Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   This file contained a virus and was deleted ....... (https://www.trojaner-board.de/141408-this-file-contained-a-virus-deleted.html)

granatenfred 12.09.2013 13:08
This file contained a virus and was deleted .......
 
Hi,
seit Tagen kann ich keine pdf mehr öffnen, es erscheint stets obrige Meldung!
Habe auf meinem PC (Windows 7) bereits (auch im abgesicherten Modus) CCleaner und Malwarebytes laufen gelassen, aber nichts gefunden bzw. bereinigt.
Tippe auf den Zeroaccess Trojaner, konnte aber aus dem Internet keine Hilfe ergoogeln, da ich ja nichts mehr herunterladen kann.
Vielleicht ist einer von euch "Fähigen" in der Lage mir unter die Arme zu greifen.
Ahh .... übrigens ein Hallo an alle.
lg

aharonov 12.09.2013 13:15
:hallo:

Dein Thema ist in Arbeit und wird von einem unserer Auszubildenden betreut.

Bitte beachte, dass alle Antworten des Auszubildenden zuerst von einem Ausbilder freigegeben werden müssen, bevor diese hier gepostet werden dürfen. Dies garantiert, dass du Hilfe von einem ausgebildeten Helfer bekommst.

Wir bedanken uns für deine Geduld. :)

Aneri 12.09.2013 13:17
:hallo:

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


granatenfred 12.09.2013 13:22
Hallo,
kann leider Schritt 1 schon nicht ausführen, weil eben "This file contained a virus and was deleted " ..........

Aneri 12.09.2013 14:05
Hallo

lade dir die Dateien bitte auf einem anderen PC herunter, speichere Sie auf einem USB Stick und wechsel wieder auf den infizierten Rechner. Dort FRST nach Anleitung ausführen.

granatenfred 12.09.2013 14:37
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-09-2013 02
Ran by georg (administrator) on GEORG-PC on 12-09-2013 15:18:21
Running from H:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
() C:\Users\georg\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
() C:\Users\georg\AppData\Roaming\Epfoe\zizy.exe
(ASUSTeK COMPUTER INC.) C:\Users\georg\AppData\Roaming\ie_util.exe
(Facebook) C:\Users\georg\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(McAfee, Inc.) c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Core\mchost.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-08-06] (Egis Technology Inc.)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Ocs_SM] - C:\Users\georg\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2012-06-20] (OCS)
HKCU\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKCU\...\Run: [Facebook Update] - C:\Users\georg\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKCU\...\Run: [{4DC594A0-2200-AD7C-8F4F-ED2F9D0ECE32}] - C:\Users\georg\AppData\Roaming\Epfoe\zizy.exe [318464 2009-10-30] ()
HKCU\...\Run: [Fousonc] - C:\Users\georg\AppData\Roaming\Xusai\osos.exe [360960 2010-10-19] (TivDevelop Software Group)
HKCU\...\Run: [IExplorer Util] - C:\Users\georg\AppData\Roaming\ie_util.exe [65536 2013-07-18] (ASUSTeK COMPUTER INC.)
HKCU\...\Run: [Utubvo] - C:\Users\georg\AppData\Roaming\Ymze\utubvo.exe [311296 2009-11-02] ()
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-12] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280 2009-08-10] ()
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [128296 2009-07-31] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-08-04] (Acer Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-06-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [976832 2010-06-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1157976 2010-06-08] (Symantec Corporation)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1675160 2012-03-21] (McAfee, Inc.)
HKLM-x32\...\Run: [SSDMonitor] - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [105120 2012-08-21] (PC Tools)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\UpdatusUser\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
AppInit_DLLs: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll  [162336 2009-07-22] ()
AppInit_DLLs-x32: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll  [ ] ()
Startup: C:\Users\georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\georg\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&m=aspire_x3812&r=17361009sn07973380rj5lz791l90q
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=AT&userid=05cbec6b-a6ed-48eb-b7b5-39046b65667e&searchtype=ds&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=AT&userid=05cbec6b-a6ed-48eb-b7b5-39046b65667e&searchtype=ds&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=AT&userid=05cbec6b-a6ed-48eb-b7b5-39046b65667e&searchtype=ds&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=AT&userid=05cbec6b-a6ed-48eb-b7b5-39046b65667e&searchtype=ds&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = hxxp://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
SearchScopes: HKCU - DefaultScope {1A15684C-DC6C-4461-9397-AC9DAD3BEED5} URL = hxxp://search.softonic.com/MOY00027/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=872
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=AT&userid=05cbec6b-a6ed-48eb-b7b5-39046b65667e&searchtype=ds&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&k=0
SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = hxxp://start.facemoods.com.anonymize-me.de/?anonymto=687474703A2F2F73746172742E666163656D6F6F64732E636F6D2F3F613D6770706326733D7B7365617263685465726D737D26663D34&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&k=0
SearchScopes: HKCU - {19BA5F42-323C-4E6F-9BC3-3A72BFD71830} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {1A15684C-DC6C-4461-9397-AC9DAD3BEED5} URL = hxxp://search.softonic.com/MOY00027/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=872
SearchScopes: HKCU - {28BD441E-9ACB-4B3B-AD36-389616746E0D} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {5F46E6AC-E562-49DF-946C-564E843D937D} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F736F7572636569643D69653726713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26726C7A3D314937414341575F64654154333531&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&k=0
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D696537&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&k=0
SearchScopes: HKCU - {859B5591-3432-49A4-A87A-DF9CA3E63862} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {87284A0D-E9DB-43DE-B680-B1310E705C07} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {96AA702E-EBD1-4371-A937-564EA4BF3645} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = hxxp://search.bearshare.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E6265617273686172652E636F6D2F7765623F7372633D6965622673797374656D69643D3226713D7B7365617263685465726D737D&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&k=0
SearchScopes: HKCU - {A3401954-366F-4DB2-807C-4BEE8BC82289} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
BHO: No Name - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} -  No File
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120903085732.dll (McAfee, Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {27B4851A-3207-45A2-B947-BE8AFE6163AB} -  No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120903085734.dll (McAfee, Inc.)
BHO-x32: Freeware.de Toolbar - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.8.8.11\bh\Softonic.dll (Softonic.com)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM -  No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 -  No Name - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} -  No File
Toolbar: HKLM-x32 - Gutscheinmieze - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\georg\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
Toolbar: HKLM-x32 - Freeware.de Toolbar - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.)
Toolbar: HKLM-x32 -  No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.8.8.11\SoftonicTlbr.dll (Softonic.com)
Toolbar: HKCU -  No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKCU -  No Name - {7E111A5C-3D11-4F56-9463-5310C3C69025} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {D4003189-95B1-4A2F-9A87-F2B03665960D} hxxp://www.spvod.com/soft/vjocx-ch-spvod.cab
DPF: HKLM-x32 {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://91.113.220.122/activex/AMC.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 195.58.160.194 195.58.161.122

Chrome:
=======
CHR Extension: (Softonic Chrome Toolbar) - C:\Users\georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0
CHR Extension: (SiteAdvisor) - C:\Users\georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0
CHR Extension: (Freeware.de) - C:\Users\georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlafpokblfobdnjhhggocaanijghemnd\2.3.4.950_0
CHR HKLM-x32\...\Chrome\Extension: [elchiiiejkobdbblfejjkbphbddgmljf] - C:\Program Files (x86)\Softonic\Softonic\1.8.8.11\Softonic.crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx
CHR HKLM-x32\...\Chrome\Extension: [nlafpokblfobdnjhhggocaanijghemnd] - C:\Users\georg\AppData\Local\CRE\nlafpokblfobdnjhhggocaanijghemnd.crx

==================== Services (Whitelisted) =================

R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [120592 2013-05-22] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [502064 2012-08-23] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199304 2012-05-25] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [210616 2012-05-25] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [162224 2012-05-25] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-06] (Egis Technology Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-08] (Symantec Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [132504 2013-03-17] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe [126392 2011-11-07] (Symantec Corporation)
R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [794272 2012-08-21] (PC Tools)
R2 SearchAnonymizer; C:\Users\georg\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [40960 2012-06-20] ()
S2 0068621378883807mcinstcleanup; C:\Windows\TEMP\006862~1.EXE -cleanup -nolog [x]
S2 vvdsvc; C:\Windows\system32\nagasoft\vjocx.dll [x]
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{a50b55d5-acf0-eeaf-93b8-f6748b45f12a}\  \...\???\{a50b55d5-acf0-eeaf-93b8-f6748b45f12a}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)
R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-12 15:17 - 2013-09-12 15:17 - 00000000 ____D C:\FRST
2013-09-12 15:17 - 2013-09-12 15:17 - 00000000 _____ C:\Windows\setuperr.log
2013-09-12 10:34 - 2013-09-12 10:34 - 00012560 _____ C:\Users\georg\Documents\cc_20130912_103418.reg
2013-08-19 15:18 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-19 15:18 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-19 15:18 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-19 15:18 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-19 15:18 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-19 15:18 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-19 15:18 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-19 15:18 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-19 15:18 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-19 15:18 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-19 15:18 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-19 15:18 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-19 15:18 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-19 15:18 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-19 15:18 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-19 15:18 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-19 15:18 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-19 15:18 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-19 15:18 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-19 15:18 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-19 15:18 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-19 15:18 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-19 15:18 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-19 15:18 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-19 15:18 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-19 15:18 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-19 15:18 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-19 15:18 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-19 15:18 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-19 15:18 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-19 15:18 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-19 10:19 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-19 10:19 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-19 10:18 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-19 10:18 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-19 10:18 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-19 10:18 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-19 10:18 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-19 10:18 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-19 10:18 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-19 10:18 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-19 10:18 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-19 10:18 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-19 10:18 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-19 10:18 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-19 10:18 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-19 10:18 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-13 10:22 - 2013-09-12 14:21 - 02068529 _____ C:\Windows\WindowsUpdate.log

==================== One Month Modified Files and Folders =======

2013-09-12 15:18 - 2009-07-14 07:13 - 01613412 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-12 15:18 - 2007-10-11 08:10 - 00696848 _____ C:\Windows\system32\perfh007.dat
2013-09-12 15:18 - 2007-10-11 08:10 - 00148144 _____ C:\Windows\system32\perfc007.dat
2013-09-12 15:17 - 2013-09-12 15:17 - 00000795 _____ C:\Windows\setupact.log
2013-09-12 15:17 - 2013-09-12 15:17 - 00000000 ____D C:\FRST
2013-09-12 15:17 - 2013-09-12 15:17 - 00000000 _____ C:\Windows\setuperr.log
2013-09-12 15:08 - 2011-04-27 14:45 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-12 15:08 - 2011-04-27 14:45 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-12 15:05 - 2012-04-17 09:51 - 00001138 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1880662565-2423717802-1355569322-1001UA.job
2013-09-12 14:32 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-12 14:32 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-12 14:21 - 2013-08-13 10:22 - 02068529 _____ C:\Windows\WindowsUpdate.log
2013-09-12 13:00 - 2012-09-03 09:44 - 00001832 _____ C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
2013-09-12 12:56 - 2012-11-29 04:00 - 00000284 _____ C:\Windows\Tasks\RMAutoUpdate.job
2013-09-12 12:56 - 2012-11-28 09:54 - 00000000 ____D C:\Program Files (x86)\PC Tools Registry Mechanic
2013-09-12 12:56 - 2009-10-27 10:33 - 00000000 ____D C:\Users\georg\Tracing
2013-09-12 12:55 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-12 12:55 - 2007-10-10 22:26 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-12 12:43 - 2011-04-27 14:45 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-12 12:43 - 2009-08-14 20:56 - 00000000 ____D C:\Program Files\Google
2013-09-12 10:36 - 2009-10-27 10:17 - 00000000 ____D C:\Users\georg\AppData\Local\Google
2013-09-12 10:34 - 2013-09-12 10:34 - 00012560 _____ C:\Users\georg\Documents\cc_20130912_103418.reg
2013-09-11 09:59 - 2012-09-24 08:54 - 00004428 _____ C:\Windows\System32\Tasks\PC Checkup 3 Weekly Scan
2013-09-11 09:16 - 2009-08-14 20:57 - 00000000 ____D C:\Program Files\McAfee
2013-09-11 09:16 - 2009-08-14 20:56 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-09-05 09:12 - 2011-04-27 14:46 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-26 10:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-26 10:15 - 2012-09-24 08:54 - 00000000 ____D C:\Program Files (x86)\Norton PC Checkup 3.0
2013-08-26 08:24 - 2013-07-18 14:11 - 00000000 ____D C:\Users\georg\AppData\Roaming\Udake
2013-08-23 09:01 - 2012-04-17 09:51 - 00001116 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1880662565-2423717802-1355569322-1001Core.job
2013-08-23 08:52 - 2012-11-29 04:00 - 00000414 _____ C:\Windows\SysWOW64\AppLog.log
2013-08-23 08:52 - 2012-11-28 09:54 - 00000284 _____ C:\Windows\Tasks\RMSchedule.job

