Moin Moin

Habe am Notebook ( mit Windows Vista ) arge Probleme. Angefangen hat es so: Es öffneten sich zig Pornoseiten, so schnell konnte ich garnet klicken um die zu schliessen als sich immer wieder neue öffneten.

Seitdem habe ich keine Internetverbindung mehr, weder per WLAN noch per LAN

Programme lassen sich kaum noch welche öffnen, beim booten dauert es urlange bis der hochgefahren ist. Mit der Desinfect CD von Heise wurden keine Funde angezeigt.

Wenn ich vom Betriebssystem aus mit Antivir einen Scan mache, schaltet sich das Book einfach aus, so nach ca 1-2 min.

Danke für Eure Hilfe

Gruß
Hape

PS: Werde jetzt mal einen scan mit FRST machen

Update: Schaltet sich auch hier nach einiger Zeit einfach aus :-(

hi,

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)

Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)

• Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit
• Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
• Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:

Über den Boot Manager:

• Starte den Rechner neu.
• Während dem Hochfahren drücke mehrmals die F8 Taste
• Wähle nun Computer reparieren.
• Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD (auch bei Windows 8 möglich):

• Lege die Windows CD in dein Laufwerk.
• Starte den Rechner neu und starte von der CD.
• Wähle die Spracheinstellungen und klicke "Weiter".
• Klicke auf Computerreparaturoptionen !
• Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen: Eingabeaufforderung

• Gib nun bitte notepad ein und drücke Enter.
• Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
  Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
• Schließe Notepad wieder
• Gib nun bitte folgenden Befehl ein.
  e:\frst.exe bzw. e:\frst64.exe
  Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
• Akzeptiere den Disclaimer mit Ja und klicke Untersuchen

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

Danke für die Hilfe :-)


FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-07-2013
Ran by SYSTEM on 29-07-2013 11:05:48
Running from G:\
Windows Vista (TM) Home Premium (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [ALaunch] - C:\Acer\ALaunch\AlaunchClient.exe [x]
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [865840 2007-05-08] (Synaptics, Inc.)
HKLM\...\Run: [eDataSecurity Loader] - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [457216 2007-04-25] (HiTRUST)
HKLM\...\Run: [eAudio] - C:\Acer\Empowering Technology\eAudio\eAudio.exe [1286144 2007-06-11] (CyberLink)
HKLM\...\Run: [Acer Tour] -  [x]
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4702208 2007-09-04] (Realtek Semiconductor)
HKLM\...\Run: [PLFSet] - rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting [x]
HKLM\...\Run: [LManager] - C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [707080 2007-07-30] (Dritek System Inc.)
HKLM\...\Run: [eRecoveryService] -  [x]
HKLM\...\Run: [Acer Tour Reminder] - C:\Acer\AcerTour\Reminder.exe [151552 2007-08-01] (Acer Inc.)
HKLM\...\Run: [WarReg_PopUp] - C:\Acer\WR_PopUp\WarReg_PopUp.exe [57344 2006-11-05] (Acer Inc.)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [174872 2007-02-12] (Intel Corporation)
HKLM\...\Run: [SetPanel] - C:\Acer\APanel\APanel.cmd [x]
HKLM\...\Run: [NBKeyScan] - "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [x]
HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [623992 2008-01-11] (Adobe Systems Inc.)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [TrueImageMonitor.exe] - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2622104 2007-12-03] (Acronis)
HKLM\...\Run: [AcronisTimounterMonitor] - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [911184 2007-12-03] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [140568 2007-12-03] (Acronis)
HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdSync.exe [215552 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe [198160 2009-03-20] (RealNetworks, Inc.)
HKLM\...\Run: [lxctmon.exe] - C:\Program Files\Lexmark 5400 Series\lxctmon.exe [291760 2006-11-22] ()
HKLM\...\Run: [Lexmark 5400 Series Fax Server] - C:\Program Files\Lexmark 5400 Series\fm3032.exe [304048 2006-11-22] ()
HKLM\...\Run: [EzPrint] - C:\Program Files\Lexmark 5400 Series\ezprint.exe [82864 2006-11-22] (Lexmark International Inc.)
HKLM\...\Run: [LXCTCATS] - rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16 [x]
HKLM\...\Run: [NvSvc] - RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart [x]
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [x]
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [x]
HKLM\...\Run: [nwiz] - nwiz.exe /install [x]
HKLM\...\Run: [Google Updater] - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [161336 2011-09-21] (Google)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [348664 2012-08-08] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [MyFunCards Search Scope Monitor] - C:\PROGRA~1\MYFUNC~2\bar\1.bin\5msrchmn.exe [42552 2012-09-03] (MindSpark)
HKLM\...\Run: [MyFunCards_5m Browser Plugin Loader] - C:\PROGRA~1\MYFUNC~2\bar\1.bin\5mbrmon.exe [30096 2012-09-03] (VER_COMPANY_NAME)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-11] (Oracle Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-10] (Microsoft Corporation)
HKU\Default\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [ 2007-04-26] ()
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [ 2007-04-26] ()
HKU\Hape\...\Run: [Acer Tour Reminder] -  [x]
HKU\Hape\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\daemon.exe [ 2007-12-19] (DT Soft Ltd)
HKU\Hape\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [x]
HKU\Hape\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2008-06-19] (Google Inc.)
HKU\Hape\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\Hape\...\Run: [EADM] - C:\Program Files\Origin\Origin.exe [ 2013-07-12] (Electronic Arts)
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\Users\Hape\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Hape\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telefon- und Branchenbuch Herbst 2008 - Schnellstarter.lnk
ShortcutTarget: Telefon- und Branchenbuch Herbst 2008 - Schnellstarter.lnk -> D:\Program Files\klickTel\Telefon- und Branchenbuch Herbst 2008\KSTART32.EXE (No File)

========================== Services (Whitelisted) =================

S2 AcronisOSSReinstallSvc; C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2232296 2007-03-09] ()
S2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [427288 2007-12-03] (Acronis)
S2 ALaunchService; C:\Acer\ALaunch\ALaunchSvc.exe [50688 2007-01-26] ()
S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-05-09] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-09] (Avira Operations GmbH & Co. KG)
S2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [457512 2007-04-25] (HiTRSUT)
S2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-04-22] (Acer Inc.)
S2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [135168 2007-06-13] (Acer Inc.)
S2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [53248 2007-07-03] (Acer Inc.)
S2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-06-28] ()
S2 lxct_device; C:\Windows\system32\lxctcoms.exe [537520 2006-11-22] ( )
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [107008 2006-11-24] ()
S2 MyFunCards_5mService; C:\PROGRA~1\MYFUNC~2\bar\1.bin\5mbarsvc.exe [42528 2012-09-03] (COMPANYVERS_NAME)
S2 TryAndDecideService; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [498792 2007-12-03] ()
S2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-06-13] (acer)
S2 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]

