Trojaner-Board - TR/BProtector.gen von Avira gefunden

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - TR/BProtector.gen von Avira gefunden (https://www.trojaner-board.de/156149-tr-bprotector-gen-avira-gefunden.html)

TR/BProtector.gen von Avira gefunden

Hallo, auf meinem PC der mit Windows 7 Home Premium 64bit läuft wurde ein Virus gefunden.

Avira findet TR/BProtector.gen in mehreren Objekten. :pfui::pfui::pfui:

Wenn ich diese Objekte, wie vorgeschlagen, in Quarantäne verschieben will, fährt mein PC wegen einem Systemfehler herunter. :killpc:

Wie ich in andere threads schon gesehn habe, muss man mit Farber Recovery Scan tool die FRST.txt und die Addition.txt posten. :abklatsch:

Vielen Dank für die Hilfe ! :dankeschoen:

FRST.txt :

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01

Ran by Hannes (administrator) on HANNES-PC on 06-07-2014 12:19:46

Running from C:\Users\Hannes\Downloads

Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 9

Boot Mode: Normal
 

The only official download link for FRST:

Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

(HP) C:\Windows\System32\HPSIsvc.exe

(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe

(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Intel Corporation) C:\Windows\System32\igfxext.exe

(Dropbox, Inc.) C:\Users\Hannes\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe

(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe

(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe

(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11725928 2010-12-23] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2010-12-10] (Realtek Semiconductor)

HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2010-10-29] (Acer Incorporated)

HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)

HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [613536 2010-11-25] (Atheros Communications)

HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2010-11-25] (Atheros Commnucations)

HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-14] (Intel Corporation)

HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340336 2010-09-28] (Egis Technology Inc.)

HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-09-18] (Egis Technology Inc.)

HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-09-18] (Egis Technology Inc.)

HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-28] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296768 2010-11-12] (NTI Corporation)

HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)

HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1025616 2010-12-09] (Dritek System Inc.)

HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)

HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)

HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2010-12-09] (CyberLink Corp.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-24] (Avira Operations GmbH & Co. KG)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}

HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}

HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}

HKU\S-1-5-21-540060913-2797479332-2572394248-1000\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()

HKU\S-1-5-21-540060913-2797479332-2572394248-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)

HKU\S-1-5-21-540060913-2797479332-2572394248-1001\...\MountPoints2: {aa0364f3-df6b-11e2-b536-ec55f91df9a8} - E:\LaunchU3.exe -a

HKU\S-1-5-21-540060913-2797479332-2572394248-1001\...\MountPoints2: {ba1280c4-7859-11e3-b812-1c7508da08ff} - E:\SISetup.exe

AppInit_DLLs: c:\progra~3\bitguard\271832~1.68\{16cdf~1\loader.dll => c:\ProgramData\BitGuard\2.7.1832.68\{16cdff19-861d-48e3-a751-d99a27784753}\loader.dll [1958880 2013-11-18] ()

AppInit_DLLs:  c:\windows\system32\nvinitx.dll => c:\windows\system32\nvinitx.dll [226920 2010-12-12] (NVIDIA Corporation)

Startup: C:\Users\Hannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Hannes\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com

HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?affID=109958&tt=251012_1838_4312_7&babsrc=HP_ss&mntrId=3a55f85c000000000000fe55f91df9a8

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com

URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

SearchScopes: HKCU - DefaultScope {7247276E-F9BF-4AB4-A9C2-2EFFD4F36B03} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A011DE662&p={SearchTerms}

SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=251012_1838_4312_7&babsrc=SP_ss&mntrId=3a55f85c000000000000fe55f91df9a8

SearchScopes: HKCU - {7247276E-F9BF-4AB4-A9C2-2EFFD4F36B03} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A011DE662&p={SearchTerms}

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)

Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)

Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarTlbr.dll No File

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File

Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Tcpip\Parameters: [DhcpNameServer] 129.143.2.1 8.8.8.8
 

FireFox:

========

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox

FF Extension: Bing Bar - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011-03-04]

FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension

FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2011-03-04]

FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension

FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-03-04]

FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor

FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2010-12-06]

FF HKLM-x32\...\Firefox\Extensions: [{18148679-999F-41E7-84B7-926FDC34966E}] - C:\Windows\Installer\{1B0358DF-6E47-405B-9357-9E6DC6D7AAD1}\{18148679-999F-41E7-84B7-926FDC34966E}.xpi

FF Extension: Download Protect - C:\Windows\Installer\{1B0358DF-6E47-405B-9357-9E6DC6D7AAD1}\{18148679-999F-41E7-84B7-926FDC34966E}.xpi [2014-07-06]
 

Chrome: 

=======

CHR HomePage: hxxp://www.google.de?hl=de&gl=de

CHR DefaultSearchKeyword: McAfee

CHR DefaultSearchProvider: McAfee

CHR DefaultSearchURL: hxxp://de.search.yahoo.com/search?fr=mcafee&type=A211DE662&p={searchTerms}

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()

CHR Plugin: (Application Manager) - C:\Users\Hannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll No File

CHR Plugin: (Babylon ToolBar) - C:\Users\Hannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\BabylonChromeToolBar.dll No File

CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Hannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File

CHR Plugin: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)

CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Hannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]

CHR Extension: (Babylon Toolbar) - C:\Users\Hannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb [2014-07-01]

CHR Extension: (Download Protect) - C:\Users\Hannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\eidmogfhhfjlpelgplgcdpphhpagcogm [2014-07-06]

CHR Extension: (SiteAdvisor) - C:\Users\Hannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-01-04]

CHR Extension: (Google Wallet) - C:\Users\Hannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]

CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Users\Hannes\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx [2012-08-08]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

==================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-11-25] (Atheros Commnucations) [File not signed]

R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)

R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2010-11-12] (NTI Corporation)

S2 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [X]

S2 GFilterSvc; C:\Windows\System32\GFilterSvc.exe [X]

S2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [X]

S2 Utilmand; C:\Windows\system32\PortablfDeviceWiaCompat.exe [X]

S2 Windows Internet Name Service; C:\Windows\system32\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe [X]
 

==================== Drivers (Whitelisted) ====================
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-24] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-06-24] (Avira Operations GmbH & Co. KG)

S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2009-10-26] (Marvell Semiconductor, Inc.)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-07-06 12:19 - 2014-07-06 12:20 - 00026225 _____ () C:\Users\Hannes\Downloads\FRST.txt

2014-07-06 12:19 - 2014-07-06 12:19 - 00000000 ____D () C:\FRST

2014-07-06 11:51 - 2014-07-06 11:51 - 02084352 _____ (Farbar) C:\Users\Hannes\Downloads\FRST64.exe

2014-07-06 11:42 - 2014-07-06 11:42 - 00262144 _____ () C:\Windows\Minidump\070614-25958-01.dmp

2014-07-06 11:36 - 2014-07-06 11:42 - 501968627 _____ () C:\Windows\MEMORY.DMP

2014-07-06 11:36 - 2014-07-06 11:42 - 00000000 ____D () C:\Windows\Minidump

2014-07-06 11:36 - 2014-07-06 11:36 - 00262144 _____ () C:\Windows\Minidump\070614-26457-01.dmp

2014-07-06 11:31 - 2014-07-06 11:30 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2014-07-06 11:30 - 2014-07-06 11:30 - 00000000 ____D () C:\Users\Hannes\AppData\Roaming\Avira

2014-07-06 11:29 - 2014-07-06 11:29 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk

2014-07-06 11:29 - 2014-07-06 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2014-07-06 11:29 - 2014-07-06 11:29 - 00000000 ____D () C:\ProgramData\Avira

2014-07-06 11:29 - 2014-07-06 11:29 - 00000000 ____D () C:\Program Files (x86)\Avira

2014-07-06 11:29 - 2014-06-24 20:39 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2014-07-06 11:29 - 2014-06-24 20:39 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2014-07-06 11:29 - 2014-06-24 20:39 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

2014-07-06 11:19 - 2014-03-31 09:35 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-07-06 11:04 - 2014-07-06 11:06 - 141865920 _____ () C:\Users\Hannes\Downloads\avira_free_antivirus45_de.exe

2014-07-03 22:14 - 2014-07-03 23:03 - 00000000 ____D () C:\Users\Hannes\Desktop\ordner bekleben

2014-07-03 14:18 - 2014-07-03 14:18 - 00000000 ____D () C:\Windows\system32\SPReview

2014-07-01 22:40 - 2014-07-03 08:41 - 00000000 ____D () C:\Users\Hannes\Desktop\Handy sony

2014-06-18 17:57 - 2014-06-18 17:57 - 06010880 _____ () C:\Program Files (x86)\GUT8334.tmp

2014-06-18 17:57 - 2014-06-18 17:57 - 00000000 ____D () C:\Program Files (x86)\GUM8333.tmp

2014-06-16 08:25 - 2014-06-16 08:25 - 00953814 _____ () C:\Users\Hannes\Downloads\catoarchiv02.jar

2014-06-06 12:59 - 2014-06-06 12:59 - 00000000 ____D () C:\Users\Hannes\Desktop\Tied + Tickled Trio

2014-06-06 12:59 - 2014-06-06 12:59 - 00000000 ____D () C:\Users\Hannes\Desktop\Ghost Stories
 

==================== One Month Modified Files and Folders =======
 

2014-07-06 12:20 - 2014-07-06 12:19 - 00026225 _____ () C:\Users\Hannes\Downloads\FRST.txt

2014-07-06 12:19 - 2014-07-06 12:19 - 00000000 ____D () C:\FRST

2014-07-06 12:17 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-07-06 12:17 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-07-06 12:03 - 2012-10-27 14:26 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-07-06 11:51 - 2014-07-06 11:51 - 02084352 _____ (Farbar) C:\Users\Hannes\Downloads\FRST64.exe

2014-07-06 11:46 - 2011-03-04 01:48 - 01461113 _____ () C:\Windows\WindowsUpdate.log

2014-07-06 11:44 - 2014-03-19 17:04 - 00000000 ___RD () C:\Users\Hannes\Dropbox

2014-07-06 11:44 - 2014-03-19 16:52 - 00000000 ____D () C:\Users\Hannes\AppData\Roaming\DropboxMaster