Files to move or delete:
====================
ZeroAccess:
C:\Users\georg\AppData\Local\Google\Desktop\Install\{a50b55d5-acf0-eeaf-93b8-f6748b45f12a}
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install\{a50b55d5-acf0-eeaf-93b8-f6748b45f12a}

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


LastRegBack: 2013-09-04 10:26

==================== End Of Log ============================
--- --- ---

--- --- ---


Zitat:
die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)
Sorry, aber genau da erfolgt mein 1. Ausstieg ..... später als gedacht! :-)

Aneri 12.09.2013 15:01
mach mit der additions.txt das gleiche wie mit der FRST.txt ;)

hier posten

granatenfred 12.09.2013 15:06
ahhh ..... verstehe:FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-09-2013 02
Ran by georg at 2013-09-12 15:20:28
Running from H:\
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Acer Arcade Deluxe (x32 Version: 3.1.6731)
Acer Backup Manager (x32 Version: 2.0.2.19)
Acer eRecovery Management (x32 Version: 4.05.3002)
Acer GameZone Console (x32 Version: 5.1.0.2)
Acer Registration (x32 Version: 1.02.3004)
Acer ScreenSaver (x32 Version: 1.2.0812)
Acer Updater (x32 Version: 1.01.3014)
Acrobat.com (x32 Version: 1.6.65)
Adobe AIR (x32 Version: 1.5.0.7220)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.1.102.55)
Adobe Reader 9.3.3 - Deutsch (x32 Version: 9.3.3)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.3.633)
Advertising Center (x32 Version: 0.0.0.2)
Alice Greenfingers (x32)
Amazonia (x32)
Apple Application Support (x32 Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (x32 Version: 2.1.3.127)
AXIS Media Control Embedded (x32)
Backup Manager Advance (x32 Version: 2.0.2.19)
BILLA Fotoshop (x32 Version: 5.0.1)
Bonjour (Version: 3.0.0.10)
CCleaner (x32 Version: 2.33)
Chicken Invaders 2 (x32)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000)
Dairy Dash (x32)
Dream Day First Home (x32)
DVD Shrink 3.2 deutsch (DeCSS-frei) (x32)
eSobi v2 (x32 Version: 2.0.4.000274)
Facebook Messenger 2.1.4814.0 (x32 Version: 2.1.4814.0)
Farm Frenzy 2 (x32)
Freeware.de Toolbar (x32 Version: 6.8.9.0)
Google Chrome (x32 Version: 29.0.1547.66)
Google Update Helper (x32 Version: 1.3.21.153)
Granny In Paradise (x32)
Gutscheinmieze - Toolbar (x32)
Heroes of Hellas (x32)
Hotkey Utility (x32 Version: 1.00.3003)
iCloud (Version: 2.1.0.39)
Identity Card (x32 Version: 1.00.3001)
ImagXpress (x32 Version: 7.0.74.0)
Intel® Matrix Storage Manager
iTunes (Version: 11.0.1.12)
Java Auto Updater (x32 Version: 2.0.2.1)
Java(TM) 6 Update 18 (x32 Version: 6.0.180)
Junk Mail filter update (x32 Version: 14.0.8117.416)
Malwarebytes' Anti-Malware (x32)
McAfee Internet Security Suite (x32 Version: 11.0.678)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office Excel Viewer (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Professional Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Office Suite Activation Assistant (x32 Version: 2.9)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Microsoft Works (x32 Version: 9.7.0621)
MobileMe Control Panel (Version: 3.1.6.0)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MyWinLocker (x32 Version: 3.1.72.0)
Nero 9 Essentials (x32)
Nero ControlCenter (x32 Version: 9.0.0.1)
Nero DiscSpeed (x32 Version: 5.4.7.201)
Nero DiscSpeed Help (x32 Version: 5.4.4.100)
Nero DriveSpeed (x32 Version: 4.4.7.201)
Nero DriveSpeed Help (x32 Version: 4.4.4.100)
Nero Express Help (x32 Version: 9.4.9.100)
Nero InfoTool (x32 Version: 6.4.7.201)
Nero InfoTool Help (x32 Version: 6.4.4.100)
Nero Installer (x32 Version: 4.4.8.1)
Nero Online Upgrade (x32 Version: 1.3.0.0)
Nero StartSmart (x32 Version: 9.4.11.209)
Nero StartSmart Help (x32 Version: 9.4.1.100)
Nero StartSmart OEM (x32 Version: 9.16.0.100)
NeroExpress (x32 Version: 9.4.10.505)
neroxml (x32 Version: 1.0.0)
Norton Online Backup (x32 Version: 1.2.0.36)
Norton Online Backup (x32 Version: 2.1.18320)
Norton PC Checkup (x32 Version: 2.0.17.20)
Norton PC Checkup (x32 Version: 3.0.2.122.0)
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06)
NVIDIA Drivers (Version: 1.7)
NVIDIA Grafiktreiber 311.06 (Version: 311.06)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106)
NVIDIA Systemsteuerung 311.06 (Version: 311.06)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
Octoshape add-in for Adobe Flash Player (HKCU)
OKI Print Control Client (x32 Version: 1.00.000)
Paint.NET v3.5.10 (Version: 3.60.0)
PC Tools Registry Mechanic 11.1 (x32 Version: 11.1)
QuickTime (x32 Version: 7.73.80.64)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5898)
Revo Uninstaller 1.91 (x32 Version: 1.91)
SearchAnonymizer (Version: 1.0.1 (de))
Softonic toolbar  on IE and Chrome (x32 Version: 1.8.8.11)
Star Defender 4 (x32)
swMSM (x32 Version: 12.0.0.1)
TVAnts 1.0 (x32)
Unity Web Player (HKCU Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Veetle TV 0.9.18 (x32 Version: 0.9.18)
Welcome Center (x32 Version: 1.00.3004)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5)
Windows Live Call (x32 Version: 14.0.8117.0416)
Windows Live Communications Platform (x32 Version: 14.0.8117.416)
Windows Live Essentials (x32 Version: 14.0.8117.0416)
Windows Live Essentials (x32 Version: 14.0.8117.416)
Windows Live Fotogalerie (x32 Version: 14.0.8117.416)
Windows Live Mail (x32 Version: 14.0.8117.0416)
Windows Live Messenger (x32 Version: 14.0.8117.0416)
Windows Live Sync (x32 Version: 14.0.8117.416)
Windows Live Writer (x32 Version: 14.0.8117.0416)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)
Windows Mobile-Gerätecenter (Version: 6.1.6965.0)

==================== Restore Points  =========================

04-09-2013 08:24:06 Geplanter Prüfpunkt
11-09-2013 09:03:36 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {09A331EE-33D0-4923-820D-3AD3D37E8C9F} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2009-07-09] (Acer)
Task: {123B2026-4DDE-44EF-89B8-76F84179F618} - System32\Tasks\RMAutoUpdate => C:\Program Files (x86)\PC Tools Registry Mechanic\SULauncher.exe [2012-11-29] (PC Tools)
Task: {2AC85388-D0CF-44CA-B70F-203FE2951DB6} - System32\Tasks\PC Checkup 3 Weekly Scan => C:\Program Files (x86)\Norton PC Checkup 3.0\NLAppLauncher.exe [2013-08-26] (Symantec Corporation)
Task: {58EA9C2B-C513-4F50-B8B4-34DBF38D0144} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1880662565-2423717802-1355569322-1001Core => C:\Users\georg\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {5BC906CA-6E29-4A97-B87D-5A4AA45FFC2B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1880662565-2423717802-1355569322-1001UA => C:\Users\georg\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {5C321B74-8B75-44DB-80FF-9EC5E0181E1C} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
Task: {7A16E8E0-E616-4B52-905F-7B6DF481CD25} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-27] (Google Inc.)
Task: {C890C37C-90DE-4686-B3C8-FD6FB778AF3B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {D27C93A6-3BCC-44B3-A353-E97B19D70A4E} - System32\Tasks\RMSchedule => C:\Program Files (x86)\PC Tools Registry Mechanic\RegMech.exe [2012-11-29] (PC Tools)
Task: {DD1BFE21-B87B-42CB-BCF3-0F89F6584D59} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-27] (Google Inc.)
Task: {FCAF96FC-FADB-4FFA-9734-2FA78DE63258} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1880662565-2423717802-1355569322-1001Core.job => C:\Users\georg\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1880662565-2423717802-1355569322-1001UA.job => C:\Users\georg\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RMAutoUpdate.job => C:\Program Files (x86)\PC Tools Registry Mechanic\SULauncher.exe
Task: C:\Windows\Tasks\RMSchedule.job => C:\Program Files (x86)\PC Tools Registry Mechanic\RegMech.exe

==================== Loaded Modules (whitelisted) =============

2009-08-14 21:22 - 2013-02-26 00:32 - 15053264 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2011-12-05 12:41 - 2011-12-05 12:41 - 00376480 _____ (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.dll
2012-05-30 13:20 - 2011-11-07 21:37 - 00644984 ____R (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccL90U.dll
2012-05-30 13:20 - 2011-11-07 21:37 - 00085880 ____R (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccVrTrst.dll
2012-05-30 13:20 - 2011-11-07 21:37 - 00134520 ____R (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvc.dll
2012-05-30 13:20 - 2011-11-07 21:37 - 00152440 ____R (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccIPC.dll
2012-05-30 13:20 - 2011-11-07 21:37 - 00381304 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON PC CHECKUP\ENGINE\2.0.17.20\CCJOBMGR.DLL
2013-03-07 22:32 - 2013-03-07 22:32 - 00292272 _____ () C:\Users\georg\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.dll
2013-03-07 22:32 - 2013-03-07 22:32 - 21014960 _____ () C:\Users\georg\AppData\Local\Facebook\Messenger\2.1.4814.0\libcef.dll
2013-03-07 22:32 - 2013-03-07 22:32 - 09962416 _____ (The ICU Project) C:\Users\georg\AppData\Local\Facebook\Messenger\2.1.4814.0\icudt.dll
2013-03-07 22:32 - 2013-03-07 22:32 - 00179632 _____ () C:\Users\georg\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll
2009-02-03 02:33 - 2009-02-03 02:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2009-08-12 23:29 - 2009-08-12 23:29 - 00012800 _____ (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\MUI\0407\lang.dll
2009-08-10 04:49 - 2009-08-10 04:49 - 00019968 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 00053024 _____ (Open Source Software community project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-31 00:05 - 2011-08-31 00:05 - 00085864 _____ (Apple Inc.) C:\Windows\system32\dnssd.dll
2013-01-09 14:31 - 2013-01-09 14:31 - 00249752 _____ (Softonic.com) C:\Program Files (x86)\Softonic\Softonic\1.8.8.11\bh\Softonic.dll
2013-01-09 14:31 - 2013-01-09 14:31 - 00314776 _____ (Softonic.com) C:\Program Files (x86)\Softonic\Softonic\1.8.8.11\SoftonicApp.dll
2013-01-09 14:31 - 2013-01-09 14:31 - 00586136 _____ (Softonic.com) C:\Program Files (x86)\Softonic\Softonic\1.8.8.11\SoftonicEng.dll
2011-12-05 12:41 - 2011-12-05 12:41 - 08632480 ____R (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\Flash11e.ocx

