Trojaner-Board - Werbung im Internet-Browser

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Werbung im Internet-Browser (https://www.trojaner-board.de/152676-werbung-internet-browser.html)

Werbung im Internet-Browser

Hallo,

ich habe das Problem, dass seit einiger Zeit massenhaft Werbung in den verschiedensten Balken im Internet-Browser aufploppen. Mann kann diese zwar wegklicken. Aber nach ner Zeit tauchen diese wieder auf.
Dies ist sehr nervig, da es ein normales Surfen im Inet fast unmöglich macht.
Handelt es sich dabei um einen Virus?

In einem anderen Threat habe ich gelesen, dass derjenige einen Scan mit "Farbar Recovery Scan Tool" machen sollte und den "FRST" und "Addition"-Logfile posten sollte.
Also habe ich mir das Programm auch geladen und damit gescant.

Hier das Ergebnis:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014

Ran by Roque22 (administrator) on ROQUE22-PC on 17-04-2014 21:53:15

Running from C:\Users\Roque22\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 11

Boot Mode: Normal
 

The only official download link for FRST:

Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(AMD) C:\Windows\system32\atiesrxx.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE

() C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe

(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI.ACE\Core-Static\MOM.exe

(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe

() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

(ATI Technologies Inc.) C:\Program Files (x86)\ATI.ACE\Core-Static\CCC.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

() C:\Program Files (x86)\Bizzybolt\bin\utilBizzybolt.exe

() C:\Program Files (x86)\Bizzybolt\updateBizzybolt.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)

HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\RunOnce: [EasyTuneVI] - C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe [40960 2012-07-09] ()

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

HKU\S-1-5-21-4104037675-4091277650-539659468-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2012-12-19] (AMD)

HKU\S-1-5-21-4104037675-4091277650-539659468-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent

HKU\S-1-5-21-4104037675-4091277650-539659468-1000\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_77_Plugin.exe [841096 2014-03-13] (Adobe Systems Incorporated)

HKU\S-1-5-21-4104037675-4091277650-539659468-1000\...\MountPoints2: {6be6eb47-82c5-11e2-aa38-806e6f6e6963} - D:\atisetup.exe

HKU\S-1-5-21-4104037675-4091277650-539659468-1000\...\MountPoints2: {d3eb00cb-82c8-11e2-9a9d-806e6f6e6963} - D:\autorun.exe

Startup: C:\Users\Roque22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk

ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x57CB23D4DA16CE01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File

SearchScopes: HKCU - {3B578C23-E293-4D12-B5F5-B89367ED4B6E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=0728bb3d-5f78-4aca-b812-4f4a394dc051&apn_sauid=1170A52E-F90F-4E96-9438-E6DC7FF4D2C4

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Roque22\AppData\Roaming\Mozilla\Firefox\Profiles\wg61kx97.default

FF Homepage: https://www.google.de/

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File

FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)

FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: Bizzybolt - C:\Users\Roque22\AppData\Roaming\Mozilla\Firefox\Profiles\wg61kx97.default\Extensions\{1007bb60-cbfa-4fb2-991d-e8357416f5fb}.xpi [2014-04-01]

FF Extension: Gutscheinaffe - C:\Users\Roque22\AppData\Roaming\Mozilla\Firefox\Profiles\wg61kx97.default\Extensions\{9220f99f-5b7d-4a4d-97ca-209991796400}.xpi [2013-12-03]

FF Extension: DownThemAll! - C:\Users\Roque22\AppData\Roaming\Mozilla\Firefox\Profiles\wg61kx97.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-12-03]
 

==================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)

R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-03] ()

R2 Update Bizzybolt; C:\Program Files (x86)\Bizzybolt\updateBizzybolt.exe [350496 2014-04-17] ()

R2 Util Bizzybolt; C:\Program Files (x86)\Bizzybolt\bin\utilBizzybolt.exe [350496 2014-04-17] ()
 

==================== Drivers (Whitelisted) ====================
 

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-19] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-19] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-03] (Avira Operations GmbH & Co. KG)

R3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-04-17] ()

R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)

R1 wStLib64; C:\Windows\System32\drivers\wStLib64.sys [61120 2014-03-18] (StdLib)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-04-17 21:53 - 2014-04-17 21:53 - 00013719 _____ () C:\Users\Roque22\Downloads\FRST.txt

2014-04-17 21:52 - 2014-04-17 21:53 - 00000000 ____D () C:\FRST

2014-04-17 21:52 - 2014-04-17 21:52 - 02158592 _____ (Farbar) C:\Users\Roque22\Downloads\FRST64.exe

2014-04-17 18:36 - 2014-04-17 18:36 - 35941610 _____ () C:\Users\Roque22\Downloads\Modpaket-1_v0.9.0_System98.rar

2014-04-01 22:42 - 2014-04-01 22:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-03-27 21:22 - 2014-03-27 22:00 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-03-27 21:22 - 2014-03-27 21:22 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-03-27 21:22 - 2014-03-27 21:22 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-03-27 21:21 - 2014-03-27 22:00 - 00000000 ____D () C:\Users\Roque22\Desktop\mbar

2014-03-27 21:21 - 2014-03-27 21:21 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Roque22\Downloads\mbar-1.07.0.1009.exe

2014-03-27 21:21 - 2014-03-27 21:21 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-03-27 21:14 - 2014-03-27 21:17 - 00000000 ____D () C:\AdwCleaner

2014-03-27 21:14 - 2014-03-27 21:14 - 01950720 _____ () C:\Users\Roque22\Downloads\adwcleaner.exe

2014-03-18 21:24 - 2014-03-18 21:24 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLib64.sys
 

==================== One Month Modified Files and Folders =======
 

2014-04-17 21:53 - 2014-04-17 21:53 - 00013719 _____ () C:\Users\Roque22\Downloads\FRST.txt

2014-04-17 21:53 - 2014-04-17 21:52 - 00000000 ____D () C:\FRST

2014-04-17 21:52 - 2014-04-17 21:52 - 02158592 _____ (Farbar) C:\Users\Roque22\Downloads\FRST64.exe

2014-04-17 21:49 - 2014-01-05 02:33 - 00010242 _____ () C:\Windows\setupact.log

2014-04-17 21:48 - 2014-01-23 21:28 - 00000000 ____D () C:\Users\Roque22\AppData\Roaming\TS3Client

2014-04-17 21:41 - 2013-03-02 01:16 - 02032727 _____ () C:\Windows\WindowsUpdate.log

2014-04-17 21:04 - 2013-03-02 01:43 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-04-17 18:36 - 2014-04-17 18:36 - 35941610 _____ () C:\Users\Roque22\Downloads\Modpaket-1_v0.9.0_System98.rar

2014-04-17 18:34 - 2013-03-02 02:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-04-17 17:59 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-04-17 17:59 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-04-17 17:58 - 2011-04-12 09:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat

2014-04-17 17:58 - 2011-04-12 09:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat

2014-04-17 17:58 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-04-17 17:51 - 2014-01-05 00:06 - 00000004 _____ () C:\Windows\SysWOW64\GVTunner.ref

2014-04-17 17:51 - 2013-03-02 01:36 - 00030528 _____ () C:\Windows\GVTDrv64.sys

2014-04-17 17:51 - 2013-03-02 01:36 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys

2014-04-17 17:51 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-01 22:42 - 2014-04-01 22:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-03-31 09:35 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-03-27 22:00 - 2014-03-27 21:22 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-03-27 22:00 - 2014-03-27 21:21 - 00000000 ____D () C:\Users\Roque22\Desktop\mbar

2014-03-27 21:22 - 2014-03-27 21:22 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-03-27 21:22 - 2014-03-27 21:22 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-03-27 21:21 - 2014-03-27 21:21 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Roque22\Downloads\mbar-1.07.0.1009.exe

2014-03-27 21:21 - 2014-03-27 21:21 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-03-27 21:19 - 2010-11-21 05:47 - 00186372 _____ () C:\Windows\PFRO.log

2014-03-27 21:19 - 2009-07-14 04:34 - 00000603 _____ () C:\Windows\win.ini

2014-03-27 21:17 - 2014-03-27 21:14 - 00000000 ____D () C:\AdwCleaner

2014-03-27 21:15 - 2013-11-03 02:55 - 00000000 ____D () C:\ProgramData\14d81ad0a02fa632

2014-03-27 21:14 - 2014-03-27 21:14 - 01950720 _____ () C:\Users\Roque22\Downloads\adwcleaner.exe

2014-03-23 17:30 - 2013-03-02 15:30 - 00000000 ____D () C:\ProgramData\Origin

2014-03-23 17:29 - 2013-03-02 15:30 - 00000000 ____D () C:\Program Files (x86)\Origin

2014-03-22 18:58 - 2013-03-02 23:02 - 00280600 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr

2014-03-22 18:58 - 2013-03-02 16:03 - 00280600 _____ () C:\Windows\SysWOW64\PnkBstrB.exe

2014-03-22 17:48 - 2013-03-02 16:03 - 00291328 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0

2014-03-18 22:08 - 2013-10-06 01:49 - 00000000 ____D () C:\Windows\system32\MRT

2014-03-18 22:08 - 2013-03-08 17:19 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-03-18 21:24 - 2014-03-18 21:24 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLib64.sys
 

Some content of TEMP:

====================

C:\Users\Roque22\AppData\Local\Temp\avgnt.exe

C:\Users\Roque22\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe

C:\Users\Roque22\AppData\Local\Temp\Quarantine.exe

C:\Users\Roque22\AppData\Local\Temp\TsuBB915075.dll

C:\Users\Roque22\AppData\Local\Temp\_is9A4B.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-04-01 22:58
 

==================== End Of Log ============================

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2014

Ran by Roque22 at 2014-04-17 21:53:32

Running from C:\Users\Roque22\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.28 - GIGABYTE)

Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)

Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)

AdRemovErUTUUbe (HKLM-x32\...\{BD55A6D5-24CD-6379-E828-CFEB9F240FE0}) (Version:  - AdREmoverUTeuabe)

AlluCHeeaapPRice (HKLM-x32\...\{5A1D3F9E-73B5-95EC-1233-6646E1358965}) (Version:  - AollCHeapProice)

AMD Accelerated Video Transcoding (Version: 13.15.100.31008 - Advanced Micro Devices, Inc.) Hidden

AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden

AMD AVIVO64 Codecs (Version: 11.7.0.11229 - Advanced Micro Devices, Inc.) Hidden

AMD Catalyst Control Center (x32 Version: 2013.1008.932.15229 - Ihr Firmenname) Hidden

AMD Catalyst Install Manager (HKLM\...\{5AE0838D-19B1-5D12-5FE8-E6503B2C8716}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)

AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden

AMD Media Foundation Decoders (Version: 1.0.81008.0920 - Advanced Micro Devices, Inc.) Hidden

ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)

Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)

AutoGreen B12.0206.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)

AutoGreen B12.0206.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)

Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.2.0.0 - Electronic Arts)

Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)

Bizzybolt (HKLM\...\Bizzybolt) (Version: 2013.11.20.184610 - Bizzybolt) <==== ATTENTION

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Browser faster (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{5837205}) (Version:  - BullPoint)

Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center InstallProxy (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Localization All (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Standard (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Traditional (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden

CCC Help Czech (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden

CCC Help Danish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden

CCC Help Dutch (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden

CCC Help English (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden

CCC Help Finnish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden

CCC Help French (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden

CCC Help German (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden

CCC Help Greek (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden

CCC Help Hungarian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden

CCC Help Italian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden

CCC Help Japanese (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden

CCC Help Korean (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden

CCC Help Norwegian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden

CCC Help Polish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden

CCC Help Portuguese (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden

CCC Help Russian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden

CCC Help Spanish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden

CCC Help Swedish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden

CCC Help Thai (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden

CCC Help Turkish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden

ccc-utility64 (Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden

CDDRV_Installer (Version: 4.60 - Logitech) Hidden

Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Easy Tune 6 B12.0912.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)

Easy Tune 6 B12.0912.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden

erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden

ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)

Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{6C5F8503-55D2-4398-858C-362B7A7AF51C}) (Version: 2.1.31.0 - MAGIX AG)

Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

FUSSBALL MANAGER 14 (HKLM-x32\...\{5FC27E1E-08C0-4346-A321-ED2D31FAE936}) (Version: 1.0.0.0 - Electronic Arts)

HydraVision (x32 Version: 4.2.248.0 - Advanced Micro Devices, Inc.) Hidden

iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)

Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)

Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)

Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)

Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden

iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)

Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden

Landwirtschafts Simulator 2011 (HKLM-x32\...\FarmingSimulator2011_PLATINUMDE_is1) (Version: 1.0 - GIANTS Software)

Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)

MAGIX Music Maker 17 (HKLM-x32\...\MAGIX_{47A18732-56A1-4FED-BAE2-8D72A5FC8AD9}) (Version: 17.0.2.30 - MAGIX AG)

MAGIX Music Maker 17 (x32 Version: 17.0.2.30 - MAGIX AG) Hidden

MAGIX Screenshare (HKLM-x32\...\MAGIX_{EF102545-A008-4DEE-9E22-28B77EB8F280}) (Version: 4.3.6.1987 - MAGIX AG)

MAGIX Screenshare (x32 Version: 4.3.6.1987 - MAGIX AG) Hidden

MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{C1624FAC-1597-4B44-89A2-9101C69AF49A}) (Version: 7.0.2.6 - MAGIX AG)

MAGIX Speed burnR (MSI) (x32 Version: 7.0.2.6 - MAGIX AG) Hidden

Major League Baseball 2K11 (HKLM-x32\...\{96A628B7-93D6-46CC-9E74-02F7D2E21E96}) (Version: 1.0.0 - 2K Sports)

Medal of Honor™ Warfighter (HKLM-x32\...\{48379835-BF2E-4487-9CB1-D5E654502B53}) (Version: 1.0.0.0 - Electronic Arts)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden

Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)

Mozilla Thunderbird 17.0.6 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 17.0.6 (x86 de)) (Version: 17.0.6 - Mozilla)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden

MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

ON_OFF Charge B11.1102.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)

OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)

Origin (HKLM-x32\...\Origin) (Version: 9.0.13.2135 - Electronic Arts, Inc.)

Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)

QuickShare (HKLM-x32\...\{F7D739D1-B597-4802-A4CB-E1FBF326C9B0}) (Version: 1.6.1.796 - Linkury Inc.) <==== ATTENTION

Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version:  - )

Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6519 - Realtek Semiconductor Corp.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)

Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)

TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)

Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)

Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)

Video Downloader version 2.0 (HKLM-x32\...\Video Downloader_is1) (Version: 2.0 - )

VideoPerformer (HKLM-x32\...\VideoPerformer) (Version:  - PerformerSoft LLC) <==== ATTENTION

VLC media player 2.0.2 (HKLM-x32\...\VLC media player) (Version: 2.0.2 - VideoLAN)

Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)

World of Warplanes (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C813EU}_is1) (Version:  - Wargaming.net)
 

==================== Restore Points  =========================
 
 

==================== Hosts content: ==========================
 

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {1E90E8BF-E784-44D1-A16E-8611E08374FC} - System32\Tasks\{C6511EBA-2AC7-4F63-8147-1A93A44DF59C} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.2.0.106&amp;LastError=12002

Task: {27C21A7D-851A-48F2-80F5-EADD91B87A65} - System32\Tasks\{CCE54BC6-7B15-42DF-A93D-2DB580E8BBD7} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.2.0.106&amp;LastError=12002

Task: {3CD2B83E-6BF5-455D-99E6-970EA1E88D44} - \Plus-HD-4.8-enabler ATTENTION ====> No Task File

Task: {3D3421A3-2177-47CC-911A-5A0450C0F14C} - \Plus-HD-4.8-codedownloader ATTENTION ====> No Task File

Task: {4E5F411A-3FDC-4ABC-9E38-F1945C3AD2CD} - \Plus-HD-4.8-updater ATTENTION ====> No Task File

Task: {74178F62-81B4-43EC-BDAB-97CB9125187B} - \Scheduled Update for Ask Toolbar ATTENTION ====> No Task File

Task: {858EAE1A-5E17-46B8-BE46-0355FB2F15FA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-13] (Adobe Systems Incorporated)

Task: {B83EBCD8-A4E9-4398-B61D-F16A0C9AC13C} - \DSite ATTENTION ====> No Task File

Task: {E2029425-594E-48F0-A476-4A69AF5BC236} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {E257A3AF-B098-443C-B67A-6591FFFBFF03} - System32\Tasks\{25AAAA68-55A0-4658-A9E5-AB989763E86F} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.2.0.106&amp;LastError=12002

Task: {E81E297E-5E20-476B-A5D7-13C0C6F57756} - \Plus-HD-4.8-chromeinstaller ATTENTION ====> No Task File

Task: {F76DA36D-CADB-40F6-A92A-F04B20181499} - \Plus-HD-4.8-firefoxinstaller ATTENTION ====> No Task File

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 

==================== Loaded Modules (whitelisted) =============
 

2013-03-02 16:03 - 2013-12-03 22:42 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2012-01-13 15:04 - 2012-01-13 15:04 - 00219760 _____ () C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe

2013-03-02 01:55 - 2009-07-20 13:35 - 00018960 _____ () C:\Program Files\Logitech\SetPoint\khalwrapper.dll

2013-03-02 01:55 - 2009-07-20 05:00 - 00077824 _____ () C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

2014-01-06 08:38 - 2014-04-17 17:54 - 00350496 _____ () C:\Program Files (x86)\Bizzybolt\bin\utilBizzybolt.exe

2013-11-20 20:46 - 2014-04-17 18:25 - 00350496 _____ () C:\Program Files (x86)\Bizzybolt\updateBizzybolt.exe

2013-03-02 02:22 - 2013-03-02 02:21 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll

2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2012-09-07 15:15 - 2012-09-07 15:15 - 02859079 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Normal.dll

2012-09-07 17:04 - 2012-09-07 17:04 - 00643139 _____ () C:\Program Files (x86)\GIGABYTE\ET6\work.dll

2012-05-22 20:12 - 2012-05-22 20:12 - 01331266 _____ () C:\Program Files (x86)\GIGABYTE\ET6\SF.dll

2008-05-07 16:22 - 2008-05-07 16:22 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\CIAMIB.dll

2012-09-07 16:49 - 2012-09-07 16:49 - 01495108 _____ () C:\Program Files (x86)\GIGABYTE\ET6\OCK.dll

2011-09-14 18:12 - 2011-09-14 18:12 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\ycc.dll

2012-05-08 16:01 - 2012-05-08 16:01 - 00069632 _____ () C:\Program Files (x86)\GIGABYTE\ET6\GPTT.dll

2010-06-24 16:50 - 2010-06-24 16:50 - 00094208 _____ () C:\Program Files (x86)\GIGABYTE\ET6\IccLibDll.dll

2011-03-01 20:00 - 2011-03-01 20:00 - 00126976 _____ () C:\Program Files (x86)\GIGABYTE\ET6\StabilityLib.dll

2011-10-18 10:26 - 2011-10-18 10:26 - 00024576 _____ () C:\Program Files (x86)\GIGABYTE\ET6\STT.dll

2012-07-13 14:03 - 2012-07-13 14:03 - 00106496 _____ () C:\Program Files (x86)\GIGABYTE\ET6\HM.dll

2012-05-07 22:45 - 2012-05-07 22:45 - 01429589 _____ () C:\Program Files (x86)\GIGABYTE\ET6\GVTunner.dll

2003-02-14 15:11 - 2003-02-14 15:11 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Sound.dll

2010-06-10 16:52 - 2010-06-10 16:52 - 00110592 _____ () C:\Program Files (x86)\GIGABYTE\ET6\AMD8.dll

2010-03-12 06:40 - 2010-03-12 06:40 - 04449632 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Platform.dll

2010-03-12 06:40 - 2010-03-12 06:40 - 00423256 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Device.dll

2012-09-03 15:32 - 2012-09-03 15:32 - 00307200 _____ () C:\Program Files (x86)\GIGABYTE\ET6\MFCCPU.DLL

2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll

2014-02-23 04:37 - 2014-02-23 04:37 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\00a0b4a9df6e4abf30ae2af3624a77ce\IsdiInterop.ni.dll

2013-03-02 01:23 - 2012-02-01 17:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

2013-03-02 01:22 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

2014-04-01 22:42 - 2014-04-01 22:42 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

2014-03-13 16:04 - 2014-03-13 16:04 - 16276872 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
 

==================== Alternate Data Streams (whitelisted) =========
 
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== Disabled items from MSCONFIG ==============
 
 

==================== Faulty Device Manager Devices =============
 

Name: Teredo Tunneling Pseudo-Interface

Description: Microsoft-Teredo-Tunneling-Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (04/17/2014 05:51:13 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (04/03/2014 08:07:17 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (04/01/2014 09:48:35 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (03/27/2014 09:21:16 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (03/27/2014 08:54:03 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (03/23/2014 11:38:31 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (03/23/2014 11:37:34 AM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: Dwm.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc541

Name des fehlerhaften Moduls: atidxx64.dll, Version: 8.17.10.519, Zeitstempel: 0x5253ffc3

Ausnahmecode: 0xc0000005

Fehleroffset: 0x00000000000838bb

ID des fehlerhaften Prozesses: 0xb80

Startzeit der fehlerhaften Anwendung: 0xDwm.exe0

Pfad der fehlerhaften Anwendung: Dwm.exe1

Pfad des fehlerhaften Moduls: Dwm.exe2

Berichtskennung: Dwm.exe3
 

Error: (03/22/2014 04:17:30 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (03/20/2014 09:15:41 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (03/19/2014 10:20:16 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 

System errors:

=============

Error: (04/17/2014 06:43:24 PM) (Source: volsnap) (User: )

Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 

Error: (03/23/2014 08:53:17 PM) (Source: Disk) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 

Error: (02/27/2014 08:22:28 PM) (Source: Service Control Manager) (User: )

Description: Dienst "Browser faster" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 

Error: (01/06/2014 08:39:46 AM) (Source: Service Control Manager) (User: )

Description: Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
 

Error: (01/06/2014 00:23:16 AM) (Source: Disk) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 

Error: (01/05/2014 11:44:15 PM) (Source: EventLog) (User: )

Description: Das System wurde zuvor am ‎05.‎01.‎2014 um 22:43:39 unerwartet heruntergefahren.
 

