2 Virenfunde Avira /gmer funktioniert nicht

dermitdempro · 19.01.2014, 14:04

Hallo zusammen

Das Aviraprogramm hat mir 2 Funde ausgespuckt die ich hier bereinigen lassen wollte

defrogger :

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:36 on 19/01/2014 (phil radium)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST hat mir keine Addition.log gegeben
weis auch nicht warum

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2014
Ran by phil radium (administrator) on PHILRADIUM-PC on 19-01-2014 12:38:10
Running from C:\Users\normal\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\UpdateManager.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Spotify Ltd) C:\Users\normal\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9913376 2009-12-29] (Realtek Semiconductor)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-04-17] (Egis Technology Inc.)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [17412200 2010-04-07] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [206208 2010-01-13] ()
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-04-23] (Acer Incorporated)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-04-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [908368 2010-04-08] (Dritek System Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Runonce: [MSPCLOCK] - rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
HKLM\...\Runonce: [MSPQM] - rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
HKLM\...\Runonce: [MSKSSRV] - rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
HKLM\...\Runonce: [MSTEE.CxTransform] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [MSTEE.Splitter] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-14] (Microsoft Corporation)
HKLM\...\Runonce: [WDM_DRMKAUD] - rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-05-06] (Google Inc.)
HKCU\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [439360 2013-08-13] (BillP Studios)
HKCU\...\Run: [Spotify] - C:\Users\phil radium\AppData\Roaming\Spotify\Spotify.exe [4640768 2013-09-02] (Spotify Ltd)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\phil radium\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-09-02] (Spotify Ltd)
HKCU\...\Run: [Benzul Activator] - C:\Program Files (x86)\Benzul\Activator\ascwx.exe [4379648 2012-12-10] ()
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE551
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE551
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\phil radium\AppData\Roaming\Mozilla\Firefox\Profiles\rhswmh3v.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Extension: Adblock Plus - C:\Users\phil radium\AppData\Roaming\Mozilla\Firefox\Profiles\rhswmh3v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-27]
FF HKCU\...\Firefox\Extensions: [{450ef4aa-3d18-4b12-8d9f-ecc17330b054}] - C:\Program Files (x86)\LyricsSeeker\131.xpi

Chrome: 
=======
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\phil radium\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh [2013-10-02]
CHR Extension: (Google Docs) - C:\Users\phil radium\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-02]
CHR Extension: (Google Drive) - C:\Users\phil radium\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-02]
CHR Extension: (YouTube) - C:\Users\phil radium\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-02]
CHR Extension: (Adblock Plus) - C:\Users\phil radium\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-19]
CHR Extension: (Google-Suche) - C:\Users\phil radium\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-02]
CHR Extension: (Google Wallet) - C:\Users\phil radium\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-02]
CHR Extension: (Google Mail) - C:\Users\phil radium\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-02]
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2013-07-26]
CHR HKLM-x32\...\Chrome\Extension: [lgoiojnjnacbjngolldkokokgpcjbgjj] - C:\Program Files (x86)\LyricsSeeker\131.crx [2013-07-26]

