2280969488-2109145150-2365161803-1000\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2280969488-2109145150-2365161803-1000\...\Run: [85DBE9CD5C641104D2F436A3E6535A29577D79AD._service_run] - C:\Users\steve\AppData\Local\Google\Chrome\Application\chrome.exe [859976 2014-03-15] (Google Inc.)
HKU\S-1-5-21-2280969488-2109145150-2365161803-1000\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2280969488-2109145150-2365161803-1000\...\Run: [Mobile Partner] - C:\Program Files (x86)\My Broadband\My Broadband
Startup: C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\steve\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3780B8F9C60ACE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388547520&from=cor&uid=M4-CT128M4SSD2_0000000012080907680D&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.aartemis.com/web/?type=ds&ts=1388547520&from=cor&uid=M4-CT128M4SSD2_0000000012080907680D&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: No Name - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -  No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: No Name - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -  No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{1E2A2F41-C006-4388-81AE-B59AD0F37157}: [NameServer]192.168.178.1

Chrome:
=======
CHR HomePage:
CHR Plugin: (Shockwave Flash) - C:\Users\steve\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\steve\AppData\Local\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\steve\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\steve\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Google Update) - C:\Users\steve\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (Web Developer) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2013-01-03]
CHR Extension: (Adblock Plus) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-28]
CHR Extension: (Add to Wunderlist) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmnddeddcgdllibmaodanoonljfdmooc [2013-11-07]
CHR Extension: (Suche Wechseln) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\dopemniaeocfenlpnoannaefnhfcjcgi [2014-03-30]
CHR Extension: (Wunderlist - To-do and Task list) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjliknjliaohjgjajlgolhijphojjdkc [2012-12-20]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2013-10-08]
CHR Extension: (ShiftEdit) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcgmndephhjcabhhjfcmncnhbmgbkpij [2013-01-20]
CHR Extension: (FVD Downloader) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2013-09-24]
CHR Extension: (qipu Cashbackmelder open beta) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\mloigoojndlehdjiemdfpiikieonngel [2012-12-30]
CHR Extension: (Google Wallet) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Extended Protection) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo [2014-03-30]
CHR HKLM-x32\...\Chrome\Extension: [dopemniaeocfenlpnoannaefnhfcjcgi] - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\searchswitch.crx [2014-03-30]
CHR HKLM-x32\...\Chrome\Extension: [ogfjmhfnldnajmfaofeiaepghjenbgjo] - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ep.crx [2014-03-30]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-05-10] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138400 2012-08-26] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138400 2012-08-26] (SlySoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-09-02] (DT Soft Ltd)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2010-07-27] (Huawei Technologies Co., Ltd.)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104560 2012-04-25] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-03-05] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-03-05] (Malwarebytes Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2013-04-03] (Duplex Secure Ltd.)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [205312 2012-01-20] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [254464 2012-01-20] (VIA Technologies, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-01 18:31 - 2014-04-01 18:32 - 00018108 _____ () C:\Users\steve\Desktop\FRST.txt
2014-04-01 18:31 - 2014-04-01 18:31 - 00000000 ____D () C:\FRST
2014-04-01 18:25 - 2014-04-01 18:25 - 02157056 _____ (Farbar) C:\Users\steve\Desktop\FRST64.exe
2014-04-01 18:25 - 2014-04-01 18:25 - 00050477 _____ () C:\Users\steve\Desktop\Defogger.exe
2014-04-01 18:25 - 2014-04-01 18:25 - 00000586 _____ () C:\Users\steve\Desktop\defogger_disable.log
2014-04-01 18:25 - 2014-04-01 18:25 - 00000020 _____ () C:\Users\steve\defogger_reenable
2014-04-01 18:24 - 2014-04-01 18:24 - 00380416 _____ () C:\Users\steve\Desktop\gup35mqd.exe
2014-04-01 07:52 - 2014-04-01 07:52 - 00001605 _____ () C:\Users\steve\Desktop\TB.txt
2014-03-31 22:57 - 2014-03-31 22:57 - 00022172 _____ () C:\Users\steve\Desktop\ComboFix.txt
2014-03-31 22:53 - 2014-03-31 22:57 - 00000000 ____D () C:\Qoobox
2014-03-31 22:53 - 2014-03-31 22:56 - 00000000 ____D () C:\Windows\erdnt
2014-03-31 22:53 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-31 22:53 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-31 22:53 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-31 22:53 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-31 22:53 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-31 22:53 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-31 22:53 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-31 22:53 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-31 20:34 - 2014-03-31 20:34 - 05192353 ____R (Swearware) C:\Users\steve\Desktop\ComboFix.exe
2014-03-30 22:24 - 2014-04-01 06:52 - 00053392 _____ () C:\Windows\PFRO.log
2014-03-30 22:11 - 2014-04-01 07:17 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-30 21:57 - 2014-03-30 21:57 - 00001228 _____ () C:\Users\steve\Desktop\Revo Uninstaller.lnk
2014-03-30 21:57 - 2014-03-30 21:57 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-30 21:57 - 2014-03-30 21:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-30 21:57 - 2014-03-30 21:57 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-30 21:57 - 2014-03-30 21:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-30 21:57 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-30 21:57 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-30 21:57 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-30 21:50 - 2014-03-30 21:50 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\steve\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-30 21:50 - 2014-03-30 21:50 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\steve\Downloads\revosetup95.exe
2014-03-30 21:37 - 2014-03-30 22:21 - 00000000 ____D () C:\Users\steve\AppData\Roaming\SupTab
2014-03-27 19:16 - 2014-03-27 23:26 - 457173402 _____ () C:\Users\steve\Downloads\s1619.rar
2014-03-13 17:30 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 17:30 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 17:30 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 17:30 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 17:30 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 17:30 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 17:30 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 17:30 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 17:30 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 17:30 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 17:30 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 17:30 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 17:30 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 17:30 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 17:30 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 17:30 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 17:30 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 17:30 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 17:30 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 17:30 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 17:30 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 17:30 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 17:30 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 17:30 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 17:30 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 17:30 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 17:30 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 17:30 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 17:30 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 17:30 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 17:30 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 17:30 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 17:30 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 17:30 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 17:30 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 17:30 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 17:30 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 17:30 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 17:30 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 17:30 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 17:30 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 17:30 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 17:30 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 17:30 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 17:29 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 17:29 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 17:29 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 17:29 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-02 12:26 - 2014-03-02 12:26 - 00005402 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log