2014-07-06 11:44 - 2014-03-19 16:52 - 00000000 ____D () C:\Users\Hannes\AppData\Roaming\Dropbox

2014-07-06 11:44 - 2011-09-05 15:43 - 00000000 ____D () C:\ProgramData\clear.fi

2014-07-06 11:44 - 2011-03-04 02:28 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini

2014-07-06 11:44 - 2011-03-04 02:28 - 00000000 ____D () C:\ProgramData\boost_interprocess

2014-07-06 11:43 - 2014-03-26 12:31 - 00000306 __RSH () C:\ProgramData\ntuser.pol

2014-07-06 11:42 - 2014-07-06 11:42 - 00262144 _____ () C:\Windows\Minidump\070614-25958-01.dmp

2014-07-06 11:42 - 2014-07-06 11:36 - 501968627 _____ () C:\Windows\MEMORY.DMP

2014-07-06 11:42 - 2014-07-06 11:36 - 00000000 ____D () C:\Windows\Minidump

2014-07-06 11:42 - 2012-10-27 14:26 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-07-06 11:42 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-07-06 11:42 - 2009-07-14 06:51 - 00131562 _____ () C:\Windows\setupact.log

2014-07-06 11:41 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-07-06 11:36 - 2014-07-06 11:36 - 00262144 _____ () C:\Windows\Minidump\070614-26457-01.dmp

2014-07-06 11:36 - 2011-03-04 01:45 - 00248940 _____ () C:\Windows\PFRO.log

2014-07-06 11:33 - 2013-11-22 12:16 - 00000000 ____D () C:\Users\Hannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard

2014-07-06 11:30 - 2014-07-06 11:31 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2014-07-06 11:30 - 2014-07-06 11:30 - 00000000 ____D () C:\Users\Hannes\AppData\Roaming\Avira

2014-07-06 11:29 - 2014-07-06 11:29 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk

2014-07-06 11:29 - 2014-07-06 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2014-07-06 11:29 - 2014-07-06 11:29 - 00000000 ____D () C:\ProgramData\Avira

2014-07-06 11:29 - 2014-07-06 11:29 - 00000000 ____D () C:\Program Files (x86)\Avira

2014-07-06 11:27 - 2012-10-27 14:25 - 00000000 ____D () C:\Windows\SysWOW64\Extensions

2014-07-06 11:25 - 2010-12-06 12:09 - 00000000 ____D () C:\ProgramData\McAfee

2014-07-06 11:25 - 2010-12-06 12:09 - 00000000 ____D () C:\Program Files (x86)\McAfee

2014-07-06 11:22 - 2012-05-18 18:22 - 00000000 ____D () C:\Users\Hannes\Desktop\Dateien

2014-07-06 11:06 - 2014-07-06 11:04 - 141865920 _____ () C:\Users\Hannes\Downloads\avira_free_antivirus45_de.exe

2014-07-06 00:25 - 2014-04-14 23:25 - 00000368 _____ () C:\Windows\Tasks\updater.job

2014-07-05 17:17 - 2012-01-10 20:12 - 00000000 ____D () C:\Users\Hannes\AppData\Roaming\Skype

2014-07-03 23:03 - 2014-07-03 22:14 - 00000000 ____D () C:\Users\Hannes\Desktop\ordner bekleben

2014-07-03 14:18 - 2014-07-03 14:18 - 00000000 ____D () C:\Windows\system32\SPReview

2014-07-03 08:41 - 2014-07-01 22:40 - 00000000 ____D () C:\Users\Hannes\Desktop\Handy sony

2014-07-01 22:22 - 2011-03-04 10:39 - 00654400 _____ () C:\Windows\system32\perfh007.dat

2014-07-01 22:22 - 2011-03-04 10:39 - 00130240 _____ () C:\Windows\system32\perfc007.dat

2014-07-01 22:22 - 2009-07-14 07:13 - 01498742 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-07-01 11:33 - 2013-12-03 23:21 - 00001247 _____ () C:\known.met

2014-07-01 11:33 - 2013-12-03 23:21 - 00000345 _____ () C:\server.met

2014-07-01 11:33 - 2013-12-03 23:21 - 00000166 _____ () C:\Windows\SysWOW64\queries-02.cache

2014-07-01 11:33 - 2013-12-03 23:21 - 00000081 _____ () C:\Windows\SysWOW64\cache.00

2014-07-01 11:33 - 2013-12-03 23:21 - 00000017 _____ () C:\queries-07.cache

2014-07-01 11:33 - 2013-12-03 23:21 - 00000005 _____ () C:\queries-00.cache

2014-06-24 23:53 - 2011-10-02 09:13 - 00000000 ____D () C:\Users\Hannes\AppData\Local\CrashDumps

2014-06-24 23:17 - 2012-10-09 15:44 - 00000000 ____D () C:\Users\Hannes\Desktop\Bilder

2014-06-24 20:39 - 2014-07-06 11:29 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2014-06-24 20:39 - 2014-07-06 11:29 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2014-06-24 20:39 - 2014-07-06 11:29 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

2014-06-24 17:58 - 2012-10-27 14:26 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-06-24 17:58 - 2012-10-27 14:26 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-06-18 17:57 - 2014-06-18 17:57 - 06010880 _____ () C:\Program Files (x86)\GUT8334.tmp

2014-06-18 17:57 - 2014-06-18 17:57 - 00000000 ____D () C:\Program Files (x86)\GUM8333.tmp

2014-06-16 08:25 - 2014-06-16 08:25 - 00953814 _____ () C:\Users\Hannes\Downloads\catoarchiv02.jar

2014-06-16 08:24 - 2014-02-11 16:04 - 00000000 ____D () C:\Users\Hannes\Documents\Outlook Files

2014-06-06 12:59 - 2014-06-06 12:59 - 00000000 ____D () C:\Users\Hannes\Desktop\Tied + Tickled Trio

2014-06-06 12:59 - 2014-06-06 12:59 - 00000000 ____D () C:\Users\Hannes\Desktop\Ghost Stories
 

Some content of TEMP:

====================

C:\Users\Hannes\AppData\Local\Temp\avgnt.exe

C:\Users\Hannes\AppData\Local\Temp\B6C0.exe

C:\Users\Hannes\AppData\Local\Temp\COMAP.EXE

C:\Users\Hannes\AppData\Local\Temp\drm_dyndata_7380009.dll

C:\Users\Hannes\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzewyct.dll

C:\Users\Hannes\AppData\Local\Temp\IPx64_1031.exe

C:\Users\Hannes\AppData\Local\Temp\PhotoScape_V3.6.2.exe

C:\Users\Hannes\AppData\Local\Temp\setup_fsu_cid.exe

C:\Users\Hannes\AppData\Local\Temp\siinst.exe

C:\Users\Hannes\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Hannes\AppData\Local\Temp\strings.dll
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-07-01 19:42
 

==================== End Of Log ============================

Additional.txt:

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-07-2014 01

Ran by Hannes at 2014-07-06 12:20:32

Running from C:\Users\Hannes\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Avira Desktop (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Desktop (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.69 - NTI Corporation)

Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1216 - CyberLink Corp.)

Acer Crystal Eye Webcam (x32 Version: 1.0.1216 - CyberLink Corp.) Hidden

Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3000 - Acer Incorporated)

Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Acer Incorporated)

Acer GameZone Console (HKLM-x32\...\{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1) (Version: 6.1.0.9 - Oberon Media, Inc.)

Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)

Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.1130.2010 - Acer Incorporated)

Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)

Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden

Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.1.102.63 - Adobe Systems Incorporated)

Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)

Airport Mania First Flight (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}) (Version:  - Oberon Media)

Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)

Apple Application Support (HKLM-x32\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.450 - Avira)

Babylon toolbar  (HKLM-x32\...\BabylonToolbar) (Version:  - BabylonToolbar) <==== ATTENTION

BabylonObjectInstaller (HKLM-x32\...\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}) (Version: 2.0.0.4 - Babylon Ltd) <==== ATTENTION

Backup Manager V3 (x32 Version: 3.0.0.69 - NTI Corporation) Hidden

Bing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 6.0.2282.0 - Microsoft Corporation)

Bing Bar Platform (x32 Version: 6.0.2282.0 - Microsoft Corporation) Hidden

BitGuard (HKLM-x32\...\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}) (Version:  - MediaTechSoft Inc.) <==== ATTENTION

Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.45 - Atheros Communications)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.4.9.3 - Broadcom Corporation)

Broadcom Gigabit NetLink Controller (HKLM\...\{029A4933-3F36-4E4F-AEC3-2207AB26463D}) (Version: 14.4.8.3 - Broadcom Corporation)

Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version:  - Oberon Media)

clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.1223.00 - CyberLink Corp.)

clear.fi (x32 Version: 1.0.1223.00 - CyberLink Corp.) Hidden

clear.fi (x32 Version: 9.0.7209 - CyberLink Corp.) Hidden

clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3008 - Acer Incorporated)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)

Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)

eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)

eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)

eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden

Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)

FUSSBALL MANAGER 09 (HKLM-x32\...\FUSSBALL MANAGER 09) (Version:  - Electronic Arts)

Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version:  - Oberon Media)

G-Filter (HKCU\...\{206a7328-437f-4bd9-b53e-12bfee24d588}) (Version:  - G-Filter)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)

HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )

Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)

Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)

Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2272 - Intel Corporation)

Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)

iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Launch Manager (HKLM-x32\...\LManager) (Version: 5.0.3 - Acer Inc.)

MediaEspresso (x32 Version: 1.0.1210_33255 - CyberLink Corp.) Hidden

Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version:  - Oberon Media)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )

Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version:  - )

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Default Manager (x32 Version: 2.2.114.0 - Microsoft Corporation) Hidden

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Standard 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Search Enhancement Pack (x32 Version: 3.0.131.0 - Microsoft Corporation) Hidden

Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MyWinLocker (Version: 4.0.14.11 - Egis Technology Inc.) Hidden

MyWinLocker 4 (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden

MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.11 - Egis Technology Inc.)

