Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Interpol-Trojaner hat meinen Rechner gesperrt (https://www.trojaner-board.de/145059-interpol-trojaner-hat-meinen-rechner-gesperrt.html)

Schulle57 23.11.2013 14:59
Interpol-Trojaner hat meinen Rechner gesperrt
 
Hallo Leute,

folgendes Problem: angeblich hat Interpol mein Rechner gesperrt :confused:.
Was kann ich gegen diesen Trojaner machen? Mit Farbar Recovery Scan habe ich mir schon mal die Log-Datei erstellen lassen:

Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-11-2013 01
Ran by SYSTEM on MININT-27ALP96 on 22-11-2013 17:50:25
Running from G:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-02-05] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2107176 2010-03-11] (Synaptics Incorporated)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-26] (Egis Technology Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [496160 2010-06-15] (Acer Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-26] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-10] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-10] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [MDS_Menu] - C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe [124136 2010-06-25] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1532992 2013-03-13] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\Schulle\...\Run: [Browser Infrastructure Helper] - C:\Users\Schulle\AppData\Local\Smartbar\Application\QuickShare.exe [20248 2013-06-16] (Smartbar)
HKU\Schulle\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKU\Schulle\...\RunOnce: [bq3xi] - C:\ProgramData\iae\cbhgq.exe [396800 2013-11-21] (NVIDIA Corporation)
HKU\Schulle\...\Winlogon: [Shell] C:\ProgramData\mrsm\elera.exe,explorer.exe <==== ATTENTION

==================== Services (Whitelisted) =================

S2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [822304 2010-06-15] (Acer Incorporated)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.)
S2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2010-04-16] (NTI, Inc.)
S2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-02-03] ()
S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{2e695283-51bc-c546-2862-d87b0e9f724e}\  \...\???\{2e695283-51bc-c546-2862-d87b0e9f724e}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
S3 mfeavfk01; No ImagePath
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-22 17:47 - 2013-11-22 17:47 - 00000000 ____D C:\FRST
2013-11-21 14:16 - 2013-11-21 14:16 - 00000364 _____ C:\Windows\PFRO.log
2013-11-21 14:07 - 2013-11-22 07:02 - 00000000 ____D C:\ProgramData\tjgensu
2013-11-21 14:07 - 2013-11-22 04:25 - 00000000 ____D C:\ProgramData\epc
2013-11-21 14:07 - 2013-11-21 14:07 - 00000000 ____D C:\ProgramData\opfx
2013-11-21 14:07 - 2013-11-21 14:07 - 00000000 ____D C:\ProgramData\mrsm
2013-11-21 14:07 - 2013-11-21 14:07 - 00000000 ____D C:\ProgramData\iae
2013-11-21 14:03 - 2013-11-22 07:02 - 00000000 ____D C:\ProgramData\avppqbj
2013-11-17 04:14 - 2013-11-22 07:02 - 00000392 _____ C:\Windows\setupact.log
2013-11-17 04:14 - 2013-11-17 04:14 - 00000000 _____ C:\Windows\setuperr.log
2013-11-16 13:25 - 2013-11-16 13:32 - 00027136 _____ C:\Users\Schulle\Downloads\Mitgliederzahlen.xls
2013-11-13 11:16 - 2013-11-16 11:17 - 00000000 ____D C:\Windows\System32\MpEngineStore
2013-11-13 11:16 - 2013-11-13 11:16 - 00000000 ____D C:\1d1f670d4d142ce06840f642e140