==================== Services (Whitelisted) =================

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [908856 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-10-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
R2 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-04-17] (Egis Technology Inc.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
R3 SjtWinIo; C:\Windows\System32\DRIVERS\SjtWinIo.sys [9216 2013-09-25] (SpeedJet Technology INC.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [146928 2010-04-28] (CyberLink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-19 12:38 - 2014-01-19 12:38 - 00020331 _____ C:\Users\normal\Desktop\FRST.txt
2014-01-19 12:37 - 2014-01-19 12:37 - 02076672 _____ (Farbar) C:\Users\normal\Desktop\FRST64.exe
2014-01-19 12:36 - 2014-01-19 12:36 - 00000484 _____ C:\Users\normal\Desktop\defogger_disable.log
2014-01-19 12:35 - 2014-01-19 12:35 - 00050477 _____ C:\Users\normal\Desktop\Defogger.exe
2014-01-19 12:34 - 2014-01-19 12:34 - 00000918 _____ C:\Users\normal\Desktop\Ereignisse.txt
2014-01-19 12:27 - 2014-01-19 12:27 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-19 12:26 - 2014-01-19 12:26 - 00819176 _____ (Google Inc.) C:\Users\phil radium\Downloads\ChromeSetup.exe
2014-01-16 17:23 - 2014-01-16 17:23 - 00243567 _____ C:\Users\normal\Downloads\1HHO.pdb
2014-01-16 12:14 - 2014-01-16 12:14 - 00107163 _____ C:\Users\normal\Downloads\4HW1.pdb
2014-01-15 20:50 - 2014-01-15 20:50 - 00000000 ____D C:\Program Files (x86)\PyMOL
2014-01-15 20:30 - 2014-01-15 20:30 - 15570944 _____ C:\Users\normal\Downloads\pymol-v1.3r1-edu-Win32.msi
2014-01-15 11:18 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 11:18 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 11:18 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 11:18 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 11:18 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 11:18 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 11:18 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 11:18 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 11:18 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 15:46 - 2014-01-14 15:55 - 140300048 _____ C:\Users\normal\Downloads\avira_antivirus_suite_de (2).exe
2014-01-11 13:53 - 2014-01-11 13:53 - 00000000 ____D C:\Users\normal\AppData\Local\Microsoft Help
2014-01-11 13:35 - 2014-01-11 13:35 - 00015497 _____ C:\Users\normal\Downloads\Nicht bestätigt 760173.crdownload
2014-01-11 13:33 - 2014-01-15 21:33 - 00000000 ____D C:\Users\normal\Desktop\pc-protokolle-2014
2014-01-10 11:05 - 2014-01-10 11:05 - 00000000 ____D C:\Users\normal\Desktop\Originals
2014-01-09 09:32 - 2014-01-09 09:32 - 00010696 _____ C:\Users\normal\Downloads\sequence.gbx.xml
2014-01-04 22:50 - 2014-01-04 22:53 - 680512320 _____ C:\Users\normal\Downloads\ophcrack-vista-livecd-3.6.0.iso
2014-01-04 22:44 - 2014-01-04 22:44 - 02083288 _____ C:\Users\normal\Downloads\winrar-x64-501d.exe
2014-01-04 22:16 - 2014-01-04 22:19 - 410578278 _____ C:\Users\normal\Downloads\tables_vista_free.zip
2014-01-04 19:21 - 2014-01-04 19:21 - 01094939 _____ (pendrivelinux.com) C:\Users\normal\Downloads\Universal-USB-Installer-1.9.5.1.exe
2014-01-03 20:44 - 2014-01-03 20:44 - 00000000 ____D C:\Users\normal\AppData\Roaming\Canneverbe Limited
2014-01-03 20:44 - 2014-01-03 20:44 - 00000000 ____D C:\ProgramData\Canneverbe Limited
2013-12-23 12:09 - 2013-12-23 12:09 - 00000000 ____D C:\Program Files\Common Files\Deterministic Networks
2013-12-23 12:07 - 2013-12-23 12:08 - 00001594 _____ C:\Windows\VPNUnInstall.MIF
2013-12-23 12:03 - 2013-12-23 12:03 - 00000737 _____ C:\Users\normal\Downloads\VPN-Einwahl_Greifswald_Hochschule.pcf
2013-12-23 12:01 - 2013-12-23 12:01 - 05026816 _____ C:\Users\normal\Downloads\vpnclient-winx64-msi-5.0.07.0440-k9 (1).exe
2013-12-22 16:46 - 2013-12-22 16:47 - 00004273 _____ C:\Users\normal\Downloads\npsa_mpsaview.pl
2013-12-22 16:29 - 2013-12-22 16:29 - 00000556 _____ C:\Users\normal\Downloads\seqdump (10).txt
2013-12-22 16:29 - 2013-12-22 16:29 - 00000538 _____ C:\Users\normal\Downloads\seqdump (12).txt
2013-12-22 16:29 - 2013-12-22 16:29 - 00000538 _____ C:\Users\normal\Downloads\seqdump (11).txt
2013-12-22 16:28 - 2013-12-22 16:28 - 00000516 _____ C:\Users\normal\Downloads\seqdump (9).txt
2013-12-22 16:27 - 2013-12-22 16:27 - 00000516 _____ C:\Users\normal\Downloads\seqdump (8).txt
2013-12-22 16:26 - 2013-12-22 16:26 - 00000514 _____ C:\Users\normal\Downloads\seqdump (7).txt
2013-12-22 16:22 - 2013-12-22 16:22 - 00000686 _____ C:\Users\normal\Downloads\seqdump (6).txt
2013-12-22 16:22 - 2013-12-22 16:22 - 00000535 _____ C:\Users\normal\Downloads\seqdump (5).txt
2013-12-22 16:21 - 2013-12-22 16:21 - 00000987 _____ C:\Users\normal\Downloads\seqdump (4).txt
2013-12-22 16:20 - 2013-12-22 16:20 - 00000708 _____ C:\Users\normal\Downloads\seqdump (3).txt
2013-12-22 16:18 - 2013-12-22 16:18 - 00000550 _____ C:\Users\normal\Downloads\seqdump (2).txt
2013-12-22 16:16 - 2013-12-22 16:16 - 00001250 _____ C:\Users\normal\Downloads\seqdump (1).txt
2013-12-22 15:47 - 2013-12-22 15:47 - 00001250 _____ C:\Users\normal\Downloads\seqdump.txt
2013-12-22 12:33 - 2014-01-10 11:12 - 00000000 ____D C:\Users\normal\Desktop\CAIB