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/12/2013 00:56:20 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: osos.exe, Version: 3.4.2.1, Zeitstempel: 0x51a37fc7
Name des fehlerhaften Moduls: osos.exe, Version: 3.4.2.1, Zeitstempel: 0x51a37fc7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003224b
ID des fehlerhaften Prozesses: 0x8a8
Startzeit der fehlerhaften Anwendung: 0xosos.exe0
Pfad der fehlerhaften Anwendung: osos.exe1
Pfad des fehlerhaften Moduls: osos.exe2
Berichtskennung: osos.exe3

Error: (09/12/2013 00:44:11 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: osos.exe, Version: 3.4.2.1, Zeitstempel: 0x51a37fc7
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000ce6c3
ID des fehlerhaften Prozesses: 0xde4
Startzeit der fehlerhaften Anwendung: 0xosos.exe0
Pfad der fehlerhaften Anwendung: osos.exe1
Pfad des fehlerhaften Moduls: osos.exe2
Berichtskennung: osos.exe3

Error: (09/12/2013 11:38:02 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16660, Zeitstempel: 0x51f1c5f3
Name des fehlerhaften Moduls: nvwgf2um.dll, Version: 9.18.13.1106, Zeitstempel: 0x50f9458d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001a2519
ID des fehlerhaften Prozesses: 0x1304
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (09/11/2013 10:01:29 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10265

Error: (09/11/2013 10:01:29 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10265

Error: (09/11/2013 10:01:29 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/11/2013 10:01:28 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9267

Error: (09/11/2013 10:01:28 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9267

Error: (09/11/2013 10:01:28 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/11/2013 10:01:27 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8269


System errors:
=============
Error: (09/12/2013 00:58:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee Personal Firewall Service" ist von folgendem Dienst abhängig: MpsSvc. Dieser Dienst ist eventuell nicht installiert.

Error: (09/12/2013 00:58:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee Personal Firewall Service" ist von folgendem Dienst abhängig: MpsSvc. Dieser Dienst ist eventuell nicht installiert.

Error: (09/12/2013 00:58:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (09/12/2013 00:58:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (09/12/2013 00:56:37 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%-2147024891

Error: (09/12/2013 00:56:37 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2147024891

Error: (09/12/2013 00:55:49 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:
%%1060

Error: (09/12/2013 00:55:48 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.

Error: (09/12/2013 00:55:46 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee Personal Firewall Service" ist von folgendem Dienst abhängig: MpsSvc. Dieser Dienst ist eventuell nicht installiert.

Error: (09/12/2013 00:55:46 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.


Microsoft Office Sessions:
=========================
Error: (09/12/2013 00:56:20 PM) (Source: Application Error)(User: )
Description: osos.exe3.4.2.151a37fc7osos.exe3.4.2.151a37fc7c00000050003224b8a801ceafa6aa1bc0bbC:\Users\georg\AppData\Roaming\Xusai\osos.exeC:\Users\georg\AppData\Roaming\Xusai\osos.exef44fd9fe-1b99-11e3-a32f-001f16fb87b7

Error: (09/12/2013 00:44:11 PM) (Source: Application Error)(User: )
Description: osos.exe3.4.2.151a37fc7ntdll.dll6.1.7601.177254ec49b8fc0000374000ce6c3de401ceafa4ff5c39edC:\Users\georg\AppData\Roaming\Xusai\osos.exeC:\Windows\SysWOW64\ntdll.dll41b7af8d-1b98-11e3-9614-001f16fb87b7

Error: (09/12/2013 11:38:02 AM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.1666051f1c5f3nvwgf2um.dll9.18.13.110650f9458dc0000005001a2519130401ceaf9bb8df75caC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\nvwgf2um.dll03de36d2-1b8f-11e3-872b-001f16fb87b7

Error: (09/11/2013 10:01:29 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10265

Error: (09/11/2013 10:01:29 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10265

Error: (09/11/2013 10:01:29 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/11/2013 10:01:28 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9267

Error: (09/11/2013 10:01:28 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9267

Error: (09/11/2013 10:01:28 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/11/2013 10:01:27 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8269


==================== Memory info ===========================

Percentage of memory in use: 49%
Total physical RAM: 3071.18 MB
Available physical RAM: 1561.22 MB
Total Pagefile: 6140.54 MB
Available Pagefile: 4134.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:142.16 GB) (Free:90.05 GB) NTFS
Drive d: (DATA) (Fixed) (Total:142.16 GB) (Free:141.72 GB) NTFS
Drive h: (UNTITLED) (Removable) (Total:3.89 GB) (Free:3.86 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 4D0B4BAC)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=142 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=142 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 4 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)

==================== End Of Log ============================
--- --- ---

Aneri 12.09.2013 15:21
Hallo


Lesestoff:
Rootkit-Warnung
Dein Computer wurde mit einem besonderen Schädling infiziert, der sich vor herkömmlichen Virenscannern und dem Betriebssystem selbst verstecken kann. Zusätzlich hat so ein Schädling meist auch Backdoor-Funktionalität, reißt also ganz bewußt Löcher durch alle Schutzmaßnahmen, damit er weiteren Schadcode nachladen oder die Daten, die er so sammelt, an die "bösen Jungs" weiterleiten kann. Was heißt das jetzt für dich?
  • Entscheide bitte ganz bewußt, ob du mit der Bereinigung fortfahren möchtest. Ein einmal derartig kompromittiertes System kann man niemals mit 100%iger Sicherheit wieder absichern. Auch wenn wir gute Chancen haben, deinen Computer zu bereinigen, kann es dennoch möglich sein, dass uns am Ende nur die Neuinstallation bleibt.
  • Wenn du mit diesem Computer beispielsweise Onlinebanking machst, dann solltest du zumindest dein Passwort von deiner Bank ändern lassen, wenn du ein ansonsten sicheres Verfahren wie beispielsweise "chip-TAN-comfort" nutzt. Hast du noch alte TAN-Bögen auf Papierbasis? Dann ist es höchste Zeit dich bei deiner Bank zu melden und notfalls das Konto temporär sperren zu lassen. Der Sperrnotruf 116 116 von www.sperr-notruf.de kann Tag und Nacht dafür benutzt werden.
  • Hast du ansonsten sensible Daten auf deinem Computer, dann solltest du auch darüber nachdenken, wie du damit umgehst, da sie sich praktisch "jeder" ansehen konnte.
Teile mir also mit, wie du dich entschieden hast.


Schritt 1:

lade dir das Tool wieder auf dem anderen PC herunter.

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

granatenfred 12.09.2013 17:42
Danke ...... dann beginne ich einmal!!!!!!

Uuuuups ..... da ist was schief gelaufen:
"Es wurde versucht, einen Registrierungsschlüssel einem unzulässigen Vorgang zu unterziehen, der zum Löschen markiert wurde"
Alles nachdem hinter blauem Feld (Administrator Combofix)erschienen war : "Systemwiederhestellungszeitpunkt soll gefunden werden", ich McAfee versuchte zu deaktivieren und Combofix auf mein Desktop befördern wollte. Jetzt ist im Combofix-Logo ein gelb-blaues Schild .....

Nach Neustart arbeitet jetzt der Administrator in Blau:
Stufe 4 erreicht ......
Hoffe, bin am richtigen Weg!
(Keine Angst, schreibe vom 2.Computer, man will ja nicht stören! :-))