Error: (01/05/2014 02:33:59 AM) (Source: Disk) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 

Error: (12/25/2013 04:46:13 PM) (Source: volsnap) (User: )

Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 

Error: (12/20/2013 08:22:44 PM) (Source: EventLog) (User: )

Description: Das System wurde zuvor am ‎20.‎12.‎2013 um 19:21:52 unerwartet heruntergefahren.
 

Error: (12/19/2013 11:47:39 PM) (Source: Service Control Manager) (User: )

Description: Der Aufruf "ScRegSetValueExW" ist für "Type" aufgrund folgenden Fehlers fehlgeschlagen: 

%%5
 
 

Microsoft Office Sessions:

=========================

Error: (04/17/2014 05:51:13 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (04/03/2014 08:07:17 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (04/01/2014 09:48:35 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (03/27/2014 09:21:16 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (03/27/2014 08:54:03 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (03/23/2014 11:38:31 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (03/23/2014 11:37:34 AM) (Source: Application Error)(User: )

Description: Dwm.exe6.1.7600.163854a5bc541atidxx64.dll8.17.10.5195253ffc3c000000500000000000838bbb8001cf467b6985d639C:\Windows\system32\Dwm.exeC:\Windows\system32\atidxx64.dllc2f6551c-b26e-11e3-9e98-902b34d1f6bf
 

Error: (03/22/2014 04:17:30 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (03/20/2014 09:15:41 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (03/19/2014 10:20:16 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 24%

Total physical RAM: 8150.21 MB

Available physical RAM: 6115.93 MB

Total Pagefile: 16298.59 MB

Available Pagefile: 13900.38 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:111.69 GB) (Free:13.01 GB) NTFS

Drive e: (Elements) (Fixed) (Total:931.51 GB) (Free:616.03 GB) NTFS

Drive k: (Volume) (Fixed) (Total:119.24 GB) (Free:52.95 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 41EF7C17)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS)
 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 130506BC)

Partition 1: (Not Active) - (Size=119 GB) - (Type=07 NTFS)
 

========================================================

Disk: 2 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 00372B75)

Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

hi,

Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Hi,

ich habe die entsprechenden Programme mit Revo deinstalliert - bis auf Bizzybolt. Denn dieses hat Revo nicht aufgeslistet. Dementsprechend taucht auch noch die Leiste von Bizzybolt im Browser auf.

Nach dem Scannen mit Combofix wurde folgender Logfile aufgespuckt:

Code:

ComboFix 14-04-17.01 - Roque22 19.04.2014  14:47:10.2.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8150.6268 [GMT 2:00]

ausgeführt von:: c:\users\Roque22\Downloads\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}

SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

E:\Autorun.inf

E:\install.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2014-03-19 bis 2014-04-19  ))))))))))))))))))))))))))))))

.

.

2014-04-19 12:50 . 2014-04-19 12:50        --------        d-----w-        c:\users\Default\AppData\Local\temp

2014-04-19 12:40 . 2014-04-19 12:40        --------        d-----w-        c:\users\Roque22\AppData\Roaming\VSRevoGroup

2014-04-19 12:31 . 2014-04-19 12:31        --------        d-----w-        c:\program files (x86)\VS Revo Group

2014-04-19 12:30 . 2014-04-19 12:30        75888        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{872FAEEF-CBFB-49AA-AA84-91AEC21A9E8F}\offreg.dll

2014-04-19 12:23 . 2014-04-17 03:31        10651704        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{872FAEEF-CBFB-49AA-AA84-91AEC21A9E8F}\mpengine.dll

2014-04-17 20:24 . 2014-04-17 20:24        61120        ----a-w-        c:\windows\system32\drivers\wStLibG64.sys

2014-04-17 19:52 . 2014-04-17 19:54        --------        d-----w-        C:\FRST

2014-04-17 16:34 . 2014-03-31 01:16        23134208        ----a-w-        c:\windows\system32\mshtml.dll

2014-04-17 16:34 . 2014-03-31 01:13        2724864        ----a-w-        c:\windows\system32\mshtml.tlb

2014-04-17 16:34 . 2014-03-31 00:13        2724864        ----a-w-        c:\windows\SysWow64\mshtml.tlb

2014-04-17 16:25 . 2014-02-04 02:35        190912        ----a-w-        c:\windows\system32\drivers\storport.sys

2014-04-17 16:25 . 2014-02-04 02:35        274880        ----a-w-        c:\windows\system32\drivers\msiscsi.sys

2014-04-17 16:25 . 2014-02-04 02:35        27584        ----a-w-        c:\windows\system32\drivers\Diskdump.sys

2014-04-17 16:25 . 2014-02-04 02:28        2048        ----a-w-        c:\windows\system32\iologmsg.dll

2014-04-17 16:25 . 2014-02-04 02:00        2048        ----a-w-        c:\windows\SysWow64\iologmsg.dll

2014-04-17 16:19 . 2014-03-04 09:44        243712        ----a-w-        c:\windows\system32\wow64.dll

2014-04-17 16:19 . 2014-03-04 09:44        1163264        ----a-w-        c:\windows\system32\kernel32.dll

2014-04-17 16:19 . 2014-03-04 09:44        362496        ----a-w-        c:\windows\system32\wow64win.dll

2014-04-17 16:19 . 2014-03-04 09:44        13312        ----a-w-        c:\windows\system32\wow64cpu.dll

2014-04-17 16:19 . 2014-03-04 09:44        16384        ----a-w-        c:\windows\system32\ntvdm64.dll

2014-04-17 16:19 . 2014-03-04 09:17        14336        ----a-w-        c:\windows\SysWow64\ntvdm64.dll

2014-04-17 16:19 . 2014-03-04 09:16        25600        ----a-w-        c:\windows\SysWow64\setup16.exe

2014-04-17 16:19 . 2014-03-04 09:16        5120        ----a-w-        c:\windows\SysWow64\wow32.dll

2014-04-17 16:19 . 2014-03-04 08:09        7680        ----a-w-        c:\windows\SysWow64\instnm.exe

2014-04-17 16:19 . 2014-03-04 08:09        2048        ----a-w-        c:\windows\SysWow64\user.exe

2014-04-17 16:17 . 2014-01-24 02:37        1684928        ----a-w-        c:\windows\system32\drivers\ntfs.sys

2014-03-27 19:22 . 2014-03-27 19:22        --------        d-----w-        c:\programdata\Malwarebytes

2014-03-27 19:22 . 2014-03-27 20:00        --------        d-----w-        c:\programdata\Malwarebytes' Anti-Malware (portable)

2014-03-27 19:22 . 2014-03-27 19:22        119000        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-03-27 19:21 . 2014-03-27 19:21        91352        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys

2014-03-27 19:14 . 2014-03-27 19:17        --------        d-----w-        C:\AdwCleaner

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-04-19 12:20 . 2013-03-01 23:43        70832        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-04-19 12:20 . 2013-03-01 23:43        692400        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2014-04-19 12:19 . 2013-03-01 23:36        30528        ----a-w-        c:\windows\GVTDrv64.sys

2014-04-19 12:18 . 2013-03-01 23:36        25640        ----a-w-        c:\windows\gdrv.sys

2014-04-17 21:14 . 2013-03-08 15:19        90655440        ----a-w-        c:\windows\system32\MRT.exe

2014-04-14 18:13 . 2014-01-05 21:16        96168        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll

2014-03-31 07:35 . 2010-11-21 03:27        270496        ------w-        c:\windows\system32\MpSigStub.exe

2014-03-22 16:58 . 2013-03-02 21:02        280600        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr

2014-03-22 16:58 . 2013-03-02 14:03        280600        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe

2014-03-22 15:48 . 2013-03-02 14:03        291328        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0

2014-03-18 19:24 . 2014-03-18 19:24        61120        ----a-w-        c:\windows\system32\drivers\wStLib64.sys

2014-03-04 09:17 . 2014-04-17 16:19        44032        ----a-w-        c:\windows\apppatch\acwow64.dll

2014-03-01 05:16 . 2014-03-14 08:41        4096        ----a-w-        c:\windows\system32\ieetwcollectorres.dll

2014-03-01 04:58 . 2014-03-14 08:41        2765824        ----a-w-        c:\windows\system32\iertutil.dll

2014-03-01 04:52 . 2014-03-14 08:41        66048        ----a-w-        c:\windows\system32\iesetup.dll

2014-03-01 04:51 . 2014-03-14 08:41        48640        ----a-w-        c:\windows\system32\ieetwproxystub.dll

2014-03-01 04:42 . 2014-03-14 08:41        53760        ----a-w-        c:\windows\system32\jsproxy.dll

2014-03-01 04:40 . 2014-03-14 08:41        33792        ----a-w-        c:\windows\system32\iernonce.dll

2014-03-01 04:37 . 2014-03-14 08:41        574976        ----a-w-        c:\windows\system32\ieui.dll

2014-03-01 04:33 . 2014-03-14 08:41        139264        ----a-w-        c:\windows\system32\ieUnatt.exe

2014-03-01 04:33 . 2014-03-14 08:41        111616        ----a-w-        c:\windows\system32\ieetwcollector.exe

2014-03-01 04:32 . 2014-03-14 08:41        708608        ----a-w-        c:\windows\system32\jscript9diag.dll

2014-03-01 04:23 . 2014-03-14 08:41        940032        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe

2014-03-01 04:17 . 2014-03-14 08:41        218624        ----a-w-        c:\windows\system32\ie4uinit.exe

2014-03-01 04:02 . 2014-03-14 08:41        195584        ----a-w-        c:\windows\system32\msrating.dll

2014-03-01 03:54 . 2014-03-14 08:41        5768704        ----a-w-        c:\windows\system32\jscript9.dll

2014-03-01 03:52 . 2014-03-14 08:41        61952        ----a-w-        c:\windows\SysWow64\iesetup.dll

2014-03-01 03:51 . 2014-03-14 08:41        51200        ----a-w-        c:\windows\SysWow64\ieetwproxystub.dll

2014-03-01 03:42 . 2014-03-14 08:41        627200        ----a-w-        c:\windows\system32\msfeeds.dll

2014-03-01 03:38 . 2014-03-14 08:41        112128        ----a-w-        c:\windows\SysWow64\ieUnatt.exe

2014-03-01 03:37 . 2014-03-14 08:41        553472        ----a-w-        c:\windows\SysWow64\jscript9diag.dll

2014-03-01 03:35 . 2014-03-14 08:41        2041856        ----a-w-        c:\windows\system32\inetcpl.cpl

2014-03-01 03:18 . 2014-03-14 08:41        13051904        ----a-w-        c:\windows\system32\ieframe.dll

2014-03-01 03:14 . 2014-03-14 08:41        4244480        ----a-w-        c:\windows\SysWow64\jscript9.dll

2014-03-01 03:10 . 2014-03-14 08:41        2334208        ----a-w-        c:\windows\system32\wininet.dll

2014-03-01 03:00 . 2014-03-14 08:41        1964032        ----a-w-        c:\windows\SysWow64\inetcpl.cpl

2014-03-01 02:38 . 2014-03-14 08:41        1393664        ----a-w-        c:\windows\system32\urlmon.dll

2014-03-01 02:32 . 2014-03-14 08:41        1820160        ----a-w-        c:\windows\SysWow64\wininet.dll