==================== One Month Modified Files and Folders =======

2014-04-01 18:32 - 2014-04-01 18:31 - 00018108 _____ () C:\Users\steve\Desktop\FRST.txt
2014-04-01 18:31 - 2014-04-01 18:31 - 00000000 ____D () C:\FRST
2014-04-01 18:31 - 2012-08-31 18:00 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Dropbox
2014-04-01 18:31 - 2012-08-31 14:05 - 01572026 _____ () C:\Windows\WindowsUpdate.log
2014-04-01 18:31 - 2011-04-12 09:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-04-01 18:31 - 2011-04-12 09:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-04-01 18:31 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-01 18:30 - 2012-08-31 18:03 - 00000000 ___RD () C:\Users\steve\Dropbox
2014-04-01 18:30 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-04-01 18:27 - 2014-02-28 21:56 - 00001120 _____ () C:\Windows\setupact.log
2014-04-01 18:27 - 2012-08-31 14:41 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-01 18:27 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-01 18:26 - 2013-12-31 11:48 - 00000000 ____D () C:\Users\steve\AppData\Roaming\TS3Client
2014-04-01 18:26 - 2012-09-06 14:42 - 00000000 ____D () C:\Users\steve\Documents\Outlook-Dateien
2014-04-01 18:26 - 2012-08-31 17:57 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-01 18:25 - 2014-04-01 18:25 - 02157056 _____ (Farbar) C:\Users\steve\Desktop\FRST64.exe
2014-04-01 18:25 - 2014-04-01 18:25 - 00050477 _____ () C:\Users\steve\Desktop\Defogger.exe
2014-04-01 18:25 - 2014-04-01 18:25 - 00000586 _____ () C:\Users\steve\Desktop\defogger_disable.log
2014-04-01 18:25 - 2014-04-01 18:25 - 00000020 _____ () C:\Users\steve\defogger_reenable
2014-04-01 18:25 - 2012-08-31 14:05 - 00000000 ____D () C:\Users\steve
2014-04-01 18:24 - 2014-04-01 18:24 - 00380416 _____ () C:\Users\steve\Desktop\gup35mqd.exe
2014-04-01 18:20 - 2012-10-31 19:35 - 00000000 ____D () C:\ProgramData\Sonos,_Inc
2014-04-01 18:10 - 2012-09-08 08:22 - 00000000 ____D () C:\Users\steve\AppData\Local\A19D0D92-E506-4870-A46E-0FC261FF6DC1.aplzod
2014-04-01 07:52 - 2014-04-01 07:52 - 00001605 _____ () C:\Users\steve\Desktop\TB.txt
2014-04-01 07:33 - 2012-08-31 14:32 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2280969488-2109145150-2365161803-1000UA.job
2014-04-01 07:17 - 2014-03-30 22:11 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-01 06:59 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-01 06:59 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-01 06:52 - 2014-03-30 22:24 - 00053392 _____ () C:\Windows\PFRO.log
2014-03-31 22:57 - 2014-03-31 22:57 - 00022172 _____ () C:\Users\steve\Desktop\ComboFix.txt
2014-03-31 22:57 - 2014-03-31 22:53 - 00000000 ____D () C:\Qoobox
2014-03-31 22:57 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-03-31 22:56 - 2014-03-31 22:53 - 00000000 ____D () C:\Windows\erdnt
2014-03-31 22:56 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-31 22:33 - 2012-08-31 14:32 - 00001076 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2280969488-2109145150-2365161803-1000Core.job
2014-03-31 20:34 - 2014-03-31 20:34 - 05192353 ____R (Swearware) C:\Users\steve\Desktop\ComboFix.exe
2014-03-30 22:24 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\addins
2014-03-30 22:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PLA
2014-03-30 22:21 - 2014-03-30 21:37 - 00000000 ____D () C:\Users\steve\AppData\Roaming\SupTab
2014-03-30 21:57 - 2014-03-30 21:57 - 00001228 _____ () C:\Users\steve\Desktop\Revo Uninstaller.lnk
2014-03-30 21:57 - 2014-03-30 21:57 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-30 21:57 - 2014-03-30 21:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-30 21:57 - 2014-03-30 21:57 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-30 21:57 - 2014-03-30 21:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-30 21:50 - 2014-03-30 21:50 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\steve\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-30 21:50 - 2014-03-30 21:50 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\steve\Downloads\revosetup95.exe
2014-03-30 21:00 - 2012-09-11 12:40 - 00000000 ____D () C:\Users\steve\Downloads\JDownloader
2014-03-29 18:21 - 2013-02-12 14:31 - 00001907 _____ () C:\Users\Public\Desktop\Sonos.lnk
2014-03-29 18:21 - 2012-10-31 19:35 - 00000000 ____D () C:\Program Files (x86)\Sonos
2014-03-29 18:20 - 2012-10-31 19:35 - 00000000 ____D () C:\Users\steve\AppData\Local\Downloaded Installations
2014-03-27 23:26 - 2014-03-27 19:16 - 457173402 _____ () C:\Users\steve\Downloads\s1619.rar
2014-03-24 23:28 - 2012-08-31 14:32 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2280969488-2109145150-2365161803-1000UA
2014-03-24 23:28 - 2012-08-31 14:32 - 00003706 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2280969488-2109145150-2365161803-1000Core
2014-03-19 02:06 - 2012-09-06 14:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-17 18:18 - 2013-03-13 23:48 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-17 18:18 - 2013-03-13 23:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-17 18:18 - 2009-07-14 06:45 - 05075608 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 17:31 - 2013-12-31 11:48 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-03-05 09:26 - 2014-03-30 21:57 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-03-30 21:57 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-03-30 21:57 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-04 23:31 - 2013-05-24 14:42 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-03 15:02 - 2013-06-12 16:44 - 00000000 ____D () C:\Users\steve\AppData\Roaming\FileZilla
2014-03-02 12:26 - 2014-03-02 12:26 - 00005402 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-03-02 12:26 - 2013-09-22 17:59 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-02 12:26 - 2013-09-22 17:58 - 00000000 ____D () C:\Program Files (x86)\Java

Some content of TEMP:
====================
C:\Users\steve\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-30 15:22

==================== End Of Log ============================
--- --- ---


Additions.txt
Zitat:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by steve at 2014-04-01 18:32:10
Running from C:\Users\steve\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.6 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.175 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.1.5.0 - SlySoft)
Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.15.16 - Atheros Communications Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty: Ghosts (HKLM-x32\...\Steam App 209160) (Version: - Infinity Ward)
CCleaner (HKLM\...\CCleaner) (Version: 3.19 - Piriform)
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.3.0 - Elaborate Bytes)
CloneDVDmobile (HKLM-x32\...\CloneDVDmobile) (Version: 1.9.0.1 - SlySoft)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0316 - DT Soft Ltd)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DC4BC0CC-A928-4C48-BA40-AC24784F46E5}) (Version: - Microsoft)
Deutsche Post E-Porto (HKLM\...\{AFEF38CC-13B4-45E9-AD68-1A842627B203}) (Version: 2.3.0 - Deutsche Post AG)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON WF-3540 Series Printer Uninstall (HKLM\...\EPSON WF-3540 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
FileZilla Client 3.7.4.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse)
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.6.0 - Futuremark Corporation)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Calendar Sync (HKLM-x32\...\Google Calendar Sync) (Version: - )
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.12.1498 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 13 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416013FF}) (Version: 6.0.130 - Sun Microsystems, Inc.)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Lexware Elster (HKLM-x32\...\{9F6BFB0F-6B1F-4D1A-A9DA-42F6794C9188}) (Version: 13.00.00.0027 - Haufe-Lexware GmbH & Co.KG)
Lexware Info Service (HKLM-x32\...\{8AE7E507-BC49-4DF0-A236-26878691AB53}) (Version: 2.90.00.0009 - Haufe-Lexware GmbH & Co.KG)
Malwarebytes Anti-Malware Version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1010 - Marvell)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Broadband (HKLM-x32\...\My Broadband) (Version: 1.09.00.1055 - Huawei Technologies Co.,Ltd)
MyDriveConnect 3.3.0.1318 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1318 - TomTom)
NVIDIA 3D Vision Controller-Treiber 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.49 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.49 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.49 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.24.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.24.2 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.124.810 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0604 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2049 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 320.49 (Version: 320.49 - NVIDIA Corporation) Hidden
NVIDIA Update 4.11.9 (Version: 4.11.9 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 4.11.9 - NVIDIA Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 26.1.75260 - Sonos, Inc.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version: - )
TAXMAN 2013 (HKLM-x32\...\{F289D934-2224-473B-B57E-0040D2693F83}) (Version: 19.05.00.0026 - Haufe-Lexware GmbH & Co.KG)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{99A0DB9A-71FC-4F98-BC1F-78A18195C677}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{64D96F30-CF4C-4CCE-AAF2-F8909348BF35}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{9F6507AC-7D8F-46C1-B90F-59C7828E0E0D}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{A9C4BE58-07E0-473D-AE68-ECBA13FBF77E}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BEA3259E-14B5-4D89-87FF-ED9F1D0D81C8}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{BE1D254A-E5CD-4E76-9BE8-7B2E5FDBA6AF}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2878227) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{04DED3FB-DDB2-4C1E-A057-2A1FB97BE42D}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DF33B92A-5381-4F03-AB54-2D67086B357E}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A82E26EF-680E-427D-B7D0-FD7997DDC217}) (Version: - Microsoft)
Update Manager B11.1227.1 (HKLM-x32\...\{2913C8E7-612B-47DA-B18D-A23E1A1B16E3}) (Version: 1.00.0000 - Gigabyte)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Walter de Gruyter - Pschyrembel (HKLM-x32\...\Walter de Gruyter Pschyrembel) (Version: - )
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Restore Points =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-03-31 22:56 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {3F9B6211-D06A-4DC4-B295-26FC33D68D87} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2280969488-2109145150-2365161803-1000UA => C:\Users\steve\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-31] (Google Inc.)
Task: {6D13ABA8-7BA3-47BA-81DA-B04A5BB46888} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2280969488-2109145150-2365161803-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {822A55CD-7858-4D53-9CA6-8E57090F7202} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2280969488-2109145150-2365161803-1000Core => C:\Users\steve\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-31] (Google Inc.)
Task: {E4DAB559-7F67-4A98-B873-F9BA10737B90} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2280969488-2109145150-2365161803-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2280969488-2109145150-2365161803-1000Core.job => C:\Users\steve\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2280969488-2109145150-2365161803-1000UA.job => C:\Users\steve\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-08-31 14:40 - 2013-06-21 12:23 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-03-14 17:27 - 2011-03-14 17:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-08-05 13:06 - 2013-08-05 12:53 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-12 20:06 - 2014-02-12 20:06 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b162055347700182d96325676dd591c4\IsdiInterop.ni.dll
2012-08-31 14:24 - 2011-11-29 20:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-08-31 14:19 - 2012-05-10 15:03 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-03-15 18:56 - 2014-03-15 02:50 - 00051016 _____ () C:\Users\steve\AppData\Local\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\steve\AppData\Roaming\Dropbox\bin\libcef.dll
2012-12-18 16:28 - 2012-12-18 16:28 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu
2014-02-11 21:29 - 2014-02-11 21:29 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-03-15 18:56 - 2014-03-15 02:50 - 00716616 _____ () C:\Users\steve\AppData\Local\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-15 18:56 - 2014-03-15 02:50 - 00100168 _____ () C:\Users\steve\AppData\Local\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-15 18:56 - 2014-03-15 02:50 - 04061000 _____ () C:\Users\steve\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 18:56 - 2014-03-15 02:50 - 00394568 _____ () C:\Users\steve\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 18:56 - 2014-03-15 02:50 - 01647432 _____ () C:\Users\steve\AppData\Local\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Calendar Sync.lnk => C:\Windows\pss\Google Calendar Sync.lnk.CommonStartup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: EPLTarget =>
MSCONFIG\startupreg: Google Update => "C:\Users\steve\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LexwareInfoService => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/01/2014 06:28:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2014 06:20:01 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/01/2014 07:53:08 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2995