==================== Drivers (Whitelisted) ====================

S3 A310; C:\Windows\System32\DRIVERS\AVerA310USB.sys [26368 2007-07-09] (AVerMedia TECHNOLOGIES, Inc.)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-05-09] (Avira GmbH)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-05-09] (Avira GmbH)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2011-09-16] (Avira GmbH)
S3 BDASwCap; C:\Windows\System32\drivers\AVerA310Cap.sys [42240 2007-07-09] (AVerMedia TECHNOLOGIES, Inc.)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [53184 2007-06-27] (FTDI Ltd.)
S2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [76584 2006-12-07] ()
S0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [20776 2007-04-25] (HiTRUST)
S0 PSDNServ; C:\Windows\System32\drivers\PSDNServ.sys [16680 2007-04-25] (HiTRUST)
S0 psdvdisk; C:\Windows\System32\drivers\psdvdisk.sys [60712 2007-04-25] (HiTRUST)
S3 s3017bus; C:\Windows\System32\DRIVERS\s3017bus.sys [83880 2007-12-10] (MCCI Corporation)
S3 s3017mdfl; C:\Windows\System32\DRIVERS\s3017mdfl.sys [15016 2007-12-10] (MCCI Corporation)
S3 s3017mdm; C:\Windows\System32\DRIVERS\s3017mdm.sys [110632 2007-12-10] (MCCI Corporation)
S3 s3017mgmt; C:\Windows\System32\DRIVERS\s3017mgmt.sys [104616 2007-12-10] (MCCI Corporation)
S3 s3017nd5; C:\Windows\System32\DRIVERS\s3017nd5.sys [25512 2007-12-10] (MCCI Corporation)
S3 s3017obex; C:\Windows\System32\DRIVERS\s3017obex.sys [100648 2007-12-10] (MCCI Corporation)
S3 s3017unic; C:\Windows\System32\DRIVERS\s3017unic.sys [110120 2007-12-10] (MCCI Corporation)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1729152 2007-06-12] ()
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2009-10-08] (Avira GmbH)
S1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2008-04-16] ()
S0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [368480 2008-08-20] (Acronis)
S2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44384 2008-08-20] (Acronis)
S3 TTCinergyT2; C:\Windows\System32\DRIVERS\TTCinergyT2BDA.sys [29216 2007-07-12] (TerraTec Electronic GmbH)
S3 usbsermptxp; C:\Windows\System32\DRIVERS\usbsermptxp.sys [25600 2008-02-06] (Microsoft Corporation)
S3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-04-18] (Winbond Electronics Corporation)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [521216 2008-01-18] (Microsoft Corporation)
S2 Aspi32; No ImagePath
S2 BDVEDISK; \??\C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys [x]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys [x]
S0 sptd; System32\Drivers\sptd.sys [x]
S3 Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-29 00:38 - 2013-07-29 00:38 - 00039389 _____ C:\Users\Hape\Desktop\FRST.txt
2013-07-29 00:37 - 2013-07-29 00:38 - 00016198 _____ C:\Users\Hape\Desktop\Addition.txt
2013-07-29 00:03 - 2013-07-29 00:03 - 00000000 ___DC C:\FRST
2013-07-29 00:02 - 2013-07-29 00:03 - 01221130 _____ (Farbar) C:\Users\Hape\Desktop\FRST.exe
2013-07-28 03:32 - 2013-07-28 03:32 - 00000000 ____D C:\Users\Hape\AppData\Roaming\Malwarebytes
2013-07-28 03:29 - 2013-07-28 03:29 - 00000910 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-28 03:29 - 2013-07-28 03:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-28 03:29 - 2013-07-28 03:29 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-28 03:29 - 2013-04-04 04:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-07-24 12:46 - 2013-07-24 12:46 - 00000000 __SHD C:\found.004
2013-07-12 13:15 - 2013-07-12 13:17 - 00000000 ____D C:\Windows\System32\MRT
2013-07-11 11:17 - 2013-07-11 11:16 - 00263592 _____ (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-07-11 11:17 - 2013-07-11 11:16 - 00175016 _____ (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-07-11 11:17 - 2013-07-11 11:16 - 00175016 _____ (Oracle Corporation) C:\Windows\System32\java.exe
2013-07-11 11:17 - 2013-07-11 11:16 - 00094632 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-07-11 06:52 - 2013-06-03 17:50 - 02049024 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-11 06:51 - 2013-05-31 20:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-11 06:51 - 2013-05-29 03:30 - 01212928 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-11 06:51 - 2013-05-29 03:30 - 00916480 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-11 06:51 - 2013-05-29 03:30 - 00105984 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-11 06:51 - 2013-05-29 03:28 - 00206848 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-07-11 06:51 - 2013-05-29 03:26 - 06016000 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-11 06:51 - 2013-05-29 03:26 - 00611840 _____ (Microsoft Corporation) C:\Windows\System32\mstime.dll
2013-07-11 06:51 - 2013-05-29 03:26 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-11 06:51 - 2013-05-29 03:25 - 00630272 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-11 06:51 - 2013-05-29 03:25 - 00055296 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-07-11 06:51 - 2013-05-29 03:25 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-07-11 06:51 - 2013-05-29 03:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-11 06:51 - 2013-05-29 03:24 - 11111424 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-11 06:51 - 2013-05-29 03:24 - 02004992 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-11 06:51 - 2013-05-29 03:24 - 01469440 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-07-11 06:51 - 2013-05-29 03:24 - 00387584 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-07-11 06:51 - 2013-05-29 03:24 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-07-11 06:51 - 2013-05-29 03:24 - 00164352 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-11 06:51 - 2013-05-29 03:24 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-11 06:51 - 2013-05-29 03:24 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-11 06:51 - 2013-05-29 03:24 - 00055808 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-11 06:51 - 2013-05-29 01:47 - 00385024 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-07-11 06:51 - 2013-05-29 00:07 - 00133632 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-07-11 06:51 - 2013-05-29 00:06 - 00174080 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-11 06:51 - 2013-05-29 00:05 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-07-11 06:51 - 2013-05-29 00:04 - 01638912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-11 06:51 - 2013-05-07 20:04 - 01548288 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-11 06:51 - 2013-04-17 03:28 - 01029120 _____ (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-07-11 06:51 - 2013-04-17 03:28 - 00219648 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-07-11 06:51 - 2013-04-17 03:28 - 00189952 _____ (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-07-11 06:51 - 2013-04-17 03:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-07-11 06:51 - 2013-04-17 02:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-07-11 06:51 - 2013-04-17 02:33 - 00486400 _____ (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-07-11 06:51 - 2013-04-17 02:14 - 00683008 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-07-11 06:51 - 2013-04-17 02:10 - 01069056 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-11 06:51 - 2013-04-17 02:10 - 00798208 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-07-02 12:33 - 2013-07-02 12:33 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-07-29 00:41 - 2009-02-01 10:24 - 00739806 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-29 00:38 - 2013-07-29 00:38 - 00039389 _____ C:\Users\Hape\Desktop\FRST.txt
2013-07-29 00:38 - 2013-07-29 00:37 - 00016198 _____ C:\Users\Hape\Desktop\Addition.txt
2013-07-29 00:17 - 2007-11-09 00:51 - 01279385 _____ C:\Windows\WindowsUpdate.log
2013-07-29 00:15 - 2007-12-23 06:00 - 00027744 _____ C:\Users\Hape\AppData\Roaming\nvModes.001
2013-07-29 00:13 - 2010-11-04 13:49 - 00131072 _____ C:\Windows\System32\Ikeext.etl
2013-07-29 00:10 - 2006-11-02 04:47 - 00003696 _____ C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-29 00:10 - 2006-11-02 04:47 - 00003696 _____ C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-29 00:03 - 2013-07-29 00:03 - 00000000 ___DC C:\FRST
2013-07-29 00:03 - 2013-07-29 00:02 - 01221130 _____ (Farbar) C:\Users\Hape\Desktop\FRST.exe
2013-07-29 00:02 - 2006-11-02 04:52 - 00098619 _____ C:\Windows\setupact.log
2013-07-28 03:56 - 2008-02-07 04:28 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-07-28 03:48 - 2006-11-02 07:31 - 00000000 ____D C:\Windows\WindowsMobile
2013-07-28 03:32 - 2013-07-28 03:32 - 00000000 ____D C:\Users\Hape\AppData\Roaming\Malwarebytes
2013-07-28 03:29 - 2013-07-28 03:29 - 00000910 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-28 03:29 - 2013-07-28 03:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-28 03:29 - 2013-07-28 03:29 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-28 03:22 - 2008-02-01 01:17 - 00008268 _____ C:\Users\Hape\AppData\Local\d3d9caps.dat
2013-07-28 02:54 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\tracing
2013-07-24 14:06 - 2007-12-22 03:21 - 00027744 _____ C:\Users\Hape\AppData\Roaming\nvModes.dat
2013-07-24 13:35 - 2010-02-23 06:25 - 00000000 ____D C:\Program Files\Lx_cats
2013-07-24 12:46 - 2013-07-24 12:46 - 00000000 __SHD C:\found.004
2013-07-24 12:41 - 2013-02-02 07:04 - 00000000 ____D C:\Program Files\Origin
2013-07-18 13:16 - 2010-02-23 06:21 - 00000000 ___RD C:\Users\Hape\Documents\Eigene Musik1
2013-07-12 23:01 - 2011-04-02 14:06 - 00001975 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-12 13:17 - 2013-07-12 13:15 - 00000000 ____D C:\Windows\System32\MRT
2013-07-12 06:12 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-12 04:57 - 2013-02-02 07:06 - 00000000 ____D C:\Users\Hape\AppData\Roaming\Origin
2013-07-12 04:57 - 2013-02-02 07:06 - 00000000 ____D C:\Users\Hape\AppData\Local\Origin
2013-07-12 04:48 - 2008-04-17 07:17 - 01722128 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-12 04:45 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\System32\XPSViewer
2013-07-11 14:21 - 2007-08-13 21:22 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-11 14:09 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 11:17 - 2008-06-18 09:42 - 00000000 ____D C:\Program Files\Common Files\Java
2013-07-11 11:16 - 2013-07-11 11:17 - 00263592 _____ (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-07-11 11:16 - 2013-07-11 11:17 - 00175016 _____ (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-07-11 11:16 - 2013-07-11 11:17 - 00175016 _____ (Oracle Corporation) C:\Windows\System32\java.exe
2013-07-11 11:16 - 2013-07-11 11:17 - 00094632 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-07-11 11:16 - 2012-05-10 09:33 - 00867240 _____ (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll
2013-07-11 11:16 - 2010-04-18 10:54 - 00789416 _____ (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-07-03 10:48 - 2012-05-13 09:12 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-02 12:33 - 2013-07-02 12:33 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-07-16 07:47:18
Restore point made on: 2013-07-16 12:20:59
Restore point made on: 2013-07-18 12:01:39
Restore point made on: 2013-07-19 11:39:58
Restore point made on: 2013-07-20 11:50:34
Restore point made on: 2013-07-21 09:28:59
Restore point made on: 2013-07-24 11:00:43