==================== One Month Modified Files and Folders =======

2013-11-22 17:47 - 2013-11-22 17:47 - 00000000 ____D C:\FRST
2013-11-22 07:12 - 2013-10-13 10:21 - 00670008 _____ C:\Windows\WindowsUpdate.log
2013-11-22 07:09 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-22 07:09 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-22 07:02 - 2013-11-21 14:07 - 00000000 ____D C:\ProgramData\tjgensu
2013-11-22 07:02 - 2013-11-21 14:03 - 00000000 ____D C:\ProgramData\avppqbj
2013-11-22 07:02 - 2013-11-17 04:14 - 00000392 _____ C:\Windows\setupact.log
2013-11-22 07:02 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-22 04:25 - 2013-11-21 14:07 - 00000000 ____D C:\ProgramData\epc
2013-11-21 14:16 - 2013-11-21 14:16 - 00000364 _____ C:\Windows\PFRO.log
2013-11-21 14:14 - 2013-10-11 10:17 - 00006584 _____ C:\Users\Schulle\Documents\Re_Ferienwohnung_Fam_Norbert_Schulz.eml
2013-11-21 14:14 - 2013-06-02 08:22 - 00339968 _____ C:\Users\Schulle\Documents\kopfbogen neu 2013 Aufnahmeantrag nur Abbuchung.dot
2013-11-21 14:14 - 2013-02-27 22:39 - 06728784 _____ C:\Users\Schulle\Documents\InstallMyTomTomSA.exe
2013-11-21 14:14 - 2012-12-29 04:36 - 15271824 _____ C:\Users\Schulle\Documents\picasa39-setup.exe
2013-11-21 14:14 - 2012-08-05 04:04 - 196139624 _____ C:\Users\Schulle\Documents\Rossmann-Fotosoftware-Setup.exe
2013-11-21 14:14 - 2012-08-05 03:04 - 00016384 ___SH C:\Users\Schulle\Documents\Thumbs.db
2013-11-21 14:14 - 2011-10-09 09:27 - 00910624 _____ C:\Users\Schulle\Documents\jre-6u27-windows-i586-iftw.exe&File=jre-6u27-windows-i586-iftw.exe&BHost=javadl.sun.com
2013-11-21 14:14 - 2011-05-22 08:12 - 04186072 _____ C:\Users\Schulle\Documents\McAfeeSetup.exe
2013-11-21 14:14 - 2011-04-01 10:06 - 00000000 ____D C:\Users\Schulle\AppData\Roaming\SoftGrid Client
2013-11-21 14:13 - 2013-10-12 07:57 - 00117760 _____ C:\Users\Schulle\Documents\10110 SV Dreetz 1980.xls
2013-11-21 14:13 - 2013-09-01 02:00 - 46592416 _____ C:\Users\Schulle\Documents\EIE10_EN-US_WOL_Win764.EXE
2013-11-21 14:13 - 2013-04-11 10:56 - 51310752 _____ C:\Users\Schulle\Documents\IE10-Setup-Full-x64.exe
2013-11-21 14:13 - 2013-03-17 01:06 - 29083336 _____ C:\Users\Schulle\Documents\family_tree_builder_5634.exe
2013-11-21 14:13 - 2013-02-24 10:39 - 04189792 _____ C:\Users\Schulle\Documents\ccsetup327.exe
2013-11-21 14:13 - 2012-10-17 09:43 - 00107008 _____ C:\Users\Schulle\Documents\10110%20SV%20Dreetz%201980 (2).xls
2013-11-21 14:07 - 2013-11-21 14:07 - 00000000 ____D C:\ProgramData\opfx
2013-11-21 14:07 - 2013-11-21 14:07 - 00000000 ____D C:\ProgramData\mrsm
2013-11-21 14:07 - 2013-11-21 14:07 - 00000000 ____D C:\ProgramData\iae
2013-11-21 13:33 - 2011-01-13 11:41 - 00654852 _____ C:\Windows\System32\perfh007.dat
2013-11-21 13:33 - 2011-01-13 11:41 - 00130434 _____ C:\Windows\System32\perfc007.dat
2013-11-21 13:33 - 2009-07-13 21:13 - 01500104 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-21 13:26 - 2011-04-01 04:59 - 00000000 ____D C:\users\Schulle
2013-11-21 13:24 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2013-11-21 13:23 - 2012-12-27 10:07 - 00000000 ____D C:\Users\Schulle\Desktop\OpenOffice.org 3.4.1 (de) Installation Files
2013-11-21 13:23 - 2011-09-22 09:16 - 00000000 __RSD C:\Users\Schulle\Documents\My Stationery
2013-11-21 13:23 - 2011-04-01 10:12 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-11-21 13:23 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-11-21 13:23 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\restore
2013-11-21 13:23 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-11-21 13:23 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-11-21 13:23 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-11-21 13:23 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2013-11-21 13:23 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-11-21 13:23 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media
2013-11-21 13:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-11-21 13:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\migwiz
2013-11-21 13:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\IME
2013-11-21 13:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Cursors
2013-11-21 13:22 - 2013-02-24 10:43 - 00000000 ____D C:\Program Files\CCleaner
2013-11-21 13:22 - 2012-08-06 10:34 - 00000000 ____D C:\Program Files (x86)\Rossmann Fotowelt Software
2013-11-21 13:22 - 2011-06-21 08:32 - 00000000 ____D C:\Program Files (x86)\MyTomTom 3
2013-11-21 13:22 - 2011-04-03 06:41 - 00000000 ____D C:\Program Files (x86)\T-Online_Software_6
2013-11-21 13:22 - 2011-04-01 10:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-11-21 13:22 - 2011-01-13 02:54 - 00000000 ____D C:\Program Files (x86)\Launch Manager
2013-11-21 13:22 - 2010-09-07 23:55 - 00000000 ____D C:\Program Files (x86)\EgisTec IPS
2013-11-21 13:22 - 2010-09-07 23:49 - 00000000 ____D C:\ProgramData\McAfee
2013-11-21 13:22 - 2010-09-07 23:34 - 00000000 ____D C:\Program Files (x86)\AmIcoSingLun
2013-11-21 13:22 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-11-21 13:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-11-21 12:59 - 2013-03-13 12:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-11-21 12:59 - 2013-03-13 12:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-11-17 04:14 - 2013-11-17 04:14 - 00000000 _____ C:\Windows\setuperr.log
2013-11-16 13:32 - 2013-11-16 13:25 - 00027136 _____ C:\Users\Schulle\Downloads\Mitgliederzahlen.xls
2013-11-16 11:17 - 2013-11-13 11:16 - 00000000 ____D C:\Windows\System32\MpEngineStore
2013-11-16 07:35 - 2012-12-14 05:18 - 00262144 _____ C:\Windows\System32\config\ELAM
2013-11-13 11:16 - 2013-11-13 11:16 - 00000000 ____D C:\1d1f670d4d142ce06840f642e140
2013-11-13 11:16 - 2013-08-14 23:47 - 00000000 ____D C:\Windows\System32\MRT
2013-11-13 11:16 - 2011-06-15 09:33 - 82896128 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-11-13 10:46 - 2012-12-29 04:38 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-13 10:44 - 2011-04-02 05:11 - 00000000 ____D C:\Users\Schulle\AppData\Local\Google
2013-10-24 09:38 - 2011-04-01 10:12 - 00000000 ____D C:\Users\Schulle\AppData\Local\Microsoft Games
ZeroAccess:
C:\Users\Schulle\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

15
Restore point made on: 2013-10-13 13:07:19
Restore point made on: 2013-10-13 13:11:03
Restore point made on: 2013-10-13 13:17:05
Restore point made on: 2013-10-13 13:57:26
Restore point made on: 2013-10-20 08:33:08
Restore point made on: 2013-10-20 08:40:38
Restore point made on: 2013-10-20 09:00:06
Restore point made on: 2013-10-27 10:00:24
Restore point made on: 2013-11-03 10:00:10
Restore point made on: 2013-11-10 10:00:22
Restore point made on: 2013-11-13 11:15:54
Restore point made on: 2013-11-17 10:00:29
Restore point made on: 2013-11-21 12:45:41
Restore point made on: 2013-11-21 12:58:43
Restore point made on: 2013-11-21 13:15:00

==================== Memory info ===========================

Percentage of memory in use: 18%
Total physical RAM: 3764.48 MB
Available physical RAM: 3060.02 MB
Total Pagefile: 3762.63 MB
Available Pagefile: 3047.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:451.66 GB) (Free:403.44 GB) NTFS
Drive e: (PQSERVICE) (Fixed) (Total:14 GB) (Free:2.4 GB) NTFS
Drive g: () (Removable) (Total:7.45 GB) (Free:4.11 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: C28353B4)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: 26D09764)
Partition 1: (Active) - (Size=7 GB) - (Type=0B)


LastRegBack: 2013-11-10 09:24

==================== End Of Log ============================
Bitte helft mir. Vielen Dank!

aharonov 23.11.2013 15:30
Hi,

da läuft noch mehr Malware als nur der Sperrbildschirm..
Aber eins nach dem anderen. Kannst du den Rechner nach diesem Fix wieder normal starten?


Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\Schulle\...\RunOnce: [bq3xi] - C:\ProgramData\iae\cbhgq.exe [396800 2013-11-21] (NVIDIA Corporation)
HKU\Schulle\...\Winlogon: [Shell] C:\ProgramData\mrsm\elera.exe,explorer.exe <==== ATTENTION
2013-11-21 14:07 - 2013-11-22 07:02 - 00000000 ____D C:\ProgramData\tjgensu
2013-11-21 14:07 - 2013-11-22 04:25 - 00000000 ____D C:\ProgramData\epc
2013-11-21 14:07 - 2013-11-21 14:07 - 00000000 ____D C:\ProgramData\opfx
2013-11-21 14:07 - 2013-11-21 14:07 - 00000000 ____D C:\ProgramData\mrsm
2013-11-21 14:07 - 2013-11-21 14:07 - 00000000 ____D C:\ProgramData\iae
2013-11-21 14:03 - 2013-11-22 07:02 - 00000000 ____D C:\ProgramData\avppqbj
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Schulle57 24.11.2013 17:42
Hallo aharanov,

der Rechner startet wieder so wie vorher. VIELEN DANK für Deine Hilfe!!

aharonov 24.11.2013 17:45
Wir müssen aber noch weitermachen. Du hast noch andere hässliche Malware drauf.