Error: (04/01/2014 07:53:08 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2995

Error: (04/01/2014 07:53:08 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/01/2014 07:53:07 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1997

Error: (04/01/2014 07:53:07 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1997

Error: (04/01/2014 07:53:07 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/01/2014 07:53:06 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 998

Error: (04/01/2014 07:53:06 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 998


System errors:
=============
Error: (04/01/2014 06:53:51 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/31/2014 10:56:25 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (03/31/2014 10:56:10 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (03/31/2014 10:54:54 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (03/30/2014 08:37:11 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.

Error: (03/27/2014 07:13:22 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/18/2014 09:11:48 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/17/2014 06:20:29 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/10/2014 05:55:05 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/06/2014 05:42:18 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================
Error: (04/01/2014 06:28:58 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2014 06:20:01 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/01/2014 07:53:08 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2995

Error: (04/01/2014 07:53:08 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2995

Error: (04/01/2014 07:53:08 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/01/2014 07:53:07 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1997

Error: (04/01/2014 07:53:07 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1997

Error: (04/01/2014 07:53:07 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/01/2014 07:53:06 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 998

Error: (04/01/2014 07:53:06 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 998


CodeIntegrity Errors:
===================================
Date: 2014-03-31 22:56:10.709
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

Date: 2014-03-31 22:56:10.693
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 26%
Total physical RAM: 8152.04 MB
Available physical RAM: 5964.47 MB
Total Pagefile: 16302.27 MB
Available Pagefile: 13748.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.66 GB) (Free:123.78 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
Gmer.txt
GMER Logfile:
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-01 18:46:23
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Samsung_ rev.EXT0 232,89GB
Running: gup35mqd.exe; Driver: C:\Users\steve\AppData\Local\Temp\kxdiifob.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                  0000000075b61465 2 bytes [B6, 75]
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                0000000075b614bb 2 bytes [B6, 75]
.text  ...                                                                                                                                              * 2
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69  0000000075b61465 2 bytes [B6, 75]
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000075b614bb 2 bytes [B6, 75]
.text  ...                                                                                                                                              * 2
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      0000000075b61465 2 bytes [B6, 75]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                      0000000075b614bb 2 bytes [B6, 75]
.text  ...                                                                                                                                              * 2

---- EOF - GMER 2.1 ----
--- --- ---

steveeeee 01.04.2014 19:11
ComboFix.txt
Combofix Logfile:
Code:
ComboFix 14-03-24.01 - steve 31.03.2014  22:53:45.1.4 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.8152.6297 [GMT 2:00]
ausgeführt von:: c:\users\steve\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\steve\AppData\Local\assembly\tmp
c:\users\steve\AppData\Roaming\inst.exe
c:\users\steve\AppData\Roaming\vso_ts_preview.xml
c:\windows\IsUn0407.exe
c:\windows\Temp\log.txt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-02-28 bis 2014-03-31  ))))))))))))))))))))))))))))))
.
.
2014-03-31 20:56 . 2014-03-31 20:56        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2014-03-31 20:56 . 2014-03-31 20:56        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-03-30 20:11 . 2014-03-31 20:29        119512        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-03-30 19:57 . 2014-03-30 19:57        --------        d-----w-        c:\program files (x86)\Malwarebytes Anti-Malware
2014-03-30 19:57 . 2014-03-30 19:57        --------        d-----w-        c:\programdata\Malwarebytes
2014-03-30 19:57 . 2014-03-05 07:26        63192        ----a-w-        c:\windows\system32\drivers\mwac.sys
2014-03-30 19:57 . 2014-03-05 07:26        88280        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2014-03-30 19:57 . 2014-03-05 07:26        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys
2014-03-30 19:57 . 2014-03-30 19:57        --------        d-----w-        c:\program files (x86)\VS Revo Group
2014-03-30 19:37 . 2014-03-30 20:21        --------        d-----w-        c:\users\steve\AppData\Roaming\SupTab
2014-03-13 15:29 . 2014-02-04 02:32        1424384        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2014-03-13 15:29 . 2014-02-04 02:32        624128        ----a-w-        c:\windows\system32\qedit.dll
2014-03-13 15:29 . 2014-02-04 02:04        1230336        ----a-w-        c:\windows\SysWow64\WindowsCodecs.dll
2014-03-13 15:29 . 2014-02-04 02:04        509440        ----a-w-        c:\windows\SysWow64\qedit.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-18 02:13 . 2012-09-22 21:24        88567024        ----a-w-        c:\windows\system32\MRT.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        131248        ----a-w-        c:\users\steve\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        131248        ----a-w-        c:\users\steve\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        131248        ----a-w-        c:\users\steve\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mobile Partner"="c:\program files (x86)\My Broadband\My Broadband" [X]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]
"85DBE9CD5C641104D2F436A3E6535A29577D79AD._service_run"="c:\users\steve\AppData\Local\Google\Chrome\Application\chrome.exe" [2014-03-15 859976]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-20 291648]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-12-18 39136]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-12-18 825560]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-05 43848]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2012-04-02 1058912]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-20 689744]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-06 152392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GBTUpd"="c:\program files (x86)\Gigabyte\UpdManager\PreRun.exe" [2008-04-03 297480]
.
c:\users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\steve\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\DRIVERS\ew_jucdcecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcecm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
S3 VUSB3HUB;VIA USB 3 Root Hub Service;c:\windows\system32\DRIVERS\ViaHub3.sys;c:\windows\SYSNATIVE\DRIVERS\ViaHub3.sys [x]
S3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\DRIVERS\xhcdrv.sys;c:\windows\SYSNATIVE\DRIVERS\xhcdrv.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBACCESSCONTROL
.
Inhalt des "geplante Tasks" Ordners
.
2014-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2280969488-2109145150-2365161803-1000Core.job
- c:\users\steve\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-31 12:32]
.
2014-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2280969488-2109145150-2365161803-1000UA.job
- c:\users\steve\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-31 12:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        164016        ----a-w-        c:\users\steve\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        164016        ----a-w-        c:\users\steve\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        164016        ----a-w-        c:\users\steve\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        164016        ----a-w-        c:\users\steve\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VIAxHCUtl"="c:\via_xhci\usb3Monitor.exe" [2011-07-12 331776]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2012-10-15 170496]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mDefault_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388547520&from=cor&uid=M4-CT128M4SSD2_0000000012080907680D&q={searchTerms}
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.aartemis.com/web/?type=ds&ts=1388547520&from=cor&uid=M4-CT128M4SSD2_0000000012080907680D&q={searchTerms}
uInternet Settings,ProxyOverride = *.local
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: Interfaces\{1E2A2F41-C006-4388-81AE-B59AD0F37157}: NameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-03-31  22:57:29
ComboFix-quarantined-files.txt  2014-03-31 20:57
.
Vor Suchlauf: 9 Verzeichnis(se), 133.014.388.736 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 132.895.969.280 Bytes frei
.
- - End Of File - - 2D644AF88E7106A6983287E244B037B9
--- --- ---