==================== One Month Modified Files and Folders =======

2014-01-19 12:39 - 2014-01-19 12:38 - 00020331 _____ C:\Users\normal\Desktop\FRST.txt
2014-01-19 12:37 - 2014-01-19 12:37 - 02076672 _____ (Farbar) C:\Users\normal\Desktop\FRST64.exe
2014-01-19 12:36 - 2014-01-19 12:36 - 00000484 _____ C:\Users\normal\Desktop\defogger_disable.log
2014-01-19 12:35 - 2014-01-19 12:35 - 00050477 _____ C:\Users\normal\Desktop\Defogger.exe
2014-01-19 12:35 - 2013-08-27 18:04 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-19 12:34 - 2014-01-19 12:34 - 00000918 _____ C:\Users\normal\Desktop\Ereignisse.txt
2014-01-19 12:32 - 2013-08-27 18:57 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-19 12:29 - 2009-07-14 05:45 - 00018512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-19 12:29 - 2009-07-14 05:45 - 00018512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-19 12:27 - 2014-01-19 12:27 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-19 12:26 - 2014-01-19 12:26 - 00819176 _____ (Google Inc.) C:\Users\phil radium\Downloads\ChromeSetup.exe
2014-01-19 12:24 - 2013-10-30 16:40 - 00005144 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for philradium-PC-normal philradium-PC
2014-01-19 12:21 - 2013-12-10 12:22 - 00000000 ____D C:\Users\normal\AppData\Roaming\Spotify
2014-01-19 12:20 - 2013-08-27 18:04 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-19 12:19 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-19 12:19 - 2009-07-14 05:51 - 00047092 _____ C:\Windows\setupact.log
2014-01-18 23:17 - 2013-08-27 16:04 - 01846377 _____ C:\Windows\WindowsUpdate.log
2014-01-18 16:58 - 2013-10-29 19:53 - 00000932 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3430076251-3564822088-1984558500-1002UA.job
2014-01-18 01:36 - 2013-10-29 19:53 - 00000910 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3430076251-3564822088-1984558500-1002Core.job
2014-01-16 17:23 - 2014-01-16 17:23 - 00243567 _____ C:\Users\normal\Downloads\1HHO.pdb
2014-01-16 12:14 - 2014-01-16 12:14 - 00107163 _____ C:\Users\normal\Downloads\4HW1.pdb
2014-01-16 09:43 - 2009-07-14 05:45 - 00460784 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 00:55 - 2013-10-24 13:06 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-16 00:55 - 2013-08-30 10:09 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 00:55 - 2009-07-14 03:34 - 00000478 _____ C:\Windows\win.ini
2014-01-16 00:51 - 2013-08-30 10:09 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 21:33 - 2014-01-11 13:33 - 00000000 ____D C:\Users\normal\Desktop\pc-protokolle-2014
2014-01-15 20:50 - 2014-01-15 20:50 - 00000000 ____D C:\Program Files (x86)\PyMOL
2014-01-15 20:30 - 2014-01-15 20:30 - 15570944 _____ C:\Users\normal\Downloads\pymol-v1.3r1-edu-Win32.msi
2014-01-14 16:02 - 2013-08-27 16:01 - 00451690 _____ C:\Windows\PFRO.log
2014-01-14 15:55 - 2014-01-14 15:46 - 140300048 _____ C:\Users\normal\Downloads\avira_antivirus_suite_de (2).exe
2014-01-11 13:53 - 2014-01-11 13:53 - 00000000 ____D C:\Users\normal\AppData\Local\Microsoft Help
2014-01-11 13:35 - 2014-01-11 13:35 - 00015497 _____ C:\Users\normal\Downloads\Nicht bestätigt 760173.crdownload
2014-01-10 11:12 - 2013-12-22 12:33 - 00000000 ____D C:\Users\normal\Desktop\CAIB
2014-01-10 11:05 - 2014-01-10 11:05 - 00000000 ____D C:\Users\normal\Desktop\Originals