Verschiebe die frst64.exe vom USB-Stick auf den Desktop.
  • Starte dann FRST.
  • Setze bei Optional Scan den Haken bei Addition.txt und drücke Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieser beiden Logfiles bitte hier in deinen Thread.

Schulle57 25.11.2013 20:06
Hallo Leo,

hier die neuen Log-files:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-11-2013 01
Ran by Schulle (administrator) on SCHULLE-PC on 25-11-2013 20:03:03
Running from C:\Users\Schulle\Desktop
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NTI, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
() C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(McAfee, Inc.) c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-02-05] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2107176 2010-03-11] (Synaptics Incorporated)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [496160 2010-06-15] (Acer Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [MDS_Menu] - C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe [124136 2010-06-25] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1532992 2013-03-13] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=HitachiXHTS545050B9A300_101118PBN406M7GHPGSEX&ts=1381611085
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=HitachiXHTS545050B9A300_101118PBN406M7GHPGSEX&ts=1381611085
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=HitachiXHTS545050B9A300_101118PBN406M7GHPGSEX&ts=1381611085
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=HitachiXHTS545050B9A300_101118PBN406M7GHPGSEX&ts=1381611085&type=default&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=HitachiXHTS545050B9A300_101118PBN406M7GHPGSEX&ts=1381611085&type=default&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name - {27B4851A-3207-45A2-B947-BE8AFE6163AB} -  No File
BHO: QuickShare WidgetEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120628094544.dll (McAfee, Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files\McAfee\MSK\mskapbho.dll ()
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120628094544.dll (McAfee, Inc.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx

==================== Services (Whitelisted) =================

S2 0065211385406037mcinstcleanup; C:\Windows\TEMP\006521~1.EXE [834664 2013-07-30] (McAfee, Inc.)
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [822304 2010-06-15] (Acer Incorporated)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2010-04-17] (NTI, Inc.)
R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-02-03] ()
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{2e695283-51bc-c546-2862-d87b0e9f724e}\  \...\???\{2e695283-51bc-c546-2862-d87b0e9f724e}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-25 20:03 - 2013-11-25 20:03 - 00015033 _____ C:\Users\Schulle\Desktop\FRST.txt
2013-11-25 20:02 - 2013-11-22 17:04 - 01958070 _____ (Farbar) C:\Users\Schulle\Desktop\FRST64.exe
2013-11-25 19:58 - 2013-11-25 19:58 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Adobe
2013-11-25 19:57 - 2013-11-25 19:57 - 00064024 _____ C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-25 19:57 - 2013-11-25 19:57 - 00000000 ____D C:\Users\Gast\AppData\Local\EgisTec IPS
2013-11-25 19:56 - 2013-11-25 19:56 - 00001409 _____ C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-11-25 19:55 - 2013-11-25 19:56 - 00001443 _____ C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-25 19:55 - 2013-11-25 19:56 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-25 19:55 - 2013-11-25 19:56 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-25 19:55 - 2013-11-25 19:55 - 00000020 ___SH C:\Users\Gast\ntuser.ini
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 _SHDL C:\Users\Gast\Vorlagen
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 _SHDL C:\Users\Gast\Startmenü
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 _SHDL C:\Users\Gast\Netzwerkumgebung
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 _SHDL C:\Users\Gast\Lokale Einstellungen
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 _SHDL C:\Users\Gast\Eigene Dateien
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 _SHDL C:\Users\Gast\Druckumgebung
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 _SHDL C:\Users\Gast\Documents\Eigene Musik
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 _SHDL C:\Users\Gast\Documents\Eigene Bilder
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 _SHDL C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 _SHDL C:\Users\Gast\AppData\Local\Verlauf
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 _SHDL C:\Users\Gast\AppData\Local\Anwendungsdaten
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 _SHDL C:\Users\Gast\Anwendungsdaten
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 ____D C:\Users\Gast\AppData\Local\VirtualStore
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 ____D C:\Users\Gast
2013-11-25 19:55 - 2011-07-29 15:56 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Macromedia
2013-11-25 19:55 - 2009-07-14 05:54 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-11-25 19:55 - 2009-07-14 05:49 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-11-24 17:51 - 2013-11-24 17:51 - 00000000 ____D C:\Users\Schulle\AppData\Roaming\Malwarebytes
2013-11-24 17:50 - 2013-11-24 17:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-24 17:50 - 2013-11-24 17:50 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-24 17:50 - 2013-11-24 17:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-24 17:50 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-23 02:47 - 2013-11-23 02:47 - 00000000 ____D C:\FRST
2013-11-21 23:16 - 2013-11-24 20:07 - 00289982 _____ C:\Windows\PFRO.log
2013-11-17 13:14 - 2013-11-25 19:42 - 00000728 _____ C:\Windows\setupact.log
2013-11-17 13:14 - 2013-11-17 13:14 - 00000000 _____ C:\Windows\setuperr.log
2013-11-16 22:25 - 2013-11-16 22:32 - 00027136 _____ C:\Users\Schulle\Downloads\Mitgliederzahlen.xls
2013-11-13 20:16 - 2013-11-16 20:17 - 00000000 ____D C:\Windows\system32\MpEngineStore
2013-11-13 20:16 - 2013-11-13 20:16 - 00000000 ____D C:\1d1f670d4d142ce06840f642e140