Combofix Logfile:
Code:
ComboFix 13-09-10.03 - georg 12.09.2013  17:49:36.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.43.1031.18.3071.1930 [GMT 2:00]
ausgeführt von:: c:\users\georg\Desktop\ComboFix.exe
AV: McAfee  Anti-Virus und Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee  Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee  Anti-Virus und Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Im Speicher befindliches AV aktiv.
.
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\program files (x86)\Google\Desktop\Install
c:\program files (x86)\Google\Desktop\Install\{a50b55d5-acf0-eeaf-93b8-f6748b45f12a}\9519~1\A535~1\E628~1\{a50b55d5-acf0-eeaf-93b8-f6748b45f12a}\@
c:\program files (x86)\Google\Desktop\Install\{a50b55d5-acf0-eeaf-93b8-f6748b45f12a}\9519~1\A535~1\E628~1\{a50b55d5-acf0-eeaf-93b8-f6748b45f12a}\GoogleUpdate.exe
c:\program files (x86)\Google\Desktop\Install\{a50b55d5-acf0-eeaf-93b8-f6748b45f12a}\9519~1\A535~1\E628~1\{a50b55d5-acf0-eeaf-93b8-f6748b45f12a}\U\00000001.@
c:\program files (x86)\Google\Desktop\Install\{a50b55d5-acf0-eeaf-93b8-f6748b45f12a}\9519~1\A535~1\E628~1\{a50b55d5-acf0-eeaf-93b8-f6748b45f12a}\U\00000002.@
c:\program files (x86)\Google\Desktop\Install\{a50b55d5-acf0-eeaf-93b8-f6748b45f12a}\9519~1\A535~1\E628~1\{a50b55d5-acf0-eeaf-93b8-f6748b45f12a}\U\80000000.@
c:\program files (x86)\Google\Desktop\Install\{a50b55d5-acf0-eeaf-93b8-f6748b45f12a}\9519~1\A535~1\E628~1\{a50b55d5-acf0-eeaf-93b8-f6748b45f12a}\U\80000001.@
c:\program files (x86)\Google\Desktop\Install\{a50b55d5-acf0-eeaf-93b8-f6748b45f12a}\9519~1\A535~1\E628~1\{a50b55d5-acf0-eeaf-93b8-f6748b45f12a}\U\800000cb.@
c:\users\georg\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\georg\AppData\Local\Google\Desktop\Install
c:\users\georg\AppData\Local\Google\Desktop\Install\{a50b55d5-acf0-eeaf-93b8-f6748b45f12a}\2E2F~1\28F0~1\E628~1\{a50b55d5-acf0-eeaf-93b8-f6748b45f12a}\@
c:\users\georg\AppData\Local\Google\Desktop\Install\{a50b55d5-acf0-eeaf-93b8-f6748b45f12a}\2E2F~1\28F0~1\E628~1\{a50b55d5-acf0-eeaf-93b8-f6748b45f12a}\GoogleUpdate.exe
c:\users\georg\AppData\Roaming\.#
c:\users\georg\AppData\Roaming\Epfoe
c:\users\georg\AppData\Roaming\Epfoe\zizy.exe
c:\users\georg\AppData\Roaming\ie_util.exe
c:\users\georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor
c:\users\georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\users\georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\users\georg\AppData\Roaming\Ominy
c:\users\georg\AppData\Roaming\Ominy\lyroh.exe
c:\users\georg\AppData\Roaming\Xusai
c:\users\georg\AppData\Roaming\Xusai\osos.exe
c:\users\georg\AppData\Roaming\Ymze
c:\users\georg\AppData\Roaming\Ymze\utubvo.exe
c:\windows\SysWow64\Nagasoft
c:\windows\SysWow64\Nagasoft\Codecs\asyncflt.ax
c:\windows\SysWow64\Nagasoft\Codecs\atrc.dll
c:\windows\SysWow64\Nagasoft\Codecs\cook.dll
c:\windows\SysWow64\Nagasoft\Codecs\drvc.dll
c:\windows\SysWow64\Nagasoft\Codecs\raac.dll
c:\windows\SysWow64\Nagasoft\Codecs\RealMediaSplitter.ax
c:\windows\SysWow64\Nagasoft\Codecs\WMFDemux.dll
c:\windows\SysWow64\Nagasoft\GifShower.dll
c:\windows\SysWow64\Nagasoft\vjocx.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-08-12 bis 2013-09-12  ))))))))))))))))))))))))))))))
.
.
2013-09-12 16:32 . 2013-09-12 16:32        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2013-09-12 13:17 . 2013-09-12 13:17        --------        d-----w-        C:\FRST
2013-08-19 08:19 . 2013-07-19 01:58        2048        ----a-w-        c:\windows\system32\tzres.dll
2013-08-19 08:19 . 2013-07-19 01:41        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-20 01:05 . 2013-06-20 01:05        719360        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll
2013-06-20 01:05 . 2013-06-20 01:05        523264        ----a-w-        c:\windows\SysWow64\vbscript.dll
2013-06-20 01:05 . 2013-06-20 01:05        226304        ----a-w-        c:\windows\system32\elshyph.dll
2013-06-20 01:05 . 2013-06-20 01:05        185344        ----a-w-        c:\windows\SysWow64\elshyph.dll
2013-06-20 01:05 . 2013-06-20 01:05        158720        ----a-w-        c:\windows\SysWow64\msls31.dll
2013-06-20 01:05 . 2013-06-20 01:05        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe
2013-06-20 01:05 . 2013-06-20 01:05        138752        ----a-w-        c:\windows\SysWow64\wextract.exe
2013-06-20 01:05 . 2013-06-20 01:05        1054720        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-20 01:05 . 2013-06-20 01:05        73728        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-20 01:05 . 2013-06-20 01:05        61952        ----a-w-        c:\windows\SysWow64\tdc.ocx
2013-06-20 01:05 . 2013-06-20 01:05        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2013-06-20 01:05 . 2013-06-20 01:05        38400        ----a-w-        c:\windows\SysWow64\imgutil.dll
2013-06-20 01:05 . 2013-06-20 01:05        361984        ----a-w-        c:\windows\SysWow64\html.iec
2013-06-20 01:05 . 2013-06-20 01:05        137216        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2013-06-20 01:05 . 2013-06-20 01:05        12800        ----a-w-        c:\windows\SysWow64\mshta.exe
2013-06-20 01:05 . 2013-06-20 01:05        110592        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2013-06-20 01:05 . 2013-06-20 01:05        97280        ----a-w-        c:\windows\system32\mshtmled.dll
2013-06-20 01:05 . 2013-06-20 01:05        905728        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2013-06-20 01:05 . 2013-06-20 01:05        81408        ----a-w-        c:\windows\system32\icardie.dll
2013-06-20 01:05 . 2013-06-20 01:05        762368        ----a-w-        c:\windows\system32\ieapfltr.dll
2013-06-20 01:05 . 2013-06-20 01:05        452096        ----a-w-        c:\windows\system32\dxtmsft.dll
2013-06-20 01:05 . 2013-06-20 01:05        441856        ----a-w-        c:\windows\system32\html.iec
2013-06-20 01:05 . 2013-06-20 01:05        281600        ----a-w-        c:\windows\system32\dxtrans.dll
2013-06-20 01:05 . 2013-06-20 01:05        27648        ----a-w-        c:\windows\system32\licmgr10.dll
2013-06-20 01:05 . 2013-06-20 01:05        270848        ----a-w-        c:\windows\system32\iedkcs32.dll
2013-06-20 01:05 . 2013-06-20 01:05        247296        ----a-w-        c:\windows\system32\webcheck.dll
2013-06-20 01:05 . 2013-06-20 01:05        235008        ----a-w-        c:\windows\system32\url.dll
2013-06-20 01:05 . 2013-06-20 01:05        23040        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2013-06-20 01:05 . 2013-06-20 01:05        216064        ----a-w-        c:\windows\system32\msls31.dll
2013-06-20 01:05 . 2013-06-20 01:05        197120        ----a-w-        c:\windows\system32\msrating.dll
2013-06-20 01:05 . 2013-06-20 01:05        167424        ----a-w-        c:\windows\system32\iexpress.exe
2013-06-20 01:05 . 2013-06-20 01:05        1509376        ----a-w-        c:\windows\system32\inetcpl.cpl
2013-06-20 01:05 . 2013-06-20 01:05        144896        ----a-w-        c:\windows\system32\wextract.exe
2013-06-20 01:05 . 2013-06-20 01:05        1441280        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2013-06-20 01:05 . 2013-06-20 01:05        1400416        ----a-w-        c:\windows\system32\ieapfltr.dat
2013-06-20 01:05 . 2013-06-20 01:05        102912        ----a-w-        c:\windows\system32\inseng.dll
2013-06-20 01:05 . 2013-06-20 01:05        92160        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2013-06-20 01:05 . 2013-06-20 01:05        77312        ----a-w-        c:\windows\system32\tdc.ocx
2013-06-20 01:05 . 2013-06-20 01:05        62976        ----a-w-        c:\windows\system32\pngfilt.dll
2013-06-20 01:05 . 2013-06-20 01:05        599552        ----a-w-        c:\windows\system32\vbscript.dll
2013-06-20 01:05 . 2013-06-20 01:05        52224        ----a-w-        c:\windows\system32\msfeedsbs.dll
2013-06-20 01:05 . 2013-06-20 01:05        51200        ----a-w-        c:\windows\system32\imgutil.dll
2013-06-20 01:05 . 2013-06-20 01:05        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2013-06-20 01:05 . 2013-06-20 01:05        173568        ----a-w-        c:\windows\system32\ieUnatt.exe
2013-06-20 01:05 . 2013-06-20 01:05        149504        ----a-w-        c:\windows\system32\occache.dll
2013-06-20 01:05 . 2013-06-20 01:05        13824        ----a-w-        c:\windows\system32\mshta.exe
2013-06-20 01:05 . 2013-06-20 01:05        136192        ----a-w-        c:\windows\system32\iepeers.dll
2013-06-20 01:05 . 2013-06-20 01:05        135680        ----a-w-        c:\windows\system32\IEAdvpack.dll
2013-06-20 01:05 . 2013-06-20 01:05        12800        ----a-w-        c:\windows\system32\msfeedssync.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7e111a5c-3d11-4f56-9463-5310c3c69025}]
2011-05-09 08:49        176936        ----a-w-        c:\program files (x86)\Freeware.de\prxtbFree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}]
2013-01-09 12:31        249752        ----a-w-        c:\program files (x86)\Softonic\Softonic\1.8.8.11\bh\Softonic.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{7e111a5c-3d11-4f56-9463-5310c3c69025}"= "c:\program files (x86)\Freeware.de\prxtbFree.dll" [2011-05-09 176936]
"{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"= "c:\program files (x86)\Softonic\Softonic\1.8.8.11\SoftonicTlbr.dll" [2013-01-09 324504]
.
[HKEY_CLASSES_ROOT\clsid\{7e111a5c-3d11-4f56-9463-5310c3c69025}]
.
[HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:18        120104        ----a-w-        c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\georg\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-12 261888]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2009-08-10 629280]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-07-31 128296]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-08-04 181480]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-08 1157976]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-08-21 105120]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
c:\users\georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\georg\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe [2013-3-7 248240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 0068621378883807mcinstcleanup;McAfee Application Installer Cleanup (0068621378883807);c:\windows\TEMP\006862~1.EXE;c:\windows\TEMP\006862~1.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys;c:\windows\SYSNATIVE\DRIVERS\mfenlfk.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe;c:\program files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe [x]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]
S2 SearchAnonymizer;SearchAnonymizer;c:\users\georg\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe;c:\users\georg\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
vvdsvc        REG_MULTI_SZ          vvdsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-05 07:08        1177552        ----a-w-        c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1880662565-2423717802-1355569322-1001Core.job
- c:\users\georg\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-17 01:00]
.
2013-09-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1880662565-2423717802-1355569322-1001UA.job
- c:\users\georg\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-17 01:00]
.
2013-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-27 12:45]
.
2013-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-27 12:45]
.
2013-09-12 c:\windows\Tasks\RMAutoUpdate.job
- c:\program files (x86)\PC Tools Registry Mechanic\SULauncher.exe [2012-11-29 07:27]
.
2013-08-23 c:\windows\Tasks\RMSchedule.job
- c:\program files (x86)\PC Tools Registry Mechanic\RegMech.exe [2012-11-29 07:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:19        137512        ----a-w-        c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-06 349480]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"Ocs_SM"="c:\users\georg\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2012-06-20 106496]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=AT&userid=05cbec6b-a6ed-48eb-b7b5-39046b65667e&searchtype=ds&q={searchTerms}
mSearchAssistant = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.58.160.194 195.58.161.122
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://91.113.220.122/activex/AMC.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-{4DC594A0-2200-AD7C-8F4F-ED2F9D0ECE32} - c:\users\georg\AppData\Roaming\Epfoe\zizy.exe
Wow6432Node-HKCU-Run-Fousonc - c:\users\georg\AppData\Roaming\Xusai\osos.exe
Wow6432Node-HKCU-Run-Utubvo - c:\users\georg\AppData\Roaming\Ymze\utubvo.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{7E111A5C-3D11-4F56-9463-5310C3C69025} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.20\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-09-12  18:38:31 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-09-12 16:38
.
Vor Suchlauf: 11 Verzeichnis(se), 96.391.073.792 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 96.069.038.080 Bytes frei
.
- - End Of File - - 0E68EC7F78E47186E23DDD3099A23DD0
--- --- ---
A36C5E4F47E84449FF07ED3517B43A31

Aneri 12.09.2013 18:55
Hallo , das sieht gut aus bisher .

Schritt 1:
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2:

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


Schritt 3:
Lade dir TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
  • Öffne die TFC.exe.
    Vista und Win 7 User mit Rechtsklick "als Administrator starten".
  • Schließe alle anderen Programme.
  • Drücke auf den Button Start.
  • Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.