2014-03-01 02:25 . 2014-03-14 08:41        817664        ----a-w-        c:\windows\system32\ieapfltr.dll

2014-02-07 01:23 . 2014-03-14 08:41        3156480        ----a-w-        c:\windows\system32\win32k.sys

2014-02-04 02:32 . 2014-03-14 08:40        1424384        ----a-w-        c:\windows\system32\WindowsCodecs.dll

2014-02-04 02:32 . 2014-03-14 08:40        624128        ----a-w-        c:\windows\system32\qedit.dll

2014-02-04 02:04 . 2014-03-14 08:40        1230336        ----a-w-        c:\windows\SysWow64\WindowsCodecs.dll

2014-02-04 02:04 . 2014-03-14 08:40        509440        ----a-w-        c:\windows\SysWow64\qedit.dll

2014-01-29 02:32 . 2014-03-14 08:41        484864        ----a-w-        c:\windows\system32\wer.dll

2014-01-29 02:06 . 2014-03-14 08:41        381440        ----a-w-        c:\windows\SysWow64\wer.dll

2014-01-28 02:32 . 2014-03-14 08:41        228864        ----a-w-        c:\windows\system32\wwansvc.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2012-12-19 393216]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]

"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-20 291648]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-20 689744]

"StartCCC"="c:\program files (x86)\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-10-08 766208]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETCall.exe" [2012-07-09 40960]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2013-3-2 1207312]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="userinit.exe"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]

R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]

R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]

S1 wStLib64;wStLib64;c:\windows\system32\drivers\wStLib64.sys;c:\windows\SYSNATIVE\drivers\wStLib64.sys [x]

S1 wStLibG64;wStLibG64;c:\windows\system32\drivers\wStLibG64.sys;c:\windows\SYSNATIVE\drivers\wStLibG64.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]

S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]

S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]

S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]

S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]

S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]

S2 Update Bizzybolt;Update Bizzybolt;c:\program files (x86)\Bizzybolt\updateBizzybolt.exe;c:\program files (x86)\Bizzybolt\updateBizzybolt.exe [x]

S2 Util Bizzybolt;Util Bizzybolt;c:\program files (x86)\Bizzybolt\bin\utilBizzybolt.exe;c:\program files (x86)\Bizzybolt\bin\utilBizzybolt.exe [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]

S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]

S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]

S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]

.

.

Inhalt des "geplante Tasks" Ordners

.

2014-04-19 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-01 12:20]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Roque22\AppData\Roaming\Mozilla\Firefox\Profiles\wg61kx97.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll

Wow6432Node-HKCU-Run-Overwolf - c:\program files (x86)\Overwolf\Overwolf.exe

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

AddRemove-{5A1D3F9E-73B5-95EC-1233-6646E1358965} - c:\programdata\AlluCHeeaapPRice\6w.exe

AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{5837205} - c:\progra~3\BROWSE~1\BROWSE~1.DLL

AddRemove-{BD55A6D5-24CD-6379-E828-CFEB9F240FE0} - c:\programdata\AdRemovErUTUUbe\o.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,96,5f,1f,14,e0,a2,5f,4f,ba,6f,ba,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,96,5f,1f,14,e0,a2,5f,4f,ba,6f,ba,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2014-04-19  14:51:14

ComboFix-quarantined-files.txt  2014-04-19 12:51

.

Vor Suchlauf: 12 Verzeichnis(se), 13.064.564.736 Bytes frei

Nach Suchlauf: 16 Verzeichnis(se), 13.642.960.896 Bytes frei

.

- - End Of File - - 20E8536236157D25D6C2367A6DCF4F02

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Hi,

hier zunächst der MBAM-Logfile.

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 20.04.2014

Suchlauf-Zeit: 16:17:52

Logdatei: MBAMlog.txt

Administrator: Ja
 

Version: 2.00.1.1004

Malware Datenbank: v2014.04.20.05

Rootkit Datenbank: v2014.03.27.01

Lizenz: Testversion

Malware Schutz: Aktiviert

Bösartiger Webseiten Schutz: Aktiviert

Chameleon: Deaktiviert
 

Betriebssystem: Windows 7 Service Pack 1

CPU: x64

Dateisystem: NTFS

Benutzer: Roque22
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 267429

Verstrichene Zeit: 8 Min, 30 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Aktiviert

Shuriken: Aktiviert

PUP: Aktiviert

PUM: Aktiviert
 

Prozesse: 2

PUP.Optional.BizzyBolt.A, C:\Program Files (x86)\Bizzybolt\updateBizzybolt.exe, 1800, Löschen bei Neustart, [eb157a86de22d927f462d473956c13ed]

PUP.Optional.BizzyBolt.A, C:\Program Files (x86)\Bizzybolt\bin\utilBizzybolt.exe, 2084, Löschen bei Neustart, [8e722bd519e7718f63f391b6ec1539c7]
 

Module: 0

(No malicious items detected)
 

Registrierungsschlüssel: 14

PUP.Optional.BizzyBolt.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Bizzybolt, In Quarantäne, [eb157a86de22d927f462d473956c13ed], 

PUP.Optional.BizzyBolt.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util Bizzybolt, In Quarantäne, [8e722bd519e7718f63f391b6ec1539c7], 

PUP.Optional.Bizzybolt.A, HKLM\SOFTWARE\WOW6432NODE\Bizzybolt, In Quarantäne, [ff0134cc2ed2c040aa7a1a8e45be2cd4], 

PUP.Optional.Iminent.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Iminent, Löschen bei Neustart, [ce32fa06e61a21df009a7808ca38d030], 

PUP.Optional.PlusHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-4.8, Löschen bei Neustart, [22de8878f30dd030243b77fb8e7422de], 

PUP.Optional.Bizzybolt.A, HKU\S-1-5-21-4104037675-4091277650-539659468-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Bizzybolt, Löschen bei Neustart, [c53b87794db32ad63ae91593df2445bb], 

PUP.Optional.Bizzybolt, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Bizzybolt, In Quarantäne, [c63ab749669a06faad34cf91c63c9967], 

PUP.Optional.Bizzybolt, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, In Quarantäne, [c63ab749669a06faad34cf91c63c9967], 

PUP.Optional.Bizzybolt, HKLM\SOFTWARE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, In Quarantäne, [c63ab749669a06faad34cf91c63c9967], 

PUP.Optional.Bizzybolt, HKLM\SOFTWARE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, In Quarantäne, [c63ab749669a06faad34cf91c63c9967], 

PUP.Optional.Bizzybolt, HKLM\SOFTWARE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, In Quarantäne, [c63ab749669a06faad34cf91c63c9967], 

PUP.Optional.Bizzybolt, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, In Quarantäne, [c63ab749669a06faad34cf91c63c9967], 

PUP.Optional.Bizzybolt, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, In Quarantäne, [c63ab749669a06faad34cf91c63c9967], 

PUP.Optional.Bizzybolt, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, In Quarantäne, [c63ab749669a06faad34cf91c63c9967], 
 

Registrierungswerte: 0

(No malicious items detected)
 

Registrierungsdaten: 0

(No malicious items detected)
 

Ordner: 6

PUP.Optional.VPLMedia.A, C:\Users\Roque22\AppData\Roaming\player, In Quarantäne, [c13f0df3946cdc24ced1d5be73907b85], 

PUP.Optional.VPLMedia.A, C:\Users\Roque22\AppData\Roaming\player\images, In Quarantäne, [c13f0df3946cdc24ced1d5be73907b85], 

PUP.Optional.Bizzybolt, C:\Program Files (x86)\Bizzybolt, Löschen bei Neustart, [c63ab749669a06faad34cf91c63c9967], 

PUP.Optional.Bizzybolt, C:\Program Files (x86)\Bizzybolt\bin, Löschen bei Neustart, [c63ab749669a06faad34cf91c63c9967], 

PUP.Optional.Bizzybolt, C:\Program Files (x86)\Bizzybolt\bin\plugins, In Quarantäne, [c63ab749669a06faad34cf91c63c9967], 

PUP.Optional.Bizzybolt, C:\Program Files (x86)\Bizzybolt\bin\TEMP, In Quarantäne, [c63ab749669a06faad34cf91c63c9967], 
 

Dateien: 64

PUP.Optional.BizzyBolt.A, C:\Program Files (x86)\Bizzybolt\updateBizzybolt.exe, Löschen bei Neustart, [eb157a86de22d927f462d473956c13ed], 

PUP.Optional.BizzyBolt.A, C:\Program Files (x86)\Bizzybolt\bin\utilBizzybolt.exe, Löschen bei Neustart, [8e722bd519e7718f63f391b6ec1539c7], 

PUP.Optional.VPLMedia.A, C:\Users\Roque22\AppData\Roaming\player\playlist.vpl, In Quarantäne, [c13f0df3946cdc24ced1d5be73907b85], 

PUP.Optional.VPLMedia.A, C:\Users\Roque22\AppData\Roaming\player\config.ini, In Quarantäne, [c13f0df3946cdc24ced1d5be73907b85], 

PUP.Optional.VPLMedia.A, C:\Users\Roque22\AppData\Roaming\player\images\channel_ld_193.png, In Quarantäne, [c13f0df3946cdc24ced1d5be73907b85], 

PUP.Optional.VPLMedia.A, C:\Users\Roque22\AppData\Roaming\player\images\channel_ld_199.png, In Quarantäne, [c13f0df3946cdc24ced1d5be73907b85], 

PUP.Optional.VPLMedia.A, C:\Users\Roque22\AppData\Roaming\player\images\channel_ld_200.png, In Quarantäne, [c13f0df3946cdc24ced1d5be73907b85], 

PUP.Optional.VPLMedia.A, C:\Users\Roque22\AppData\Roaming\player\images\channel_ld_201.png, In Quarantäne, [c13f0df3946cdc24ced1d5be73907b85], 

PUP.Optional.VPLMedia.A, C:\Users\Roque22\AppData\Roaming\player\images\channel_ld_204.png, In Quarantäne, [c13f0df3946cdc24ced1d5be73907b85], 

PUP.Optional.VPLMedia.A, C:\Users\Roque22\AppData\Roaming\player\images\channel_ld_219.png, In Quarantäne, [c13f0df3946cdc24ced1d5be73907b85], 

PUP.Optional.VPLMedia.A, C:\Users\Roque22\AppData\Roaming\player\images\channel_ld_221.png, In Quarantäne, [c13f0df3946cdc24ced1d5be73907b85], 

PUP.Optional.VPLMedia.A, C:\Users\Roque22\AppData\Roaming\player\images\channel_ld_224.png, In Quarantäne, [c13f0df3946cdc24ced1d5be73907b85], 

PUP.Optional.VPLMedia.A, C:\Users\Roque22\AppData\Roaming\player\images\channel_ld_268.png, In Quarantäne, [c13f0df3946cdc24ced1d5be73907b85], 

PUP.Optional.VPLMedia.A, C:\Users\Roque22\AppData\Roaming\player\images\channel_ld_28.png, In Quarantäne, [c13f0df3946cdc24ced1d5be73907b85], 

PUP.Optional.VPLMedia.A, C:\Users\Roque22\AppData\Roaming\player\images\channel_ld_34.png, In Quarantäne, [c13f0df3946cdc24ced1d5be73907b85], 