==================== One Month Modified Files and Folders =======

2013-11-25 20:03 - 2013-11-25 20:03 - 00015033 _____ C:\Users\Schulle\Desktop\FRST.txt
2013-11-25 19:59 - 2011-04-01 19:06 - 00000000 ____D C:\Users\Schulle\AppData\Roaming\SoftGrid Client
2013-11-25 19:58 - 2013-11-25 19:58 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Adobe
2013-11-25 19:57 - 2013-11-25 19:57 - 00064024 _____ C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-25 19:57 - 2013-11-25 19:57 - 00000000 ____D C:\Users\Gast\AppData\Local\EgisTec IPS
2013-11-25 19:56 - 2013-11-25 19:56 - 00001409 _____ C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-11-25 19:56 - 2013-11-25 19:55 - 00001443 _____ C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-25 19:56 - 2013-11-25 19:55 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-25 19:56 - 2013-11-25 19:55 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-25 19:55 - 2013-11-25 19:55 - 00000020 ___SH C:\Users\Gast\ntuser.ini
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 _SHDL C:\Users\Gast\Vorlagen
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 _SHDL C:\Users\Gast\Startmenü
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 _SHDL C:\Users\Gast\Netzwerkumgebung
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 _SHDL C:\Users\Gast\Lokale Einstellungen
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 _SHDL C:\Users\Gast\Eigene Dateien
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 _SHDL C:\Users\Gast\Druckumgebung
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 _SHDL C:\Users\Gast\Documents\Eigene Musik
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 _SHDL C:\Users\Gast\Documents\Eigene Bilder
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 _SHDL C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 _SHDL C:\Users\Gast\AppData\Local\Verlauf
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 _SHDL C:\Users\Gast\AppData\Local\Anwendungsdaten
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 _SHDL C:\Users\Gast\Anwendungsdaten
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 ____D C:\Users\Gast\AppData\Local\VirtualStore
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 ____D C:\Users\Gast
2013-11-25 19:55 - 2013-10-13 19:21 - 00742137 _____ C:\Windows\WindowsUpdate.log
2013-11-25 19:49 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-25 19:49 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-25 19:42 - 2013-11-17 13:14 - 00000728 _____ C:\Windows\setupact.log
2013-11-25 19:42 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-24 20:07 - 2013-11-21 23:16 - 00289982 _____ C:\Windows\PFRO.log
2013-11-24 19:51 - 2012-12-14 14:18 - 00262144 _____ C:\Windows\system32\config\ELAM
2013-11-24 17:51 - 2013-11-24 17:51 - 00000000 ____D C:\Users\Schulle\AppData\Roaming\Malwarebytes
2013-11-24 17:51 - 2013-11-24 17:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-24 17:50 - 2013-11-24 17:50 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-24 17:50 - 2013-11-24 17:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-24 17:41 - 2011-01-13 20:41 - 00654852 _____ C:\Windows\system32\perfh007.dat
2013-11-24 17:41 - 2011-01-13 20:41 - 00130434 _____ C:\Windows\system32\perfc007.dat
2013-11-24 17:41 - 2009-07-14 06:13 - 01500104 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-23 02:47 - 2013-11-23 02:47 - 00000000 ____D C:\FRST
2013-11-22 17:04 - 2013-11-25 20:02 - 01958070 _____ (Farbar) C:\Users\Schulle\Desktop\FRST64.exe
2013-11-21 23:14 - 2013-10-11 19:17 - 00006584 _____ C:\Users\Schulle\Documents\Re_Ferienwohnung_Fam_Norbert_Schulz.eml
2013-11-21 23:14 - 2013-06-02 17:22 - 00339968 _____ C:\Users\Schulle\Documents\kopfbogen neu 2013 Aufnahmeantrag nur Abbuchung.dot
2013-11-21 23:14 - 2013-02-28 07:39 - 06728784 _____ C:\Users\Schulle\Documents\InstallMyTomTomSA.exe
2013-11-21 23:14 - 2012-12-29 13:36 - 15271824 _____ C:\Users\Schulle\Documents\picasa39-setup.exe
2013-11-21 23:14 - 2012-08-05 13:04 - 196139624 _____ C:\Users\Schulle\Documents\Rossmann-Fotosoftware-Setup.exe
2013-11-21 23:14 - 2012-08-05 12:04 - 00016384 ___SH C:\Users\Schulle\Documents\Thumbs.db
2013-11-21 23:14 - 2011-10-09 18:27 - 00910624 _____ C:\Users\Schulle\Documents\jre-6u27-windows-i586-iftw.exe&File=jre-6u27-windows-i586-iftw.exe&BHost=javadl.sun.com
2013-11-21 23:14 - 2011-05-22 17:12 - 04186072 _____ C:\Users\Schulle\Documents\McAfeeSetup.exe
2013-11-21 23:13 - 2013-10-12 16:57 - 00117760 _____ C:\Users\Schulle\Documents\10110 SV Dreetz 1980.xls
2013-11-21 23:13 - 2013-09-01 11:00 - 46592416 _____ C:\Users\Schulle\Documents\EIE10_EN-US_WOL_Win764.EXE
2013-11-21 23:13 - 2013-04-11 19:56 - 51310752 _____ C:\Users\Schulle\Documents\IE10-Setup-Full-x64.exe
2013-11-21 23:13 - 2013-03-17 10:06 - 29083336 _____ C:\Users\Schulle\Documents\family_tree_builder_5634.exe
2013-11-21 23:13 - 2013-02-24 19:39 - 04189792 _____ C:\Users\Schulle\Documents\ccsetup327.exe
2013-11-21 23:13 - 2012-10-17 18:43 - 00107008 _____ C:\Users\Schulle\Documents\10110%20SV%20Dreetz%201980 (2).xls
2013-11-21 22:26 - 2011-04-01 13:59 - 00000000 ____D C:\Users\Schulle
2013-11-21 22:24 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\servicing
2013-11-21 22:23 - 2013-03-17 10:09 - 00000000 ____D C:\Users\Schulle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyHeritage.com
2013-11-21 22:23 - 2012-12-27 19:07 - 00000000 ____D C:\Users\Schulle\Desktop\OpenOffice.org 3.4.1 (de) Installation Files
2013-11-21 22:23 - 2011-09-22 18:16 - 00000000 __RSD C:\Users\Schulle\Documents\My Stationery
2013-11-21 22:23 - 2011-04-01 19:12 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-11-21 22:23 - 2011-04-01 14:00 - 00000000 ___RD C:\Users\Schulle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-21 22:23 - 2011-04-01 14:00 - 00000000 ___RD C:\Users\Schulle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-21 22:23 - 2011-04-01 13:59 - 00000000 ___RD C:\Users\Schulle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-11-21 22:23 - 2011-04-01 13:59 - 00000000 ___RD C:\Users\Schulle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-11-21 22:23 - 2009-07-14 08:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-11-21 22:23 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\restore
2013-11-21 22:23 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-11-21 22:23 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-11-21 22:23 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-11-21 22:23 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2013-11-21 22:23 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-11-21 22:23 - 2009-07-14 04:20 - 00000000 __RSD C:\Windows\Media
2013-11-21 22:23 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-11-21 22:23 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\migwiz
2013-11-21 22:23 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\IME
2013-11-21 22:23 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Cursors
2013-11-21 22:22 - 2013-02-24 19:43 - 00000000 ____D C:\Program Files\CCleaner
2013-11-21 22:22 - 2012-08-06 19:34 - 00000000 ____D C:\Program Files (x86)\Rossmann Fotowelt Software
2013-11-21 22:22 - 2011-06-21 17:32 - 00000000 ____D C:\Program Files (x86)\MyTomTom 3
2013-11-21 22:22 - 2011-04-03 15:41 - 00000000 ____D C:\Program Files (x86)\T-Online_Software_6
2013-11-21 22:22 - 2011-04-01 19:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-11-21 22:22 - 2011-01-13 11:54 - 00000000 ____D C:\Program Files (x86)\Launch Manager
2013-11-21 22:22 - 2010-09-08 08:55 - 00000000 ____D C:\Program Files (x86)\EgisTec IPS
2013-11-21 22:22 - 2010-09-08 08:49 - 00000000 ____D C:\ProgramData\McAfee
2013-11-21 22:22 - 2010-09-08 08:34 - 00000000 ____D C:\Program Files (x86)\AmIcoSingLun
2013-11-21 22:22 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-11-21 22:22 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-11-21 21:59 - 2013-03-13 21:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-11-21 21:59 - 2013-03-13 21:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-11-17 13:14 - 2013-11-17 13:14 - 00000000 _____ C:\Windows\setuperr.log
2013-11-16 22:32 - 2013-11-16 22:25 - 00027136 _____ C:\Users\Schulle\Downloads\Mitgliederzahlen.xls
2013-11-16 20:17 - 2013-11-13 20:16 - 00000000 ____D C:\Windows\system32\MpEngineStore
2013-11-13 20:16 - 2013-11-13 20:16 - 00000000 ____D C:\1d1f670d4d142ce06840f642e140
2013-11-13 20:16 - 2013-08-15 08:47 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 20:16 - 2011-06-15 18:33 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-13 19:46 - 2012-12-29 13:38 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-13 19:44 - 2011-04-02 14:11 - 00000000 ____D C:\Users\Schulle\AppData\Local\Google
ZeroAccess:
C:\Users\Schulle\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