MyWinLocker Suite (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden

Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)

NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8939 - NTI Corporation)

NTI Media Maker 9 (x32 Version: 9.0.2.8939 - NTI Corporation) Hidden

NVIDIA Grafiktreiber 266.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 266.19 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.265.36.0 - NVIDIA Corporation) Hidden

NVIDIA Optimus 1.0.11 (Version: 1.0.11 - NVIDIA Corporation) Hidden

NVIDIA Systemsteuerung 266.19 (Version: 266.19 - NVIDIA Corporation) Hidden

NVIDIA Update Components (Version: 1.0.11 - NVIDIA Corporation) Hidden

Poker Pop (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}) (Version:  - Oberon Media)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6276 - Realtek Semiconductor Corp.)

Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.26.0 - Renesas Electronics Corporation)

Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0 - Renesas Electronics Corporation) Hidden

Shredder (Version: 2.0.8.7 - Egis Technology Inc.) Hidden

Shredder (x32 Version: 2.0.8.7 - Egis Technology Inc.) Hidden

Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)

Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)

Spin & Win (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version:  - Oberon Media)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.0 - Synaptics Incorporated)

Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.0.82.0 - Intel)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)

VoiceOver Kit (HKLM-x32\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)

Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3007 - Acer Incorporated)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 

==================== Restore Points  =========================
 

01-07-2014 23:00:11 Windows 7 Service Pack 1

02-07-2014 09:52:03 Windows Update

03-07-2014 12:17:17 Windows Update

03-07-2014 21:20:11 Windows Update

05-07-2014 23:07:16 Windows Update

06-07-2014 09:23:38 Windows Defender Checkpoint
 

==================== Hosts content: ==========================
 

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {183748B8-E754-4AF7-AC2B-423FFD7DC1AD} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2010-12-23] (CyberLink)

Task: {1CC63F0D-7AA9-474E-A95C-7F0739BE9A5B} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe [2013-05-28] ()

Task: {1F1D80F8-5307-4141-B0AA-190023A39EE1} - System32\Tasks\{E4DD8FFD-C498-41EF-B961-0DD2E8B63913} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=4.1.0.179.367&amp;LastError=404

Task: {280D0EFD-1D04-4CD9-9971-B5A041B89746} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-27] (Google Inc.)

Task: {5C11934E-4BDF-4EB7-B86A-999B87132839} - System32\Tasks\{B0D98D92-CA72-4F86-AC24-55EE221F2BC8} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=4.1.0.179.367&amp;LastError=12007

Task: {76DE018E-386F-4074-A526-2C3C834F7F45} - \CreateChoiceProcessTask No Task File <==== ATTENTION

Task: {79D8ECD3-C1CF-4DB7-99A1-8C23AD7FF31D} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2010-12-23] (Acer Incorporated)

Task: {8F4F5745-C97D-40B2-AC2E-78B67CE3243D} - System32\Tasks\updater => Rundll32.exe "C:\Users\Hannes\AppData\Roaming\Updater\updater_task.dll",schedule_task

Task: {A2D3C1E0-D804-472E-9D87-9A67B5C4F629} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe [2013-05-28] ()

Task: {C95ABE3B-F86F-42A5-B8CE-EB756B678850} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {D0B47FFB-6A69-4586-BD95-719D2EBA480F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-27] (Google Inc.)

Task: {DC82F119-CF94-46A8-B0CA-B356FF200C21} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2010-12-23] (CyberLink Corp.)

Task: {E8ED0C91-5054-495C-B518-54FEA72BDB6F} - System32\Tasks\EPUpdater => C:\Users\Hannes\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-06-06] () <==== ATTENTION

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\updater.job => C:\Users\Hannes\AppData\Roaming\Updater\updater_task.dll
 

==================== Loaded Modules (whitelisted) =============
 

2013-11-22 12:16 - 2013-11-18 16:32 - 01958880 ____N () c:\ProgramData\BitGuard\2.7.1832.68\{16cdff19-861d-48e3-a751-d99a27784753}\loader.dll

2014-01-08 14:03 - 2009-10-23 12:19 - 00289792 _____ () C:\Windows\System32\HP1100LM.DLL

2014-01-08 14:08 - 2009-10-23 12:19 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL

2011-01-06 06:09 - 2010-12-23 19:00 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2013-11-22 12:16 - 2013-11-18 16:31 - 03618304 ____N () c:\ProgramData\BitGuard\2.7.1832.68\{16cdff19-861d-48e3-a751-d99a27784753}\BitGuard.dll

2012-02-20 21:29 - 2012-02-20 21:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2012-02-20 21:28 - 2012-02-20 21:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2010-11-12 03:22 - 2010-11-12 03:22 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll

2010-11-12 03:22 - 2010-11-12 03:22 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll

2010-11-12 03:22 - 2010-11-12 03:22 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll

2010-12-23 15:46 - 2010-12-23 15:46 - 00210312 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll

2014-07-06 11:44 - 2014-07-06 11:44 - 00043008 _____ () c:\users\hannes\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzewyct.dll

2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Hannes\AppData\Roaming\Dropbox\bin\libcef.dll

2013-01-12 13:42 - 2013-01-12 13:42 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\d648170c5d514eef60d8a2e2f8c94689\IsdiInterop.ni.dll

2010-12-06 11:53 - 2010-09-14 04:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

2014-03-26 12:31 - 2014-07-06 11:27 - 00012288 _____ () C:\Program Files (x86)\Google\Chrome\Application\WTSAPI32.dll

2014-06-14 15:01 - 2014-06-05 15:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll

2014-06-14 15:01 - 2014-06-05 15:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll

2014-06-14 15:01 - 2014-06-05 15:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll

2014-06-14 15:01 - 2014-06-05 15:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll

2014-06-14 15:01 - 2014-06-05 15:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll

2014-06-14 15:01 - 2014-06-05 15:58 - 14612296 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

AlternateDataStreams: C:\ProgramData\Temp:0B9176C0

AlternateDataStreams: C:\ProgramData\Temp:4D066AD2

AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F

AlternateDataStreams: C:\ProgramData\Temp:798A3728

AlternateDataStreams: C:\ProgramData\Temp:93EB7685

AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE

AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D

AlternateDataStreams: C:\ProgramData\Temp:E36F5B57
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== EXE Association (whitelisted) =============
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 
 

==================== Faulty Device Manager Devices =============
 

Name: Unknown Device

Description: Unknown Device

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: (Standard-USB-Hostcontroller)

Service: 

Problem: : Windows has stopped this device because it has reported problems. (Code 43)

Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (07/06/2014 11:23:35 AM) (Source: VSS) (EventID: 8194) (User: )

Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert

.

Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
 
 

Vorgang:

   Generatordaten werden gesammelt
 

Kontext:

   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}

   Generatorname: System Writer

   Generatorinstanz-ID: {93e8035a-d015-450f-9bbd-96020abec16c}
 

Error: (07/06/2014 11:08:59 AM) (Source: McLogEvent) (EventID: 5022) (User: NT-AUTORITÄT)

Description: 1
 

Error: (07/06/2014 11:08:59 AM) (Source: McLogEvent) (EventID: 5004) (User: NT-AUTORITÄT)

Description: 0x7eDas angegebene Modul wurde nicht gefunden.
 

Error: (07/06/2014 11:08:59 AM) (Source: McLogEvent) (EventID: 5022) (User: NT-AUTORITÄT)

Description: 1
 

Error: (07/06/2014 11:08:59 AM) (Source: McLogEvent) (EventID: 5004) (User: NT-AUTORITÄT)

Description: 0x7eDas angegebene Modul wurde nicht gefunden.
 

Error: (07/05/2014 09:32:02 PM) (Source: SideBySide) (EventID: 63) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.

Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 

Error: (07/05/2014 05:32:00 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: PortablfDeviceWiaCompat.exe, Version: 1.0.0.1, Zeitstempel: 0x507bfd7a

Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec4b137

Ausnahmecode: 0xc0000005

Fehleroffset: 0x00000000000524dc

ID des fehlerhaften Prozesses: 0xa7c

Startzeit der fehlerhaften Anwendung: 0xPortablfDeviceWiaCompat.exe0

Pfad der fehlerhaften Anwendung: PortablfDeviceWiaCompat.exe1

Pfad des fehlerhaften Moduls: PortablfDeviceWiaCompat.exe2

Berichtskennung: PortablfDeviceWiaCompat.exe3
 

Error: (07/04/2014 09:31:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 4103
 

Error: (07/04/2014 09:31:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 4103
 

Error: (07/04/2014 09:31:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 
 

System errors:

=============

Error: (07/06/2014 11:48:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Error: (07/06/2014 11:48:03 AM) (Source: DCOM) (EventID: 10005) (User: )

Description: 2McAfee SiteAdvisor Service{5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
 

Error: (07/06/2014 11:47:52 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Dienst "BitGuard" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 

Error: (07/06/2014 11:43:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Adobe Flash Player Update Service" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1450
 

Error: (07/06/2014 11:43:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Windows Internet Name Service" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Error: (07/06/2014 11:43:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Error: (07/06/2014 11:42:49 AM) (Source: BugCheck) (EventID: 1001) (User: )

Description: 0x000000f4 (0x0000000000000003, 0xfffffa80072bb780, 0xfffffa80072bba60, 0xfffff80003992260)C:\Windows\MEMORY.DMP070614-25958-01
 

Error: (07/06/2014 11:42:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Adobe Flash Player Update Service" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Error: (07/06/2014 11:42:31 AM) (Source: EventLog) (EventID: 6008) (User: )

Description: Das System wurde zuvor am ‎06.‎07.‎2014 um 11:41:04 unerwartet heruntergefahren.
 

Error: (07/06/2014 11:37:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Adobe Flash Player Update Service" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1450
 
 

Microsoft Office Sessions:

=========================

Error: (07/06/2014 11:23:35 AM) (Source: VSS) (EventID: 8194) (User: )

Description: 0x80070005, Zugriff verweigert
 
 

Vorgang:

   Generatordaten werden gesammelt
 

Kontext:

   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}

   Generatorname: System Writer

   Generatorinstanz-ID: {93e8035a-d015-450f-9bbd-96020abec16c}
 

Error: (07/06/2014 11:08:59 AM) (Source: McLogEvent) (EventID: 5022) (User: NT-AUTORITÄT)

Description: 1
 

Error: (07/06/2014 11:08:59 AM) (Source: McLogEvent) (EventID: 5004) (User: NT-AUTORITÄT)

Description: 0x7eDas angegebene Modul wurde nicht gefunden.
 