==================== Memory info =========================== 

Percentage of memory in use: 14%
Total physical RAM: 2045.81 MB
Available physical RAM: 1744.88 MB
Total Pagefile: 1979.45 MB
Available Pagefile: 1836.76 MB
Total Virtual: 2047.88 MB
Available Virtual: 1963.33 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:111.69 GB) (Free:31.52 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:108.19 GB) (Free:107.99 GB) NTFS
Drive f: (SecureDrive) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive g: (SARDU) (Removable) (Total:14.94 GB) (Free:4.26 GB) FAT32
Drive x: (PQSERVICE) (Fixed) (Total:9.76 GB) (Free:0.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: F229A80C)
Partition 1: (Not Active) - (Size=10 GB) - (Type=12)
Partition 2: (Active) - (Size=112 GB) - (Type=06)
Partition 3: (Not Active) - (Size=108 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3 GB) - (Type=12)

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: F0ACF0AC)
Partition 1: (Active) - (Size=15 GB) - (Type=0B)


LastRegBack: 2013-07-29 00:45

==================== End Of Log ============================
         

--- --- ---

--- --- ---

--- --- ---


[/CODE]

Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code: Alles auswählenAufklappen

ATTFilter

HKLM\...\Run: [MyFunCards Search Scope Monitor] - C:\PROGRA~1\MYFUNC~2\bar\1.bin\5msrchmn.exe [42552 2012-09-03] (MindSpark)
HKLM\...\Run: [MyFunCards_5m Browser Plugin Loader] - C:\PROGRA~1\MYFUNC~2\bar\1.bin\5mbrmon.exe [30096 2012-09-03] (VER_COMPANY_NAME)
C:\PROGRA~1\MYFUNC~2
         

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

• Starte deinen Rechner erneut in die Reparaturoptionen
• Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.


Jetzt bitte normal booten, dann alles vom Desktop aus:

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

• Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
• Drücke eine beliebige Taste, um das Tool zu starten.
• Je nach System kann der Scan eine Weile dauern.
• Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
• Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

• Starte jetzt FRST.
• Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
• Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
• Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

So, habe mal alles nacheinander abgearbeitet was da stand: Folgende Fehler sind noch da bzw Fehlermeldungen:

Google Updater kann nicht vorgesetzt werden.
Keine Verbindung zu Microsoft Diensten

Keine Verbindung ins Internet per LAN oder WLAN. Bei LAN zeigt der folgendes an:
Der Abhängigkeitsdienst kann nicht gestartet werden

Danke für die Hilfe :-)


Erst einmal das Fixlog:

Code: Alles auswählenAufklappen

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-07-2013
Ran by SYSTEM at 2013-07-29 18:19:25 Run:1
Running from G:\
Boot Mode: Recovery

==============================================

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MyFunCards Search Scope Monitor => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MyFunCards_5m Browser Plugin Loader => Value deleted successfully.
"C:\PROGRA~1\MYFUNC~2" => Could not move.

==== End of Fixlog ====
         

Dann Log vom ADWCleaner:

AdwCleaner Logfile:

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v2.306 - Datei am 29/07/2013 um 18:36:20 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Hape - HAPE-NB
# Bootmodus : Normal
# Ausgeführt unter : G:\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : MyFunCards_5mService

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Hape\AppData\Roaming\Mozilla\Firefox\Profiles\d6t61t16.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\Hape\AppData\Roaming\Mozilla\Firefox\Profiles\d6t61t16.default\searchplugins\askcomsearch.xml
Datei Gelöscht : C:\Users\Hape\AppData\Roaming\Mozilla\Firefox\Profiles\d6t61t16.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Users\Hape\AppData\Roaming\Mozilla\Firefox\Profiles\d6t61t16.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Hape\AppData\Roaming\Mozilla\Firefox\Profiles\d6t61t16.default\searchplugins\my-web-search.xml
Datei Gelöscht : C:\Windows\system32\conduitEngine.tmp
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\ConduitEngine
Ordner Gelöscht : C:\Program Files\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files\MyFunCards_5m
Ordner Gelöscht : C:\Program Files\Softonic-Eng7
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\Hape\AppData\Local\APN
Ordner Gelöscht : C:\Users\Hape\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Hape\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj
Ordner Gelöscht : C:\Users\Hape\AppData\Local\MyFunCards_5m
Ordner Gelöscht : C:\Users\Hape\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\Hape\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Hape\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\Hape\AppData\LocalLow\MyFunCards_5m
Ordner Gelöscht : C:\Users\Hape\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Hape\AppData\LocalLow\Softonic-Eng7
Ordner Gelöscht : C:\Users\Hape\AppData\Roaming\Mozilla\Firefox\Profiles\d6t61t16.default\Conduit
Ordner Gelöscht : C:\Users\Hape\AppData\Roaming\Mozilla\Firefox\Profiles\d6t61t16.default\extensions\5mffxtbr@MyFunCards_5m.com