LastRegBack: 2013-11-10 18:24

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-11-2013 01
Ran by Schulle at 2013-11-25 20:04:02
Running from C:\Users\Schulle\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: McAfee  Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee  Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee  Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

Acer Arcade Deluxe (x32 Version: 4.0.8012)
Acer Arcade Movie (x32 Version: 9.0.6625)
Acer Backup Manager (x32 Version: 2.0.0.68)
Acer Crystal Eye webcam (x32 Version: 1.0.4.4)
Acer eRecovery Management (x32 Version: 4.05.3013)
Acer GameZone Console (x32 Version: 6.1.0.9)
Acer PowerSmart Manager (x32 Version: 5.01.3003)
Acer Registration (x32 Version: 1.03.3003)
Acer ScreenSaver (x32 Version: 1.1.0804.2010)
Acer Updater (x32 Version: 1.02.3001)
Acrobat.com (x32 Version: 1.6.65)
Adobe AIR (x32 Version: 2.7.0.19530)
Adobe Flash Player 10 ActiveX (x32 Version: 10.1.82.76)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.1.102.63)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
Alcor Micro USB Card Reader (x32 Version: 1.3.17.05006)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.33)
ATI Catalyst Install Manager (Version: 3.0.765.0)
Backup Manager Basic (x32 Version: 2.0.0.68)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Core Implementation (x32 Version: 2010.0605.2309.39762)
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0605.2309.39762)
Catalyst Control Center Graphics Full New (x32 Version: 2010.0605.2309.39762)
Catalyst Control Center Graphics Light (x32 Version: 2010.0605.2309.39762)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0605.2309.39762)
Catalyst Control Center InstallProxy (x32 Version: 2010.0605.2309.39762)
Catalyst Control Center Localization All (x32 Version: 2010.0605.2309.39762)
CCC Help Chinese Standard (x32 Version: 2010.0605.2308.39762)
CCC Help Chinese Traditional (x32 Version: 2010.0605.2308.39762)
CCC Help Czech (x32 Version: 2010.0605.2308.39762)
CCC Help Danish (x32 Version: 2010.0605.2308.39762)
CCC Help Dutch (x32 Version: 2010.0605.2308.39762)
CCC Help English (x32 Version: 2010.0605.2308.39762)
CCC Help Finnish (x32 Version: 2010.0605.2308.39762)
CCC Help French (x32 Version: 2010.0605.2308.39762)
CCC Help German (x32 Version: 2010.0605.2308.39762)
CCC Help Greek (x32 Version: 2010.0605.2308.39762)
CCC Help Hungarian (x32 Version: 2010.0605.2308.39762)
CCC Help Italian (x32 Version: 2010.0605.2308.39762)
CCC Help Japanese (x32 Version: 2010.0605.2308.39762)
CCC Help Korean (x32 Version: 2010.0605.2308.39762)
CCC Help Norwegian (x32 Version: 2010.0605.2308.39762)
CCC Help Polish (x32 Version: 2010.0605.2308.39762)
CCC Help Portuguese (x32 Version: 2010.0605.2308.39762)
CCC Help Russian (x32 Version: 2010.0605.2308.39762)
CCC Help Spanish (x32 Version: 2010.0605.2308.39762)
CCC Help Swedish (x32 Version: 2010.0605.2308.39762)
CCC Help Thai (x32 Version: 2010.0605.2308.39762)
CCC Help Turkish (x32 Version: 2010.0605.2308.39762)
ccc-core-static (x32 Version: 2010.0605.2309.39762)
ccc-utility64 (Version: 2010.0605.2309.39762)
CCleaner (Version: 3.27)
eBay Worldwide (x32 Version: 2.1.0901)
Google Update Helper (x32 Version: 1.3.23.0)
Identity Card (x32 Version: 1.00.3003)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Intel(R) Rapid Storage Technology (x32 Version: 9.6.0.1014)
Intel(R) Turbo Boost Technology Driver (x32 Version: 01.01.01.1007)
Junk Mail filter update (x32 Version: 14.0.8117.416)
Launch Manager (x32 Version: 4.0.14)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
McAfee Internet Security Suite (x32 Version: 11.6.511)
MediaShow Espresso (x32 Version: 5.5.1403_23691)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (x32 Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MyHeritage Family Tree Builder (x32 Version: 6.0.0.5634)
MyTomTom 3.1.0.530 (x32 Version: 3.1.0.530)
MyWinLocker (x32 Version: 3.1.212.0)
MyWinLocker Suite (x32 Version: 3.1.212.0)
NTI Backup Now 5 (x32 Version: 5.1.2.630)
NTI Backup Now Standard (x32 Version: 5.1.2.630)
NTI Media Maker 8 (x32 Version: 8.0.12.6636)
Picasa 3 (x32 Version: 3.9)
PX Profile Update (x32 Version: 1.00.1.)
QuickShare (x32 Version: 1.38.61.10911)
Rossmann Fotowelt Software 4.12.1 (x32 Version: 4.12.1)
Shared C Run-time for x64 (Version: 10.0.0)
Shredder (Version: 2.0.8.3)
Shredder (x32 Version: 2.0.8.3)
Skype™ 5.10 (x32 Version: 5.10.116)
Synaptics Pointing Device Driver (Version: 15.0.12.0)
T-Online 6.0 (x32)
Überwachungstool für die Intel® Turbo-Boost-Technik (Version: 1.0.186.6)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Visual Studio C++ 10.0 Runtime (x32 Version: 10.0.0)
Welcome Center (x32 Version: 1.02.3004)
WIDCOMM Bluetooth Software (Version: 6.3.0.6000)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5)
Windows Live Call (x32 Version: 14.0.8117.0416)
Windows Live Communications Platform (x32 Version: 14.0.8117.416)
Windows Live Essentials (x32 Version: 14.0.8117.0416)
Windows Live Essentials (x32 Version: 14.0.8117.416)
Windows Live Fotogalerie (x32 Version: 14.0.8117.416)
Windows Live Mail (x32 Version: 14.0.8117.0416)
Windows Live Messenger (x32 Version: 14.0.8117.0416)
Windows Live Movie Maker (x32 Version: 14.0.8117.0416)
Windows Live Sync (x32 Version: 14.0.8117.416)
Windows Live Writer (x32 Version: 14.0.8117.0416)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)