Error: (07/06/2014 11:08:59 AM) (Source: McLogEvent) (EventID: 5022) (User: NT-AUTORITÄT)

Description: 1
 

Error: (07/06/2014 11:08:59 AM) (Source: McLogEvent) (EventID: 5004) (User: NT-AUTORITÄT)

Description: 0x7eDas angegebene Modul wurde nicht gefunden.
 

Error: (07/05/2014 09:32:02 PM) (Source: SideBySide) (EventID: 63) (User: )

Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
 

Error: (07/05/2014 05:32:00 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: PortablfDeviceWiaCompat.exe1.0.0.1507bfd7antdll.dll6.1.7600.169154ec4b137c000000500000000000524dca7c01cf9738739a1dcdC:\Windows\system32\PortablfDeviceWiaCompat.exeC:\Windows\SYSTEM32\ntdll.dll80c8d350-0459-11e4-af78-1c7508da08ff
 

Error: (07/04/2014 09:31:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 4103
 

Error: (07/04/2014 09:31:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 4103
 

Error: (07/04/2014 09:31:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 57%

Total physical RAM: 3947.86 MB

Available physical RAM: 1665.87 MB

Total Pagefile: 7893.86 MB

Available Pagefile: 5289.78 MB

Total Virtual: 8192 MB

Available Virtual: 8191.81 MB
 

==================== Drives ================================
 

Drive c: (Acer) (Fixed) (Total:683.54 GB) (Free:597.4 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: A04EC5FB)

Partition 1: (Not Active) - (Size=15 GB) - (Type=27)

Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=684 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

hi,

Adware & Co. deinstallieren

Lade Dir bitte von hier http://deeprybka.trojaner-board.de/b...ninstaller.pngRevo Uninstaller herunter.
Installiere und starte das Programm.
Suche im Uninstallerfeld nach den Programmen, die unter:
http://deeprybka.trojaner-board.de/b.../revo/add1.png
diesen Zusatz haben:
http://deeprybka.trojaner-board.de/b...e/revo/att.PNG
Wähle die Programme nacheinander aus und klicke jedesmal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
http://deeprybka.trojaner-board.de/b.../uninstall.PNG http://deeprybka.trojaner-board.de/b...o/moderat2.PNG
Reste löschen:
Klicke auf http://deeprybka.trojaner-board.de/b.../selectall.PNG dann auf http://deeprybka.trojaner-board.de/b...evo/delete.PNG und dann auf http://deeprybka.trojaner-board.de/b...evo/weiter.PNG.

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Danke für die schnelle Antwort, Hier die Combofix.txt:

[CODE]
Combofix Logfile:

Code:

ComboFix 14-07-03.01 - Hannes 06.07.2014  13:08:42.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3948.1747 [GMT 2:00]

ausgeführt von:: c:\users\Hannes\Downloads\ComboFix.exe

AV: Avira Desktop *Disabled/Outdated* {4D041356-F94D-285F-8768-AAE50FA36859}

SP: Avira Desktop *Disabled/Outdated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Hannes\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data

c:\users\Hannes\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferences

c:\users\Hannes\AppData\Local\Microsoft\Windows\Temporary Internet Files\{13D6CFA9-12F9-47CE-8133-649D9CB981F2}.xps

c:\users\Hannes\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DF9B88F3-CCAD-470E-8AD5-E62383BF49A6}.xps

c:\users\Hannes\AppData\Roaming\BabMaint.exe

c:\users\Public\sdelev.tmp

c:\users\Public\sdelevURL.tmp

c:\windows\wininit.ini

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_Windows Internet Name Service

.

.

(((((((((((((((((((((((   Dateien erstellt von 2014-06-06 bis 2014-07-06  ))))))))))))))))))))))))))))))

.

.

2014-07-06 11:01 . 2014-07-06 11:01        --------        d-----w-        c:\users\Hannes\AppData\Roaming\VSRevoGroup

2014-07-06 10:48 . 2014-07-06 10:54        --------        d-----w-        c:\program files (x86)\VS Revo Group

2014-07-06 10:19 . 2014-07-06 10:21        --------        d-----w-        C:\FRST

2014-07-06 09:31 . 2014-07-06 09:30        84720        ----a-w-        c:\windows\system32\drivers\avnetflt.sys

2014-07-06 09:30 . 2014-07-06 09:30        --------        d-----w-        c:\users\Hannes\AppData\Roaming\Avira

2014-07-06 09:29 . 2014-06-24 18:39        28600        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

2014-07-06 09:29 . 2014-06-24 18:39        130584        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2014-07-06 09:29 . 2014-06-24 18:39        117712        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2014-07-06 09:29 . 2014-07-06 09:29        --------        d-----w-        c:\programdata\Avira

2014-07-06 09:29 . 2014-07-06 09:29        --------        d-----w-        c:\program files (x86)\Avira

2014-07-06 09:19 . 2014-03-31 07:35        270496        ------w-        c:\windows\system32\MpSigStub.exe

2014-07-03 12:18 . 2014-07-03 12:18        --------        d-----w-        c:\windows\system32\SPReview

2014-06-18 15:57 . 2014-06-18 15:57        6010880        ----a-w-        c:\program files (x86)\GUT8334.tmp

2014-06-18 15:57 . 2014-06-18 15:57        --------        d-----w-        c:\program files (x86)\GUM8333.tmp

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-06-17 00:57 . 2014-07-06 09:19        10779000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{FA7985F2-702A-402E-BB72-5E5F2904A9D0}\mpengine.dll

2014-04-14 21:25 . 2014-04-14 21:25        55808        ----a-w-        c:\users\Hannes\AppData\Roaming\Microsoft\ApplicationManager\cda\pthreadVC2.dll

2014-04-14 21:25 . 2014-04-14 21:25        5251584        ----a-w-        c:\users\Hannes\AppData\Roaming\Microsoft\ApplicationManager\cda\cda.exe

2014-04-14 21:25 . 2014-04-14 21:25        472424        ----a-w-        c:\users\Hannes\AppData\Roaming\Microsoft\ApplicationManager\cda\cudart32_50_35.dll

2014-04-14 21:25 . 2014-04-14 21:25        95744        ----a-w-        c:\users\Hannes\AppData\Roaming\Microsoft\ApplicationManager\cpu\zlib1.dll

2014-04-14 21:25 . 2014-04-14 21:25        77312        ----a-w-        c:\users\Hannes\AppData\Roaming\Microsoft\ApplicationManager\cpu\libwinpthread-1.dll

2014-04-14 21:25 . 2014-04-14 21:25        395264        ----a-w-        c:\users\Hannes\AppData\Roaming\Microsoft\ApplicationManager\cpu\cpu.exe

2014-04-14 21:25 . 2014-04-14 21:25        216576        ----a-w-        c:\users\Hannes\AppData\Roaming\Microsoft\ApplicationManager\cpu\libcurl-4.dll

2013-12-05 05:33 . 2013-12-05 05:33        49940480        ----a-w-        c:\program files (x86)\GUT120A.tmp

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09        131248        ----a-w-        c:\users\Hannes\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09        131248        ----a-w-        c:\users\Hannes\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09        131248        ----a-w-        c:\users\Hannes\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21444224]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-06-24 750160]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-12-09 1025616]

"MDS_Menu"="c:\program files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-09-18 201584]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"IsMyWinLockerReboot"="msiexec.exe" [2009-07-14 73216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="userinit.exe"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"midi2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 GFilterSvc;G-Filter Service;c:\windows\System32\GFilterSvc.exe;c:\windows\SYSNATIVE\GFilterSvc.exe [x]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]

R2 Utilmand;Microsoft-Softwareschattenkopie-Anbieter NativeWiFi NTI;c:\windows\system32\PortablfDeviceWiaCompat.exe;c:\windows\SYSNATIVE\PortablfDeviceWiaCompat.exe [x]

R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]

R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]

R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]

R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]

R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]

R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]

S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]

S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]

S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]

S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]

S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]

S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdbd.sys [x]

S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdmp.sys [x]

S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiMSa.sys [x]

S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]

S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-06-14 12:58        1091912        ----a-w-        c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe

.

Inhalt des "geplante Tasks" Ordners

.

2014-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-27 12:26]

.

2014-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-27 12:26]

.

2014-07-06 c:\windows\Tasks\updater.job

- c:\users\Hannes\AppData\Roaming\Updater\updater_task.dll [2014-03-28 06:06]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09        164016        ----a-w-        c:\users\Hannes\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09        164016        ----a-w-        c:\users\Hannes\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09        164016        ----a-w-        c:\users\Hannes\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09        164016        ----a-w-        c:\users\Hannes\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-23 11725928]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-12-10 2186856]

"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-10-29 860040]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-30 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-30 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-30 418328]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-11-25 613536]

"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-11-25 379040]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\progra~3\BitGuard\271832~1.68\{16CDF~1\loader.dll c:\windows\System32\nvinitx.dll

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.bing.com/

uLocal Page = c:\windows\system32\blank.htm

mDefault_Page_URL = hxxp://acer.msn.com

mStart Page = hxxp://acer.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 129.143.2.1 8.8.8.8

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-BabylonToolbar - c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\uninstall.exe

AddRemove-{206a7328-437f-4bd9-b53e-12bfee24d588} - c:\windows\system32\GFilterSvc.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-540060913-2797479332-2572394248-1001\Software\SecuROM\License information*]

"datasecu"=hex:bd,bb,08,7d,18,b1,26,06,30,e4,f1,b9,f6,e2,1f,6d,2f,89,dc,04,6f,

   0f,95,64,b4,2d,45,89,b9,7a,cd,e0,1c,36,01,7d,2a,cb,6f,10,d1,4d,d6,a5,e2,54,\

"rkeysecu"=hex:78,26,a0,14,c5,76,42,b6,87,7d,8e,f2,ad,b6,1e,cc

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe

c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe

c:\program files (x86)\Launch Manager\LMworker.exe

c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2014-07-06  13:21:24 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2014-07-06 11:21

.

Vor Suchlauf: 10 Verzeichnis(se), 641.207.521.280 Bytes frei

Nach Suchlauf: 15 Verzeichnis(se), 641.534.713.856 Bytes frei

.