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\MyFunCards_5m
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Softonic-Eng7
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyFunCards_5mbar Uninstall
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Softonic-Eng7 Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C4B22C87-45EF-4F43-89F2-40DB2078864E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DA71FD14-5F7B-46AE-B8B1-44074A38F331}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5715B05F-3402-4E01-81ED-A9FDD794570D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C4B22C87-45EF-4F43-89F2-40DB2078864E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DA71FD14-5F7B-46AE-B8B1-44074A38F331}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5715B05F-3402-4E01-81ED-A9FDD794570D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C4B22C87-45EF-4F43-89F2-40DB2078864E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DA71FD14-5F7B-46AE-B8B1-44074A38F331}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2405280
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj
Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DB6F829-0F16-4FE0-B9FE-026EC427923F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CC9E9F17-6813-432E-B431-1345D627EA85}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEC3064C-1895-43DE-84F8-13D23F554964}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4B22C87-45EF-4F43-89F2-40DB2078864E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA71FD14-5F7B-46AE-B8B1-44074A38F331}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5715B05F-3402-4E01-81ED-A9FDD794570D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine 
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyFunCards_5mbar Uninstall
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softonic-Eng7 Toolbar
Schlüssel Gelöscht : HKLM\Software\Softonic-Eng7
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.19443

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=ZUxpt195YYde&ptb=A639C204-CA2D-41EF-87D1-005F93170D5B&si=COuhrL-SmrICFYe-zAod9XUAAQ --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Hape\AppData\Roaming\Mozilla\Firefox\Profiles\d6t61t16.default\prefs.js

C:\Users\Hape\AppData\Roaming\Mozilla\Firefox\Profiles\d6t61t16.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.search.defaultengine", "Ask.com Search");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com Search");
Gelöscht : user_pref("browser.search.order.1", "Ask.com Search");
Gelöscht : user_pref("browser.search.selectedEngine", "Ask.com Search");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=A639C204-CA2D-41E[...]
Gelöscht : user_pref("extensions.mywebsearch.prevDefaultEngine", "Google");
Gelöscht : user_pref("extensions.mywebsearch.prevSelectedEngine", "Google");
Gelöscht : user_pref("extensions.toolbar.mindspark._5mMembers_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]
Gelöscht : user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=A639C204[...]

-\\ Google Chrome v28.0.1500.72

Datei : C:\Users\Hape\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.12] : homepage = "hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE",
Gelöscht [l.39] : icon_url = "hxxp://www.ask.com/favicon.ico",
Gelöscht [l.42] : keyword = "ask.com",
Gelöscht [l.45] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-3&o=APN10395&locale=d[...]
Gelöscht [l.46] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms[...]
Gelöscht [l.1652] : homepage = "hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE",

*************************

AdwCleaner[S1].txt - [11652 octets] - [29/07/2013 18:36:20]

########## EOF - C:\AdwCleaner[S1].txt - [11713 octets] ##########
         

--- --- ---

[/CODE]

Weiter gings mit JRT, dazu diese Log-Datei:

Code: Alles auswählenAufklappen

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.7 (07.29.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Hape on 29.07.2013 at 18:52:36,03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7E458C0A-0131-43DF-9656-CD34EAB227C1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{acbd5593-e5ee-4c15-b48f-1823ce819dec}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{acbd5593-e5ee-4c15-b48f-1823ce819dec}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\Hape\AppData\Roaming\mozilla\firefox\profiles\d6t61t16.default\invalidprefs.js
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\5mffxtbr@myfuncards_5m.com
Successfully deleted the following from C:\Users\Hape\AppData\Roaming\mozilla\firefox\profiles\d6t61t16.default\prefs.js

user_pref("extensions.toolbar.mindspark._5mMembers_.hp.enabled", true);
user_pref("extensions.toolbar.mindspark._5mMembers_.hp.user.defined", false);
user_pref("extensions.toolbar.mindspark._5mMembers_.initialized", true);
user_pref("extensions.toolbar.mindspark._5mMembers_.installation.contextKey", "");
user_pref("extensions.toolbar.mindspark._5mMembers_.installation.installDate", "2013020520");
user_pref("extensions.toolbar.mindspark._5mMembers_.installation.partnerId", "ZUxpt195YYde");
user_pref("extensions.toolbar.mindspark._5mMembers_.installation.partnerSubId", "COuhrL-SmrICFYe-zAod9XUAAQ");
user_pref("extensions.toolbar.mindspark._5mMembers_.installation.success", true);
user_pref("extensions.toolbar.mindspark._5mMembers_.installation.toolbarId", "A639C204-CA2D-41EF-87D1-005F93170D5B");
user_pref("extensions.toolbar.mindspark._5mMembers_.lastActivePing", "1374828898211");
user_pref("extensions.toolbar.mindspark._5mMembers_.searchHistory", "213011");
user_pref("extensions.toolbar.mindspark._5mMembers_.tab.date", "1360094270177");
user_pref("extensions.toolbar.mindspark._5mMembers_.weather.location", "10001");
user_pref("extensions.toolbar.mindspark.hp.enabled", true);
user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "myfuncards@mindspark.com");
user_pref("extensions.toolbar.mindspark.lastInstalled", "myfuncards@mindspark.com");
user_pref("extensions.toolbar.mindspark.sa.enabled", true);
user_pref("extensions.toolbar.mindspark.sa.owner", "myfuncards@mindspark.com");
user_pref("extensions.toolbar.mindspark.tab.enabled", true);
Emptied folder: C:\Users\Hape\AppData\Roaming\mozilla\firefox\profiles\d6t61t16.default\minidumps [134 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.07.2013 at 18:55:20,60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Und zum Schluß dann nochmal FRST-Log und Addition:


FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-07-2013
Ran by Hape (administrator) on 29-07-2013 19:01:38
Running from G:\
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
() C:\Acer\ALaunch\ALaunchSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(HiTRSUT) C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
(Acer Inc.) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
(Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
( ) C:\Windows\system32\lxctcoms.exe
() C:\Acer\Mobility Center\MobilityService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
() C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
(acer) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(HiTRUST) C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
(CyberLink) C:\Acer\Empowering Technology\eAudio\eAudio.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\QtZgAcer.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
() C:\Program Files\Lexmark 5400 Series\lxctmon.exe
(Lexmark International Inc.) C:\Program Files\Lexmark 5400 Series\ezprint.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
(Acer Inc.) C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Acer Inc.) C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
(Realtek Semiconductor Corp.) C:\Users\Hape\AppData\Local\Temp\RtkBtMnt.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
() C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [ALaunch] - C:\Acer\ALaunch\AlaunchClient.exe [x]
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [865840 2007-05-09] (Synaptics, Inc.)
HKLM\...\Run: [eDataSecurity Loader] - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [457216 2007-04-25] (HiTRUST)
HKLM\...\Run: [eAudio] - C:\Acer\Empowering Technology\eAudio\eAudio.exe [1286144 2007-06-11] (CyberLink)
HKLM\...\Run: [Acer Tour] -  [x]
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4702208 2007-09-04] (Realtek Semiconductor)
HKLM\...\Run: [PLFSet] - rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting [x]
HKLM\...\Run: [LManager] - C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [707080 2007-07-31] (Dritek System Inc.)
HKLM\...\Run: [eRecoveryService] -  [x]
HKLM\...\Run: [Acer Tour Reminder] - C:\Acer\AcerTour\Reminder.exe [151552 2007-08-01] (Acer Inc.)
HKLM\...\Run: [WarReg_PopUp] - C:\Acer\WR_PopUp\WarReg_PopUp.exe [57344 2006-11-05] (Acer Inc.)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [174872 2007-02-12] (Intel Corporation)
HKLM\...\Run: [SetPanel] - C:\Acer\APanel\APanel.cmd [x]
HKLM\...\Run: [NBKeyScan] - "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [x]
HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [623992 2008-01-11] (Adobe Systems Inc.)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [TrueImageMonitor.exe] - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2622104 2007-12-03] (Acronis)
HKLM\...\Run: [AcronisTimounterMonitor] - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [911184 2007-12-03] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [140568 2007-12-03] (Acronis)
HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdSync.exe [215552 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe [198160 2009-03-20] (RealNetworks, Inc.)
HKLM\...\Run: [lxctmon.exe] - C:\Program Files\Lexmark 5400 Series\lxctmon.exe [291760 2006-11-22] ()
HKLM\...\Run: [Lexmark 5400 Series Fax Server] - C:\Program Files\Lexmark 5400 Series\fm3032.exe [304048 2006-11-22] ()
HKLM\...\Run: [EzPrint] - C:\Program Files\Lexmark 5400 Series\ezprint.exe [82864 2006-11-22] (Lexmark International Inc.)
HKLM\...\Run: [LXCTCATS] - rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16 [x]
HKLM\...\Run: [NvSvc] - RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart [x]
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [x]
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [x]
HKLM\...\Run: [nwiz] - nwiz.exe /install [x]
HKLM\...\Run: [Google Updater] - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [161336 2011-09-21] (Google)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [348664 2012-08-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [Acer Tour Reminder] -  [x]
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\daemon.exe [486856 2007-12-19] (DT Soft Ltd)
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [x]
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-06-19] (Google Inc.)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [EADM] - C:\Program Files\Origin\Origin.exe [3456080 2013-07-12] (Electronic Arts)
MountPoints2: {08a95b78-2807-11de-b97d-f16ed9cf029e} - E:\EmDesk.exe
MountPoints2: {1d0ab367-bdce-11dc-baa2-a497e26bf74f} - G:\Autorun.exe
MountPoints2: {7aebc77a-8ea0-11dc-9ce9-806e6f6e6963} - F:\Autorun.exe
MountPoints2: {a5d4b1d9-1a1f-11df-af66-d6d374baabeb} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\RavMon.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [ 2007-04-26] ()
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [ 2007-04-26] ()
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
ShortcutTarget: BTTray.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Hape\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Hape\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telefon- und Branchenbuch Herbst 2008 - Schnellstarter.lnk
ShortcutTarget: Telefon- und Branchenbuch Herbst 2008 - Schnellstarter.lnk -> D:\Program Files\klickTel\Telefon- und Branchenbuch Herbst 2008\KSTART32.EXE (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
URLSearchHook: (No Name) - {f4c28532-b9d0-4950-a2df-e83f9929242b} - C:\Program Files\MyFunCards_5m\bar\1.bin\5mSrcAs.dll No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - {6E8E65C8-6F23-494F-9638-2D8E70CB4F30} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (Adobe Systems Incorporated.)
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll No File
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll No File
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (Adobe Systems Incorporated.)
Toolbar: HKLM - MyFunCards - {210f1b36-3b7f-41a4-b5da-3eb87f5a56c2} - C:\Program Files\MyFunCards_5m\bar\1.bin\5mbar.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -MyFunCards - {210F1B36-3B7F-41A4-B5DA-3EB87F5A56C2} - C:\Program Files\MyFunCards_5m\bar\1.bin\5mbar.dll No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\..\Interfaces\{2B92099C-A056-4167-B550-5C9C8CCAA518}: [NameServer]62.220.18.8 89.246.64.8

FireFox:
========
FF ProfilePath: C:\Users\Hape\AppData\Roaming\Mozilla\Firefox\Profiles\d6t61t16.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @MyFunCards_5m.com/Plugin - C:\Program Files\MyFunCards_5m\bar\1.bin\NP5mStub.dll No File
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.69 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Extension: No Name - C:\Users\Hape\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
FF Extension: No Name - C:\Users\Hape\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Move Media Player - C:\Users\Hape\AppData\Roaming\Mozilla\Firefox\Profiles\d6t61t16.default\Extensions\moveplayer@movenetworks.com
FF Extension: Google Toolbar for Firefox - C:\Users\Hape\AppData\Roaming\Mozilla\Firefox\Profiles\d6t61t16.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{3112ca9c-de6d-4884-a869-9855de68056c}] C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF Extension: Google Toolbar for Firefox - C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\Program Files\Real\RealPlayer\browserrecord
FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Ask) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\24.0.1312.57\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Hape\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (king.com - Game controller for firefox) - C:\Program Files\Mozilla Firefox\plugins\npmidas.dll (Midasplayer Ltd)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U32) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.320.5) - C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Extension: (YouTube) - C:\Users\Hape\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1
CHR Extension: (Google Search) - C:\Users\Hape\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1
CHR Extension: (Gmail) - C:\Users\Hape\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

========================== Services (Whitelisted) =================

S2 AcronisOSSReinstallSvc; C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2232296 2007-03-09] ()
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [427288 2007-12-03] (Acronis)
R2 ALaunchService; C:\Acer\ALaunch\ALaunchSvc.exe [50688 2007-01-26] ()
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-05-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-09] (Avira Operations GmbH & Co. KG)
R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [457512 2007-04-25] (HiTRSUT)
R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-04-23] (Acer Inc.)
R2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [135168 2007-06-13] (Acer Inc.)
R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [53248 2007-07-03] (Acer Inc.)
R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-06-28] ()
R2 lxct_device; C:\Windows\system32\lxctcoms.exe [537520 2006-11-22] ( )
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [107008 2006-11-24] ()
R2 TryAndDecideService; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [498792 2007-12-03] ()
R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-06-13] (acer)
S2 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]