==================== Restore Points  =========================

13-10-2013 21:17:01 Windows Update
13-10-2013 21:57:19 Configured eSobi v2
20-10-2013 16:32:54 Installed Java 7 Update 45
20-10-2013 16:40:33 Removed Java 7 Update 45
20-10-2013 17:00:02 Windows-Sicherung
27-10-2013 18:00:05 Windows-Sicherung
03-11-2013 18:00:05 Windows-Sicherung
10-11-2013 18:00:04 Windows-Sicherung
13-11-2013 19:15:41 Windows Update
17-11-2013 18:00:07 Windows-Sicherung
21-11-2013 20:45:23 Windows Update
21-11-2013 20:58:37 Removed Microsoft Silverlight
21-11-2013 21:14:45 Wiederherstellungsvorgang
24-11-2013 18:00:25 Windows-Sicherung

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {07D7ED82-E8B1-413C-9A98-29E50B494DFA} - System32\Tasks\{9334256F-8622-4868-AD16-6D88C5757143} => c:\program
Task: {2330FE64-9C67-499A-8CD6-CF5CF9D7D7EE} - System32\Tasks\UpdaterEX => C:\Users\Schulle\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE
Task: {3AD090DB-DF9F-412B-9FEF-05C42F43B21F} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {3D136EBF-47A9-4392-8D41-E28AC07AC0E6} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1672633237-2234590521-1765480130-1000
Task: {6FFB811C-75DF-454B-B597-CB87F92E5FB1} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {B146870D-6789-452F-80AF-90664339E404} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd)
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\Schulle\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE

==================== Loaded Modules (whitelisted) =============

2010-06-25 09:08 - 2010-06-25 09:08 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2010-03-26 10:41 - 2010-03-26 10:41 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-01-13 11:48 - 2011-01-13 11:48 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-06-28 23:20 - 2010-06-28 23:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-28 23:12 - 2010-06-28 23:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2010-09-08 09:17 - 2009-05-20 07:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:93EB7685
AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D
AlternateDataStreams: C:\ProgramData\Temp:E36F5B57
AlternateDataStreams: C:\Users\Schulle\Documents\Re_Ferienwohnung_Fam_Norbert_Schulz.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/22/2013 04:12:33 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

Error: (11/22/2013 00:19:56 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (11/21/2013 11:16:55 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16768, Zeitstempel: 0x4d688122
Name des fehlerhaften Moduls: Explorer.EXE, Version: 6.1.7600.16768, Zeitstempel: 0x4d688122
Ausnahmecode: 0xc000041d
Fehleroffset: 0x0000000000001290
ID des fehlerhaften Prozesses: 0xd20
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (11/21/2013 10:30:30 PM) (Source: McLogEvent) (User: NT-AUTORITÄT)
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 3

Error: (11/21/2013 10:26:24 PM) (Source: McLogEvent) (User: NT-AUTORITÄT)
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 3

Error: (11/21/2013 08:23:18 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Notifier.exe, Version: 6.4.0.2, Zeitstempel: 0x45a38d1f
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000003
ID des fehlerhaften Prozesses: 0x74
Startzeit der fehlerhaften Anwendung: 0xNotifier.exe0
Pfad der fehlerhaften Anwendung: Notifier.exe1
Pfad des fehlerhaften Moduls: Notifier.exe2
Berichtskennung: Notifier.exe3

Error: (11/20/2013 09:27:30 PM) (Source: Application Hang) (User: )
Description: Programm browser.exe, Version 6.12.0.9 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1278

Startzeit: 01cee62db6b5e908

Endzeit: 18

Anwendungspfad: C:\Program Files (x86)\T-Online_Software_6\Browser\browser.exe

Berichts-ID: 21741705-5222-11e3-bb49-60eb69b89a1b

Error: (11/17/2013 06:14:59 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (11/17/2013 00:02:18 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: browser.exe, Version: 6.12.0.9, Zeitstempel: 0x4d6658b1
Name des fehlerhaften Moduls: MSHTML.dll, Version: 9.0.8112.16476, Zeitstempel: 0x5126ee6c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00131498
ID des fehlerhaften Prozesses: 0x1708
Startzeit der fehlerhaften Anwendung: 0xbrowser.exe0
Pfad der fehlerhaften Anwendung: browser.exe1
Pfad des fehlerhaften Moduls: browser.exe2
Berichtskennung: browser.exe3

Error: (11/16/2013 11:59:49 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: browser.exe, Version: 6.12.0.9, Zeitstempel: 0x4d6658b1
Name des fehlerhaften Moduls: MSHTML.dll, Version: 9.0.8112.16476, Zeitstempel: 0x5126ee6c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00131498
ID des fehlerhaften Prozesses: 0x7b4
Startzeit der fehlerhaften Anwendung: 0xbrowser.exe0
Pfad der fehlerhaften Anwendung: browser.exe1
Pfad des fehlerhaften Moduls: browser.exe2
Berichtskennung: browser.exe3


System errors:
=============
Error: (11/25/2013 07:57:31 PM) (Source: DCOM) (User: Schulle-PC)
Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}Schulle-PCGastS-1-5-21-1672633237-2234590521-1765480130-501LocalHost (unter Verwendung von LRPC)

Error: (11/25/2013 07:57:31 PM) (Source: DCOM) (User: )
Description: {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A}

Error: (11/25/2013 07:56:29 PM) (Source: DCOM) (User: )
Description: {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766}

Error: (11/25/2013 07:44:43 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee Personal Firewall Service" ist von folgendem Dienst abhängig: MpsSvc. Dieser Dienst ist eventuell nicht installiert.

Error: (11/25/2013 07:44:43 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee Personal Firewall Service" ist von folgendem Dienst abhängig: MpsSvc. Dieser Dienst ist eventuell nicht installiert.

Error: (11/25/2013 07:43:08 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (11/25/2013 07:42:48 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%-2147024891

Error: (11/25/2013 07:42:48 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2147024891

Error: (11/25/2013 07:42:11 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee Personal Firewall Service" ist von folgendem Dienst abhängig: MpsSvc. Dieser Dienst ist eventuell nicht installiert.

Error: (11/25/2013 07:42:11 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.