2014-01-09 09:32 - 2014-01-09 09:32 - 00010696 _____ C:\Users\normal\Downloads\sequence.gbx.xml
2014-01-04 22:53 - 2014-01-04 22:50 - 680512320 _____ C:\Users\normal\Downloads\ophcrack-vista-livecd-3.6.0.iso
2014-01-04 22:44 - 2014-01-04 22:44 - 02083288 _____ C:\Users\normal\Downloads\winrar-x64-501d.exe
2014-01-04 22:19 - 2014-01-04 22:16 - 410578278 _____ C:\Users\normal\Downloads\tables_vista_free.zip
2014-01-04 19:21 - 2014-01-04 19:21 - 01094939 _____ (pendrivelinux.com) C:\Users\normal\Downloads\Universal-USB-Installer-1.9.5.1.exe
2014-01-04 19:17 - 2013-08-28 01:57 - 00654166 _____ C:\Windows\system32\perfh007.dat
2014-01-04 19:17 - 2013-08-28 01:57 - 00130006 _____ C:\Windows\system32\perfc007.dat
2014-01-04 19:17 - 2009-07-14 06:13 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-04 10:22 - 2013-10-05 20:07 - 00000000 ____D C:\Users\normal
2014-01-04 09:32 - 2013-10-24 13:13 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-01-04 09:32 - 2013-08-27 16:13 - 00000000 ____D C:\Users\phil radium
2014-01-04 09:32 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2014-01-04 09:32 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2014-01-03 20:44 - 2014-01-03 20:44 - 00000000 ____D C:\Users\normal\AppData\Roaming\Canneverbe Limited
2014-01-03 20:44 - 2014-01-03 20:44 - 00000000 ____D C:\ProgramData\Canneverbe Limited
2013-12-26 11:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-25 13:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-23 12:10 - 2013-11-11 08:31 - 00001594 _____ C:\Windows\VPNInstall.MIF
2013-12-23 12:09 - 2013-12-23 12:09 - 00000000 ____D C:\Program Files\Common Files\Deterministic Networks
2013-12-23 12:08 - 2013-12-23 12:07 - 00001594 _____ C:\Windows\VPNUnInstall.MIF
2013-12-23 12:03 - 2013-12-23 12:03 - 00000737 _____ C:\Users\normal\Downloads\VPN-Einwahl_Greifswald_Hochschule.pcf
2013-12-23 12:01 - 2013-12-23 12:01 - 05026816 _____ C:\Users\normal\Downloads\vpnclient-winx64-msi-5.0.07.0440-k9 (1).exe
2013-12-22 16:47 - 2013-12-22 16:46 - 00004273 _____ C:\Users\normal\Downloads\npsa_mpsaview.pl
2013-12-22 16:29 - 2013-12-22 16:29 - 00000556 _____ C:\Users\normal\Downloads\seqdump (10).txt
2013-12-22 16:29 - 2013-12-22 16:29 - 00000538 _____ C:\Users\normal\Downloads\seqdump (12).txt
2013-12-22 16:29 - 2013-12-22 16:29 - 00000538 _____ C:\Users\normal\Downloads\seqdump (11).txt
2013-12-22 16:28 - 2013-12-22 16:28 - 00000516 _____ C:\Users\normal\Downloads\seqdump (9).txt
2013-12-22 16:27 - 2013-12-22 16:27 - 00000516 _____ C:\Users\normal\Downloads\seqdump (8).txt
2013-12-22 16:26 - 2013-12-22 16:26 - 00000514 _____ C:\Users\normal\Downloads\seqdump (7).txt
2013-12-22 16:22 - 2013-12-22 16:22 - 00000686 _____ C:\Users\normal\Downloads\seqdump (6).txt
2013-12-22 16:22 - 2013-12-22 16:22 - 00000535 _____ C:\Users\normal\Downloads\seqdump (5).txt
2013-12-22 16:21 - 2013-12-22 16:21 - 00000987 _____ C:\Users\normal\Downloads\seqdump (4).txt
2013-12-22 16:20 - 2013-12-22 16:20 - 00000708 _____ C:\Users\normal\Downloads\seqdump (3).txt
2013-12-22 16:18 - 2013-12-22 16:18 - 00000550 _____ C:\Users\normal\Downloads\seqdump (2).txt
2013-12-22 16:16 - 2013-12-22 16:16 - 00001250 _____ C:\Users\normal\Downloads\seqdump (1).txt
2013-12-22 15:47 - 2013-12-22 15:47 - 00001250 _____ C:\Users\normal\Downloads\seqdump.txt