==================== Drivers (Whitelisted) ====================

R3 A310; C:\Windows\System32\DRIVERS\AVerA310USB.sys [26368 2007-07-10] (AVerMedia TECHNOLOGIES, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-05-09] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-05-09] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2011-09-16] (Avira GmbH)
R3 BDASwCap; C:\Windows\System32\drivers\AVerA310Cap.sys [42240 2007-07-10] (AVerMedia TECHNOLOGIES, Inc.)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [53184 2007-06-27] (FTDI Ltd.)
R2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [76584 2006-12-07] ()
R0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [20776 2007-04-25] (HiTRUST)
R0 PSDNServ; C:\Windows\System32\drivers\PSDNServ.sys [16680 2007-04-25] (HiTRUST)
R0 psdvdisk; C:\Windows\System32\drivers\psdvdisk.sys [60712 2007-04-25] (HiTRUST)
S3 s3017bus; C:\Windows\System32\DRIVERS\s3017bus.sys [83880 2007-12-10] (MCCI Corporation)
S3 s3017mdfl; C:\Windows\System32\DRIVERS\s3017mdfl.sys [15016 2007-12-10] (MCCI Corporation)
S3 s3017mdm; C:\Windows\System32\DRIVERS\s3017mdm.sys [110632 2007-12-10] (MCCI Corporation)
S3 s3017mgmt; C:\Windows\System32\DRIVERS\s3017mgmt.sys [104616 2007-12-10] (MCCI Corporation)
S3 s3017nd5; C:\Windows\System32\DRIVERS\s3017nd5.sys [25512 2007-12-10] (MCCI Corporation)
S3 s3017obex; C:\Windows\System32\DRIVERS\s3017obex.sys [100648 2007-12-10] (MCCI Corporation)
S3 s3017unic; C:\Windows\System32\DRIVERS\s3017unic.sys [110120 2007-12-10] (MCCI Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1729152 2007-06-12] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2009-10-08] (Avira GmbH)
R1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2008-04-17] ()
R0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [368480 2008-08-20] (Acronis)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44384 2008-08-20] (Acronis)
S3 TTCinergyT2; C:\Windows\System32\DRIVERS\TTCinergyT2BDA.sys [29216 2007-07-12] (TerraTec Electronic GmbH)
S3 usbsermptxp; C:\Windows\System32\DRIVERS\usbsermptxp.sys [25600 2008-02-07] (Microsoft Corporation)
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-04-19] (Winbond Electronics Corporation)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [521216 2008-01-18] (Microsoft Corporation)
S2 Aspi32; No ImagePath
S2 BDVEDISK; \??\C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys [x]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys [x]
S0 sptd; System32\Drivers\sptd.sys [x]
S3 Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-29 18:55 - 2013-07-29 18:55 - 00003471 _____ C:\Users\Hape\Desktop\JRT.txt
2013-07-29 18:52 - 2013-07-29 18:52 - 00000000 ____D C:\Windows\ERUNT
2013-07-29 18:36 - 2013-07-29 18:36 - 00011783 ____C C:\AdwCleaner[S1].txt
2013-07-29 10:38 - 2013-07-29 10:38 - 00039389 _____ C:\Users\Hape\Desktop\FRST.txt
2013-07-29 10:37 - 2013-07-29 10:38 - 00016198 _____ C:\Users\Hape\Desktop\Addition.txt
2013-07-29 10:03 - 2013-07-29 10:03 - 00000000 ___DC C:\FRST
2013-07-29 10:02 - 2013-07-29 10:03 - 01221130 _____ (Farbar) C:\Users\Hape\Desktop\FRST.exe
2013-07-28 13:32 - 2013-07-28 13:32 - 00000000 ____D C:\Users\Hape\AppData\Roaming\Malwarebytes
2013-07-28 13:29 - 2013-07-28 13:29 - 00000910 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-28 13:29 - 2013-07-28 13:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-28 13:29 - 2013-07-28 13:29 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-28 13:29 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-24 22:46 - 2013-07-24 22:46 - 00000000 __SHD C:\found.004
2013-07-12 23:15 - 2013-07-12 23:17 - 00000000 ____D C:\Windows\system32\MRT
2013-07-11 21:17 - 2013-07-11 21:16 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-07-11 21:17 - 2013-07-11 21:16 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-07-11 21:17 - 2013-07-11 21:16 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-07-11 21:17 - 2013-07-11 21:16 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-07-11 16:52 - 2013-06-04 03:50 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 16:51 - 2013-06-01 06:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 16:51 - 2013-05-29 13:30 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 16:51 - 2013-05-29 13:30 - 00916480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 16:51 - 2013-05-29 13:30 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-11 16:51 - 2013-05-29 13:28 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-07-11 16:51 - 2013-05-29 13:26 - 06016000 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 16:51 - 2013-05-29 13:26 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-07-11 16:51 - 2013-05-29 13:26 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-11 16:51 - 2013-05-29 13:25 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 16:51 - 2013-05-29 13:25 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-07-11 16:51 - 2013-05-29 13:25 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-07-11 16:51 - 2013-05-29 13:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 16:51 - 2013-05-29 13:24 - 11111424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 16:51 - 2013-05-29 13:24 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 16:51 - 2013-05-29 13:24 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-11 16:51 - 2013-05-29 13:24 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-07-11 16:51 - 2013-05-29 13:24 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-07-11 16:51 - 2013-05-29 13:24 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 16:51 - 2013-05-29 13:24 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 16:51 - 2013-05-29 13:24 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 16:51 - 2013-05-29 13:24 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 16:51 - 2013-05-29 11:47 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-07-11 16:51 - 2013-05-29 10:07 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-11 16:51 - 2013-05-29 10:06 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 16:51 - 2013-05-29 10:05 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-07-11 16:51 - 2013-05-29 10:04 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 16:51 - 2013-05-08 06:04 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 16:51 - 2013-04-17 13:28 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-07-11 16:51 - 2013-04-17 13:28 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-07-11 16:51 - 2013-04-17 13:28 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-07-11 16:51 - 2013-04-17 13:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-07-11 16:51 - 2013-04-17 12:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-07-11 16:51 - 2013-04-17 12:33 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-07-11 16:51 - 2013-04-17 12:14 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-07-11 16:51 - 2013-04-17 12:10 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-11 16:51 - 2013-04-17 12:10 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-07-02 22:33 - 2013-07-02 22:33 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-07-29 18:55 - 2013-07-29 18:55 - 00003471 _____ C:\Users\Hape\Desktop\JRT.txt
2013-07-29 18:52 - 2013-07-29 18:52 - 00000000 ____D C:\Windows\ERUNT
2013-07-29 18:45 - 2009-02-01 20:24 - 00739806 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-29 18:45 - 2007-11-09 10:51 - 01281528 _____ C:\Windows\WindowsUpdate.log
2013-07-29 18:43 - 2007-12-23 16:00 - 00027744 _____ C:\Users\Hape\AppData\Roaming\nvModes.001
2013-07-29 18:41 - 2010-11-04 23:49 - 00196608 _____ C:\Windows\system32\Ikeext.etl
2013-07-29 18:38 - 2006-11-02 14:47 - 00003696 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-29 18:38 - 2006-11-02 14:47 - 00003696 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-29 18:37 - 2008-02-07 14:28 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-07-29 18:36 - 2013-07-29 18:36 - 00011783 ____C C:\AdwCleaner[S1].txt
2013-07-29 18:36 - 2010-02-22 22:33 - 00000000 ____D C:\ProgramData\ICQ
2013-07-29 10:38 - 2013-07-29 10:38 - 00039389 _____ C:\Users\Hape\Desktop\FRST.txt
2013-07-29 10:38 - 2013-07-29 10:37 - 00016198 _____ C:\Users\Hape\Desktop\Addition.txt
2013-07-29 10:03 - 2013-07-29 10:03 - 00000000 ___DC C:\FRST
2013-07-29 10:03 - 2013-07-29 10:02 - 01221130 _____ (Farbar) C:\Users\Hape\Desktop\FRST.exe
2013-07-29 10:02 - 2006-11-02 14:52 - 00098619 _____ C:\Windows\setupact.log
2013-07-28 13:48 - 2006-11-02 17:31 - 00000000 ____D C:\Windows\WindowsMobile
2013-07-28 13:32 - 2013-07-28 13:32 - 00000000 ____D C:\Users\Hape\AppData\Roaming\Malwarebytes
2013-07-28 13:29 - 2013-07-28 13:29 - 00000910 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-28 13:29 - 2013-07-28 13:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-28 13:29 - 2013-07-28 13:29 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-28 13:22 - 2008-02-01 11:17 - 00008268 _____ C:\Users\Hape\AppData\Local\d3d9caps.dat
2013-07-28 12:54 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\tracing
2013-07-25 00:06 - 2007-12-22 13:21 - 00027744 _____ C:\Users\Hape\AppData\Roaming\nvModes.dat
2013-07-24 23:35 - 2010-02-23 16:25 - 00000000 ____D C:\Program Files\Lx_cats
2013-07-24 23:32 - 2010-02-16 13:27 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-24 23:32 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-24 22:46 - 2013-07-24 22:46 - 00000000 __SHD C:\found.004
2013-07-24 22:41 - 2013-02-02 17:04 - 00000000 ____D C:\Program Files\Origin
2013-07-24 22:14 - 2012-07-21 23:43 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-24 22:01 - 2010-02-16 13:27 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-24 14:42 - 2006-11-02 15:01 - 00032536 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-18 23:16 - 2010-02-23 16:21 - 00000000 ___RD C:\Users\Hape\Documents\Eigene Musik1
2013-07-13 09:01 - 2011-04-03 00:06 - 00001975 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-12 23:17 - 2013-07-12 23:15 - 00000000 ____D C:\Windows\system32\MRT
2013-07-12 20:48 - 2010-05-21 08:00 - 00000472 ____H C:\Windows\Tasks\Norton Security Scan for Hape.job
2013-07-12 16:12 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-12 14:57 - 2013-02-02 17:06 - 00000000 ____D C:\Users\Hape\AppData\Roaming\Origin
2013-07-12 14:57 - 2013-02-02 17:06 - 00000000 ____D C:\Users\Hape\AppData\Local\Origin
2013-07-12 14:48 - 2008-04-17 17:17 - 01722128 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-12 14:45 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2013-07-12 00:21 - 2007-08-14 07:22 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-12 00:09 - 2006-11-02 14:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 21:17 - 2008-06-18 19:42 - 00000000 ____D C:\Program Files\Common Files\Java
2013-07-11 21:16 - 2013-07-11 21:17 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-07-11 21:16 - 2013-07-11 21:17 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-07-11 21:16 - 2013-07-11 21:17 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-07-11 21:16 - 2013-07-11 21:17 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-07-11 21:16 - 2012-05-10 19:33 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npdeployJava1.dll
2013-07-11 21:16 - 2010-04-18 20:54 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-07-07 14:00 - 2011-08-12 22:03 - 00000974 _____ C:\Windows\Tasks\Google Software Updater.job
2013-07-03 20:48 - 2012-05-13 19:12 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-02 22:33 - 2013-07-02 22:33 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-29 18:48