Schritt 4:

Bitte starte FRST erneut. Drücke auf SCAN und poste die neue FRST.txt hier.

granatenfred 13.09.2013 08:50
AdwCleaner Logfile:
Code:
# AdwCleaner v3.003 - Bericht erstellt am 13/09/2013 um 09:16:54
# Updated 07/09/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : georg - GEORG-PC
# Gestartet von : H:\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : SearchAnonymizer

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\Softonic
Ordner Gelöscht : C:\Program Files (x86)\Freeware.de
Ordner Gelöscht : C:\Users\georg\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\georg\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\georg\AppData\Local\Temp\boost_interprocess
Ordner Gelöscht : C:\Users\georg\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\georg\AppData\LocalLow\facemoods.com
Ordner Gelöscht : C:\Users\georg\AppData\LocalLow\Softonic
Ordner Gelöscht : C:\Users\georg\AppData\LocalLow\Freeware.de
Ordner Gelöscht : C:\Users\georg\AppData\Roaming\OCS
Ordner Gelöscht : C:\Users\georg\AppData\Roaming\Softonic
Ordner Gelöscht : C:\Users\georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\elchiiiejkobdbblfejjkbphbddgmljf
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SoftonicApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2736476
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_pop-art-studio_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_pop-art-studio_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E111A5C-3D11-4F56-9463-5310C3C69025}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{50BA0FF5-8CF4-4A36-8DF0-BDA26616252F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E111A5C-3D11-4F56-9463-5310C3C69025}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7E111A5C-3D11-4F56-9463-5310C3C69025}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7E111A5C-3D11-4F56-9463-5310C3C69025}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{50BA0FF5-8CF4-4A36-8DF0-BDA26616252F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72CA8F9C-3A80-4CCB-8518-DB98B76F8393}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{86D99901-CC76-44DF-9CC1-D14CAAD4B111}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5018CFD2-804D-4C99-9F81-25EAEA2769DE}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7E111A5C-3D11-4F56-9463-5310C3C69025}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7E111A5C-3D11-4F56-9463-5310C3C69025}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7E111A5C-3D11-4F56-9463-5310C3C69025}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Freeware.de
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\Freeware.de
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Freeware.de Toolbar
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAnonymizer

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16660

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

*************************

AdwCleaner[R0].txt - [11893 octets] - [13/09/2013 09:06:18]
AdwCleaner[S0].txt - [10749 octets] - [13/09/2013 09:16:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10810 octets] ##########
--- --- ---


Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.0 (09.12.2013:1)
OS: Windows 7 Home Premium x64
Ran by georg on 13.09.2013 at 9:24:19,31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_chr_1-8-8-11_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_chr_1-8-8-11_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Softonic_chr_1-8-8-11_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Softonic_chr_1-8-8-11_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1A15684C-DC6C-4461-9397-AC9DAD3BEED5}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A3401954-366F-4DB2-807C-4BEE8BC82289}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}



~~~ Files

Successfully deleted: [File] C:\Windows\Tasks\rmschedule.job



~~~ Folders

Successfully deleted: [Folder] "C:\Users\georg\AppData\Roaming\pccustubinstaller"
Successfully deleted: [Folder] "C:\Program Files (x86)\bearshare applications"
Successfully deleted: [Folder] "C:\Users\georg\AppData\Roaming\microsoft\windows\start menu\programs\system progressive protection"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.09.2013 at 9:33:36,34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-09-2013 02
Ran by georg (administrator) on GEORG-PC on 13-09-2013 09:45:51
Running from H:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-08-06] (Egis Technology Inc.)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Ocs_SM] - C:\Users\georg\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
HKCU\...\Run: [Facebook Update] - C:\Users\georg\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-12] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280 2009-08-10] ()
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [128296 2009-07-31] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-08-04] (Acer Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-06-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [976832 2010-06-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1157976 2010-06-08] (Symantec Corporation)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1675160 2012-03-21] (McAfee, Inc.)
HKLM-x32\...\Run: [SSDMonitor] - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [105120 2012-08-21] (PC Tools)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\UpdatusUser\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
Startup: C:\Users\georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\georg\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D696537&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&k=0
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&k=0
SearchScopes: HKCU - {19BA5F42-323C-4E6F-9BC3-3A72BFD71830} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {28BD441E-9ACB-4B3B-AD36-389616746E0D} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {5F46E6AC-E562-49DF-946C-564E843D937D} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F736F7572636569643D69653726713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26726C7A3D314937414341575F64654154333531&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&k=0
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D696537&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&k=0
SearchScopes: HKCU - {859B5591-3432-49A4-A87A-DF9CA3E63862} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {87284A0D-E9DB-43DE-B680-B1310E705C07} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {96AA702E-EBD1-4371-A937-564EA4BF3645} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&mode=bounce&k=0
BHO: No Name - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} -  No File
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120903085732.dll (McAfee, Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {27B4851A-3207-45A2-B947-BE8AFE6163AB} -  No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120903085734.dll (McAfee, Inc.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Gutscheinmieze - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\georg\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
Toolbar: HKCU -  No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {D4003189-95B1-4A2F-9A87-F2B03665960D} hxxp://www.spvod.com/soft/vjocx-ch-spvod.cab
DPF: HKLM-x32 {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://91.113.220.122/activex/AMC.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 195.58.160.194 195.58.161.122

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (SiteAdvisor) - C:\Users\georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0
CHR Extension: (Freeware.de) - C:\Users\georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlafpokblfobdnjhhggocaanijghemnd\2.3.4.950_0
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx
CHR HKLM-x32\...\Chrome\Extension: [nlafpokblfobdnjhhggocaanijghemnd] - C:\Users\georg\AppData\Local\CRE\nlafpokblfobdnjhhggocaanijghemnd.crx

==================== Services (Whitelisted) =================

R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [120592 2013-05-22] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [502064 2012-08-23] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199304 2012-05-25] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [210616 2012-05-25] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [162224 2012-05-25] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-06] (Egis Technology Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-08] (Symantec Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [132504 2013-03-17] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe [126392 2011-11-07] (Symantec Corporation)
R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [794272 2012-08-21] (PC Tools)
S2 0068621378883807mcinstcleanup; C:\Windows\TEMP\006862~1.EXE -cleanup -nolog [x]
S2 vvdsvc; C:\Windows\system32\nagasoft\vjocx.dll [x]

==================== Drivers (Whitelisted) ====================

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)
R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U3 mfeavfk01; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-13 09:39 - 2013-09-13 09:39 - 00000579 _____ C:\Users\georg\Desktop\TFC - Verknüpfung (2).lnk
2013-09-13 09:37 - 2013-09-13 09:37 - 00000579 _____ C:\Users\georg\Desktop\TFC - Verknüpfung.lnk
2013-09-13 09:33 - 2013-09-13 09:33 - 00002054 _____ C:\Users\georg\Desktop\JRT.txt
2013-09-13 09:24 - 2013-09-13 09:24 - 00000000 ____D C:\Windows\ERUNT
2013-09-13 09:22 - 2013-09-13 09:22 - 00000579 _____ C:\Users\georg\Desktop\JRT - Verknüpfung.lnk
2013-09-13 09:06 - 2013-09-13 09:16 - 00000000 ____D C:\AdwCleaner
2013-09-13 09:03 - 2013-09-13 09:03 - 00000634 _____ C:\Users\georg\Desktop\adwcleaner - Verknüpfung (2).lnk
2013-09-13 08:56 - 2013-09-13 08:56 - 00000634 _____ C:\Users\georg\Desktop\adwcleaner - Verknüpfung.lnk
2013-09-13 08:40 - 2013-09-13 08:40 - 01037278 _____ C:\Users\georg\Downloads\adwcleaner.exe
2013-09-12 18:38 - 2013-09-12 18:38 - 00026399 _____ C:\ComboFix.txt
2013-09-12 18:32 - 2013-09-12 18:32 - 00000552 _____ C:\Windows\PFRO.log
2013-09-12 17:41 - 2013-09-13 09:18 - 00000224 _____ C:\Windows\setupact.log
2013-09-12 17:41 - 2013-09-12 17:41 - 00000000 _____ C:\Windows\setuperr.log
2013-09-12 17:11 - 2013-09-12 16:57 - 05124599 ____R (Swearware) C:\Users\georg\Desktop\ComboFix.exe
2013-09-12 17:07 - 2011-06-26 08:45 - 00256000 ____R C:\Windows\PEV.exe
2013-09-12 17:07 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-12 17:07 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-12 17:07 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-12 17:07 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-12 17:07 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-12 17:07 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-12 17:07 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-12 17:00 - 2013-09-12 18:38 - 00000000 ____D C:\Qoobox
2013-09-12 16:59 - 2013-09-12 18:36 - 00000000 ____D C:\Windows\erdnt
2013-09-12 15:17 - 2013-09-12 15:17 - 00000000 ____D C:\FRST
2013-09-12 10:34 - 2013-09-12 10:34 - 00012560 _____ C:\Users\georg\Documents\cc_20130912_103418.reg
2013-08-19 15:18 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-19 15:18 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-19 15:18 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-19 15:18 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-19 15:18 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-19 15:18 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-19 15:18 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-19 15:18 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-19 15:18 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-19 15:18 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-19 15:18 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-19 15:18 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-19 15:18 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-19 15:18 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-19 15:18 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-19 15:18 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-19 15:18 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-19 15:18 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-19 15:18 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-19 15:18 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-19 15:18 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-19 15:18 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-19 15:18 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-19 15:18 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-19 15:18 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-19 15:18 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-19 15:18 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-19 15:18 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-19 15:18 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-19 15:18 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-19 15:18 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-19 10:19 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-19 10:19 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-19 10:18 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-19 10:18 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-19 10:18 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-19 10:18 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-19 10:18 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-19 10:18 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-19 10:18 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-19 10:18 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-19 10:18 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-19 10:18 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-19 10:18 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-19 10:18 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-19 10:18 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-19 10:18 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-13 09:44 - 2013-09-13 09:44 - 00000604 _____ C:\Users\georg\Desktop\FRST64 - Verknüpfung.lnk
2013-09-13 09:39 - 2013-09-13 09:39 - 00000579 _____ C:\Users\georg\Desktop\TFC - Verknüpfung (2).lnk
2013-09-13 09:37 - 2013-09-13 09:37 - 00000579 _____ C:\Users\georg\Desktop\TFC - Verknüpfung.lnk
2013-09-13 09:33 - 2013-09-13 09:33 - 00002054 _____ C:\Users\georg\Desktop\JRT.txt
2013-09-13 09:25 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-13 09:25 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-13 09:24 - 2013-09-13 09:24 - 00000000 ____D C:\Windows\ERUNT
2013-09-13 09:23 - 2012-09-03 09:44 - 00001832 _____ C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
2013-09-13 09:22 - 2013-09-13 09:22 - 00000579 _____ C:\Users\georg\Desktop\JRT - Verknüpfung.lnk
2013-09-13 09:19 - 2012-11-29 04:00 - 00000284 _____ C:\Windows\Tasks\RMAutoUpdate.job
2013-09-13 09:18 - 2013-09-12 17:41 - 00000224 _____ C:\Windows\setupact.log
2013-09-13 09:18 - 2012-11-28 09:54 - 00000000 ____D C:\Program Files (x86)\PC Tools Registry Mechanic
2013-09-13 09:18 - 2011-04-27 14:45 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-13 09:18 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-13 09:18 - 2007-10-10 22:26 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-13 09:17 - 2013-08-13 10:22 - 01341308 _____ C:\Windows\WindowsUpdate.log
2013-09-13 09:16 - 2013-09-13 09:06 - 00000000 ____D C:\AdwCleaner
2013-09-13 09:08 - 2011-04-27 14:45 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-13 09:05 - 2012-04-17 09:51 - 00001138 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1880662565-2423717802-1355569322-1001UA.job
2013-09-13 09:03 - 2013-09-13 09:03 - 00000634 _____ C:\Users\georg\Desktop\adwcleaner - Verknüpfung (2).lnk
2013-09-13 08:56 - 2013-09-13 08:56 - 00000634 _____ C:\Users\georg\Desktop\adwcleaner - Verknüpfung.lnk
2013-09-13 08:40 - 2013-09-13 08:40 - 01037278 _____ C:\Users\georg\Downloads\adwcleaner.exe
2013-09-12 19:06 - 2012-11-29 04:00 - 00000414 _____ C:\Windows\SysWOW64\AppLog.log
2013-09-12 18:38 - 2013-09-12 18:38 - 00026399 _____ C:\ComboFix.txt
2013-09-12 18:38 - 2013-09-12 17:00 - 00000000 ____D C:\Qoobox
2013-09-12 18:38 - 2011-04-27 14:50 - 00000000 ____D C:\Users\Burgen
2013-09-12 18:38 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-09-12 18:36 - 2013-09-12 16:59 - 00000000 ____D C:\Windows\erdnt
2013-09-12 18:33 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-12 18:32 - 2013-09-12 18:32 - 00000552 _____ C:\Windows\PFRO.log
2013-09-12 17:43 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-12 17:41 - 2013-09-12 17:41 - 00000000 _____ C:\Windows\setuperr.log
2013-09-12 17:41 - 2009-10-27 10:33 - 00000000 ____D C:\Users\georg\Tracing
2013-09-12 16:57 - 2013-09-12 17:11 - 05124599 ____R (Swearware) C:\Users\georg\Desktop\ComboFix.exe
2013-09-12 15:18 - 2009-07-14 07:13 - 01613412 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-12 15:18 - 2007-10-11 08:10 - 00696848 _____ C:\Windows\system32\perfh007.dat
2013-09-12 15:18 - 2007-10-11 08:10 - 00148144 _____ C:\Windows\system32\perfc007.dat
2013-09-12 15:17 - 2013-09-12 15:17 - 00000000 ____D C:\FRST
2013-09-12 12:43 - 2011-04-27 14:45 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-12 12:43 - 2009-08-14 20:56 - 00000000 ____D C:\Program Files\Google
2013-09-12 10:36 - 2009-10-27 10:17 - 00000000 ____D C:\Users\georg\AppData\Local\Google
2013-09-12 10:34 - 2013-09-12 10:34 - 00012560 _____ C:\Users\georg\Documents\cc_20130912_103418.reg
2013-09-11 09:59 - 2012-09-24 08:54 - 00004428 _____ C:\Windows\System32\Tasks\PC Checkup 3 Weekly Scan
2013-09-11 09:16 - 2009-08-14 20:57 - 00000000 ____D C:\Program Files\McAfee
2013-09-11 09:16 - 2009-08-14 20:56 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-09-05 09:12 - 2011-04-27 14:46 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-26 10:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-26 10:15 - 2012-09-24 08:54 - 00000000 ____D C:\Program Files (x86)\Norton PC Checkup 3.0
2013-08-26 08:24 - 2013-07-18 14:11 - 00000000 ____D C:\Users\georg\AppData\Roaming\Udake
2013-08-23 09:01 - 2012-04-17 09:51 - 00001116 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1880662565-2423717802-1355569322-1001Core.job