Some content of TEMP:
====================
C:\Users\normal\AppData\Local\Temp\avgnt.exe
C:\Users\normal\AppData\Local\Temp\vpnclient_setup.exe
C:\Users\phil radium\AppData\Local\Temp\avgnt.exe
C:\Users\phil radium\AppData\Local\Temp\Install_HOSTS_Anti-Adware.exe
C:\Users\phil radium\AppData\Local\Temp\ose00000.exe
C:\Users\phil radium\AppData\Local\Temp\vpnclient_setup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-10 15:23

==================== End Of Log ============================

und GMER hat nicht funktioniert
ich hab es 2 mal versucht und windows meinte es läuft nicht richtig
es hat nach eine problemlösung gesucht und dann kam ein bluescran und er hat neu gestarten. das Gleiche hab ich im Abgesicherten modus probiert und hab den hacken bei Devices entfernt .

Avira Ergebnis:

Code:

ATTFilter

Exportierte Ereignisse:

14.01.2014 18:35 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\phil radium\AppData\Local\Microsoft\Windows\Temporary 
      Internet Files\Content.IE5\TJ9ACNOW\Firefox_Setup.exe'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/InstallCore.Gen7' 
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5ef1d89f.qua' 
      verschoben!

danke schonmal im Voraus

2 Virenfunde Avira /gmer funktioniert nicht

Log-Analyse und Auswertung: 2 Virenfunde Avira /gmer funktioniert nicht

2 Virenfunde Avira /gmer funktioniert nicht

Ähnliche Themen: 2 Virenfunde Avira /gmer funktioniert nicht