PUP.Optional.VPLMedia.A, C:\Users\Roque22\AppData\Roaming\player\images\channel_ld_37.png, In Quarantäne, [c13f0df3946cdc24ced1d5be73907b85], 

PUP.Optional.VPLMedia.A, C:\Users\Roque22\AppData\Roaming\player\images\channel_ld_49.png, In Quarantäne, [c13f0df3946cdc24ced1d5be73907b85], 

PUP.Optional.VPLMedia.A, C:\Users\Roque22\AppData\Roaming\player\images\channel_ld_57.png, In Quarantäne, [c13f0df3946cdc24ced1d5be73907b85], 

PUP.Optional.VPLMedia.A, C:\Users\Roque22\AppData\Roaming\player\images\channel_ld_86.png, In Quarantäne, [c13f0df3946cdc24ced1d5be73907b85], 

PUP.Optional.VPLMedia.A, C:\Users\Roque22\AppData\Roaming\player\images\channel_ld_99.png, In Quarantäne, [c13f0df3946cdc24ced1d5be73907b85], 

PUP.Optional.VPLMedia.A, C:\Users\Roque22\AppData\Roaming\player\images\channel_ld_103.png, In Quarantäne, [c13f0df3946cdc24ced1d5be73907b85], 

PUP.Optional.VPLMedia.A, C:\Users\Roque22\AppData\Roaming\player\images\channel_ld_11.png, In Quarantäne, [c13f0df3946cdc24ced1d5be73907b85], 

PUP.Optional.VPLMedia.A, C:\Users\Roque22\AppData\Roaming\player\images\channel_ld_120.png, In Quarantäne, [c13f0df3946cdc24ced1d5be73907b85], 

PUP.Optional.VPLMedia.A, C:\Users\Roque22\AppData\Roaming\player\images\channel_ld_121.png, In Quarantäne, [c13f0df3946cdc24ced1d5be73907b85], 

PUP.Optional.VPLMedia.A, C:\Users\Roque22\AppData\Roaming\player\images\channel_ld_122.png, In Quarantäne, [c13f0df3946cdc24ced1d5be73907b85], 

PUP.Optional.VPLMedia.A, C:\Users\Roque22\AppData\Roaming\player\images\channel_ld_123.png, In Quarantäne, [c13f0df3946cdc24ced1d5be73907b85], 

PUP.Optional.VPLMedia.A, C:\Users\Roque22\AppData\Roaming\player\images\channel_ld_124.png, In Quarantäne, [c13f0df3946cdc24ced1d5be73907b85], 

PUP.Optional.VPLMedia.A, C:\Users\Roque22\AppData\Roaming\player\images\channel_ld_125.png, In Quarantäne, [c13f0df3946cdc24ced1d5be73907b85], 

PUP.Optional.VPLMedia.A, C:\Users\Roque22\AppData\Roaming\player\images\channel_ld_126.png, In Quarantäne, [c13f0df3946cdc24ced1d5be73907b85], 

PUP.Optional.VPLMedia.A, C:\Users\Roque22\AppData\Roaming\player\images\channel_ld_127.png, In Quarantäne, [c13f0df3946cdc24ced1d5be73907b85], 

PUP.Optional.VPLMedia.A, C:\Users\Roque22\AppData\Roaming\player\images\channel_ld_136.png, In Quarantäne, [c13f0df3946cdc24ced1d5be73907b85], 

PUP.Optional.VPLMedia.A, C:\Users\Roque22\AppData\Roaming\player\images\channel_ld_137.png, In Quarantäne, [c13f0df3946cdc24ced1d5be73907b85], 

PUP.Optional.VPLMedia.A, C:\Users\Roque22\AppData\Roaming\player\images\channel_ld_140.png, In Quarantäne, [c13f0df3946cdc24ced1d5be73907b85], 

PUP.Optional.VPLMedia.A, C:\Users\Roque22\AppData\Roaming\player\images\channel_ld_141.png, In Quarantäne, [c13f0df3946cdc24ced1d5be73907b85], 

PUP.Optional.VPLMedia.A, C:\Users\Roque22\AppData\Roaming\player\images\channel_ld_149.png, In Quarantäne, [c13f0df3946cdc24ced1d5be73907b85], 

PUP.Optional.VPLMedia.A, C:\Users\Roque22\AppData\Roaming\player\images\channel_ld_150.png, In Quarantäne, [c13f0df3946cdc24ced1d5be73907b85], 

PUP.Optional.VPLMedia.A, C:\Users\Roque22\AppData\Roaming\player\images\channel_ld_160.png, In Quarantäne, [c13f0df3946cdc24ced1d5be73907b85], 

PUP.Optional.VPLMedia.A, C:\Users\Roque22\AppData\Roaming\player\images\channel_ld_165.png, In Quarantäne, [c13f0df3946cdc24ced1d5be73907b85], 

PUP.Optional.VPLMedia.A, C:\Users\Roque22\AppData\Roaming\player\images\channel_ld_181.png, In Quarantäne, [c13f0df3946cdc24ced1d5be73907b85], 

PUP.Optional.VPLMedia.A, C:\Users\Roque22\AppData\Roaming\player\images\channel_ld_191.png, In Quarantäne, [c13f0df3946cdc24ced1d5be73907b85], 

PUP.Optional.Bizzybolt, C:\Program Files (x86)\Bizzybolt\Bizzybolt.ico, In Quarantäne, [c63ab749669a06faad34cf91c63c9967], 

PUP.Optional.Bizzybolt, C:\Program Files (x86)\Bizzybolt\BizzyboltUninstall.exe, In Quarantäne, [c63ab749669a06faad34cf91c63c9967], 

PUP.Optional.Bizzybolt, C:\Program Files (x86)\Bizzybolt\dgbjdgnkkchgleommaaapafcigjjbnmg.crx, In Quarantäne, [c63ab749669a06faad34cf91c63c9967], 

PUP.Optional.Bizzybolt, C:\Program Files (x86)\Bizzybolt\updateBizzybolt.InstallState, In Quarantäne, [c63ab749669a06faad34cf91c63c9967], 

PUP.Optional.Bizzybolt, C:\Program Files (x86)\Bizzybolt\bin\7za.exe, In Quarantäne, [c63ab749669a06faad34cf91c63c9967], 

PUP.Optional.Bizzybolt, C:\Program Files (x86)\Bizzybolt\bin\Bizzybolt.BrowserFilter.Helper.dll, In Quarantäne, [c63ab749669a06faad34cf91c63c9967], 

PUP.Optional.Bizzybolt, C:\Program Files (x86)\Bizzybolt\bin\Bizzybolt.BrowserFilter.Helper.dll.old.901b6816-b8ae-439f-9a9f-912f1465af79, In Quarantäne, [c63ab749669a06faad34cf91c63c9967], 

PUP.Optional.Bizzybolt, C:\Program Files (x86)\Bizzybolt\bin\Bizzybolt.iz, In Quarantäne, [c63ab749669a06faad34cf91c63c9967], 

PUP.Optional.Bizzybolt, C:\Program Files (x86)\Bizzybolt\bin\BizzyboltBrowserFilter.exe, In Quarantäne, [c63ab749669a06faad34cf91c63c9967], 

PUP.Optional.Bizzybolt, C:\Program Files (x86)\Bizzybolt\bin\BrowserAdapterS.7z, In Quarantäne, [c63ab749669a06faad34cf91c63c9967], 

PUP.Optional.Bizzybolt, C:\Program Files (x86)\Bizzybolt\bin\FilterApp_C64.exe, In Quarantäne, [c63ab749669a06faad34cf91c63c9967], 

PUP.Optional.Bizzybolt, C:\Program Files (x86)\Bizzybolt\bin\sqlite3.dll, In Quarantäne, [c63ab749669a06faad34cf91c63c9967], 

PUP.Optional.Bizzybolt, C:\Program Files (x86)\Bizzybolt\bin\utilBizzybolt.InstallState, In Quarantäne, [c63ab749669a06faad34cf91c63c9967], 

PUP.Optional.Bizzybolt, C:\Program Files (x86)\Bizzybolt\bin\XTLS.dll, In Quarantäne, [c63ab749669a06faad34cf91c63c9967], 

PUP.Optional.Bizzybolt, C:\Program Files (x86)\Bizzybolt\bin\XTLSApp.dll, In Quarantäne, [c63ab749669a06faad34cf91c63c9967], 

PUP.Optional.Bizzybolt, C:\Program Files (x86)\Bizzybolt\bin\XTLSApp.exe, In Quarantäne, [c63ab749669a06faad34cf91c63c9967], 

PUP.Optional.Bizzybolt, C:\Program Files (x86)\Bizzybolt\bin\plugins\Bizzybolt.Bromon.dll, In Quarantäne, [c63ab749669a06faad34cf91c63c9967], 

PUP.Optional.Bizzybolt, C:\Program Files (x86)\Bizzybolt\bin\plugins\Bizzybolt.BrowserAdapterS.dll, In Quarantäne, [c63ab749669a06faad34cf91c63c9967], 

PUP.Optional.Bizzybolt, C:\Program Files (x86)\Bizzybolt\bin\plugins\Bizzybolt.BrowserFilter.dll, In Quarantäne, [c63ab749669a06faad34cf91c63c9967], 

PUP.Optional.Bizzybolt, C:\Program Files (x86)\Bizzybolt\bin\plugins\Bizzybolt.CompatibilityChecker.dll, In Quarantäne, [c63ab749669a06faad34cf91c63c9967], 

PUP.Optional.Bizzybolt, C:\Program Files (x86)\Bizzybolt\bin\plugins\Bizzybolt.FFUpdate.dll, In Quarantäne, [c63ab749669a06faad34cf91c63c9967], 

PUP.Optional.Bizzybolt, C:\Program Files (x86)\Bizzybolt\bin\plugins\Bizzybolt.IEUpdate.dll, In Quarantäne, [c63ab749669a06faad34cf91c63c9967], 

PUP.Optional.Bizzybolt, C:\Program Files (x86)\Bizzybolt\bin\plugins\Bizzybolt.PurBrowse.dll, In Quarantäne, [c63ab749669a06faad34cf91c63c9967], 

PUP.Optional.Bizzybolt, C:\Program Files (x86)\Bizzybolt\bin\plugins\Bizzybolt.PurBrowseG.dll, In Quarantäne, [c63ab749669a06faad34cf91c63c9967], 
 

Physische Sektoren: 0

(No malicious items detected)
 
 

(end)

dann der AdwCleaner Log:

Code:

# AdwCleaner v3.100 - Bericht erstellt am 20/04/2014 um 16:31:43

# Aktualisiert 20/04/2014 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Benutzername : Roque22 - ROQUE22-PC

# Gestartet von : C:\Users\Roque22\Downloads\adwcleaner.exe

# Option : Löschen
 

***** [ Dienste ] *****
 

Dienst Gelöscht : wStLibG64
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\ProgramData\Package Cache

Ordner Gelöscht : C:\Program Files (x86)\vGrabber-software
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Schlüssel Gelöscht : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
 

***** [ Browser ] *****
 

-\\ Internet Explorer v11.0.9600.16521
 
 

-\\ Mozilla Firefox v28.0 (de)
 

[ Datei : C:\Users\Roque22\AppData\Roaming\Mozilla\Firefox\Profiles\wg61kx97.default\prefs.js ]
 