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-04 10:26

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-09-2013 02
Ran by georg (administrator) on GEORG-PC on 13-09-2013 09:45:51
Running from H:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-08-06] (Egis Technology Inc.)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Ocs_SM] - C:\Users\georg\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
HKCU\...\Run: [Facebook Update] - C:\Users\georg\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-12] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280 2009-08-10] ()
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [128296 2009-07-31] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-08-04] (Acer Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-06-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [976832 2010-06-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1157976 2010-06-08] (Symantec Corporation)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1675160 2012-03-21] (McAfee, Inc.)
HKLM-x32\...\Run: [SSDMonitor] - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [105120 2012-08-21] (PC Tools)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\UpdatusUser\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
Startup: C:\Users\georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\georg\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D696537&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&k=0
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&k=0
SearchScopes: HKCU - {19BA5F42-323C-4E6F-9BC3-3A72BFD71830} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {28BD441E-9ACB-4B3B-AD36-389616746E0D} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {5F46E6AC-E562-49DF-946C-564E843D937D} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F736F7572636569643D69653726713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26726C7A3D314937414341575F64654154333531&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&k=0
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D696537&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&k=0
SearchScopes: HKCU - {859B5591-3432-49A4-A87A-DF9CA3E63862} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {87284A0D-E9DB-43DE-B680-B1310E705C07} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {96AA702E-EBD1-4371-A937-564EA4BF3645} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&mode=bounce&k=0
BHO: No Name - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} -  No File
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120903085732.dll (McAfee, Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {27B4851A-3207-45A2-B947-BE8AFE6163AB} -  No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120903085734.dll (McAfee, Inc.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Gutscheinmieze - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\georg\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
Toolbar: HKCU -  No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {D4003189-95B1-4A2F-9A87-F2B03665960D} hxxp://www.spvod.com/soft/vjocx-ch-spvod.cab
DPF: HKLM-x32 {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://91.113.220.122/activex/AMC.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 195.58.160.194 195.58.161.122

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (SiteAdvisor) - C:\Users\georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0
CHR Extension: (Freeware.de) - C:\Users\georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlafpokblfobdnjhhggocaanijghemnd\2.3.4.950_0
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx
CHR HKLM-x32\...\Chrome\Extension: [nlafpokblfobdnjhhggocaanijghemnd] - C:\Users\georg\AppData\Local\CRE\nlafpokblfobdnjhhggocaanijghemnd.crx

==================== Services (Whitelisted) =================

R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [120592 2013-05-22] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [502064 2012-08-23] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199304 2012-05-25] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [210616 2012-05-25] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [162224 2012-05-25] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-06] (Egis Technology Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-08] (Symantec Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [132504 2013-03-17] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe [126392 2011-11-07] (Symantec Corporation)
R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [794272 2012-08-21] (PC Tools)
S2 0068621378883807mcinstcleanup; C:\Windows\TEMP\006862~1.EXE -cleanup -nolog [x]
S2 vvdsvc; C:\Windows\system32\nagasoft\vjocx.dll [x]

==================== Drivers (Whitelisted) ====================

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)
R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U3 mfeavfk01; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-13 09:39 - 2013-09-13 09:39 - 00000579 _____ C:\Users\georg\Desktop\TFC - Verknüpfung (2).lnk
2013-09-13 09:37 - 2013-09-13 09:37 - 00000579 _____ C:\Users\georg\Desktop\TFC - Verknüpfung.lnk
2013-09-13 09:33 - 2013-09-13 09:33 - 00002054 _____ C:\Users\georg\Desktop\JRT.txt
2013-09-13 09:24 - 2013-09-13 09:24 - 00000000 ____D C:\Windows\ERUNT
2013-09-13 09:22 - 2013-09-13 09:22 - 00000579 _____ C:\Users\georg\Desktop\JRT - Verknüpfung.lnk
2013-09-13 09:06 - 2013-09-13 09:16 - 00000000 ____D C:\AdwCleaner
2013-09-13 09:03 - 2013-09-13 09:03 - 00000634 _____ C:\Users\georg\Desktop\adwcleaner - Verknüpfung (2).lnk
2013-09-13 08:56 - 2013-09-13 08:56 - 00000634 _____ C:\Users\georg\Desktop\adwcleaner - Verknüpfung.lnk
2013-09-13 08:40 - 2013-09-13 08:40 - 01037278 _____ C:\Users\georg\Downloads\adwcleaner.exe
2013-09-12 18:38 - 2013-09-12 18:38 - 00026399 _____ C:\ComboFix.txt
2013-09-12 18:32 - 2013-09-12 18:32 - 00000552 _____ C:\Windows\PFRO.log
2013-09-12 17:41 - 2013-09-13 09:18 - 00000224 _____ C:\Windows\setupact.log
2013-09-12 17:41 - 2013-09-12 17:41 - 00000000 _____ C:\Windows\setuperr.log
2013-09-12 17:11 - 2013-09-12 16:57 - 05124599 ____R (Swearware) C:\Users\georg\Desktop\ComboFix.exe
2013-09-12 17:07 - 2011-06-26 08:45 - 00256000 ____R C:\Windows\PEV.exe
2013-09-12 17:07 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-12 17:07 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-12 17:07 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-12 17:07 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-12 17:07 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-12 17:07 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-12 17:07 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-12 17:00 - 2013-09-12 18:38 - 00000000 ____D C:\Qoobox
2013-09-12 16:59 - 2013-09-12 18:36 - 00000000 ____D C:\Windows\erdnt
2013-09-12 15:17 - 2013-09-12 15:17 - 00000000 ____D C:\FRST
2013-09-12 10:34 - 2013-09-12 10:34 - 00012560 _____ C:\Users\georg\Documents\cc_20130912_103418.reg
2013-08-19 15:18 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-19 15:18 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-19 15:18 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-19 15:18 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-19 15:18 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-19 15:18 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-19 15:18 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-19 15:18 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-19 15:18 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-19 15:18 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-19 15:18 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-19 15:18 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-19 15:18 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-19 15:18 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-19 15:18 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-19 15:18 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-19 15:18 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-19 15:18 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-19 15:18 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-19 15:18 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-19 15:18 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-19 15:18 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-19 15:18 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-19 15:18 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-19 15:18 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-19 15:18 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-19 15:18 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-19 15:18 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-19 15:18 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-19 15:18 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-19 15:18 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-19 10:19 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-19 10:19 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-19 10:18 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-19 10:18 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-19 10:18 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-19 10:18 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-19 10:18 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-19 10:18 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-19 10:18 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-19 10:18 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-19 10:18 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-19 10:18 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-19 10:18 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-19 10:18 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-19 10:18 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-19 10:18 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-13 09:44 - 2013-09-13 09:44 - 00000604 _____ C:\Users\georg\Desktop\FRST64 - Verknüpfung.lnk
2013-09-13 09:39 - 2013-09-13 09:39 - 00000579 _____ C:\Users\georg\Desktop\TFC - Verknüpfung (2).lnk
2013-09-13 09:37 - 2013-09-13 09:37 - 00000579 _____ C:\Users\georg\Desktop\TFC - Verknüpfung.lnk
2013-09-13 09:33 - 2013-09-13 09:33 - 00002054 _____ C:\Users\georg\Desktop\JRT.txt
2013-09-13 09:25 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-13 09:25 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-13 09:24 - 2013-09-13 09:24 - 00000000 ____D C:\Windows\ERUNT
2013-09-13 09:23 - 2012-09-03 09:44 - 00001832 _____ C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
2013-09-13 09:22 - 2013-09-13 09:22 - 00000579 _____ C:\Users\georg\Desktop\JRT - Verknüpfung.lnk
2013-09-13 09:19 - 2012-11-29 04:00 - 00000284 _____ C:\Windows\Tasks\RMAutoUpdate.job
2013-09-13 09:18 - 2013-09-12 17:41 - 00000224 _____ C:\Windows\setupact.log
2013-09-13 09:18 - 2012-11-28 09:54 - 00000000 ____D C:\Program Files (x86)\PC Tools Registry Mechanic
2013-09-13 09:18 - 2011-04-27 14:45 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-13 09:18 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-13 09:18 - 2007-10-10 22:26 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-13 09:17 - 2013-08-13 10:22 - 01341308 _____ C:\Windows\WindowsUpdate.log
2013-09-13 09:16 - 2013-09-13 09:06 - 00000000 ____D C:\AdwCleaner
2013-09-13 09:08 - 2011-04-27 14:45 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-13 09:05 - 2012-04-17 09:51 - 00001138 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1880662565-2423717802-1355569322-1001UA.job
2013-09-13 09:03 - 2013-09-13 09:03 - 00000634 _____ C:\Users\georg\Desktop\adwcleaner - Verknüpfung (2).lnk
2013-09-13 08:56 - 2013-09-13 08:56 - 00000634 _____ C:\Users\georg\Desktop\adwcleaner - Verknüpfung.lnk
2013-09-13 08:40 - 2013-09-13 08:40 - 01037278 _____ C:\Users\georg\Downloads\adwcleaner.exe
2013-09-12 19:06 - 2012-11-29 04:00 - 00000414 _____ C:\Windows\SysWOW64\AppLog.log
2013-09-12 18:38 - 2013-09-12 18:38 - 00026399 _____ C:\ComboFix.txt
2013-09-12 18:38 - 2013-09-12 17:00 - 00000000 ____D C:\Qoobox
2013-09-12 18:38 - 2011-04-27 14:50 - 00000000 ____D C:\Users\Burgen
2013-09-12 18:38 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-09-12 18:36 - 2013-09-12 16:59 - 00000000 ____D C:\Windows\erdnt
2013-09-12 18:33 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-12 18:32 - 2013-09-12 18:32 - 00000552 _____ C:\Windows\PFRO.log
2013-09-12 17:43 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-12 17:41 - 2013-09-12 17:41 - 00000000 _____ C:\Windows\setuperr.log
2013-09-12 17:41 - 2009-10-27 10:33 - 00000000 ____D C:\Users\georg\Tracing
2013-09-12 16:57 - 2013-09-12 17:11 - 05124599 ____R (Swearware) C:\Users\georg\Desktop\ComboFix.exe
2013-09-12 15:18 - 2009-07-14 07:13 - 01613412 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-12 15:18 - 2007-10-11 08:10 - 00696848 _____ C:\Windows\system32\perfh007.dat
2013-09-12 15:18 - 2007-10-11 08:10 - 00148144 _____ C:\Windows\system32\perfc007.dat
2013-09-12 15:17 - 2013-09-12 15:17 - 00000000 ____D C:\FRST
2013-09-12 12:43 - 2011-04-27 14:45 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-12 12:43 - 2009-08-14 20:56 - 00000000 ____D C:\Program Files\Google
2013-09-12 10:36 - 2009-10-27 10:17 - 00000000 ____D C:\Users\georg\AppData\Local\Google
2013-09-12 10:34 - 2013-09-12 10:34 - 00012560 _____ C:\Users\georg\Documents\cc_20130912_103418.reg
2013-09-11 09:59 - 2012-09-24 08:54 - 00004428 _____ C:\Windows\System32\Tasks\PC Checkup 3 Weekly Scan
2013-09-11 09:16 - 2009-08-14 20:57 - 00000000 ____D C:\Program Files\McAfee
2013-09-11 09:16 - 2009-08-14 20:56 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-09-05 09:12 - 2011-04-27 14:46 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-26 10:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-26 10:15 - 2012-09-24 08:54 - 00000000 ____D C:\Program Files (x86)\Norton PC Checkup 3.0
2013-08-26 08:24 - 2013-07-18 14:11 - 00000000 ____D C:\Users\georg\AppData\Roaming\Udake
2013-08-23 09:01 - 2012-04-17 09:51 - 00001116 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1880662565-2423717802-1355569322-1001Core.job