- - End Of File - - 3D71D0A5718D907D2ED077E323F0DCBB

--- --- ---

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 06.07.2014

Suchlauf-Zeit: 19:23:45

Logdatei: mbam.txt

Administrator: Ja
 

Version: 2.00.2.1012

Malware Datenbank: v2014.07.06.06

Rootkit Datenbank: v2014.07.03.01

Lizenz: Kostenlos

Malware Schutz: Deaktiviert

Bösartiger Webseiten Schutz: Deaktiviert

Self-protection: Deaktiviert
 

Betriebssystem: Windows 7

CPU: x64

Dateisystem: NTFS

Benutzer: Hannes
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 317850

Verstrichene Zeit: 10 Min, 14 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Deaktiviert

Heuristics: Aktiviert

PUP: Aktiviert

PUM: Aktiviert
 

Prozesse: 0

(No malicious items detected)
 

Module: 0

(No malicious items detected)
 

Registrierungsschlüssel: 52

PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\APPID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, In Quarantäne, [222c3765a8d30b2bf40c24633ac80bf5], 

PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, In Quarantäne, [222c3765a8d30b2bf40c24633ac80bf5], 

PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, In Quarantäne, [222c3765a8d30b2bf40c24633ac80bf5], 

PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, In Quarantäne, [222c3765a8d30b2bf40c24633ac80bf5], 

PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B}, In Quarantäne, [d27c89135d1e9b9bdc2313734fb3758b], 

PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\esrv.BabylonESrvc.1, In Quarantäne, [d27c89135d1e9b9bdc2313734fb3758b], 

PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\esrv.BabylonESrvc, In Quarantäne, [d27c89135d1e9b9bdc2313734fb3758b], 

PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.BabylonESrvc, In Quarantäne, [d27c89135d1e9b9bdc2313734fb3758b], 

PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.BabylonESrvc.1, In Quarantäne, [d27c89135d1e9b9bdc2313734fb3758b], 

PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}, In Quarantäne, [5fefddbf7dfe4de9f70cbfc850b2e41c], 

PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\b, In Quarantäne, [5fefddbf7dfe4de9f70cbfc850b2e41c], 

PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\b, In Quarantäne, [5fefddbf7dfe4de9f70cbfc850b2e41c], 

PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{6E8BF012-2C85-4834-B10A-1B31AF173D70}, In Quarantäne, [8fbf5a42cab1082e7190f790ee1418e8], 

PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}, In Quarantäne, [8fbf5a42cab1082e7190f790ee1418e8], 

PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}, In Quarantäne, [8fbf5a42cab1082e7190f790ee1418e8], 

PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{706D4A4B-184A-4434-B331-296B07493D2D}, In Quarantäne, [8fbf5a42cab1082e7190f790ee1418e8], 

PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{8BE10F21-185F-4CA0-B789-9921674C3993}, In Quarantäne, [8fbf5a42cab1082e7190f790ee1418e8], 

PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{94C0B25D-3359-4B10-B227-F96A77DB773F}, In Quarantäne, [8fbf5a42cab1082e7190f790ee1418e8], 

PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}, In Quarantäne, [8fbf5a42cab1082e7190f790ee1418e8], 

PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B173667F-8395-4317-8DD6-45AD1FE00047}, In Quarantäne, [8fbf5a42cab1082e7190f790ee1418e8], 

PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B32672B3-F656-46E0-B584-FE61C0BB6037}, In Quarantäne, [8fbf5a42cab1082e7190f790ee1418e8], 

PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}, In Quarantäne, [8fbf5a42cab1082e7190f790ee1418e8], 

PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C2996524-2187-441F-A398-CD6CB6B3D020}, In Quarantäne, [8fbf5a42cab1082e7190f790ee1418e8], 

PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E047E227-5342-4D94-80F7-CFB154BF55BD}, In Quarantäne, [8fbf5a42cab1082e7190f790ee1418e8], 

PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}, In Quarantäne, [8fbf5a42cab1082e7190f790ee1418e8], 

PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}, In Quarantäne, [8fbf5a42cab1082e7190f790ee1418e8], 

PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}, In Quarantäne, [8fbf5a42cab1082e7190f790ee1418e8], 

PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}, In Quarantäne, [8fbf5a42cab1082e7190f790ee1418e8], 

PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}, In Quarantäne, [8fbf5a42cab1082e7190f790ee1418e8], 

PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{706D4A4B-184A-4434-B331-296B07493D2D}, In Quarantäne, [8fbf5a42cab1082e7190f790ee1418e8], 

PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8BE10F21-185F-4CA0-B789-9921674C3993}, In Quarantäne, [8fbf5a42cab1082e7190f790ee1418e8], 

PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{94C0B25D-3359-4B10-B227-F96A77DB773F}, In Quarantäne, [8fbf5a42cab1082e7190f790ee1418e8], 

PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}, In Quarantäne, [8fbf5a42cab1082e7190f790ee1418e8], 

PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B173667F-8395-4317-8DD6-45AD1FE00047}, In Quarantäne, [8fbf5a42cab1082e7190f790ee1418e8], 

PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B32672B3-F656-46E0-B584-FE61C0BB6037}, In Quarantäne, [8fbf5a42cab1082e7190f790ee1418e8], 

PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}, In Quarantäne, [8fbf5a42cab1082e7190f790ee1418e8], 

PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C2996524-2187-441F-A398-CD6CB6B3D020}, In Quarantäne, [8fbf5a42cab1082e7190f790ee1418e8], 

PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E047E227-5342-4D94-80F7-CFB154BF55BD}, In Quarantäne, [8fbf5a42cab1082e7190f790ee1418e8], 

PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}, In Quarantäne, [8fbf5a42cab1082e7190f790ee1418e8], 

PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}, In Quarantäne, [8fbf5a42cab1082e7190f790ee1418e8], 

PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}, In Quarantäne, [8fbf5a42cab1082e7190f790ee1418e8], 

PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{6E8BF012-2C85-4834-B10A-1B31AF173D70}, In Quarantäne, [8fbf5a42cab1082e7190f790ee1418e8], 

PUP.Optional.Babylon.A, HKU\S-1-5-21-540060913-2797479332-2572394248-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, In Quarantäne, [123c3f5dd3a881b52b7974d8b84af808], 

PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}, In Quarantäne, [71dd1b81e19ab185f210c2c5ce346e92], 

Trojan.Sefnit, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FLASHPLAYERUPDATESERVICE.EXE, In Quarantäne, [b29c8d0f106b4cea566b8d9c986ae020], 

Trojan.Sefnit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FLASHPLAYERUPDATESERVICE.EXE, In Quarantäne, [b29c8d0f106b4cea566b8d9c986ae020], 

PUP.Optional.Babylon.A, HKLM\SOFTWARE\WOW6432NODE\BabylonToolbar, In Quarantäne, [69e53f5d99e26ccac9f042ae7f84f50b], 

PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, In Quarantäne, [3e109a026e0d4cea5f8aefcce71bd12f], 

PUP.Optional.BabylonToolBar.A, HKU\S-1-5-21-540060913-2797479332-2572394248-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BabylonToolbar, In Quarantäne, [c18dabf13b40d264993d16dc40c340c0], 

PUP.Optional.DataMngr.A, HKU\S-1-5-21-540060913-2797479332-2572394248-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, In Quarantäne, [81cde5b7f08b44f2d2330fe0be45c838], 

PUP.Optional.BProtector.A, HKU\S-1-5-21-540060913-2797479332-2572394248-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\bProtectSettings, In Quarantäne, [70ded0cc48338caa243626cc07fce21e], 

PUP.Optional.Softonic.A, HKU\S-1-5-21-540060913-2797479332-2572394248-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [bf8f712b0972fa3c21c95671de24d828], 
 

Registrierungswerte: 2

PUP.BProtector, HKU\S-1-5-21-540060913-2797479332-2572394248-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|bProtector Start Page, hxxp://search.babylon.com/?affID=109958&tt=251012_1838_4312_7&babsrc=HP_ss&mntrId=3a55f85c000000000000fe55f91df9a8, In Quarantäne, [55f9118b2e4d23132bdcd619bd468c74]

PUP.BProtector, HKU\S-1-5-21-540060913-2797479332-2572394248-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|bProtectorDefaultScope, {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, In Quarantäne, [5cf2adef700b0135937545aab152b749]
 

Registrierungsdaten: 0

(No malicious items detected)
 

Ordner: 3

PUP.Optional.FileScout.A, C:\Users\Hannes\AppData\Roaming\File Scout, In Quarantäne, [65e9a3f9fc7f73c3e0715d3cc042b848], 

PUP.Optional.Babylon.A, C:\Users\Hannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb, In Quarantäne, [b09e0a92ccaf75c1dc0daaf3c33fac54], 

PUP.Optional.Babylon.A, C:\Users\Hannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0, In Quarantäne, [b09e0a92ccaf75c1dc0daaf3c33fac54], 
 

Dateien: 22

PUP.Optional.BabSolution.A, C:\Users\Hannes\AppData\Roaming\BabylonToolbar\Shared\BUSolution.dll, In Quarantäne, [0f3f4f4d88f3270fbff1749ef110e31d], 

PUP.Optional.FileScout.A, C:\Users\Hannes\AppData\Roaming\File Scout\filescout.exe, In Quarantäne, [0846d9c35d1ea88e88a11bf3ef1229d7], 

Trojan.Sefnit, C:\Windows\SysWOW64\FlashPlayerUpdateService.exe, In Quarantäne, [b29c8d0f106b4cea566b8d9c986ae020], 

PUP.Optional.Softonic, C:\Users\Hannes\Downloads\SoftonicDownloader_fuer_photoscape.exe, In Quarantäne, [78d6811b18630c2ac33fab60b54c2ed2], 

PUP.Optional.Solimba, C:\Users\Hannes\Downloads\PhotoScape.exe, In Quarantäne, [341a5f3ddaa1e94d4e9a9873926f6a96], 

PUP.Optional.Pricemeter, C:\Users\Hannes\Downloads\wzmpis_9.exe, In Quarantäne, [5df1a9f36a11e25468bf9de1897b37c9], 