 

*************************
 

AdwCleaner[R0].txt - [69280 octets] - [27/03/2014 21:14:58]

AdwCleaner[R1].txt - [1234 octets] - [20/04/2014 16:30:54]

AdwCleaner[S0].txt - [63272 octets] - [27/03/2014 21:16:56]

AdwCleaner[S1].txt - [1159 octets] - [20/04/2014 16:31:43]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1219 octets] ##########

Der Log von Junkware:

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Home Premium x64

Ran by Roque22 on 20.04.2014 at 16:35:11,33

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\vafplayer

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4104037675-4091277650-539659468-1000\Software\wajam

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3B578C23-E293-4D12-B5F5-B89367ED4B6E}
 
 
 

~~~ Files
 
 
 

~~~ Folders
 

Successfully deleted: [Folder] "C:\ProgramData\drivergenius"
 
 
 

~~~ FireFox
 

Emptied folder: C:\Users\Roque22\AppData\Roaming\mozilla\firefox\profiles\wg61kx97.default\minidumps [12 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 20.04.2014 at 16:42:48,45

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Und die neue FRST:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2014

Ran by Roque22 (administrator) on ROQUE22-PC on 20-04-2014 16:46:25

Running from C:\Users\Roque22\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 11

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(AMD) C:\Windows\system32\atiesrxx.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

(Malwarebytes Corporation) K:\Programme\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) K:\Programme\Malwarebytes Anti-Malware\mbamservice.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Malwarebytes Corporation) K:\Programme\Malwarebytes Anti-Malware\mbam.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE

() C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe

(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI.ACE\Core-Static\MOM.exe

() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

(ATI Technologies Inc.) C:\Program Files (x86)\ATI.ACE\Core-Static\CCC.exe

(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)

HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.)

HKLM-x32\...\RunOnce: [EasyTuneVI] - C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe [40960 2012-07-09] ()

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

HKU\S-1-5-21-4104037675-4091277650-539659468-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2012-12-19] (AMD)

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x57CB23D4DA16CE01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Roque22\AppData\Roaming\Mozilla\Firefox\Profiles\wg61kx97.default

FF Homepage: https://www.google.de/

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File

FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)

FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: Gutscheinaffe - C:\Users\Roque22\AppData\Roaming\Mozilla\Firefox\Profiles\wg61kx97.default\Extensions\{9220f99f-5b7d-4a4d-97ca-209991796400}.xpi [2013-12-03]

FF Extension: DownThemAll! - C:\Users\Roque22\AppData\Roaming\Mozilla\Firefox\Profiles\wg61kx97.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-12-03]
 

==================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)

R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)

R2 MBAMScheduler; K:\Programme\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)

R2 MBAMService; K:\Programme\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-03] ()
 

==================== Drivers (Whitelisted) ====================
 

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-19] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-19] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-03] (Avira Operations GmbH & Co. KG)

R3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-04-20] ()

R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)

R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [119512 2014-04-20] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)

R1 wStLib64; C:\Windows\System32\drivers\wStLib64.sys [61120 2014-03-18] (StdLib)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-04-20 16:46 - 2014-04-20 16:46 - 00000000 ____D () C:\Users\Roque22\Downloads\FRST-OlderVersion

2014-04-20 16:42 - 2014-04-20 16:42 - 00001353 _____ () C:\Users\Roque22\Desktop\JRT.txt

2014-04-20 16:35 - 2014-04-20 16:35 - 00000000 ____D () C:\Windows\ERUNT

2014-04-20 16:34 - 2014-04-20 16:34 - 01016261 _____ (Thisisu) C:\Users\Roque22\Downloads\JRT.exe

2014-04-20 16:33 - 2014-04-20 16:33 - 00001299 _____ () C:\Users\Roque22\Desktop\AdwCleaner[S1].txt

2014-04-20 16:30 - 2014-04-20 16:30 - 01308369 _____ () C:\Users\Roque22\Downloads\adwcleaner.exe

2014-04-20 16:23 - 2014-04-20 16:23 - 00013337 _____ () C:\Users\Roque22\Desktop\MBAM.txt

2014-04-20 16:06 - 2014-04-20 16:06 - 00000737 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-20 16:06 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-20 16:06 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-04-20 15:58 - 2014-04-20 15:58 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Roque22\Downloads\mbam-setup-2.0.1.1004.exe

2014-04-19 14:59 - 2014-04-20 16:32 - 00000004 _____ () C:\Windows\SysWOW64\GVTunner.ref

2014-04-19 14:51 - 2014-04-19 14:51 - 00016762 _____ () C:\ComboFix.txt

2014-04-19 14:45 - 2014-04-19 14:51 - 00000000 ____D () C:\Qoobox

2014-04-19 14:45 - 2014-04-19 14:50 - 00000000 ____D () C:\Windows\erdnt

2014-04-19 14:45 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-04-19 14:45 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-04-19 14:45 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-04-19 14:45 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-04-19 14:45 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-04-19 14:45 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe

2014-04-19 14:45 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe

2014-04-19 14:45 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe

2014-04-19 14:44 - 2014-04-19 14:44 - 05195154 ____R (Swearware) C:\Users\Roque22\Downloads\ComboFix.exe

2014-04-19 14:40 - 2014-04-19 14:40 - 00000000 ____D () C:\Users\Roque22\AppData\Roaming\VSRevoGroup

2014-04-19 14:31 - 2014-04-19 14:31 - 00001264 _____ () C:\Users\Roque22\Desktop\Revo Uninstaller.lnk

2014-04-19 14:31 - 2014-04-19 14:31 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-04-19 14:30 - 2014-04-19 14:30 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Roque22\Downloads\revosetup95.exe

2014-04-19 14:24 - 2014-04-19 14:25 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log

2014-04-17 22:32 - 2014-04-17 22:32 - 00031238 _____ () C:\Users\Roque22\Desktop\Addition.txt

2014-04-17 22:32 - 2014-04-17 22:32 - 00020249 _____ () C:\Users\Roque22\Desktop\FRST.txt

2014-04-17 22:24 - 2014-04-17 22:24 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys

2014-04-17 21:53 - 2014-04-20 16:46 - 00011865 _____ () C:\Users\Roque22\Downloads\FRST.txt

2014-04-17 21:53 - 2014-04-17 21:54 - 00031238 _____ () C:\Users\Roque22\Downloads\Addition.txt

2014-04-17 21:52 - 2014-04-20 16:46 - 02055680 _____ (Farbar) C:\Users\Roque22\Downloads\FRST64.exe

2014-04-17 21:52 - 2014-04-20 16:46 - 00000000 ____D () C:\FRST

2014-04-17 18:36 - 2014-04-17 18:36 - 35941610 _____ () C:\Users\Roque22\Downloads\Modpaket-1_v0.9.0_System98.rar

2014-04-17 18:34 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-04-17 18:34 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-04-17 18:34 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-04-17 18:34 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-04-17 18:25 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys

2014-04-17 18:25 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys

2014-04-17 18:25 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys

2014-04-17 18:25 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll

2014-04-17 18:25 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll

2014-04-17 18:19 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2014-04-17 18:19 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2014-04-17 18:19 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2014-04-17 18:19 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2014-04-17 18:19 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2014-04-17 18:19 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2014-04-17 18:19 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2014-04-17 18:19 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2014-04-17 18:19 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2014-04-17 18:19 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2014-04-17 18:19 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2014-04-17 18:17 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys

2014-04-01 22:42 - 2014-04-01 22:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-03-27 21:22 - 2014-04-20 16:32 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-03-27 21:22 - 2014-04-20 16:06 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-03-27 21:22 - 2014-04-20 16:05 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-03-27 21:21 - 2014-04-20 16:05 - 00000000 ____D () C:\Users\Roque22\Desktop\mbar

2014-03-27 21:21 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-03-27 21:21 - 2014-03-27 21:21 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Roque22\Downloads\mbar-1.07.0.1009.exe

2014-03-27 21:14 - 2014-04-20 16:31 - 00000000 ____D () C:\AdwCleaner
 

==================== One Month Modified Files and Folders =======
 

2014-04-20 16:46 - 2014-04-20 16:46 - 00000000 ____D () C:\Users\Roque22\Downloads\FRST-OlderVersion

2014-04-20 16:46 - 2014-04-17 21:53 - 00011865 _____ () C:\Users\Roque22\Downloads\FRST.txt

2014-04-20 16:46 - 2014-04-17 21:52 - 02055680 _____ (Farbar) C:\Users\Roque22\Downloads\FRST64.exe

2014-04-20 16:46 - 2014-04-17 21:52 - 00000000 ____D () C:\FRST

2014-04-20 16:42 - 2014-04-20 16:42 - 00001353 _____ () C:\Users\Roque22\Desktop\JRT.txt

2014-04-20 16:39 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-04-20 16:39 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-04-20 16:38 - 2011-04-12 09:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat

2014-04-20 16:38 - 2011-04-12 09:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat

2014-04-20 16:38 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-04-20 16:35 - 2014-04-20 16:35 - 00000000 ____D () C:\Windows\ERUNT

2014-04-20 16:34 - 2014-04-20 16:34 - 01016261 _____ (Thisisu) C:\Users\Roque22\Downloads\JRT.exe

2014-04-20 16:33 - 2014-04-20 16:33 - 00001299 _____ () C:\Users\Roque22\Desktop\AdwCleaner[S1].txt

2014-04-20 16:32 - 2014-04-19 14:59 - 00000004 _____ () C:\Windows\SysWOW64\GVTunner.ref

2014-04-20 16:32 - 2014-03-27 21:22 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-20 16:32 - 2014-01-05 02:33 - 00010578 _____ () C:\Windows\setupact.log

2014-04-20 16:32 - 2013-03-02 01:36 - 00030528 _____ () C:\Windows\GVTDrv64.sys

2014-04-20 16:32 - 2013-03-02 01:36 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys

2014-04-20 16:32 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-20 16:31 - 2014-03-27 21:14 - 00000000 ____D () C:\AdwCleaner

2014-04-20 16:31 - 2013-03-02 01:16 - 01185833 _____ () C:\Windows\WindowsUpdate.log

2014-04-20 16:30 - 2014-04-20 16:30 - 01308369 _____ () C:\Users\Roque22\Downloads\adwcleaner.exe

2014-04-20 16:23 - 2014-04-20 16:23 - 00013337 _____ () C:\Users\Roque22\Desktop\MBAM.txt

2014-04-20 16:20 - 2010-11-21 05:47 - 00205956 _____ () C:\Windows\PFRO.log

2014-04-20 16:06 - 2014-04-20 16:06 - 00000737 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-20 16:06 - 2014-03-27 21:22 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-20 16:05 - 2014-03-27 21:22 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-04-20 16:05 - 2014-03-27 21:21 - 00000000 ____D () C:\Users\Roque22\Desktop\mbar

2014-04-20 16:04 - 2013-03-02 01:43 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-04-20 15:58 - 2014-04-20 15:58 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Roque22\Downloads\mbam-setup-2.0.1.1004.exe

2014-04-19 14:51 - 2014-04-19 14:51 - 00016762 _____ () C:\ComboFix.txt

2014-04-19 14:51 - 2014-04-19 14:45 - 00000000 ____D () C:\Qoobox

2014-04-19 14:50 - 2014-04-19 14:45 - 00000000 ____D () C:\Windows\erdnt

2014-04-19 14:50 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini

2014-04-19 14:44 - 2014-04-19 14:44 - 05195154 ____R (Swearware) C:\Users\Roque22\Downloads\ComboFix.exe

2014-04-19 14:40 - 2014-04-19 14:40 - 00000000 ____D () C:\Users\Roque22\AppData\Roaming\VSRevoGroup

2014-04-19 14:40 - 2013-03-02 01:16 - 00000000 ___RD () C:\Users\Roque22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-04-19 14:31 - 2014-04-19 14:31 - 00001264 _____ () C:\Users\Roque22\Desktop\Revo Uninstaller.lnk

2014-04-19 14:31 - 2014-04-19 14:31 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-04-19 14:30 - 2014-04-19 14:30 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Roque22\Downloads\revosetup95.exe

2014-04-19 14:27 - 2014-01-05 23:17 - 00000000 ____D () C:\ProgramData\Oracle

2014-04-19 14:25 - 2014-04-19 14:24 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log

2014-04-19 14:25 - 2014-01-05 23:16 - 00000000 ____D () C:\Program Files (x86)\Java

2014-04-19 14:20 - 2013-03-03 00:35 - 00000000 ____D () C:\Users\Roque22\AppData\Local\Adobe

2014-04-19 14:20 - 2013-03-02 01:43 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-04-19 14:20 - 2013-03-02 01:43 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-04-19 14:20 - 2013-03-02 01:43 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-04-17 23:14 - 2013-10-06 01:49 - 00000000 ____D () C:\Windows\system32\MRT

2014-04-17 23:14 - 2013-03-08 17:19 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-04-17 22:32 - 2014-04-17 22:32 - 00031238 _____ () C:\Users\Roque22\Desktop\Addition.txt

2014-04-17 22:32 - 2014-04-17 22:32 - 00020249 _____ () C:\Users\Roque22\Desktop\FRST.txt

2014-04-17 22:24 - 2014-04-17 22:24 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys

2014-04-17 21:54 - 2014-04-17 21:53 - 00031238 _____ () C:\Users\Roque22\Downloads\Addition.txt

2014-04-17 21:48 - 2014-01-23 21:28 - 00000000 ____D () C:\Users\Roque22\AppData\Roaming\TS3Client

2014-04-17 18:36 - 2014-04-17 18:36 - 35941610 _____ () C:\Users\Roque22\Downloads\Modpaket-1_v0.9.0_System98.rar

2014-04-17 18:34 - 2013-03-02 02:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-04-14 20:13 - 2014-01-05 23:16 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-04-14 20:05 - 2014-01-05 23:17 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-04-14 20:05 - 2014-01-05 23:16 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-04-14 20:04 - 2014-01-05 23:16 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-04-03 09:51 - 2014-04-20 16:06 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-03 09:51 - 2014-03-27 21:21 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-03 09:50 - 2014-04-20 16:06 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-04-01 22:42 - 2014-04-01 22:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-03-31 09:35 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-03-31 03:16 - 2014-04-17 18:34 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-03-31 03:13 - 2014-04-17 18:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-03-31 02:13 - 2014-04-17 18:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-03-31 01:57 - 2014-04-17 18:34 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-03-27 21:21 - 2014-03-27 21:21 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Roque22\Downloads\mbar-1.07.0.1009.exe

2014-03-27 21:19 - 2009-07-14 04:34 - 00000603 _____ () C:\Windows\win.ini

2014-03-27 21:15 - 2013-11-03 02:55 - 00000000 ____D () C:\ProgramData\14d81ad0a02fa632

2014-03-23 17:30 - 2013-03-02 15:30 - 00000000 ____D () C:\ProgramData\Origin

2014-03-23 17:29 - 2013-03-02 15:30 - 00000000 ____D () C:\Program Files (x86)\Origin

2014-03-22 18:58 - 2013-03-02 23:02 - 00280600 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr

2014-03-22 18:58 - 2013-03-02 16:03 - 00280600 _____ () C:\Windows\SysWOW64\PnkBstrB.exe

2014-03-22 17:48 - 2013-03-02 16:03 - 00291328 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
 

Some content of TEMP:

====================

C:\Users\Roque22\AppData\Local\Temp\avgnt.exe

C:\Users\Roque22\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-04-01 22:58
 

==================== End Of Log ============================

--- --- ---

Ich hoffe das wars nun. :applaus:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Hi,

so ESET-Logfile sieht so aus:

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=8f50b8527b2b064681e535f298c46e04

# engine=17961

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2014-04-20 07:45:03

# local_time=2014-04-20 09:45:03 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1799 16775165 100 96 20978 35843275 13742 0

# compatibility_mode=5893 16776573 100 94 11972 149652953 0 0

# scanned=439945

# found=5

# cleaned=0

# scan_time=5765

sh=EE5EC9CFFB59790D553F5A3394AD5808E1E37446 ft=1 fh=c71c00117a532bb1 vn="a variant of Win32/AdWare.MultiPlug.K.gen application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\DoWniloAd keeepaer\C6mub_0.exe.vir"

sh=EE5EC9CFFB59790D553F5A3394AD5808E1E37446 ft=1 fh=c71c00117a532bb1 vn="a variant of Win32/AdWare.MultiPlug.K.gen application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\SearchNewTab\1yVZUHIAXx.exe.vir"

sh=BF249B34B102C7CD84F00AEAA3CA0B2E1E24A082 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Roque22\AppData\Roaming\Mozilla\Firefox\Profiles\wg61kx97.default\Extensions\jwojyoee@bomzcg.com\content\bg.js.vir"

sh=AF2F2392D1AEEC3C0B5C4AA3BB12B8DB0D01A8D8 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Roque22\AppData\Roaming\Mozilla\Firefox\Profiles\wg61kx97.default\Extensions\tcmvpn5@eyou-c.org\content\bg.js.vir"

sh=57E5CDF3AB2B37471613FA343CD113870F26C75C ft=1 fh=893fe457d63eb0c6 vn="Win32/Adware.ToolPlugin application" ac=I fn="E:\Systemplatte\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\toolplugin\toolbar.dll"

dann:

Code:

 Results of screen317's Security Check version 0.99.82  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  
 ``````````````Antivirus/Firewall Check:`````````````` 