MBAM.txt
Zitat:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 30.03.2014
Suchlauf-Zeit: 22:15:02
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.0.1000
Malware Datenbank: v2014.03.30.06
Rootkit Datenbank: v2014.03.27.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: steve

Suchlauf-Art: Hyper-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 220246
Verstrichene Zeit: 3 Min, 26 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Deaktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 2
PUP.Optional.WpManager, C:\ProgramData\WPM\wprotectmanager.exe, 664, Löschen bei Neustart, [b5b98c7db6c511250d43c49425dc7a86]
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.exe, 5560, Löschen bei Neustart, [c7a79d6c02793cfa8897d67828d9a55b]

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 15
PUP.Optional.WpManager, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Wpm, In Quarantäne, [b5b98c7db6c511250d43c49425dc7a86],
PUP.Optional.IePluginService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginService, In Quarantäne, [c7a79d6c02793cfa8897d67828d9a55b],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SupTab, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [83eb19f0f08b1c1a0e34e4a535ce7789],
PUP.Optional.Aartemis.A, HKLM\SOFTWARE\WOW6432NODE\AARTEMISSOFTWARE\aartemishp, In Quarantäne, [d8962edb4635dc5a9bcebeab4cb6c838],
PUP.Optional.QuickStart.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pelmeidfhdlhlbjimpabfcbnnojbboma, In Quarantäne, [36388782b1cae551b61c63f72fd356aa],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [1e505eab93e859ddb989b4d5e02332ce],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2280969488-2109145150-2365161803-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Löschen bei Neustart, [2a44f712582316203ef00364976bfd03],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2280969488-2109145150-2365161803-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Löschen bei Neustart, [c8a648c10b70d660313f106d45bebb45],

Registrierungswerte: 2
PUP.Optional.WpManager.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WPM|ImagePath, C:\ProgramData\WPM\wprotectmanager.exe -service, In Quarantäne, [65094cbd4b3024123ce47717937006fa]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2280969488-2109145150-2365161803-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0L1K1I1U1StM0U1J, Löschen bei Neustart, [c8a648c10b70d660313f106d45bebb45]

Registrierungsdaten: 4
PUP.Optional.Aartemis, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://aartemis.com/?type=sc&ts=1388547520&from=cor&uid=M4-CT128M4SSD2_0000000012080907680D, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://aartemis.com/?type=sc&ts=1388547520&from=cor&uid=M4-CT128M4SSD2_0000000012080907680D),Ersetzt,[f17dc44583f82f072e58ab61ee16ab55]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[acc2d7320378b581e68f719bed17cf31]
PUP.Optional.Aartemis, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://aartemis.com/?type=sc&ts=1388547520&from=cor&uid=M4-CT128M4SSD2_0000000012080907680D, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://aartemis.com/?type=sc&ts=1388547520&from=cor&uid=M4-CT128M4SSD2_0000000012080907680D),Ersetzt,[125c3ecb1e5d60d6c8be090316ee60a0]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[fd71bb4e97e43402eb8aa46821e3af51]

Ordner: 50
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService, Löschen bei Neustart, [690585841665171fdde3dd759a68f60a],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update, In Quarantäne, [690585841665171fdde3dd759a68f60a],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\img, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\img\weather, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\js, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\en, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\es, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\es_419, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\fr, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\fr-BE, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\fr-CA, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\fr-CH, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\fr-LU, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\it, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\it-CH, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\pl, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\pt_BR, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\ru, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\ru-MO, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\tr, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\vi, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\zh_CN, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\zh_TW, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],

Dateien: 123
PUP.Optional.WpManager, C:\ProgramData\WPM\wprotectmanager.exe, Löschen bei Neustart, [b5b98c7db6c511250d43c49425dc7a86],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.exe, Löschen bei Neustart, [c7a79d6c02793cfa8897d67828d9a55b],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx, In Quarantäne, [b9b5f6134a314de9c4253028b74b23dd],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\install.data, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\uninstall.exe, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WebDataJs, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\style.css, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_logo.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\27.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\0.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\1.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\10.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\11.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\12.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\13.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\14.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\15.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\16.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\17.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\18.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\19.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\2.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\20.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\21.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\22.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\23.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\24.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\25.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\26.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\28.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\29.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\3.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\30.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\31.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\32.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\33.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\34.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\35.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\36.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\37.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\38.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\39.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\4.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\40.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\41.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\42.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\43.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\44.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\45.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\46.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\47.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\5.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\6.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\7.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\8.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\9.png, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\background.js, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ga.js, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-base.js, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\js.js, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit.js, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, In Quarantäne, [cba3fe0b601bf83ee4fe5d0636ccfc04],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update\conf, In Quarantäne, [690585841665171fdde3dd759a68f60a],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\index.html, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\manifest.json, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\style.css, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\img\default_logo.png, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\img\icon128.png, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\img\icon16.png, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\img\icon48.png, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\img\loading.gif, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\img\search.png, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\img\weather\0.png, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\js\background.js, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\js\ga.js, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\js\jquery-base.js, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\js\jquery.autocomplete.js, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\js\js.js, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\js\xagainit.js, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\en\messages.json, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\es\messages.json, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\es_419\messages.json, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\fr\messages.json, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\fr-BE\messages.json, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\fr-CA\messages.json, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\fr-CH\messages.json, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\fr-LU\messages.json, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\it\messages.json, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\it-CH\messages.json, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\pl\messages.json, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\pt_BR\messages.json, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\ru\messages.json, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\ru-MO\messages.json, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\tr\messages.json, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\vi\messages.json, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\zh_CN\messages.json, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],
PUP.Optional.QuickStart.A, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\_locales\zh_TW\messages.json, In Quarantäne, [e985f415abd0ea4c9dffc88e917146ba],

Physische Sektoren: 0
(No malicious items detected)


(end)

schrauber 02.04.2014 13:37
hi,

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307




Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

steveeeee 03.04.2014 00:02
Huhu,

vielen Dank schon einmal. Hier die Logdateien:

AdwCleaner.txt
Code:
# AdwCleaner v3.023 - Bericht erstellt am 03/04/2014 um 00:51:18
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : steve - steve-PC
# Gestartet von : C:\Users\steve\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\steve\AppData\Roaming\SupTab