PUP.Optional.Babylon.A, C:\Windows\System32\Tasks\EPUpdater, In Quarantäne, [a5a944585823171f864bc1f442c054ac], 

PUP.Optional.FileScout.A, C:\Users\Hannes\AppData\Roaming\File Scout\uninst.exe, In Quarantäne, [65e9a3f9fc7f73c3e0715d3cc042b848], 

PUP.Optional.Babylon.A, C:\Users\Hannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\BabMaint.x, In Quarantäne, [b09e0a92ccaf75c1dc0daaf3c33fac54], 

PUP.Optional.Babylon.A, C:\Users\Hannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\babylon48.png, In Quarantäne, [b09e0a92ccaf75c1dc0daaf3c33fac54], 

PUP.Optional.Babylon.A, C:\Users\Hannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\BabylonChromeToolBar.dll, In Quarantäne, [b09e0a92ccaf75c1dc0daaf3c33fac54], 

PUP.Optional.Babylon.A, C:\Users\Hannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\bg.html, In Quarantäne, [b09e0a92ccaf75c1dc0daaf3c33fac54], 

PUP.Optional.Babylon.A, C:\Users\Hannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\bg.js, In Quarantäne, [b09e0a92ccaf75c1dc0daaf3c33fac54], 

PUP.Optional.Babylon.A, C:\Users\Hannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\browser_icon_babylon48.png, In Quarantäne, [b09e0a92ccaf75c1dc0daaf3c33fac54], 

PUP.Optional.Babylon.A, C:\Users\Hannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\btns.png, In Quarantäne, [b09e0a92ccaf75c1dc0daaf3c33fac54], 

PUP.Optional.Babylon.A, C:\Users\Hannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\BUSolution.dll, In Quarantäne, [b09e0a92ccaf75c1dc0daaf3c33fac54], 

PUP.Optional.Babylon.A, C:\Users\Hannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\cs.js, In Quarantäne, [b09e0a92ccaf75c1dc0daaf3c33fac54], 

PUP.Optional.Babylon.A, C:\Users\Hannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\manifest.json, In Quarantäne, [b09e0a92ccaf75c1dc0daaf3c33fac54], 

PUP.Optional.Babylon.A, C:\Users\Hannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\popup.html, In Quarantäne, [b09e0a92ccaf75c1dc0daaf3c33fac54], 

PUP.Optional.Babylon.A, C:\Users\Hannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\popup.js, In Quarantäne, [b09e0a92ccaf75c1dc0daaf3c33fac54], 

PUP.Optional.Babylon.A, C:\Users\Hannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\redirect.html, In Quarantäne, [b09e0a92ccaf75c1dc0daaf3c33fac54], 

PUP.Optional.Babylon.A, C:\Users\Hannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\redirect.js, In Quarantäne, [b09e0a92ccaf75c1dc0daaf3c33fac54], 
 

Physische Sektoren: 0

(No malicious items detected)
 
 

(end)

JRT Logfile:

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Home Premium x64

Ran by Hannes on 06.07.2014 at 19:55:34,47

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-540060913-2797479332-2572394248-1001\Software\sweetim
 
 
 

~~~ Files
 
 
 

~~~ Folders
 

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 06.07.2014 at 20:00:32,87

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--- --- ---

AdwCleaner Logfile:

Code:

# AdwCleaner v3.214 - Bericht erstellt am 06/07/2014 um 19:49:40

# Aktualisiert 29/06/2014 von Xplode

# Betriebssystem : Windows 7 Home Premium  (64 bits)

# Benutzername : Hannes - HANNES-PC

# Gestartet von : C:\Users\Hannes\Downloads\adwcleaner_3.214.exe

# Option : Löschen
 

***** [ Dienste ] *****
 

[#] Dienst Gelöscht : GFilterSvc
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\ProgramData\Babylon

Ordner Gelöscht : C:\ProgramData\BitGuard

Ordner Gelöscht : C:\Users\Hannes\AppData\LocalLow\BabylonToolbar

Ordner Gelöscht : C:\Users\Hannes\AppData\Roaming\BabSolution

Ordner Gelöscht : C:\Users\Hannes\AppData\Roaming\Babylon

Ordner Gelöscht : C:\Users\Hannes\AppData\Roaming\BabylonToolbar

Ordner Gelöscht : C:\Users\Hannes\AppData\Roaming\Updater

Ordner Gelöscht : C:\Users\Hannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard

Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb

Schlüssel Gelöscht : HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\BabylonToolbar

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\*\shell\filescout

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Schlüssel Gelöscht : HKCU\Software\5857dbdce234e912

Schlüssel Gelöscht : HKLM\SOFTWARE\5857dbdce234e912

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

Schlüssel Gelöscht : HKCU\Software\filescout

Schlüssel Gelöscht : HKCU\Software\Microsoft\Babylon

Schlüssel Gelöscht : HKCU\Software\Softonic

Schlüssel Gelöscht : HKLM\Software\Babylon

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar

Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\PROGRA~3\BitGuard\271832~1.68\{16CDF~1\loader.dll

Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B

Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
 

***** [ Browser ] *****
 

-\\ Internet Explorer v9.0.8112.16476
 
 

-\\ Google Chrome v35.0.1916.153
 

[ Datei : C:\Users\Hannes\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 

Gelöscht [Extension] : dhkplhfnhceodhffomolpfigojocbpcb
 

*************************
 

AdwCleaner[R0].txt - [7607 octets] - [06/07/2014 19:47:49]

AdwCleaner[S0].txt - [7231 octets] - [06/07/2014 19:49:40]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7291 octets] ##########

--- --- ---

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Vielen Dank für die Hilfe, ist ja echt hart wieviel Viren auf meinem Rechner waren.
Kann ich die ganzen Programme die ich installieren musste eigentlich bedenkenlos wieder löschen ???

hier die log.txt:

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7587

# api_version=3.0.2

# EOSSerial=0dd08a14b49cd144b7258184109d8323

# engine=19061

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2014-07-07 03:47:40

# local_time=2014-07-07 05:47:40 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1031

# osver=6.1.7600 NT 

# compatibility_mode_1='Avira Desktop'

# compatibility_mode=1810 16777213 100 99 2290 1112915 0 0

# compatibility_mode_1=''

# compatibility_mode=5893 16776574 100 94 109050 156377910 0 0

# scanned=276

# found=5

# cleaned=0

# scan_time=74

sh=E0814D0F17EE1122F6D3507DC676030F8E1CC133 ft=1 fh=0e0f46db8e6ee8c4 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Hannes\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir"

sh=4E1E938304F9E13BD19E53D1D1CF65352D356026 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Babylon.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Hannes\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx.vir"

sh=656680913303F56C2ED51C02A62F3EF817AFD93E ft=1 fh=c701ece1573d7829 vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Hannes\AppData\Roaming\BabylonToolbar\CR\BUSolution.dll.vir"

sh=F29288C9E3F170B24DFA81C3D9D18DD62C36FB25 ft=1 fh=c71c0011691e7766 vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Hannes\AppData\Roaming\BabylonToolbar\FF\BUSolution.dll.vir"

sh=F29288C9E3F170B24DFA81C3D9D18DD62C36FB25 ft=1 fh=c71c0011691e7766 vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Hannes\AppData\Roaming\BabylonToolbar\IE\BUSolution.dll.vir"

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7587

# api_version=3.0.2

# EOSSerial=0dd08a14b49cd144b7258184109d8323

# engine=19061

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2014-07-07 04:59:22

# local_time=2014-07-07 06:59:22 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1031

# osver=6.1.7600 NT 

# compatibility_mode_1='Avira Desktop'

# compatibility_mode=1810 16777213 100 99 6592 1117217 0 0

# compatibility_mode_1=''

# compatibility_mode=5893 16776574 100 94 113352 156382212 0 0

# scanned=201269

# found=9

# cleaned=0

# scan_time=3954

sh=E0814D0F17EE1122F6D3507DC676030F8E1CC133 ft=1 fh=0e0f46db8e6ee8c4 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Hannes\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir"

sh=4E1E938304F9E13BD19E53D1D1CF65352D356026 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Babylon.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Hannes\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx.vir"

sh=656680913303F56C2ED51C02A62F3EF817AFD93E ft=1 fh=c701ece1573d7829 vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Hannes\AppData\Roaming\BabylonToolbar\CR\BUSolution.dll.vir"

sh=F29288C9E3F170B24DFA81C3D9D18DD62C36FB25 ft=1 fh=c71c0011691e7766 vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Hannes\AppData\Roaming\BabylonToolbar\FF\BUSolution.dll.vir"

sh=F29288C9E3F170B24DFA81C3D9D18DD62C36FB25 ft=1 fh=c71c0011691e7766 vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Hannes\AppData\Roaming\BabylonToolbar\IE\BUSolution.dll.vir"

sh=91FD0C68DC46843917C8FEA976D8DDF7B941D897 ft=1 fh=fe05ab993baef410 vn="Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Hannes\AppData\Roaming\BabMaint.exe.vir"

sh=A906EBFE6DD1AEDA3FF5DC32D2662F223BFEEAB9 ft=1 fh=48ef09bb08f4c48d vn="Win32/Runner.NAW Trojaner" ac=I fn="C:\Users\Hannes\AppData\Roaming\Microsoft\ApplicationManager\stub.exe"

sh=FD3D9991E5A278101CD978E17DB59F85CB0B8B82 ft=1 fh=331a237747a67fe3 vn="Variante von Win32/InstallShare.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Hannes\Downloads\alt\PhotoScape_V3.6.2.exe"

sh=6A859B87A0320253D474441D76A966AA85F25AE0 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Babylon.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\39c037.msi"

hier die checkup.txt:

Code:

 Results of screen317's Security Check version 0.99.85  

 Windows 7  x64 (UAC is enabled)  

 Out of date service pack!! 

 Internet Explorer 11  
 ``````````````Antivirus/Firewall Check:`````````````` 

Avira Desktop   

 Antivirus up to date!  (On Access scanning disabled!) 
 `````````Anti-malware/Other Utilities Check:````````` 

 Adobe Reader 9 Adobe Reader out of Date! 