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-04 10:26

==================== End Of Log ============================
--- --- ---

--- --- ---

Aneri 13.09.2013 10:42
Hallo

Schritt 1:
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
S2 0068621378883807mcinstcleanup; C:\Windows\TEMP\006862~1.EXE -cleanup -nolog [x]
S2 vvdsvc; C:\Windows\system32\nagasoft\vjocx.dll [x]
BHO: No Name - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} -  No File
Toolbar: HKLM-x32 - Gutscheinmieze - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\georg\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
Toolbar: HKCU -  No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
C:\Users\georg\AppData\Roaming\Gutscheinmieze\
C:\Users\georg\AppData\Roaming\OCS\
HKLM\...\Run: [Ocs_SM] - C:\Users\georg\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D696537&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&k=0
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&k=0
SearchScopes: HKCU - {19BA5F42-323C-4E6F-9BC3-3A72BFD71830} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {28BD441E-9ACB-4B3B-AD36-389616746E0D} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {5F46E6AC-E562-49DF-946C-564E843D937D} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F736F7572636569643D69653726713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26726C7A3D314937414341575F64654154333531&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&k=0
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D696537&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&k=0
SearchScopes: HKCU - {859B5591-3432-49A4-A87A-DF9CA3E63862} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {87284A0D-E9DB-43DE-B680-B1310E705C07} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {96AA702E-EBD1-4371-A937-564EA4BF3645} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&mode=bounce&k=0
BHO: No Name - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} -  No File

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Schritt 2:
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Schritt 3:

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Schritt 4:

bitte erstelle ein neues FRST Logfile und poste es hier.

granatenfred 13.09.2013 13:24
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-09-2013 02
Ran by georg at 2013-09-13 12:02:45 Run:1
Running from H:\
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
S2 vvdsvc; C:\Windows\system32\nagasoft\vjocx.dll [x]
BHO: No Name - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - No File
Toolbar: HKLM-x32 - Gutscheinmieze - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\georg\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File
C:\Users\georg\AppData\Roaming\Gutscheinmieze\
C:\Users\georg\AppData\Roaming\OCS\
HKLM\...\Run: [Ocs_SM] - C:\Users\georg\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E677561 67657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D696537&s t={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&k=0
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D4945385352 43&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&k=0
SearchScopes: HKCU - {19BA5F42-323C-4E6F-9BC3-3A72BFD71830} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {28BD441E-9ACB-4B3B-AD36-389616746E0D} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {5F46E6AC-E562-49DF-946C-564E843D937D} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F736F7572636569643D69653726713D7B7365617263685465726D737D26726C733D636F6D2E6D696372 6F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26 726C7A3D314937414341575F64654154333531&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&k=0
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E677561 67657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D696537&s t={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&k=0
SearchScopes: HKCU - {859B5591-3432-49A4-A87A-DF9CA3E63862} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {87284A0D-E9DB-43DE-B680-B1310E705C07} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {96AA702E-EBD1-4371-A937-564EA4BF3645} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=4efcda8f-1ed8-4a2e-b1cf-69267b46cd9d&pid=freewarede&mode=bounce&k=0
BHO: No Name - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - No File

*****************

vvdsvc => Service deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} => Key deleted successfully.
HKCR\CLSID\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} => Value deleted successfully.
HKCR\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} => Key not found.
C:\Users\georg\AppData\Roaming\Gutscheinmieze\ => Moved successfully.
"C:\Users\georg\AppData\Roaming\OCS\" => File/Directory not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Ocs_SM => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{19BA5F42-323C-4E6F-9BC3-3A72BFD71830} => Key deleted successfully.
HKCR\CLSID\{19BA5F42-323C-4E6F-9BC3-3A72BFD71830} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{28BD441E-9ACB-4B3B-AD36-389616746E0D} => Key deleted successfully.
HKCR\CLSID\{28BD441E-9ACB-4B3B-AD36-389616746E0D} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5F46E6AC-E562-49DF-946C-564E843D937D} => Key deleted successfully.
HKCR\CLSID\{5F46E6AC-E562-49DF-946C-564E843D937D} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key deleted successfully.
HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{859B5591-3432-49A4-A87A-DF9CA3E63862} => Key deleted successfully.
HKCR\CLSID\{859B5591-3432-49A4-A87A-DF9CA3E63862} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{87284A0D-E9DB-43DE-B680-B1310E705C07} => Key deleted successfully.
HKCR\CLSID\{87284A0D-E9DB-43DE-B680-B1310E705C07} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{96AA702E-EBD1-4371-A937-564EA4BF3645} => Key deleted successfully.
HKCR\CLSID\{96AA702E-EBD1-4371-A937-564EA4BF3645} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} => Key not found.
HKCR\CLSID\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} => Key not found.

==== End of Fixlog ====

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4331

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.10.9200.16660

13.09.2013 12:12:48
mbam-log-2013-09-13 (12-12-48).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 143553
Laufzeit: 6 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a225ce54321e2e49a0dcc4db8a3245e3
# engine=15109
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-13 12:12:14
# local_time=2013-09-13 02:12:14 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5122 16777213 100 88 32416422 87945994 0 0
# compatibility_mode=5893 16776574 66 85 4214161 130704184 0 0
# scanned=189330
# found=11
# cleaned=0
# scan_time=6631
sh=82532840E3CFB61CE62AB635EDBC889FF6215938 ft=1 fh=0e4a48dcc33f06db vn="Win32/Sirefef.FY trojan" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Google\Desktop\Install\{a50b55d5-acf0-eeaf-93b8-f6748b45f12a}\9519~1\A535~1\E628~1\{a50b55d5-acf0-eeaf-93b8-f6748b45f12a}\GoogleUpdate.exe.vir"
sh=8BA05B3F0887EA24DB7A56AED185D907047A62D5 ft=1 fh=ee6ee59d406b16cf vn="Win64/Sirefef.BC trojan" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Google\Desktop\Install\{a50b55d5-acf0-eeaf-93b8-f6748b45f12a}\9519~1\A535~1\E628~1\{a50b55d5-acf0-eeaf-93b8-f6748b45f12a}\U\80000001.@.vir"
sh=82532840E3CFB61CE62AB635EDBC889FF6215938 ft=1 fh=0e4a48dcc33f06db vn="Win32/Sirefef.FY trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\georg\AppData\Local\Google\Desktop\Install\{a50b55d5-acf0-eeaf-93b8-f6748b45f12a}\2E2F~1\28F0~1\E628~1\{a50b55d5-acf0-eeaf-93b8-f6748b45f12a}\GoogleUpdate.exe.vir"
sh=9A15298735567868CCAB0F5DADCDA4CD5CF8EC01 ft=1 fh=6696db3e8cf4a64c vn="Win32/Agent.UJJ trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\georg\AppData\Roaming\ie_util.exe.vir"
sh=67399DD7337222E10D8DF5491AEE781845BA2D6C ft=1 fh=c71c0011b4def9d7 vn="a variant of Win32/Kryptik.BATC trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\georg\AppData\Roaming\Epfoe\zizy.exe.vir"
sh=190EC8C83BBCB978878B5E0839E25A47FD15AA25 ft=1 fh=b7b2f8e30715d64b vn="a variant of Win32/Kryptik.BGXZ trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\georg\AppData\Roaming\Ominy\lyroh.exe.vir"
sh=21F4E8C1D25CF37188E55A51F98038B43D8B0394 ft=1 fh=c545f67d885c9c7c vn="a variant of Win32/Kryptik.BIJD trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\georg\AppData\Roaming\Xusai\osos.exe.vir"
sh=6616AB50C16E51F3AACFB25A487AC1ADFDE5E2F2 ft=1 fh=b7b2f8e30715d64b vn="a variant of Win32/Kryptik.BGXZ trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\georg\AppData\Roaming\Ymze\utubvo.exe.vir"
sh=898B9C1A0C1C57053FF00AE02D4B8F01F1C8E93B ft=0 fh=0000000000000000 vn="Win32/Adware.AntimalwareDoctor.AE.Gen application" ac=I fn="C:\Users\georg\AppData\Roaming\92321BADC237A1C66DCCBBFFAD2FCFF2\enemies-names.txt"
sh=8987B4946725C7AC053F163B23EA5F8D5E0AD3A9 ft=0 fh=0000000000000000 vn="Win32/Adware.AntimalwareDoctor.AE.Gen application" ac=I fn="C:\Users\georg\AppData\Roaming\92321BADC237A1C66DCCBBFFAD2FCFF2\local.ini"
sh=BF9D6E03146A62759C01A1460E81C6840CF22D7B ft=1 fh=89652d89826223fd vn="a variant of Win32/Kryptik.BEJB trojan" ac=I fn="C:\Users\georg\Desktop\mhcb.tmp"