Avira Desktop   

 Antivirus up to date!  (On Access scanning disabled!) 
 `````````Anti-malware/Other Utilities Check:````````` 

 Java 7 Update 55  

 Adobe Flash Player 13.0.0.182  

 Adobe Reader XI  

 Mozilla Firefox (28.0) 

 Mozilla Thunderbird (17.0.6) 
 ````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbam.exe  

 Avira Antivir avgnt.exe 

 Avira Antivir avguard.exe 
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

und das neue FRST-Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2014

Ran by Roque22 (administrator) on ROQUE22-PC on 22-04-2014 19:18:39

Running from C:\Users\Roque22\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 11

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(AMD) C:\Windows\system32\atiesrxx.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

(Malwarebytes Corporation) K:\Programme\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) K:\Programme\Malwarebytes Anti-Malware\mbamservice.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Malwarebytes Corporation) K:\Programme\Malwarebytes Anti-Malware\mbam.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE

() C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe

(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI.ACE\Core-Static\MOM.exe

(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe

() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

(ATI Technologies Inc.) C:\Program Files (x86)\ATI.ACE\Core-Static\CCC.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Windows\splwow64.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)

HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.)

HKLM-x32\...\RunOnce: [EasyTuneVI] - C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe [40960 2012-07-09] ()

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

HKU\S-1-5-21-4104037675-4091277650-539659468-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2012-12-19] (AMD)

HKU\S-1-5-21-4104037675-4091277650-539659468-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2012-12-19] (AMD)

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x57CB23D4DA16CE01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Roque22\AppData\Roaming\Mozilla\Firefox\Profiles\wg61kx97.default

FF Homepage: https://www.google.de/

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File

FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)

FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: Gutscheinaffe - C:\Users\Roque22\AppData\Roaming\Mozilla\Firefox\Profiles\wg61kx97.default\Extensions\{9220f99f-5b7d-4a4d-97ca-209991796400}.xpi [2013-12-03]

FF Extension: DownThemAll! - C:\Users\Roque22\AppData\Roaming\Mozilla\Firefox\Profiles\wg61kx97.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-12-03]
 

==================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)

R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)

R2 MBAMScheduler; K:\Programme\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)

R2 MBAMService; K:\Programme\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-03] ()
 

==================== Drivers (Whitelisted) ====================
 

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-19] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-19] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-03] (Avira Operations GmbH & Co. KG)

R3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-04-20] ()

R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-22] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)

R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

R1 wStLib64; C:\Windows\System32\drivers\wStLib64.sys [61120 2014-03-18] (StdLib)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-04-22 19:17 - 2014-04-22 19:17 - 00000875 _____ () C:\Users\Roque22\Desktop\checkup.txt

2014-04-22 19:16 - 2014-04-22 19:16 - 00855379 _____ () C:\Users\Roque22\Downloads\SecurityCheck.exe

2014-04-20 20:00 - 2014-04-20 20:00 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-04-20 19:56 - 2014-04-20 19:56 - 02347384 _____ (ESET) C:\Users\Roque22\Downloads\esetsmartinstaller_enu.exe

2014-04-20 16:47 - 2014-04-20 16:47 - 00027317 _____ () C:\Users\Roque22\Desktop\FRST1.txt

2014-04-20 16:46 - 2014-04-22 19:18 - 00000000 ____D () C:\Users\Roque22\Downloads\FRST-OlderVersion

2014-04-20 16:42 - 2014-04-20 16:42 - 00001353 _____ () C:\Users\Roque22\Desktop\JRT.txt

2014-04-20 16:35 - 2014-04-20 16:35 - 00000000 ____D () C:\Windows\ERUNT

2014-04-20 16:34 - 2014-04-20 16:34 - 01016261 _____ (Thisisu) C:\Users\Roque22\Downloads\JRT.exe

2014-04-20 16:33 - 2014-04-20 16:33 - 00001299 _____ () C:\Users\Roque22\Desktop\AdwCleaner[S1].txt

2014-04-20 16:30 - 2014-04-20 16:30 - 01308369 _____ () C:\Users\Roque22\Downloads\adwcleaner.exe

2014-04-20 16:23 - 2014-04-20 16:23 - 00013337 _____ () C:\Users\Roque22\Desktop\MBAM.txt

2014-04-20 16:06 - 2014-04-20 16:06 - 00000737 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-20 16:06 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-20 16:06 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-04-20 15:58 - 2014-04-20 15:58 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Roque22\Downloads\mbam-setup-2.0.1.1004.exe

2014-04-19 14:59 - 2014-04-20 18:53 - 00000004 _____ () C:\Windows\SysWOW64\GVTunner.ref

2014-04-19 14:51 - 2014-04-19 14:51 - 00016762 _____ () C:\ComboFix.txt

2014-04-19 14:45 - 2014-04-19 14:51 - 00000000 ____D () C:\Qoobox

2014-04-19 14:45 - 2014-04-19 14:50 - 00000000 ____D () C:\Windows\erdnt

2014-04-19 14:45 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-04-19 14:45 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-04-19 14:45 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-04-19 14:45 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-04-19 14:45 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-04-19 14:45 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe