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\Software\aartemisSoftware
Schlüssel Gelöscht : HKLM\Software\supTab
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\Wpm

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Google Chrome v

[ Datei : C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1683 octets] - [03/04/2014 00:50:43]
AdwCleaner[S0].txt - [1384 octets] - [03/04/2014 00:51:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1444 octets] ##########
JRT.txt
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Professional x64
Ran by steve on 03.04.2014 at  0:56:03,73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.04.2014 at  0:59:19,77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST.log


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by steve (administrator) on steve-PC on 03-04-2014 01:00:04
Running from C:\Users\steve\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
(Seiko Epson Corporation) C:\Windows\system32\EscSvc64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(VIA Technologies, Inc.) C:\VIA_XHCI\usb3Monitor.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dropbox, Inc.) C:\Users\steve\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\steve\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [VIAxHCUtl] - C:\VIA_XHCI\usb3Monitor.exe [331776 2011-07-12] (VIA Technologies, Inc.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [170496 2012-10-15] (Sun Microsystems, Inc.)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [39136 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [825560 2012-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM-x32\...\RunOnce: [GBTUpd] - C:\Program Files (x86)\Gigabyte\UpdManager\PreRun.exe [297480 2008-04-03] (PreRun)
HKU\S-1-5-21-2280969488-2109145150-2365161803-1000\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2280969488-2109145150-2365161803-1000\...\Run: [85DBE9CD5C641104D2F436A3E6535A29577D79AD._service_run] - C:\Users\steve\AppData\Local\Google\Chrome\Application\chrome.exe [859976 2014-03-15] (Google Inc.)
HKU\S-1-5-21-2280969488-2109145150-2365161803-1000\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2280969488-2109145150-2365161803-1000\...\Run: [Mobile Partner] - C:\Program Files (x86)\My Broadband\My Broadband
Startup: C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\steve\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3780B8F9C60ACE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: No Name - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -  No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: No Name - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -  No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{1E2A2F41-C006-4388-81AE-B59AD0F37157}: [NameServer]192.168.178.1

Chrome:
=======
CHR HomePage:
CHR Extension: (Web Developer) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2013-01-03]
CHR Extension: (Adblock Plus) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-28]
CHR Extension: (Add to Wunderlist) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmnddeddcgdllibmaodanoonljfdmooc [2013-11-07]
CHR Extension: (Suche Wechseln) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\dopemniaeocfenlpnoannaefnhfcjcgi [2014-03-30]
CHR Extension: (Wunderlist - To-do and Task list) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjliknjliaohjgjajlgolhijphojjdkc [2012-12-20]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2013-10-08]
CHR Extension: (ShiftEdit) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcgmndephhjcabhhjfcmncnhbmgbkpij [2013-01-20]
CHR Extension: (FVD Downloader) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2013-09-24]
CHR Extension: (qipu Cashbackmelder open beta) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\mloigoojndlehdjiemdfpiikieonngel [2012-12-30]
CHR Extension: (Google Wallet) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Extended Protection) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo [2014-03-30]
CHR HKLM-x32\...\Chrome\Extension: [dopemniaeocfenlpnoannaefnhfcjcgi] - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\searchswitch.crx [2014-03-30]
CHR HKLM-x32\...\Chrome\Extension: [ogfjmhfnldnajmfaofeiaepghjenbgjo] - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ep.crx [2014-03-30]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-05-10] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138400 2012-08-26] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138400 2012-08-26] (SlySoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-09-02] (DT Soft Ltd)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2010-07-27] (Huawei Technologies Co., Ltd.)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104560 2012-04-25] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-03-05] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-02] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-03-05] (Malwarebytes Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2013-04-03] (Duplex Secure Ltd.)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [205312 2012-01-20] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [254464 2012-01-20] (VIA Technologies, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-03 00:59 - 2014-04-03 00:59 - 00000627 _____ () C:\Users\steve\Desktop\JRT.txt
2014-04-03 00:56 - 2014-04-03 00:56 - 00000000 ____D () C:\Windows\ERUNT
2014-04-03 00:54 - 2014-04-03 00:55 - 00001518 _____ () C:\Users\steve\Desktop\AdwCleaner[S0].txt
2014-04-03 00:50 - 2014-04-03 00:51 - 00000000 ____D () C:\AdwCleaner
2014-04-03 00:49 - 2014-04-03 00:49 - 01426178 _____ () C:\Users\steve\Desktop\adwcleaner.exe
2014-04-03 00:49 - 2014-04-03 00:49 - 01038974 _____ (Thisisu) C:\Users\steve\Desktop\JRT.exe
2014-04-01 20:02 - 2014-04-01 20:02 - 00022136 _____ () C:\Users\steve\Desktop\ComboFix2.txt
2014-04-01 18:47 - 2014-04-01 18:58 - 00032693 _____ () C:\Users\steve\Desktop\mbam.txt
2014-04-01 18:46 - 2014-04-01 18:57 - 00001948 _____ () C:\Users\steve\Desktop\GMER.log
2014-04-01 18:32 - 2014-04-01 18:57 - 00034665 _____ () C:\Users\steve\Desktop\Addition.txt
2014-04-01 18:31 - 2014-04-03 01:00 - 00016436 _____ () C:\Users\steve\Desktop\FRST.txt
2014-04-01 18:31 - 2014-04-03 01:00 - 00000000 ____D () C:\FRST
2014-04-01 18:25 - 2014-04-01 18:56 - 00000584 _____ () C:\Users\steve\Desktop\defogger_disable.log
2014-04-01 18:25 - 2014-04-01 18:25 - 02157056 _____ (Farbar) C:\Users\steve\Desktop\FRST64.exe
2014-04-01 18:25 - 2014-04-01 18:25 - 00050477 _____ () C:\Users\steve\Desktop\Defogger.exe
2014-04-01 18:25 - 2014-04-01 18:25 - 00000020 _____ () C:\Users\steve\defogger_reenable
2014-04-01 18:24 - 2014-04-01 18:24 - 00380416 _____ () C:\Users\steve\Desktop\gup35mqd.exe
2014-04-01 07:52 - 2014-04-01 07:52 - 00001605 _____ () C:\Users\steve\Desktop\TB.txt
2014-03-31 22:57 - 2014-03-31 22:57 - 00022172 _____ () C:\Users\steve\Desktop\ComboFix.txt
2014-03-31 22:53 - 2014-03-31 22:57 - 00000000 ____D () C:\Qoobox
2014-03-31 22:53 - 2014-03-31 22:56 - 00000000 ____D () C:\Windows\erdnt
2014-03-31 22:53 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-31 22:53 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-31 22:53 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-31 22:53 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-31 22:53 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-31 22:53 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-31 22:53 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-31 22:53 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-31 20:34 - 2014-03-31 20:34 - 05192353 ____R (Swearware) C:\Users\steve\Desktop\ComboFix.exe
2014-03-30 22:24 - 2014-04-01 06:52 - 00053392 _____ () C:\Windows\PFRO.log
2014-03-30 22:11 - 2014-04-02 17:05 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-30 21:57 - 2014-03-30 21:57 - 00001228 _____ () C:\Users\steve\Desktop\Revo Uninstaller.lnk
2014-03-30 21:57 - 2014-03-30 21:57 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-30 21:57 - 2014-03-30 21:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-30 21:57 - 2014-03-30 21:57 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-30 21:57 - 2014-03-30 21:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-30 21:57 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-30 21:57 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-30 21:57 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-30 21:50 - 2014-03-30 21:50 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\steve\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-30 21:50 - 2014-03-30 21:50 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\steve\Downloads\revosetup95.exe
2014-03-27 19:16 - 2014-03-27 23:26 - 457173402 _____ () C:\Users\steve\Downloads\s1619.rar
2014-03-13 17:30 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 17:30 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 17:30 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 17:30 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 17:30 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 17:30 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 17:30 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 17:30 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 17:30 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 17:30 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 17:30 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 17:30 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 17:30 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 17:30 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 17:30 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 17:30 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 17:30 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 17:30 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 17:30 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 17:30 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 17:30 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 17:30 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 17:30 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 17:30 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 17:30 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 17:30 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 17:30 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 17:30 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 17:30 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 17:30 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 17:30 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 17:30 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 17:30 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 17:30 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 17:30 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 17:30 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 17:30 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 17:30 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 17:30 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 17:30 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 17:30 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 17:30 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 17:30 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 17:30 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 17:29 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 17:29 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 17:29 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 17:29 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