Microsoft Office Sessions:
=========================
Error: (11/22/2013 04:12:33 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

Error: (11/22/2013 00:19:56 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (11/21/2013 11:16:55 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7600.167684d688122Explorer.EXE6.1.7600.167684d688122c000041d0000000000001290d2001cee7075b0bc0beC:\Windows\Explorer.EXEC:\Windows\Explorer.EXEa0f95618-52fa-11e3-81fb-60eb69b89a1b

Error: (11/21/2013 10:30:30 PM) (Source: McLogEvent)(User: NT-AUTORITÄT)
Description: 3

Error: (11/21/2013 10:26:24 PM) (Source: McLogEvent)(User: NT-AUTORITÄT)
Description: 3

Error: (11/21/2013 08:23:18 PM) (Source: Application Error)(User: )
Description: Notifier.exe6.4.0.245a38d1funknown0.0.0.000000000c0000005000000037401cee6ef21953b41C:\PROGRA~2\T-ONLI~1\Notifier\Notifier.exeunknown600e7c79-52e2-11e3-84e2-60eb69b89a1b

Error: (11/20/2013 09:27:30 PM) (Source: Application Hang)(User: )
Description: browser.exe6.12.0.9127801cee62db6b5e90818C:\Program Files (x86)\T-Online_Software_6\Browser\browser.exe21741705-5222-11e3-bb49-60eb69b89a1b

Error: (11/17/2013 06:14:59 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (11/17/2013 00:02:18 AM) (Source: Application Error)(User: )
Description: browser.exe6.12.0.94d6658b1MSHTML.dll9.0.8112.164765126ee6cc000000500131498170801cee31f93485f14C:\Program Files (x86)\T-Online_Software_6\Browser\browser.exeC:\Windows\system32\MSHTML.dll2410f281-4f13-11e3-a5fb-60eb69b89a1b

Error: (11/16/2013 11:59:49 PM) (Source: Application Error)(User: )
Description: browser.exe6.12.0.94d6658b1MSHTML.dll9.0.8112.164765126ee6cc0000005001314987b401cee31f67c1d63dC:\Program Files (x86)\T-Online_Software_6\Browser\browser.exeC:\Windows\system32\MSHTML.dllcad3d1d3-4f12-11e3-a5fb-60eb69b89a1b


CodeIntegrity Errors:
===================================
  Date: 2013-11-24 18:07:17.111
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-24 18:07:17.049
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-24 18:07:17.018
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-05 23:06:25.896
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-05 19:11:21.576
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-05 17:53:56.147
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-05 17:09:28.498
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-05 16:52:03.693
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-05 09:21:27.433
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-03 08:32:32.323
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 35%
Total physical RAM: 3764.48 MB
Available physical RAM: 2444.34 MB
Total Pagefile: 7527.11 MB
Available Pagefile: 5603.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:451.66 GB) (Free:403.38 GB) NTFS
Drive e: () (Removable) (Total:7.45 GB) (Free:4.11 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: C28353B4)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: 26D09764)
Partition 1: (Active) - (Size=7 GB) - (Type=0B)

==================== End Of Log ============================
Ich habe jetzt auch folgendes Problem: meine Dateien (Bilder, Dokumente,...) können von sämtlichen Programmen nicht mehr geöffnet werden. Es kommen Fehlermeldungen wie "unbekannter Dateityp", "beschädigt",... Was kann passiert sein?

Gruß
Norbert

aharonov 25.11.2013 20:50
Hallo Norbert,

war auf dem Interpol-Sperrbildschirm irgendetwas geschrieben, dass deine Daten verschlüsselt worden seien...?

Lade bitte folgendermassen Dateien zur Analyse hoch:
  • Deaktiviere bitte temporär deinen Virenscanner.
  • Suche folgenden Ordner auf den USB-Stick, von welchem du den FRST-Fix gestartet hast
    \FRST\Quarantine
    und packe ihn in ein zip-Archiv (Rechtsklick darauf -> Senden an -> zip-komprimierten Ordner).
  • Gehe nun zum Trojaner-Board Upload-Channel:
    1. Drücke auf Durchsuchen..., wähle das erstellte zip-File aus und klicke Öffnen.
    2. Füge den Link deines Themas im Forum in das entsprechende Feld ein.
    3. Gib deinen Benutzernamen ein.
    4. Drücke auf den Button Hochladen.
  • Du kannst jetzt deinen Virenscanner wieder aktivieren.
    (bebilderte Anleitung)

Schulle57 26.11.2013 19:03
Hallo Leo,

leider wurde der Ordner "Quarantine" nicht erstellt. Ich habe auch unter Ordneroptionen "versteckte Ordner"/"Dateien anzeigen" ausgewählt, aber leider ist nichts zu finden.

Soll ich die FIX-Option nochmal durchführen und dabei den Virenscanner gleich ausstellen?

Gruß
Norbert

aharonov 26.11.2013 19:34
Mach mal so weiter:


Schritt 1

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 2

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.




Schritt 3

Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von Adwcleaner
  • Log von Combofix
  • Log von FRST

Schulle57 26.11.2013 20:35
Hallo Leo,

von AdwCleaner gibt es zwei Log-Dateien:

Code:
# AdwCleaner v3.013 - Bericht erstellt am 26/11/2013 um 19:58:08
# Updated 24/11/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzername : Schulle - SCHULLE-PC
# Gestartet von : C:\Users\Schulle\Downloads\adwcleaner.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\user.js
Datei Gefunden : C:\Windows\System32\Tasks\UpdaterEX
Datei Gefunden : C:\Windows\Tasks\UpdaterEX.job
Ordner Gefunden C:\Program Files (x86)\BonanzaDeals
Ordner Gefunden C:\Program Files (x86)\Inbox Toolbar
Ordner Gefunden C:\ProgramData\Babylon
Ordner Gefunden C:\ProgramData\eSafe
Ordner Gefunden C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar
Ordner Gefunden C:\ProgramData\Tarma Installer
Ordner Gefunden C:\Users\Schulle\AppData\Local\PackageAware
Ordner Gefunden C:\Users\Schulle\AppData\Local\Temp\OCS
Ordner Gefunden C:\Users\Schulle\AppData\Local\Temp\Smartbar
Ordner Gefunden C:\Users\Schulle\AppData\LocalLow\Delta
Ordner Gefunden C:\Users\Schulle\AppData\LocalLow\Inbox Toolbar
Ordner Gefunden C:\Users\Schulle\AppData\LocalLow\searchgol
Ordner Gefunden C:\Users\Schulle\AppData\LocalLow\Smartbar
Ordner Gefunden C:\Users\Schulle\AppData\Roaming\UpdaterEX