 Google Chrome 35.0.1916.114  

 Google Chrome 35.0.1916.153  

 Google Chrome wtsapi32.dll..  
 ````````Process Check: objlist.exe by Laurent````````  

 Avira Antivir avgnt.exe 

 Avira Antivir avguard.exe 
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

und letztendlich die FRST.txt:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01

Ran by Hannes (administrator) on HANNES-PC on 07-07-2014 21:54:01

Running from C:\Users\Hannes\Downloads

Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 9

Boot Mode: Normal
 
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

(HP) C:\Windows\System32\HPSIsvc.exe

(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe

(Intel Corporation) C:\Windows\System32\igfxext.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe

(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11725928 2010-12-23] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2010-12-10] (Realtek Semiconductor)

HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2010-10-29] (Acer Incorporated)

HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)

HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [613536 2010-11-25] (Atheros Communications)

HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2010-11-25] (Atheros Commnucations)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-24] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)

HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1025616 2010-12-09] (Dritek System Inc.)

HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)

HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-09-18] (Egis Technology Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}

HKU\S-1-5-21-540060913-2797479332-2572394248-1000\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()

HKU\S-1-5-21-540060913-2797479332-2572394248-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)

AppInit_DLLs: c:\Windows\System32\nvinitx.dll => c:\Windows\System32\nvinitx.dll [226920 2010-12-12] (NVIDIA Corporation)

ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com

URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 

SearchScopes: HKLM-x32 - DefaultScope value is missing.

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKCU - {7247276E-F9BF-4AB4-A9C2-2EFFD4F36B03} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A011DE662&p={SearchTerms}

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File

Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Tcpip\Parameters: [DhcpNameServer] 129.143.2.1 8.8.8.8
 

FireFox:

========

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor

FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2010-12-06]

FF HKLM-x32\...\Firefox\Extensions: [{18148679-999F-41E7-84B7-926FDC34966E}] - C:\Windows\Installer\{1B0358DF-6E47-405B-9357-9E6DC6D7AAD1}\{18148679-999F-41E7-84B7-926FDC34966E}.xpi

FF Extension: Download Protect - C:\Windows\Installer\{1B0358DF-6E47-405B-9357-9E6DC6D7AAD1}\{18148679-999F-41E7-84B7-926FDC34966E}.xpi [2014-07-06]
 

Chrome: 

=======

CHR HomePage: hxxp://www.google.de?hl=de&gl=de

CHR DefaultSearchKeyword: McAfee

CHR DefaultSearchProvider: McAfee

CHR DefaultSearchURL: hxxp://de.search.yahoo.com/search?fr=mcafee&type=A211DE662&p={searchTerms}

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()

CHR Plugin: (Application Manager) - C:\Users\Hannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll No File

CHR Plugin: (Babylon ToolBar) - C:\Users\Hannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\BabylonChromeToolBar.dll No File

CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Hannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File

CHR Plugin: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll No File

CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Hannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]

CHR Extension: (Download Protect) - C:\Users\Hannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\eidmogfhhfjlpelgplgcdpphhpagcogm [2014-07-06]

CHR Extension: (SiteAdvisor) - C:\Users\Hannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-01-04]

CHR Extension: (Google Wallet) - C:\Users\Hannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

==================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-11-25] (Atheros Commnucations) [File not signed]

R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2010-11-12] (NTI Corporation)

S2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [X]

S2 Utilmand; C:\Windows\system32\PortablfDeviceWiaCompat.exe [X]
 

==================== Drivers (Whitelisted) ====================
 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-24] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-06-24] (Avira Operations GmbH & Co. KG)

S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-06] (Malwarebytes Corporation)

S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2009-10-26] (Marvell Semiconductor, Inc.)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-07-07 21:45 - 2014-07-07 21:45 - 00854390 _____ () C:\Users\Hannes\Downloads\SecurityCheck.exe

2014-07-07 17:42 - 2014-07-07 17:42 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-07-07 17:40 - 2014-07-07 17:40 - 02347384 _____ (ESET) C:\Users\Hannes\Desktop\esetsmartinstaller_deu.exe

2014-07-06 22:04 - 2014-07-07 21:06 - 00000000 ____D () C:\ProgramData\boost_interprocess

2014-07-06 20:00 - 2014-07-06 20:00 - 00000885 _____ () C:\Users\Hannes\Desktop\JRT.txt

2014-07-06 19:55 - 2014-07-06 19:55 - 01016261 _____ (Thisisu) C:\Users\Hannes\Downloads\JRT.exe

2014-07-06 19:55 - 2014-07-06 19:55 - 00000000 ____D () C:\Windows\ERUNT

2014-07-06 19:52 - 2014-07-06 19:52 - 00007387 _____ () C:\Users\Hannes\Desktop\AdwCleaner[S0].txt

2014-07-06 19:48 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll

2014-07-06 19:47 - 2014-07-06 19:49 - 00000000 ____D () C:\AdwCleaner

2014-07-06 19:47 - 2014-07-06 19:47 - 01346519 _____ () C:\Users\Hannes\Downloads\adwcleaner_3.214.exe

2014-07-06 19:42 - 2014-07-06 19:42 - 00014499 _____ () C:\Users\Hannes\Desktop\mbam.txt

2014-07-06 19:22 - 2014-07-06 19:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-07-06 19:22 - 2014-07-06 19:22 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-07-06 19:22 - 2014-07-06 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-07-06 19:22 - 2014-07-06 19:22 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-06 19:22 - 2014-07-06 19:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-07-06 19:22 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-07-06 19:22 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-07-06 19:22 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-07-06 19:20 - 2014-07-06 19:20 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hannes\Downloads\mbam-setup-2.0.2.1012.exe

2014-07-06 13:21 - 2014-07-06 13:21 - 00022269 _____ () C:\ComboFix.txt

2014-07-06 13:07 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-07-06 13:07 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-07-06 13:07 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-07-06 13:07 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-07-06 13:07 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-07-06 13:07 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe

2014-07-06 13:07 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe

2014-07-06 13:07 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe

2014-07-06 13:04 - 2014-07-06 13:21 - 00000000 ____D () C:\Qoobox

2014-07-06 13:04 - 2014-07-06 13:20 - 00000000 ____D () C:\Windows\erdnt

2014-07-06 13:02 - 2014-07-06 13:02 - 05213907 ____R (Swearware) C:\Users\Hannes\Downloads\ComboFix.exe

2014-07-06 13:01 - 2014-07-06 13:01 - 00000000 ____D () C:\Users\Hannes\AppData\Roaming\VSRevoGroup

2014-07-06 12:48 - 2014-07-06 12:54 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-07-06 12:48 - 2014-07-06 12:48 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Hannes\Downloads\revosetup95.exe

2014-07-06 12:20 - 2014-07-06 12:21 - 00031031 _____ () C:\Users\Hannes\Downloads\Addition.txt

2014-07-06 12:19 - 2014-07-07 21:54 - 00019273 _____ () C:\Users\Hannes\Downloads\FRST.txt

2014-07-06 12:19 - 2014-07-07 21:54 - 00000000 ____D () C:\FRST

2014-07-06 11:51 - 2014-07-06 11:51 - 02084352 _____ (Farbar) C:\Users\Hannes\Downloads\FRST64.exe

2014-07-06 11:42 - 2014-07-06 11:42 - 00262144 _____ () C:\Windows\Minidump\070614-25958-01.dmp

2014-07-06 11:36 - 2014-07-06 11:42 - 501968627 _____ () C:\Windows\MEMORY.DMP

2014-07-06 11:36 - 2014-07-06 11:42 - 00000000 ____D () C:\Windows\Minidump

2014-07-06 11:36 - 2014-07-06 11:36 - 00262144 _____ () C:\Windows\Minidump\070614-26457-01.dmp

2014-07-06 11:31 - 2014-07-06 11:30 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2014-07-06 11:30 - 2014-07-06 11:30 - 00000000 ____D () C:\Users\Hannes\AppData\Roaming\Avira

2014-07-06 11:29 - 2014-07-06 11:29 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk

2014-07-06 11:29 - 2014-07-06 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2014-07-06 11:29 - 2014-07-06 11:29 - 00000000 ____D () C:\ProgramData\Avira

2014-07-06 11:29 - 2014-07-06 11:29 - 00000000 ____D () C:\Program Files (x86)\Avira

2014-07-06 11:29 - 2014-06-24 20:39 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2014-07-06 11:29 - 2014-06-24 20:39 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2014-07-06 11:29 - 2014-06-24 20:39 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

2014-07-06 11:19 - 2014-03-31 09:35 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-07-06 11:04 - 2014-07-06 11:06 - 141865920 _____ () C:\Users\Hannes\Downloads\avira_free_antivirus45_de.exe