==================== One Month Modified Files and Folders =======

2014-04-03 01:00 - 2014-04-01 18:31 - 00016436 _____ () C:\Users\steve\Desktop\FRST.txt
2014-04-03 01:00 - 2014-04-01 18:31 - 00000000 ____D () C:\FRST
2014-04-03 00:59 - 2014-04-03 00:59 - 00000627 _____ () C:\Users\steve\Desktop\JRT.txt
2014-04-03 00:59 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-03 00:59 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-03 00:58 - 2011-04-12 09:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-04-03 00:58 - 2011-04-12 09:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-04-03 00:58 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-03 00:56 - 2014-04-03 00:56 - 00000000 ____D () C:\Windows\ERUNT
2014-04-03 00:55 - 2014-04-03 00:54 - 00001518 _____ () C:\Users\steve\Desktop\AdwCleaner[S0].txt
2014-04-03 00:54 - 2012-08-31 18:03 - 00000000 ___RD () C:\Users\steve\Dropbox
2014-04-03 00:54 - 2012-08-31 18:00 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Dropbox
2014-04-03 00:54 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-04-03 00:52 - 2014-02-28 21:56 - 00001232 _____ () C:\Windows\setupact.log
2014-04-03 00:52 - 2012-08-31 14:41 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-03 00:52 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-03 00:51 - 2014-04-03 00:50 - 00000000 ____D () C:\AdwCleaner
2014-04-03 00:51 - 2012-08-31 14:32 - 00001076 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2280969488-2109145150-2365161803-1000Core.job
2014-04-03 00:51 - 2012-08-31 14:05 - 01594657 _____ () C:\Windows\WindowsUpdate.log
2014-04-03 00:49 - 2014-04-03 00:49 - 01426178 _____ () C:\Users\steve\Desktop\adwcleaner.exe
2014-04-03 00:49 - 2014-04-03 00:49 - 01038974 _____ (Thisisu) C:\Users\steve\Desktop\JRT.exe
2014-04-03 00:48 - 2012-08-31 14:32 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2280969488-2109145150-2365161803-1000UA.job
2014-04-02 17:05 - 2014-03-30 22:11 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-01 22:50 - 2013-12-31 11:48 - 00000000 ____D () C:\Users\steve\AppData\Roaming\TS3Client
2014-04-01 22:50 - 2012-08-31 17:57 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-01 22:32 - 2012-09-06 14:42 - 00000000 ____D () C:\Users\steve\Documents\Outlook-Dateien
2014-04-01 21:16 - 2012-09-08 08:22 - 00000000 ____D () C:\Users\steve\AppData\Local\A19D0D92-E506-4870-A46E-0FC261FF6DC1.aplzod
2014-04-01 20:02 - 2014-04-01 20:02 - 00022136 _____ () C:\Users\steve\Desktop\ComboFix2.txt
2014-04-01 19:11 - 2012-10-31 19:35 - 00000000 ____D () C:\ProgramData\Sonos,_Inc
2014-04-01 18:58 - 2014-04-01 18:47 - 00032693 _____ () C:\Users\steve\Desktop\mbam.txt
2014-04-01 18:57 - 2014-04-01 18:46 - 00001948 _____ () C:\Users\steve\Desktop\GMER.log
2014-04-01 18:57 - 2014-04-01 18:32 - 00034665 _____ () C:\Users\steve\Desktop\Addition.txt
2014-04-01 18:56 - 2014-04-01 18:25 - 00000584 _____ () C:\Users\steve\Desktop\defogger_disable.log
2014-04-01 18:25 - 2014-04-01 18:25 - 02157056 _____ (Farbar) C:\Users\steve\Desktop\FRST64.exe
2014-04-01 18:25 - 2014-04-01 18:25 - 00050477 _____ () C:\Users\steve\Desktop\Defogger.exe
2014-04-01 18:25 - 2014-04-01 18:25 - 00000020 _____ () C:\Users\steve\defogger_reenable
2014-04-01 18:25 - 2012-08-31 14:05 - 00000000 ____D () C:\Users\steve
2014-04-01 18:24 - 2014-04-01 18:24 - 00380416 _____ () C:\Users\steve\Desktop\gup35mqd.exe
2014-04-01 07:52 - 2014-04-01 07:52 - 00001605 _____ () C:\Users\steve\Desktop\TB.txt
2014-04-01 06:52 - 2014-03-30 22:24 - 00053392 _____ () C:\Windows\PFRO.log
2014-03-31 22:57 - 2014-03-31 22:57 - 00022172 _____ () C:\Users\steve\Desktop\ComboFix.txt
2014-03-31 22:57 - 2014-03-31 22:53 - 00000000 ____D () C:\Qoobox
2014-03-31 22:57 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-03-31 22:56 - 2014-03-31 22:53 - 00000000 ____D () C:\Windows\erdnt
2014-03-31 22:56 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-31 20:34 - 2014-03-31 20:34 - 05192353 ____R (Swearware) C:\Users\steve\Desktop\ComboFix.exe
2014-03-30 22:24 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\addins
2014-03-30 22:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PLA
2014-03-30 21:57 - 2014-03-30 21:57 - 00001228 _____ () C:\Users\steve\Desktop\Revo Uninstaller.lnk
2014-03-30 21:57 - 2014-03-30 21:57 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-30 21:57 - 2014-03-30 21:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-30 21:57 - 2014-03-30 21:57 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-30 21:57 - 2014-03-30 21:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-30 21:50 - 2014-03-30 21:50 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\steve\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-30 21:50 - 2014-03-30 21:50 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\steve\Downloads\revosetup95.exe
2014-03-30 21:00 - 2012-09-11 12:40 - 00000000 ____D () C:\Users\steve\Downloads\JDownloader
2014-03-29 18:21 - 2013-02-12 14:31 - 00001907 _____ () C:\Users\Public\Desktop\Sonos.lnk
2014-03-29 18:21 - 2012-10-31 19:35 - 00000000 ____D () C:\Program Files (x86)\Sonos
2014-03-29 18:20 - 2012-10-31 19:35 - 00000000 ____D () C:\Users\steve\AppData\Local\Downloaded Installations
2014-03-27 23:26 - 2014-03-27 19:16 - 457173402 _____ () C:\Users\steve\Downloads\s1619.rar
2014-03-24 23:28 - 2012-08-31 14:32 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2280969488-2109145150-2365161803-1000UA
2014-03-24 23:28 - 2012-08-31 14:32 - 00003706 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2280969488-2109145150-2365161803-1000Core
2014-03-19 02:06 - 2012-09-06 14:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-17 18:18 - 2013-03-13 23:48 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-17 18:18 - 2013-03-13 23:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-17 18:18 - 2009-07-14 06:45 - 05075608 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 17:31 - 2013-12-31 11:48 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-03-05 09:26 - 2014-03-30 21:57 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-03-30 21:57 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-03-30 21:57 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-04 23:31 - 2013-05-24 14:42 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

Some content of TEMP:
====================
C:\Users\steve\AppData\Local\Temp\avgnt.exe
C:\Users\steve\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-30 15:22