2014-04-19 14:45 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe

2014-04-19 14:45 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe

2014-04-19 14:44 - 2014-04-19 14:44 - 05195154 ____R (Swearware) C:\Users\Roque22\Downloads\ComboFix.exe

2014-04-19 14:40 - 2014-04-19 14:40 - 00000000 ____D () C:\Users\Roque22\AppData\Roaming\VSRevoGroup

2014-04-19 14:31 - 2014-04-19 14:31 - 00001264 _____ () C:\Users\Roque22\Desktop\Revo Uninstaller.lnk

2014-04-19 14:31 - 2014-04-19 14:31 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-04-19 14:30 - 2014-04-19 14:30 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Roque22\Downloads\revosetup95.exe

2014-04-19 14:24 - 2014-04-19 14:25 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log

2014-04-17 22:32 - 2014-04-17 22:32 - 00031238 _____ () C:\Users\Roque22\Desktop\Addition.txt

2014-04-17 22:32 - 2014-04-17 22:32 - 00020249 _____ () C:\Users\Roque22\Desktop\FRST.txt

2014-04-17 22:24 - 2014-04-17 22:24 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys

2014-04-17 21:53 - 2014-04-22 19:18 - 00012488 _____ () C:\Users\Roque22\Downloads\FRST.txt

2014-04-17 21:53 - 2014-04-17 21:54 - 00031238 _____ () C:\Users\Roque22\Downloads\Addition.txt

2014-04-17 21:52 - 2014-04-22 19:18 - 02061312 _____ (Farbar) C:\Users\Roque22\Downloads\FRST64.exe

2014-04-17 21:52 - 2014-04-22 19:18 - 00000000 ____D () C:\FRST

2014-04-17 18:36 - 2014-04-17 18:36 - 35941610 _____ () C:\Users\Roque22\Downloads\Modpaket-1_v0.9.0_System98.rar

2014-04-17 18:34 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-04-17 18:34 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-04-17 18:34 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-04-17 18:34 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-04-17 18:25 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys

2014-04-17 18:25 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys

2014-04-17 18:25 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys

2014-04-17 18:25 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll

2014-04-17 18:25 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll

2014-04-17 18:19 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2014-04-17 18:19 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2014-04-17 18:19 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2014-04-17 18:19 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2014-04-17 18:19 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2014-04-17 18:19 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2014-04-17 18:19 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2014-04-17 18:19 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2014-04-17 18:19 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2014-04-17 18:19 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2014-04-17 18:19 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2014-04-17 18:17 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys

2014-04-01 22:42 - 2014-04-01 22:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-03-27 21:22 - 2014-04-22 19:13 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-03-27 21:22 - 2014-04-20 16:06 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-03-27 21:22 - 2014-04-20 16:05 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-03-27 21:21 - 2014-04-20 16:05 - 00000000 ____D () C:\Users\Roque22\Desktop\mbar

2014-03-27 21:21 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-03-27 21:21 - 2014-03-27 21:21 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Roque22\Downloads\mbar-1.07.0.1009.exe

2014-03-27 21:14 - 2014-04-20 16:31 - 00000000 ____D () C:\AdwCleaner
 

==================== One Month Modified Files and Folders =======
 

2014-04-22 19:18 - 2014-04-20 16:46 - 00000000 ____D () C:\Users\Roque22\Downloads\FRST-OlderVersion

2014-04-22 19:18 - 2014-04-17 21:53 - 00012488 _____ () C:\Users\Roque22\Downloads\FRST.txt

2014-04-22 19:18 - 2014-04-17 21:52 - 02061312 _____ (Farbar) C:\Users\Roque22\Downloads\FRST64.exe

2014-04-22 19:18 - 2014-04-17 21:52 - 00000000 ____D () C:\FRST

2014-04-22 19:17 - 2014-04-22 19:17 - 00000875 _____ () C:\Users\Roque22\Desktop\checkup.txt

2014-04-22 19:16 - 2014-04-22 19:16 - 00855379 _____ () C:\Users\Roque22\Downloads\SecurityCheck.exe

2014-04-22 19:14 - 2013-03-02 01:16 - 01208707 _____ () C:\Windows\WindowsUpdate.log

2014-04-22 19:13 - 2014-03-27 21:22 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-22 19:13 - 2013-03-02 01:43 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-04-20 20:00 - 2014-04-20 20:00 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-04-20 19:56 - 2014-04-20 19:56 - 02347384 _____ (ESET) C:\Users\Roque22\Downloads\esetsmartinstaller_enu.exe

2014-04-20 19:00 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-04-20 19:00 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-04-20 18:59 - 2011-04-12 09:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat

2014-04-20 18:59 - 2011-04-12 09:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat

2014-04-20 18:59 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-04-20 18:53 - 2014-04-19 14:59 - 00000004 _____ () C:\Windows\SysWOW64\GVTunner.ref

2014-04-20 18:53 - 2014-01-05 02:33 - 00010690 _____ () C:\Windows\setupact.log

2014-04-20 18:53 - 2013-03-02 01:36 - 00030528 _____ () C:\Windows\GVTDrv64.sys

2014-04-20 18:53 - 2013-03-02 01:36 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys

2014-04-20 18:53 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-20 18:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache

2014-04-20 16:47 - 2014-04-20 16:47 - 00027317 _____ () C:\Users\Roque22\Desktop\FRST1.txt

2014-04-20 16:42 - 2014-04-20 16:42 - 00001353 _____ () C:\Users\Roque22\Desktop\JRT.txt

2014-04-20 16:35 - 2014-04-20 16:35 - 00000000 ____D () C:\Windows\ERUNT

2014-04-20 16:34 - 2014-04-20 16:34 - 01016261 _____ (Thisisu) C:\Users\Roque22\Downloads\JRT.exe

2014-04-20 16:33 - 2014-04-20 16:33 - 00001299 _____ () C:\Users\Roque22\Desktop\AdwCleaner[S1].txt

2014-04-20 16:31 - 2014-03-27 21:14 - 00000000 ____D () C:\AdwCleaner

2014-04-20 16:30 - 2014-04-20 16:30 - 01308369 _____ () C:\Users\Roque22\Downloads\adwcleaner.exe

2014-04-20 16:23 - 2014-04-20 16:23 - 00013337 _____ () C:\Users\Roque22\Desktop\MBAM.txt

2014-04-20 16:20 - 2010-11-21 05:47 - 00205956 _____ () C:\Windows\PFRO.log

2014-04-20 16:06 - 2014-04-20 16:06 - 00000737 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-20 16:06 - 2014-03-27 21:22 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-20 16:05 - 2014-03-27 21:22 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-04-20 16:05 - 2014-03-27 21:21 - 00000000 ____D () C:\Users\Roque22\Desktop\mbar

2014-04-20 15:58 - 2014-04-20 15:58 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Roque22\Downloads\mbam-setup-2.0.1.1004.exe

2014-04-19 14:51 - 2014-04-19 14:51 - 00016762 _____ () C:\ComboFix.txt

2014-04-19 14:51 - 2014-04-19 14:45 - 00000000 ____D () C:\Qoobox

2014-04-19 14:50 - 2014-04-19 14:45 - 00000000 ____D () C:\Windows\erdnt

2014-04-19 14:50 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini

2014-04-19 14:44 - 2014-04-19 14:44 - 05195154 ____R (Swearware) C:\Users\Roque22\Downloads\ComboFix.exe

2014-04-19 14:40 - 2014-04-19 14:40 - 00000000 ____D () C:\Users\Roque22\AppData\Roaming\VSRevoGroup

2014-04-19 14:40 - 2013-03-02 01:16 - 00000000 ___RD () C:\Users\Roque22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-04-19 14:31 - 2014-04-19 14:31 - 00001264 _____ () C:\Users\Roque22\Desktop\Revo Uninstaller.lnk

2014-04-19 14:31 - 2014-04-19 14:31 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-04-19 14:30 - 2014-04-19 14:30 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Roque22\Downloads\revosetup95.exe

2014-04-19 14:27 - 2014-01-05 23:17 - 00000000 ____D () C:\ProgramData\Oracle

2014-04-19 14:25 - 2014-04-19 14:24 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log

2014-04-19 14:25 - 2014-01-05 23:16 - 00000000 ____D () C:\Program Files (x86)\Java

2014-04-19 14:20 - 2013-03-03 00:35 - 00000000 ____D () C:\Users\Roque22\AppData\Local\Adobe

2014-04-19 14:20 - 2013-03-02 01:43 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-04-19 14:20 - 2013-03-02 01:43 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-04-19 14:20 - 2013-03-02 01:43 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-04-17 23:14 - 2013-10-06 01:49 - 00000000 ____D () C:\Windows\system32\MRT

2014-04-17 23:14 - 2013-03-08 17:19 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-04-17 22:32 - 2014-04-17 22:32 - 00031238 _____ () C:\Users\Roque22\Desktop\Addition.txt

2014-04-17 22:32 - 2014-04-17 22:32 - 00020249 _____ () C:\Users\Roque22\Desktop\FRST.txt

2014-04-17 22:24 - 2014-04-17 22:24 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys

2014-04-17 21:54 - 2014-04-17 21:53 - 00031238 _____ () C:\Users\Roque22\Downloads\Addition.txt

2014-04-17 21:48 - 2014-01-23 21:28 - 00000000 ____D () C:\Users\Roque22\AppData\Roaming\TS3Client

2014-04-17 18:36 - 2014-04-17 18:36 - 35941610 _____ () C:\Users\Roque22\Downloads\Modpaket-1_v0.9.0_System98.rar

2014-04-17 18:34 - 2013-03-02 02:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-04-14 20:13 - 2014-01-05 23:16 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-04-14 20:05 - 2014-01-05 23:17 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-04-14 20:05 - 2014-01-05 23:16 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-04-14 20:04 - 2014-01-05 23:16 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-04-03 09:51 - 2014-04-20 16:06 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-03 09:51 - 2014-03-27 21:21 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-03 09:50 - 2014-04-20 16:06 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-04-01 22:42 - 2014-04-01 22:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-03-31 09:35 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-03-31 03:16 - 2014-04-17 18:34 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-03-31 03:13 - 2014-04-17 18:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-03-31 02:13 - 2014-04-17 18:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-03-31 01:57 - 2014-04-17 18:34 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-03-27 21:21 - 2014-03-27 21:21 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Roque22\Downloads\mbar-1.07.0.1009.exe

2014-03-27 21:19 - 2009-07-14 04:34 - 00000603 _____ () C:\Windows\win.ini

2014-03-27 21:15 - 2013-11-03 02:55 - 00000000 ____D () C:\ProgramData\14d81ad0a02fa632

2014-03-23 17:30 - 2013-03-02 15:30 - 00000000 ____D () C:\ProgramData\Origin

2014-03-23 17:29 - 2013-03-02 15:30 - 00000000 ____D () C:\Program Files (x86)\Origin
 

Some content of TEMP:

====================

C:\Users\Roque22\AppData\Local\Temp\avgnt.exe

C:\Users\Roque22\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-04-20 18:22
 

==================== End Of Log ============================

--- --- ---

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Fertig :)

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.