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-09-2013 02
Ran by georg (administrator) on GEORG-PC on 13-09-2013 14:22:42
Running from H:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-08-06] (Egis Technology Inc.)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKCU\...\Run: [Facebook Update] - C:\Users\georg\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-12] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280 2009-08-10] ()
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [128296 2009-07-31] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-08-04] (Acer Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-06-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [976832 2010-06-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1157976 2010-06-08] (Symantec Corporation)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1675160 2012-03-21] (McAfee, Inc.)
HKLM-x32\...\Run: [SSDMonitor] - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [105120 2012-08-21] (PC Tools)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\UpdatusUser\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
Startup: C:\Users\georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\georg\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120903085732.dll (McAfee, Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {27B4851A-3207-45A2-B947-BE8AFE6163AB} -  No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120903085734.dll (McAfee, Inc.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {D4003189-95B1-4A2F-9A87-F2B03665960D} hxxp://www.spvod.com/soft/vjocx-ch-spvod.cab
DPF: HKLM-x32 {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://91.113.220.122/activex/AMC.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 195.58.160.194 195.58.161.122

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (SiteAdvisor) - C:\Users\georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0
CHR Extension: (Freeware.de) - C:\Users\georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlafpokblfobdnjhhggocaanijghemnd\2.3.4.950_0
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx
CHR HKLM-x32\...\Chrome\Extension: [nlafpokblfobdnjhhggocaanijghemnd] - C:\Users\georg\AppData\Local\CRE\nlafpokblfobdnjhhggocaanijghemnd.crx

==================== Services (Whitelisted) =================

R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [120592 2013-05-22] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [502064 2012-08-23] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199304 2012-05-25] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [210616 2012-05-25] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [162224 2012-05-25] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-06] (Egis Technology Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-08] (Symantec Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [132504 2013-03-17] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe [126392 2011-11-07] (Symantec Corporation)
R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [794272 2012-08-21] (PC Tools)
S2 0068621378883807mcinstcleanup; C:\Windows\TEMP\006862~1.EXE -cleanup -nolog [x]

==================== Drivers (Whitelisted) ====================

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)
R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U3 mfeavfk01; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-13 11:57 - 2013-09-13 11:57 - 00003748 _____ C:\Users\georg\Desktop\Fixlist.txt
2013-09-13 09:44 - 2013-09-13 09:44 - 00000604 _____ C:\Users\georg\Desktop\FRST64 - Verknüpfung.lnk
2013-09-13 09:39 - 2013-09-13 09:39 - 00000579 _____ C:\Users\georg\Desktop\TFC - Verknüpfung (2).lnk
2013-09-13 09:37 - 2013-09-13 09:37 - 00000579 _____ C:\Users\georg\Desktop\TFC - Verknüpfung.lnk
2013-09-13 09:33 - 2013-09-13 09:33 - 00002054 _____ C:\Users\georg\Desktop\JRT.txt
2013-09-13 09:24 - 2013-09-13 09:24 - 00000000 ____D C:\Windows\ERUNT
2013-09-13 09:22 - 2013-09-13 09:22 - 00000579 _____ C:\Users\georg\Desktop\JRT - Verknüpfung.lnk
2013-09-13 09:06 - 2013-09-13 09:16 - 00000000 ____D C:\AdwCleaner
2013-09-13 09:03 - 2013-09-13 09:03 - 00000634 _____ C:\Users\georg\Desktop\adwcleaner - Verknüpfung (2).lnk
2013-09-13 08:56 - 2013-09-13 08:56 - 00000634 _____ C:\Users\georg\Desktop\adwcleaner - Verknüpfung.lnk
2013-09-13 08:40 - 2013-09-13 08:40 - 01037278 _____ C:\Users\georg\Downloads\adwcleaner.exe
2013-09-12 18:38 - 2013-09-12 18:38 - 00026399 _____ C:\ComboFix.txt
2013-09-12 18:32 - 2013-09-12 18:32 - 00000552 _____ C:\Windows\PFRO.log
2013-09-12 17:41 - 2013-09-13 09:18 - 00000224 _____ C:\Windows\setupact.log
2013-09-12 17:41 - 2013-09-12 17:41 - 00000000 _____ C:\Windows\setuperr.log
2013-09-12 17:11 - 2013-09-12 16:57 - 05124599 ____R (Swearware) C:\Users\georg\Desktop\ComboFix.exe
2013-09-12 17:07 - 2011-06-26 08:45 - 00256000 ____R C:\Windows\PEV.exe
2013-09-12 17:07 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-12 17:07 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-12 17:07 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-12 17:07 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-12 17:07 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-12 17:07 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-12 17:07 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-12 17:00 - 2013-09-12 18:38 - 00000000 ____D C:\Qoobox
2013-09-12 16:59 - 2013-09-12 18:36 - 00000000 ____D C:\Windows\erdnt
2013-09-12 15:17 - 2013-09-12 15:17 - 00000000 ____D C:\FRST
2013-09-12 10:34 - 2013-09-12 10:34 - 00012560 _____ C:\Users\georg\Documents\cc_20130912_103418.reg
2013-08-19 15:18 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-19 15:18 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-19 15:18 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-19 15:18 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-19 15:18 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-19 15:18 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-19 15:18 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-19 15:18 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-19 15:18 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-19 15:18 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-19 15:18 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-19 15:18 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-19 15:18 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-19 15:18 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-19 15:18 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-19 15:18 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-19 15:18 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-19 15:18 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-19 15:18 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-19 15:18 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-19 15:18 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-19 15:18 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-19 15:18 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-19 15:18 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-19 15:18 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-19 15:18 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-19 15:18 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-19 15:18 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-19 15:18 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-19 15:18 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-19 15:18 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-19 10:19 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-19 10:19 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-19 10:18 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-19 10:18 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-19 10:18 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-19 10:18 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-19 10:18 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-19 10:18 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-19 10:18 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-19 10:18 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-19 10:18 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-19 10:18 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-19 10:18 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-19 10:18 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-19 10:18 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-19 10:18 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-13 14:08 - 2011-04-27 14:45 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-13 12:45 - 2013-08-13 10:22 - 01347710 _____ C:\Windows\WindowsUpdate.log
2013-09-13 12:15 - 2013-09-13 12:15 - 02347384 _____ (ESET) C:\Users\georg\Downloads\esetsmartinstaller_enu.exe
2013-09-13 12:05 - 2012-04-17 09:51 - 00001138 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1880662565-2423717802-1355569322-1001UA.job
2013-09-13 11:57 - 2013-09-13 11:57 - 00003748 _____ C:\Users\georg\Desktop\Fixlist.txt
2013-09-13 09:44 - 2013-09-13 09:44 - 00000604 _____ C:\Users\georg\Desktop\FRST64 - Verknüpfung.lnk
2013-09-13 09:39 - 2013-09-13 09:39 - 00000579 _____ C:\Users\georg\Desktop\TFC - Verknüpfung (2).lnk
2013-09-13 09:37 - 2013-09-13 09:37 - 00000579 _____ C:\Users\georg\Desktop\TFC - Verknüpfung.lnk
2013-09-13 09:33 - 2013-09-13 09:33 - 00002054 _____ C:\Users\georg\Desktop\JRT.txt
2013-09-13 09:25 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-13 09:25 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-13 09:24 - 2013-09-13 09:24 - 00000000 ____D C:\Windows\ERUNT
2013-09-13 09:23 - 2012-09-03 09:44 - 00001832 _____ C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
2013-09-13 09:22 - 2013-09-13 09:22 - 00000579 _____ C:\Users\georg\Desktop\JRT - Verknüpfung.lnk
2013-09-13 09:19 - 2012-11-29 04:00 - 00000284 _____ C:\Windows\Tasks\RMAutoUpdate.job
2013-09-13 09:18 - 2013-09-12 17:41 - 00000224 _____ C:\Windows\setupact.log
2013-09-13 09:18 - 2012-11-28 09:54 - 00000000 ____D C:\Program Files (x86)\PC Tools Registry Mechanic
2013-09-13 09:18 - 2011-04-27 14:45 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-13 09:18 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-13 09:18 - 2007-10-10 22:26 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-13 09:16 - 2013-09-13 09:06 - 00000000 ____D C:\AdwCleaner
2013-09-13 09:03 - 2013-09-13 09:03 - 00000634 _____ C:\Users\georg\Desktop\adwcleaner - Verknüpfung (2).lnk
2013-09-13 08:56 - 2013-09-13 08:56 - 00000634 _____ C:\Users\georg\Desktop\adwcleaner - Verknüpfung.lnk
2013-09-13 08:40 - 2013-09-13 08:40 - 01037278 _____ C:\Users\georg\Downloads\adwcleaner.exe
2013-09-12 19:06 - 2012-11-29 04:00 - 00000414 _____ C:\Windows\SysWOW64\AppLog.log
2013-09-12 18:38 - 2013-09-12 18:38 - 00026399 _____ C:\ComboFix.txt
2013-09-12 18:38 - 2013-09-12 17:00 - 00000000 ____D C:\Qoobox
2013-09-12 18:38 - 2011-04-27 14:50 - 00000000 ____D C:\Users\Burgen
2013-09-12 18:38 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-09-12 18:36 - 2013-09-12 16:59 - 00000000 ____D C:\Windows\erdnt
2013-09-12 18:33 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-12 18:32 - 2013-09-12 18:32 - 00000552 _____ C:\Windows\PFRO.log
2013-09-12 17:43 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-12 17:41 - 2013-09-12 17:41 - 00000000 _____ C:\Windows\setuperr.log
2013-09-12 17:41 - 2009-10-27 10:33 - 00000000 ____D C:\Users\georg\Tracing
2013-09-12 16:57 - 2013-09-12 17:11 - 05124599 ____R (Swearware) C:\Users\georg\Desktop\ComboFix.exe
2013-09-12 15:18 - 2009-07-14 07:13 - 01613412 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-12 15:18 - 2007-10-11 08:10 - 00696848 _____ C:\Windows\system32\perfh007.dat
2013-09-12 15:18 - 2007-10-11 08:10 - 00148144 _____ C:\Windows\system32\perfc007.dat
2013-09-12 15:17 - 2013-09-12 15:17 - 00000000 ____D C:\FRST
2013-09-12 12:43 - 2011-04-27 14:45 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-12 12:43 - 2009-08-14 20:56 - 00000000 ____D C:\Program Files\Google
2013-09-12 10:36 - 2009-10-27 10:17 - 00000000 ____D C:\Users\georg\AppData\Local\Google
2013-09-12 10:34 - 2013-09-12 10:34 - 00012560 _____ C:\Users\georg\Documents\cc_20130912_103418.reg
2013-09-11 09:59 - 2012-09-24 08:54 - 00004428 _____ C:\Windows\System32\Tasks\PC Checkup 3 Weekly Scan
2013-09-11 09:16 - 2009-08-14 20:57 - 00000000 ____D C:\Program Files\McAfee
2013-09-11 09:16 - 2009-08-14 20:56 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-09-05 09:12 - 2011-04-27 14:46 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-26 10:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-26 10:15 - 2012-09-24 08:54 - 00000000 ____D C:\Program Files (x86)\Norton PC Checkup 3.0
2013-08-26 08:24 - 2013-07-18 14:11 - 00000000 ____D C:\Users\georg\AppData\Roaming\Udake
2013-08-23 09:01 - 2012-04-17 09:51 - 00001116 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1880662565-2423717802-1355569322-1001Core.job

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-04 10:26

==================== End Of Log ============================
--- --- ---

--- --- ---

Aneri 13.09.2013 14:12
Hallo

Schritt 1:

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Users\georg\AppData\Roaming\92321BADC237A1C66DCCBBFFAD2FCFF2\
C:\Users\georg\Desktop\mhcb.tmp

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Schritt 2:
Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.




Alle Zeitangaben in WEZ +1. Es ist jetzt 12:05 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131