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---


VG,
steve

schrauber 03.04.2014 12:14

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

steveeeee 03.04.2014 16:57
ESET:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=322a638a7fa83441b406b5d41703038a
# engine=17742
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-03 02:57:13
# local_time=2014-04-03 04:57:13 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 57910 167208338 50942 0
# compatibility_mode=5893 16776574 100 94 22963802 148166883 0 0
# scanned=48
# found=0
# cleaned=0
# scan_time=14
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=322a638a7fa83441b406b5d41703038a
# engine=17742
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-03 03:42:10
# local_time=2014-04-03 05:42:10 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 2773 167211035 0 0
# compatibility_mode=5893 16776574 100 94 22966499 148169580 0 0
# scanned=193521
# found=0
# cleaned=0
# scan_time=2670
SecurityCheck
Code:
Results of screen317's Security Check version 0.99.80 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop 
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Call of Duty: Ghosts 
 Java 7 Update 51 
 Google Chrome 33.0.1750.146 
 Google Chrome 33.0.1750.154 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Malwarebytes Anti-Malware mbamscheduler.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
FRST

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by steve (administrator) on steve-PC on 03-04-2014 17:56:16
Running from C:\Users\steve\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
(Seiko Epson Corporation) C:\Windows\system32\EscSvc64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(VIA Technologies, Inc.) C:\VIA_XHCI\usb3Monitor.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Google Inc.) C:\Users\steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Dropbox, Inc.) C:\Users\steve\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Users\steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Sonos, Inc.) C:\Program Files (x86)\Sonos\Sonos.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Users\steve\Downloads\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [VIAxHCUtl] - C:\VIA_XHCI\usb3Monitor.exe [331776 2011-07-12] (VIA Technologies, Inc.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [170496 2012-10-15] (Sun Microsystems, Inc.)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [39136 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [825560 2012-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM-x32\...\RunOnce: [GBTUpd] - C:\Program Files (x86)\Gigabyte\UpdManager\PreRun.exe [297480 2008-04-03] (PreRun)
HKU\S-1-5-21-2280969488-2109145150-2365161803-1000\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2280969488-2109145150-2365161803-1000\...\Run: [85DBE9CD5C641104D2F436A3E6535A29577D79AD._service_run] - C:\Users\steve\AppData\Local\Google\Chrome\Application\chrome.exe [859976 2014-03-15] (Google Inc.)
HKU\S-1-5-21-2280969488-2109145150-2365161803-1000\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2280969488-2109145150-2365161803-1000\...\Run: [Mobile Partner] - C:\Program Files (x86)\My Broadband\My Broadband
Startup: C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\steve\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3780B8F9C60ACE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: No Name - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -  No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: No Name - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -  No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{1E2A2F41-C006-4388-81AE-B59AD0F37157}: [NameServer]192.168.178.1

Chrome:
=======
CHR HomePage:
CHR Plugin: (Shockwave Flash) - C:\Users\steve\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\steve\AppData\Local\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\steve\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\steve\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Google Update) - C:\Users\steve\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (Web Developer) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2013-01-03]
CHR Extension: (Adblock Plus) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-28]
CHR Extension: (Add to Wunderlist) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmnddeddcgdllibmaodanoonljfdmooc [2013-11-07]
CHR Extension: (Suche Wechseln) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\dopemniaeocfenlpnoannaefnhfcjcgi [2014-03-30]
CHR Extension: (Wunderlist - To-do and Task list) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjliknjliaohjgjajlgolhijphojjdkc [2012-12-20]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2013-10-08]
CHR Extension: (ShiftEdit) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcgmndephhjcabhhjfcmncnhbmgbkpij [2013-01-20]
CHR Extension: (FVD Downloader) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2013-09-24]
CHR Extension: (qipu Cashbackmelder open beta) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\mloigoojndlehdjiemdfpiikieonngel [2012-12-30]
CHR Extension: (Google Wallet) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Extended Protection) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo [2014-03-30]
CHR HKLM-x32\...\Chrome\Extension: [dopemniaeocfenlpnoannaefnhfcjcgi] - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\searchswitch.crx [2014-03-30]
CHR HKLM-x32\...\Chrome\Extension: [ogfjmhfnldnajmfaofeiaepghjenbgjo] - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ep.crx [2014-03-30]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-05-10] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138400 2012-08-26] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138400 2012-08-26] (SlySoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-09-02] (DT Soft Ltd)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2010-07-27] (Huawei Technologies Co., Ltd.)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104560 2012-04-25] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-03-05] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-03-05] (Malwarebytes Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2013-04-03] (Duplex Secure Ltd.)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [205312 2012-01-20] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [254464 2012-01-20] (VIA Technologies, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-03 17:53 - 2014-04-03 17:53 - 00987442 _____ () C:\Users\steve\Downloads\SecurityCheck.exe
2014-04-03 16:55 - 2014-04-03 16:55 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-03 00:56 - 2014-04-03 00:56 - 00000000 ____D () C:\Windows\ERUNT
2014-04-03 00:54 - 2014-04-03 00:55 - 00001518 _____ () C:\Users\steve\Desktop\AdwCleaner[S0].txt
2014-04-03 00:50 - 2014-04-03 00:51 - 00000000 ____D () C:\AdwCleaner
2014-04-03 00:49 - 2014-04-03 00:49 - 01426178 _____ () C:\Users\steve\Desktop\adwcleaner.exe
2014-04-03 00:49 - 2014-04-03 00:49 - 01038974 _____ (Thisisu) C:\Users\steve\Desktop\JRT.exe
2014-04-01 20:02 - 2014-04-01 20:02 - 00022136 _____ () C:\Users\steve\Desktop\ComboFix2.txt
2014-04-01 18:47 - 2014-04-01 18:58 - 00032693 _____ () C:\Users\steve\Desktop\mbam.txt
2014-04-01 18:46 - 2014-04-01 18:57 - 00001948 _____ () C:\Users\steve\Desktop\GMER.log
2014-04-01 18:32 - 2014-04-01 18:57 - 00034665 _____ () C:\Users\steve\Desktop\Addition.txt
2014-04-01 18:31 - 2014-04-03 17:56 - 00018080 _____ () C:\Users\steve\Desktop\FRST.txt
2014-04-01 18:31 - 2014-04-03 17:56 - 00000000 ____D () C:\FRST
2014-04-01 18:25 - 2014-04-01 18:56 - 00000584 _____ () C:\Users\steve\Desktop\defogger_disable.log
2014-04-01 18:25 - 2014-04-01 18:25 - 02157056 _____ (Farbar) C:\Users\steve\Desktop\FRST64.exe
2014-04-01 18:25 - 2014-04-01 18:25 - 00050477 _____ () C:\Users\steve\Desktop\Defogger.exe
2014-04-01 18:25 - 2014-04-01 18:25 - 00000020 _____ () C:\Users\steve\defogger_reenable
2014-04-01 18:24 - 2014-04-01 18:24 - 00380416 _____ () C:\Users\steve\Desktop\gup35mqd.exe
2014-04-01 07:52 - 2014-04-01 07:52 - 00001605 _____ () C:\Users\steve\Desktop\TB.txt
2014-03-31 22:57 - 2014-03-31 22:57 - 00022172 _____ () C:\Users\steve\Desktop\ComboFix.txt
2014-03-31 22:53 - 2014-03-31 22:57 - 00000000 ____D () C:\Qoobox
2014-03-31 22:53 - 2014-03-31 22:56 - 00000000 ____D () C:\Windows\erdnt
2014-03-31 22:53 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-31 22:53 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-31 22:53 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-31 22:53 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-31 22:53 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-31 22:53 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-31 22:53 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-31 22:53 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-31 20:34 - 2014-03-31 20:34 - 05192353 ____R (Swearware) C:\Users\steve\Desktop\ComboFix.exe
2014-03-30 22:24 - 2014-04-01 06:52 - 00053392 _____ () C:\Windows\PFRO.log
2014-03-30 22:11 - 2014-04-03 16:58 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-30 21:57 - 2014-03-30 21:57 - 00001228 _____ () C:\Users\steve\Desktop\Revo Uninstaller.lnk
2014-03-30 21:57 - 2014-03-30 21:57 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-30 21:57 - 2014-03-30 21:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-30 21:57 - 2014-03-30 21:57 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-30 21:57 - 2014-03-30 21:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-30 21:57 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-30 21:57 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-30 21:57 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-30 21:50 - 2014-03-30 21:50 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\steve\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-27 19:16 - 2014-03-27 23:26 - 457173402 _____ () C:\Users\steve\Downloads\s1619.rar
2014-03-13 17:30 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 17:30 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 17:30 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 17:30 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 17:30 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 17:30 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 17:30 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 17:30 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 17:30 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 17:30 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 17:30 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 17:30 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 17:30 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 17:30 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 17:30 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 17:30 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 17:30 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 17:30 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 17:30 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 17:30 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 17:30 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 17:30 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 17:30 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 17:30 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 17:30 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 17:30 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 17:30 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 17:30 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 17:30 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 17:30 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 17:30 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 17:30 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 17:30 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 17:30 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 17:30 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 17:30 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 17:30 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 17:30 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 17:30 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 17:30 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 17:30 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 17:30 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 17:30 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 17:30 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 17:29 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 17:29 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 17:29 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 17:29 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