2014-07-03 22:14 - 2014-07-03 23:03 - 00000000 ____D () C:\Users\Hannes\Desktop\ordner bekleben

2014-07-03 14:18 - 2014-07-03 14:18 - 00000000 ____D () C:\Windows\system32\SPReview

2014-07-01 22:40 - 2014-07-03 08:41 - 00000000 ____D () C:\Users\Hannes\Desktop\Handy sony

2014-06-18 17:57 - 2014-06-18 17:57 - 06010880 _____ () C:\Program Files (x86)\GUT8334.tmp

2014-06-18 17:57 - 2014-06-18 17:57 - 00000000 ____D () C:\Program Files (x86)\GUM8333.tmp

2014-06-16 08:25 - 2014-06-16 08:25 - 00953814 _____ () C:\Users\Hannes\Downloads\catoarchiv02.jar
 

==================== One Month Modified Files and Folders =======
 

2014-07-07 21:54 - 2014-07-06 12:19 - 00019273 _____ () C:\Users\Hannes\Downloads\FRST.txt

2014-07-07 21:54 - 2014-07-06 12:19 - 00000000 ____D () C:\FRST

2014-07-07 21:45 - 2014-07-07 21:45 - 00854390 _____ () C:\Users\Hannes\Downloads\SecurityCheck.exe

2014-07-07 21:25 - 2014-04-14 23:25 - 00000368 _____ () C:\Windows\Tasks\updater.job

2014-07-07 21:07 - 2011-03-04 01:48 - 01533140 _____ () C:\Windows\WindowsUpdate.log

2014-07-07 21:06 - 2014-07-06 22:04 - 00000000 ____D () C:\ProgramData\boost_interprocess

2014-07-07 21:06 - 2012-10-27 14:26 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-07-07 21:06 - 2011-03-04 02:28 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini

2014-07-07 20:02 - 2012-01-10 20:12 - 00000000 ____D () C:\Users\Hannes\AppData\Roaming\Skype

2014-07-07 18:03 - 2012-10-27 14:26 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-07-07 17:57 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-07-07 17:57 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-07-07 17:42 - 2014-07-07 17:42 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-07-07 17:40 - 2014-07-07 17:40 - 02347384 _____ (ESET) C:\Users\Hannes\Desktop\esetsmartinstaller_deu.exe

2014-07-07 17:40 - 2011-03-04 10:39 - 00654400 _____ () C:\Windows\system32\perfh007.dat

2014-07-07 17:40 - 2011-03-04 10:39 - 00130240 _____ () C:\Windows\system32\perfc007.dat

2014-07-07 17:40 - 2009-07-14 07:13 - 01498742 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-07-07 17:03 - 2011-09-05 15:43 - 00000000 ____D () C:\ProgramData\clear.fi

2014-07-07 17:02 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-07-07 17:02 - 2009-07-14 06:51 - 00131898 _____ () C:\Windows\setupact.log

2014-07-06 20:33 - 2010-12-06 12:11 - 00000000 ____D () C:\Program Files (x86)\Acer

2014-07-06 20:33 - 2010-12-06 11:53 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-07-06 20:14 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2014-07-06 20:02 - 2014-06-04 00:49 - 00000000 ____D () C:\Users\Hannes\Desktop\Studium

2014-07-06 20:00 - 2014-07-06 20:00 - 00000885 _____ () C:\Users\Hannes\Desktop\JRT.txt

2014-07-06 19:55 - 2014-07-06 19:55 - 01016261 _____ (Thisisu) C:\Users\Hannes\Downloads\JRT.exe

2014-07-06 19:55 - 2014-07-06 19:55 - 00000000 ____D () C:\Windows\ERUNT

2014-07-06 19:52 - 2014-07-06 19:52 - 00007387 _____ () C:\Users\Hannes\Desktop\AdwCleaner[S0].txt

2014-07-06 19:51 - 2014-03-26 12:31 - 00000306 __RSH () C:\ProgramData\ntuser.pol

2014-07-06 19:50 - 2011-03-04 01:45 - 00258414 _____ () C:\Windows\PFRO.log

2014-07-06 19:49 - 2014-07-06 19:47 - 00000000 ____D () C:\AdwCleaner

2014-07-06 19:47 - 2014-07-06 19:47 - 01346519 _____ () C:\Users\Hannes\Downloads\adwcleaner_3.214.exe

2014-07-06 19:42 - 2014-07-06 19:42 - 00014499 _____ () C:\Users\Hannes\Desktop\mbam.txt

2014-07-06 19:41 - 2014-07-06 19:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-07-06 19:22 - 2014-07-06 19:22 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-07-06 19:22 - 2014-07-06 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-07-06 19:22 - 2014-07-06 19:22 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-06 19:22 - 2014-07-06 19:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-07-06 19:20 - 2014-07-06 19:20 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hannes\Downloads\mbam-setup-2.0.2.1012.exe

2014-07-06 19:17 - 2011-09-05 15:30 - 00000000 ____D () C:\Users\Hannes

2014-07-06 13:21 - 2014-07-06 13:21 - 00022269 _____ () C:\ComboFix.txt

2014-07-06 13:21 - 2014-07-06 13:04 - 00000000 ____D () C:\Qoobox

2014-07-06 13:21 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default

2014-07-06 13:20 - 2014-07-06 13:04 - 00000000 ____D () C:\Windows\erdnt

2014-07-06 13:16 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini

2014-07-06 13:15 - 2009-07-14 04:34 - 68681728 _____ () C:\Windows\system32\config\SOFTWARE.bak

2014-07-06 13:15 - 2009-07-14 04:34 - 25952256 _____ () C:\Windows\system32\config\SYSTEM.bak

2014-07-06 13:15 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak

2014-07-06 13:15 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak

2014-07-06 13:15 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak

2014-07-06 13:02 - 2014-07-06 13:02 - 05213907 ____R (Swearware) C:\Users\Hannes\Downloads\ComboFix.exe

2014-07-06 13:01 - 2014-07-06 13:01 - 00000000 ____D () C:\Users\Hannes\AppData\Roaming\VSRevoGroup

2014-07-06 12:54 - 2014-07-06 12:48 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-07-06 12:48 - 2014-07-06 12:48 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Hannes\Downloads\revosetup95.exe

2014-07-06 12:21 - 2014-07-06 12:20 - 00031031 _____ () C:\Users\Hannes\Downloads\Addition.txt

2014-07-06 11:51 - 2014-07-06 11:51 - 02084352 _____ (Farbar) C:\Users\Hannes\Downloads\FRST64.exe

2014-07-06 11:44 - 2014-03-19 17:04 - 00000000 ___RD () C:\Users\Hannes\Dropbox

2014-07-06 11:44 - 2014-03-19 16:52 - 00000000 ____D () C:\Users\Hannes\AppData\Roaming\DropboxMaster

2014-07-06 11:44 - 2014-03-19 16:52 - 00000000 ____D () C:\Users\Hannes\AppData\Roaming\Dropbox

2014-07-06 11:42 - 2014-07-06 11:42 - 00262144 _____ () C:\Windows\Minidump\070614-25958-01.dmp

2014-07-06 11:42 - 2014-07-06 11:36 - 501968627 _____ () C:\Windows\MEMORY.DMP

2014-07-06 11:42 - 2014-07-06 11:36 - 00000000 ____D () C:\Windows\Minidump

2014-07-06 11:41 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-07-06 11:36 - 2014-07-06 11:36 - 00262144 _____ () C:\Windows\Minidump\070614-26457-01.dmp

2014-07-06 11:30 - 2014-07-06 11:31 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2014-07-06 11:30 - 2014-07-06 11:30 - 00000000 ____D () C:\Users\Hannes\AppData\Roaming\Avira

2014-07-06 11:29 - 2014-07-06 11:29 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk

2014-07-06 11:29 - 2014-07-06 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2014-07-06 11:29 - 2014-07-06 11:29 - 00000000 ____D () C:\ProgramData\Avira

2014-07-06 11:29 - 2014-07-06 11:29 - 00000000 ____D () C:\Program Files (x86)\Avira

2014-07-06 11:27 - 2012-10-27 14:25 - 00000000 ____D () C:\Windows\SysWOW64\Extensions

2014-07-06 11:25 - 2010-12-06 12:09 - 00000000 ____D () C:\ProgramData\McAfee

2014-07-06 11:25 - 2010-12-06 12:09 - 00000000 ____D () C:\Program Files (x86)\McAfee

2014-07-06 11:22 - 2012-05-18 18:22 - 00000000 ____D () C:\Users\Hannes\Desktop\Dateien

2014-07-06 11:06 - 2014-07-06 11:04 - 141865920 _____ () C:\Users\Hannes\Downloads\avira_free_antivirus45_de.exe

2014-07-03 23:03 - 2014-07-03 22:14 - 00000000 ____D () C:\Users\Hannes\Desktop\ordner bekleben

2014-07-03 14:18 - 2014-07-03 14:18 - 00000000 ____D () C:\Windows\system32\SPReview

2014-07-03 08:41 - 2014-07-01 22:40 - 00000000 ____D () C:\Users\Hannes\Desktop\Handy sony

2014-07-01 11:33 - 2013-12-03 23:21 - 00001247 _____ () C:\known.met

2014-07-01 11:33 - 2013-12-03 23:21 - 00000345 _____ () C:\server.met

2014-07-01 11:33 - 2013-12-03 23:21 - 00000166 _____ () C:\Windows\SysWOW64\queries-02.cache

2014-07-01 11:33 - 2013-12-03 23:21 - 00000081 _____ () C:\Windows\SysWOW64\cache.00

2014-07-01 11:33 - 2013-12-03 23:21 - 00000017 _____ () C:\queries-07.cache

2014-07-01 11:33 - 2013-12-03 23:21 - 00000005 _____ () C:\queries-00.cache

2014-06-24 23:53 - 2011-10-02 09:13 - 00000000 ____D () C:\Users\Hannes\AppData\Local\CrashDumps

2014-06-24 23:17 - 2012-10-09 15:44 - 00000000 ____D () C:\Users\Hannes\Desktop\Bilder

2014-06-24 20:39 - 2014-07-06 11:29 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2014-06-24 20:39 - 2014-07-06 11:29 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2014-06-24 20:39 - 2014-07-06 11:29 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

2014-06-24 17:58 - 2012-10-27 14:26 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-06-24 17:58 - 2012-10-27 14:26 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-06-18 17:57 - 2014-06-18 17:57 - 06010880 _____ () C:\Program Files (x86)\GUT8334.tmp

2014-06-18 17:57 - 2014-06-18 17:57 - 00000000 ____D () C:\Program Files (x86)\GUM8333.tmp

2014-06-16 08:25 - 2014-06-16 08:25 - 00953814 _____ () C:\Users\Hannes\Downloads\catoarchiv02.jar

2014-06-16 08:24 - 2014-02-11 16:04 - 00000000 ____D () C:\Users\Hannes\Documents\Outlook Files
 

Some content of TEMP:

====================

C:\Users\Hannes\AppData\Local\Temp\avgnt.exe

C:\Users\Hannes\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-07-01 19:42
 

==================== End Of Log ============================

--- --- ---

Vielen Dank !!!

Adobe updaten. Unbedingt Windows updaten, da fehlt ein ganzes Servicepack!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

C:\Users\Hannes\AppData\Roaming\Microsoft\ApplicationManager\stub.exe

C:\Users\Hannes\Downloads\alt\PhotoScape_V3.6.2.exe

C:\Windows\Installer\39c037.msi

HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

FF Extension: Download Protect - C:\Windows\Installer\{1B0358DF-6E47-405B-9357-9E6DC6D7AAD1}\{18148679-999F-41E7-84B7-926FDC34966E}.xpi [2014-07-06]

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Fertig :)

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.