==================== End Of Log ============================
         

--- --- ---

--- --- ---

[/CODE]

Addition:

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-07-2013
Ran by Hape at 2013-07-29 19:08:27
Running from G:\
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 Update for Microsoft Office 2007 (KB2508958)
ACDSee 10 Foto-Manager (Version: 10.0.219)
Acer Crystal Eye webcam (Version: 1.0.13)
Acer Crystal Eye webcam (Version: 5.7.29.500-1.0)
Acer eAudio Management (Version: 2.5.4012)
Acer eDataSecurity Management (Version: 2.5.4241)
Acer eLock Management (Version: 2.5.4008)
Acer Empowering Technology (Version: 2.5.4010)
Acer eNet Management (Version: 2.6.4008)
Acer ePower Management (Version: 2.5.4019)
Acer ePresentation Management (Version: 2.5.4002)
Acer eSettings Management (Version: 2.5.4011)
Acer GridVista (Version: 2.68.622)
Acer Mobility Center Plug-In (Version: 1.0.3003)
Acer ScreenSaver (Version: 1.21.20070515)
Acer Tour (Version: 2.0.1005)
Acer VCM (Version: 2.05.3001.7175)
Acronis*Disk Director Suite (Version: 10.0.2161)
Acronis*True*Image*Home (Version: 11.0.8064)
Adobe Acrobat 8 Professional - English, Français, Deutsch (Version: 8.1.2)
Adobe Acrobat 8.1.2 Professional (Version: 8.1.2)
Adobe After Effects CS3 (Version: 8)
Adobe After Effects CS3 Presets (Version: 8)
Adobe AIR (Version: 2.0.3.13070)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe BridgeTalk Plugin CS3 (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color - Photoshop Specific (Version: 1.0)
Adobe Color Common Settings (Version: 1.0.1)
Adobe Color EU Recommended Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Extra Settings (Version: 1.0)
Adobe Contribute CS3 (Version: 4.1)
Adobe Creative Suite 3 Master Collection (Version: 1.0)
Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen (Version: 1.0)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe Dreamweaver CS3 (Version: 9)
Adobe ExtendScript Toolkit 2 (Version: 2.0.2)
Adobe Extension Manager CS3 (Version: 1.8)
Adobe Fireworks CS3 (Version: 9.0)
Adobe Flash CS3 (Version: 9.0)
Adobe Flash Player 10 ActiveX (Version: 10.0.22.87)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Flash Video Encoder (Version: 2.0)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe Illustrator CS3 (Version: 13.0)
Adobe InDesign CS3 (Version: 5.0)
Adobe InDesign CS3 Icon Handler (Version: 5.0)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe MotionPicture Color Files (Version: 1.0)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop CS3 (Version: 10)
Adobe Reader X (10.1.7) - Deutsch (Version: 10.1.7)
Adobe Setup (Version: 1.0)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
Adobe SING CS3 (Version: 0.1)
Adobe Soundbooth CS3 (Version: 1)
Adobe Soundbooth CS3 Codecs (Version: 3)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe Video Profiles (Version: 1.0)
Adobe WAS CS3 (Version: 1.0)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP DVA Panels CS3 (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
Advertising Center (Version: 0.0.0.1)
AHV content for Acrobat and Flash (Version: 1)
Avira Free Antivirus (Version: 12.1.9.2400)
Bouquet Wizard
Casino at bet365
DHTML Editing Component (Version: 6.02.0001)
DolbyFiles (Version: 2.0)
DumpTimer
EA Link (Version: 3.1.1.4)
Fritz11 (Version: 11)
FUSSBALL MANAGER 13 (Version: 1.0.0.0)
Gamers.IRC 5.25
Google Chrome (Version: 28.0.1500.72)
Google Earth (Version: 7.0.3.8542)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4209.2358)
Google Update Helper (Version: 1.3.21.153)
Google Updater (Version: 2.4.2432.1652)
HDAUDIO Soft Data Fax Modem with SmartCP
ImagXpress (Version: 7.0.74.0)
Intel Matrix Storage Manager
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java(TM) 6 Update 37 (Version: 6.0.370)
Java(TM) 6 Update 6 (Version: 1.6.0.60)
Java(TM) 6 Update 7 (Version: 1.6.0.70)
king.com (remove only)
Launch Manager
Lexmark 5400 Series
LightScribe  1.4.142.1 (Version: 1.4.142.1)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee Security Scan Plus (Version: 3.0.318.3)
Menu Templates - Starter Kit (Version: 9.0.4.0)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Movie Templates - Starter Kit (Version: 9.0.4.0)
Mozilla Firefox 22.0 (x86 de) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
Mozilla Thunderbird 17.0.7 (x86 de) (Version: 17.0.7)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 9
Nero BurningROM (Version: 9.0.0.0)
Nero ControlCenter (Version: 9.0.0.1)
Nero DiscSpeed (Version: 4.99.5.105)
Nero DriveSpeed (Version: 3.99.5.105)
Nero InfoTool (Version: 5.99.5.105)
Nero Installer (Version: 2.0.0.1)
NeroBurningROM (Version: 9.0.6.100)
Norton Security Scan (Version: 2.7.3.34)
Nur Deinstallierung der CopyTrans Suite möglich.
NVIDIA Drivers
Origin (Version: 9.0.11.77)
PDF Settings (Version: 1.0)
PokerStars.net
PowerProducer 3.72 (Version: 074324(3.7)_Vista_Acer)
RealPlayer
Realtek High Definition Audio Driver (Version: 6.0.1.5470)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (Version: 3.51.01)
SCHLECKER Foto Digital Service
SPEEDLINK Strike 2 Gamepad (Version: 2007.08.17)
Synaptics Pointing Device Driver (Version: 9.2.3.1)
TeamViewer 4
Total Commander (Remove or Repair)
UltraEdit 14.10 (Version: 14.1.3)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update Service (Version: 2.9.2.12)
VideoLAN VLC media player 0.8.6i (Version: 0.8.6i)
WIDCOMM Bluetooth Software 6.0.1.4900 (Version: 6.0.1.4900)
Winbond CIR Drivers (Version: 7.60.1002)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows Mobile-Gerätecenter (Version: 6.1.6965.0)
Windows Mobile-Gerätecenter: Treiberupdate (Version: 6.1.6965.0)
WinRAR
 