==================== One Month Modified Files and Folders =======

2014-04-03 17:56 - 2014-04-01 18:31 - 00018080 _____ () C:\Users\steve\Desktop\FRST.txt
2014-04-03 17:56 - 2014-04-01 18:31 - 00000000 ____D () C:\FRST
2014-04-03 17:53 - 2014-04-03 17:53 - 00987442 _____ () C:\Users\steve\Downloads\SecurityCheck.exe
2014-04-03 17:33 - 2012-08-31 14:32 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2280969488-2109145150-2365161803-1000UA.job
2014-04-03 16:58 - 2014-03-30 22:11 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-03 16:58 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-03 16:58 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-03 16:56 - 2011-04-12 09:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-04-03 16:56 - 2011-04-12 09:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-04-03 16:56 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-03 16:55 - 2014-04-03 16:55 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-03 16:55 - 2012-10-31 19:35 - 00000000 ____D () C:\ProgramData\Sonos,_Inc
2014-04-03 16:54 - 2013-12-31 11:48 - 00000000 ____D () C:\Users\steve\AppData\Roaming\TS3Client
2014-04-03 16:54 - 2012-08-31 18:03 - 00000000 ___RD () C:\Users\steve\Dropbox
2014-04-03 16:54 - 2012-08-31 18:00 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Dropbox
2014-04-03 16:54 - 2012-08-31 17:57 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-03 16:54 - 2012-08-31 14:05 - 01608135 _____ () C:\Windows\WindowsUpdate.log
2014-04-03 16:54 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-04-03 16:50 - 2014-02-28 21:56 - 00001288 _____ () C:\Windows\setupact.log
2014-04-03 16:50 - 2012-08-31 14:41 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-03 16:50 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-03 00:56 - 2014-04-03 00:56 - 00000000 ____D () C:\Windows\ERUNT
2014-04-03 00:55 - 2014-04-03 00:54 - 00001518 _____ () C:\Users\steve\Desktop\AdwCleaner[S0].txt
2014-04-03 00:51 - 2014-04-03 00:50 - 00000000 ____D () C:\AdwCleaner
2014-04-03 00:51 - 2012-08-31 14:32 - 00001076 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2280969488-2109145150-2365161803-1000Core.job
2014-04-03 00:49 - 2014-04-03 00:49 - 01426178 _____ () C:\Users\steve\Desktop\adwcleaner.exe
2014-04-03 00:49 - 2014-04-03 00:49 - 01038974 _____ (Thisisu) C:\Users\steve\Desktop\JRT.exe
2014-04-01 22:32 - 2012-09-06 14:42 - 00000000 ____D () C:\Users\steve\Documents\Outlook-Dateien
2014-04-01 21:16 - 2012-09-08 08:22 - 00000000 ____D () C:\Users\steve\AppData\Local\A19D0D92-E506-4870-A46E-0FC261FF6DC1.aplzod
2014-04-01 20:02 - 2014-04-01 20:02 - 00022136 _____ () C:\Users\steve\Desktop\ComboFix2.txt
2014-04-01 18:58 - 2014-04-01 18:47 - 00032693 _____ () C:\Users\steve\Desktop\mbam.txt
2014-04-01 18:57 - 2014-04-01 18:46 - 00001948 _____ () C:\Users\steve\Desktop\GMER.log
2014-04-01 18:57 - 2014-04-01 18:32 - 00034665 _____ () C:\Users\steve\Desktop\Addition.txt
2014-04-01 18:56 - 2014-04-01 18:25 - 00000584 _____ () C:\Users\steve\Desktop\defogger_disable.log
2014-04-01 18:25 - 2014-04-01 18:25 - 02157056 _____ (Farbar) C:\Users\steve\Desktop\FRST64.exe
2014-04-01 18:25 - 2014-04-01 18:25 - 00050477 _____ () C:\Users\steve\Desktop\Defogger.exe
2014-04-01 18:25 - 2014-04-01 18:25 - 00000020 _____ () C:\Users\steve\defogger_reenable
2014-04-01 18:25 - 2012-08-31 14:05 - 00000000 ____D () C:\Users\steve
2014-04-01 18:24 - 2014-04-01 18:24 - 00380416 _____ () C:\Users\steve\Desktop\gup35mqd.exe
2014-04-01 07:52 - 2014-04-01 07:52 - 00001605 _____ () C:\Users\steve\Desktop\TB.txt
2014-04-01 06:52 - 2014-03-30 22:24 - 00053392 _____ () C:\Windows\PFRO.log
2014-03-31 22:57 - 2014-03-31 22:57 - 00022172 _____ () C:\Users\steve\Desktop\ComboFix.txt
2014-03-31 22:57 - 2014-03-31 22:53 - 00000000 ____D () C:\Qoobox
2014-03-31 22:57 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-03-31 22:56 - 2014-03-31 22:53 - 00000000 ____D () C:\Windows\erdnt
2014-03-31 22:56 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-31 20:34 - 2014-03-31 20:34 - 05192353 ____R (Swearware) C:\Users\steve\Desktop\ComboFix.exe
2014-03-30 22:24 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\addins
2014-03-30 22:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PLA
2014-03-30 21:57 - 2014-03-30 21:57 - 00001228 _____ () C:\Users\steve\Desktop\Revo Uninstaller.lnk
2014-03-30 21:57 - 2014-03-30 21:57 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-30 21:57 - 2014-03-30 21:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-30 21:57 - 2014-03-30 21:57 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-30 21:57 - 2014-03-30 21:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-30 21:50 - 2014-03-30 21:50 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\steve\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-30 21:00 - 2012-09-11 12:40 - 00000000 ____D () C:\Users\steve\Downloads\JDownloader
2014-03-29 18:21 - 2013-02-12 14:31 - 00001907 _____ () C:\Users\Public\Desktop\Sonos.lnk
2014-03-29 18:21 - 2012-10-31 19:35 - 00000000 ____D () C:\Program Files (x86)\Sonos
2014-03-29 18:20 - 2012-10-31 19:35 - 00000000 ____D () C:\Users\steve\AppData\Local\Downloaded Installations
2014-03-27 23:26 - 2014-03-27 19:16 - 457173402 _____ () C:\Users\steve\Downloads\s1619.rar
2014-03-24 23:28 - 2012-08-31 14:32 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2280969488-2109145150-2365161803-1000UA
2014-03-24 23:28 - 2012-08-31 14:32 - 00003706 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2280969488-2109145150-2365161803-1000Core
2014-03-19 02:06 - 2012-09-06 14:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-17 18:18 - 2013-03-13 23:48 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-17 18:18 - 2013-03-13 23:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-17 18:18 - 2009-07-14 06:45 - 05075608 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 17:31 - 2013-12-31 11:48 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-03-05 09:26 - 2014-03-30 21:57 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-03-30 21:57 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-03-30 21:57 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-04 23:31 - 2013-05-24 14:42 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

Some content of TEMP:
====================
C:\Users\steve\AppData\Local\Temp\avgnt.exe
C:\Users\steve\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-30 15:22

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 04.04.2014 11:36
Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:07 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19