==================== Restore Points  =========================

16-07-2013 15:45:17 Geplanter Prüfpunkt
16-07-2013 20:20:29 Windows Update
18-07-2013 20:01:20 Geplanter Prüfpunkt
19-07-2013 19:36:18 Geplanter Prüfpunkt
20-07-2013 19:50:15 Geplanter Prüfpunkt
21-07-2013 17:28:41 Geplanter Prüfpunkt
24-07-2013 18:59:56 Windows Update

==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {12A776A5-F9AB-4657-AA5D-A72AC7322CEB} - System32\Tasks\Norton Security Scan for Hape => C:\Program Files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-06-28] (Symantec Corporation)
Task: {12B29A7A-75E2-4F7C-A3EC-24D924A52C5C} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {41E5044B-1061-409F-9786-9E237E913D87} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-16] (Google Inc.)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {5AB7C068-319D-4FAB-8649-6364138B4F2D} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-16] (Google)
Task: {6BF2B7B9-6838-4921-A462-5DE1C6B79983} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-19] (Microsoft Corp.)
Task: {8DDB4752-E7A3-452D-8051-A541DBEA0093} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-19] (Microsoft Corporation)
Task: {BF9F9B5D-2205-4AA5-BC6B-840B195AE856} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-16] (Google Inc.)
Task: {C5D936BA-5925-49AE-8F7D-2D2949A6FAC1} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {EBC5774C-6526-47D9-ACA3-1322995220C3} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-19] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for Hape.job => C:\Program Files\Norton Security Scan\Engine\2.7.3.34\Nss.exe

==================== Faulty Device Manager Devices =============

Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: isatap.{2B92099C-A056-4167-B550-5C9C8CCAA518}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: isatap.{2B92099C-A056-4167-B550-5C9C8CCAA518}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: isatap.{2B92099C-A056-4167-B550-5C9C8CCAA518}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: isatap.{2B92099C-A056-4167-B550-5C9C8CCAA518}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft-ISATAP-Adapter
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: isatap.{2B92099C-A056-4167-B550-5C9C8CCAA518}
Description: Microsoft-ISATAP-Adapter
Class Guid: 
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: isatap.{2B92099C-A056-4167-B550-5C9C8CCAA518}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Broadcom NetLink (TM) Gigabit Ethernet
Description: Broadcom NetLink (TM) Gigabit Ethernet
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: b57nd60x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Could not start eventlog service, could not read events.

Windows-Ereignisprotokoll wird gestartet.
Windows-Ereignisprotokoll konnte nicht gestartet werden.

Ein Systemfehler ist aufgetreten.

Systemfehler 1747 aufgetreten.

Der Authentifizierungsdienst ist unbekannt.


==================== Memory info =========================== 

Percentage of memory in use: 54%
Total physical RAM: 2045.68 MB
Available physical RAM: 923.43 MB
Total Pagefile: 4332.36 MB
Available Pagefile: 3045.04 MB
Total Virtual: 2047.88 MB
Available Virtual: 1918.95 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:111.69 GB) (Free:29.34 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:108.19 GB) (Free:107.99 GB) NTFS
Drive e: (SecureDrive) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive g: (SARDU) (Removable) (Total:14.94 GB) (Free:4.26 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: F229A80C)
Partition 1: (Not Active) - (Size=10 GB) - (Type=12)
Partition 2: (Active) - (Size=112 GB) - (Type=06)
Partition 3: (Not Active) - (Size=108 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3 GB) - (Type=12)

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: F0ACF0AC)
Partition 1: (Active) - (Size=15 GB) - (Type=0B)

==================== End Of Log ============================
         

Vielen Dank für die Hilfe

ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte SecurityCheck und:

• Speichere es auf dem Desktop.
• Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
• Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Hi schrauber,

erst einmal besten Dank für die bisherige Hilfe.

Leider kann ich aber mit den nächsten Punkten nicht fortfahren, da wie weiter oben geschrieben, weiterhin keine Internetverbindung zustande kommt, weder per Lan noch per Wlan. Zudem kommt auch die Meldung kann keine Windowsdienste starten bzw kann keine Verbindung zu Diensten herstellen.

Leider will aber ESET einen Online-Update machen

Danke

Gruß
Hape

Ups, hab ich dran vorbei gelesen

Downloade dir bitte Farbar Service Scanner

• Starte das Tool mit Doppelklick auf die FSS.exe
• Gehe sicher, dass folgende Optionen angehakt sind.
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
  • Other Services
• Klicke auf Scan.
• Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.

:-)
Kann ja passieren, bei so viel Text :-)

Hier die Logdatei von FSS:

Code: Alles auswählenAufklappen

ATTFilter

Farbar Service Scanner Version: 26-07-2013
Ran by Hape (administrator) on 30-07-2013 at 15:39:55
Running from "G:\"
Microsoft« Windows VistaÖ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.


Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
LAN connected.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
Checking LEGACY_MpsSvc: ATTENTION!=====> Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.


Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Security Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
Checking LEGACY_BITS: ATTENTION!=====> Unable to open LEGACY_BITS\0000 registry key. The key does not exist.


Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
         

Downloade dir bitte Windows Repair (All In One) von hier.

• Installiere das Programm. Starte es, nachdem die Installation abgeschlossen wurde.
• Klicke auf Step 2 und drücke unter Check Disk auf Do It.
  
  
• Wenn der Vorgang abgeschlossen ist, klicke auf Step 3 und drücke unter System File Check auf Do It.
  
  
• Nachdem der Vorgang abgeschlossen ist, klicke auf Start Repairs, wähle den Advanced Mode und drücke Start.
  
  
• Gehe bitte sicher, dass die Kästchen wie unten zu sehen angehakt sind. Bitte hake zusätzlich noch Set Windows Services to Default Startup an.
• Hake Restart System when Finished an.
• Drücke Start.
  
  

Dann nochmal ein frisches FSS log bitte

Hi

Leider kann ich bei Start Repair nicht weiter machen.

Da bricht es jedesmal ab mit folgender Fehlermeldung:
Execute processes remotely funktioniert nicht mehr. Wenn ich dann auf ok klicke, schliesst sich das Programm, bzw der Step und macht dann beim nächsten Step weiter.
Und kommt dann wieder diese Fehlermeldung.

Nach Step2 und Step3 sind aber die oben genannten Fehler immer noch vorhanden.

Langsam verzweifle ich :-)

Ich mache das jetzt mal im abgesicherten Modus, obwohl dann bestimmt einige Reparaturversuche im Abgesicherten Modus nicht möglich sein werden, oder ?

Danke

Gruß
Hape

Doch sollten gehen