***** [ Verknüpfungen ] *****

Verknüpfung Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar\Einstellungen.lnk ( /showurl hxxp://toolbar.inbox.com/settings/settings.aspx?lng=de )
Verknüpfung Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar\Hilfe.lnk ( /showurl hxxp://toolbar.inbox.com/faq.aspx )
Verknüpfung Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar\Inbox.com.lnk ( /showurl hxxp://www.inbox.com/homepage.aspx?tbid=80742&iwk=283&lng=de )
Verknüpfung Gefunden : C:\Users\Schulle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=HitachiXHTS545050B9A300_101118PBN406M7GHPGSEX&ts=1381611085 )
Verknüpfung Gefunden : C:\Users\Schulle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=HitachiXHTS545050B9A300_101118PBN406M7GHPGSEX&ts=1381611085 )
Verknüpfung Gefunden : C:\Users\Schulle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=HitachiXHTS545050B9A300_101118PBN406M7GHPGSEX&ts=1381611085 )
Verknüpfung Gefunden : C:\Users\Schulle\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=HitachiXHTS545050B9A300_101118PBN406M7GHPGSEX&ts=1381611085 )
Verknüpfung Gefunden : C:\Users\Schulle\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=HitachiXHTS545050B9A300_101118PBN406M7GHPGSEX&ts=1381611085 )
Verknüpfung Gefunden : C:\Users\Schulle\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=HitachiXHTS545050B9A300_101118PBN406M7GHPGSEX&ts=1381611085 )

***** [ Registrierungsdatenbank ] *****

Daten Gefunden : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=HitachiXHTS545050B9A300_101118PBN406M7GHPGSEX&ts=1381611085
Schlüssel Gefunden : HKCU\Software\BabSolution
Schlüssel Gefunden : HKCU\Software\Inbox Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\smartbarbackup
Schlüssel Gefunden : HKCU\Software\smartbarlog
Schlüssel Gefunden : [x64] HKCU\Software\BabSolution
Schlüssel Gefunden : [x64] HKCU\Software\Inbox Toolbar
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\SmartBar
Schlüssel Gefunden : [x64] HKCU\Software\smartbarbackup
Schlüssel Gefunden : [x64] HKCU\Software\smartbarlog
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4277F7CF-0000-46CF-BA49-D624465C4BAB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Inbox.AppServer
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Inbox.IBX404
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Inbox.JSServer
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Inbox.Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\inbox
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\Software\Inbox Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
Schlüssel Gefunden : HKLM\Software\Uniblue
Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Tarma Installer
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [InboxToolbar]
Wert Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16476

Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.inbox.com/homepage.aspx?tbid=80742&iwk=283&lng=de
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=79d8d232-102f-4b5f-96b8-b7bc44f1fa69&searchtype=ds&q={searchTerms}&installDate=01/01/1970
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=HitachiXHTS545050B9A300_101118PBN406M7GHPGSEX&ts=1381611085
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=HitachiXHTS545050B9A300_101118PBN406M7GHPGSEX&ts=1381611085

-\\ Google Chrome v29.0.1547.66

[ Datei : C:\Users\Schulle\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [14186 octets] - [26/11/2013 19:58:08]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [14247 octets] ##########
Code:
# AdwCleaner v3.013 - Bericht erstellt am 26/11/2013 um 19:58:41
# Updated 24/11/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzername : Schulle - SCHULLE-PC
# Gestartet von : C:\Users\Schulle\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\eSafe
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar
Ordner Gelöscht : C:\Program Files (x86)\BonanzaDeals
Ordner Gelöscht : C:\Program Files (x86)\Inbox Toolbar
Ordner Gelöscht : C:\Users\Schulle\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Schulle\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Schulle\AppData\Local\Temp\Smartbar
Ordner Gelöscht : C:\Users\Schulle\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Schulle\AppData\LocalLow\Inbox Toolbar
Ordner Gelöscht : C:\Users\Schulle\AppData\LocalLow\searchgol
Ordner Gelöscht : C:\Users\Schulle\AppData\LocalLow\Smartbar
Ordner Gelöscht : C:\Users\Schulle\AppData\Roaming\UpdaterEX
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\user.js
Datei Gelöscht : C:\Windows\Tasks\UpdaterEX.job
Datei Gelöscht : C:\Windows\System32\Tasks\UpdaterEX

***** [ Verknüpfungen ] *****
Log-Datei Combofix:

Code:
ComboFix 13-11-23.02 - Schulle 26.11.2013  20:06:59.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.3764.2611 [GMT 1:00]
ausgeführt von:: c:\users\Schulle\Downloads\ComboFix.exe
AV: McAfee  Anti-Virus und Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee  Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee  Anti-Virus und Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Im Speicher befindliches AV aktiv.
.
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Schulle\Documents\EIE10_EN-US_WOL_Win764.EXE
c:\users\Schulle\Documents\family_tree_builder_5634.exe
c:\users\Schulle\Documents\IE10-Setup-Full-x64.exe
c:\users\Schulle\Documents\InstallMyTomTomSA.exe
c:\users\Schulle\Documents\McAfeeSetup.exe
c:\users\Schulle\Documents\picasa39-setup.exe
c:\users\Schulle\Documents\Rossmann-Fotosoftware-Setup.exe
c:\windows\SysWow64\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-10-26 bis 2013-11-26  ))))))))))))))))))))))))))))))
.
.
2013-11-26 19:13 . 2013-11-26 19:13        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-11-26 18:58 . 2013-11-26 18:58        --------        d-----w-        C:\AdwCleaner
2013-11-25 18:55 . 2013-11-25 18:55        --------        d-----w-        c:\users\Gast
2013-11-24 16:51 . 2013-11-24 16:51        --------        d-----w-        c:\users\Schulle\AppData\Roaming\Malwarebytes
2013-11-24 16:50 . 2013-11-24 16:50        --------        d-----w-        c:\programdata\Malwarebytes
2013-11-24 16:50 . 2013-04-04 13:50        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-11-24 16:50 . 2013-11-24 16:51        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2013-11-24 16:50 . 2013-11-24 16:50        --------        d-----w-        c:\users\Schulle\AppData\Local\Programs
2013-11-23 01:47 . 2013-11-23 01:47        --------        d-----w-        C:\FRST
2013-11-21 20:57 . 2013-11-21 20:57        --------        d-----w-        C:\history
2013-11-13 19:16 . 2013-11-16 19:17        --------        d-----w-        c:\windows\system32\MpEngineStore
2013-11-13 19:16 . 2013-11-13 19:16        --------        d-----w-        C:\1d1f670d4d142ce06840f642e140
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-26 18:43 . 2012-08-06 18:36        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-13 19:16 . 2011-06-15 17:33        82896128        ----a-w-        c:\windows\system32\MRT.exe
2013-10-18 16:15 . 2013-10-18 16:15        163504        ----a-w-        c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40        120176        ----a-w-        c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-05 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"MDS_Menu"="c:\program files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"ArcadeMovieService"="c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [2010-06-25 124136]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-13 1532992]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-09-05 958576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-25 1129760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-26 18:46        1210320        ----a-w-        c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-11-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-26 18:43]
.
2013-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-26 18:36]
.
2013-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-26 18:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2009-11-25 10:47        444752        ----a-w-        c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42        137584        ----a-w-        c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-02-05 324608]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-05 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-05 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-05 413208]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-06-15 496160]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80742&iwk=283&lng=de
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-InboxToolbar - c:\program files (x86)\Inbox Toolbar\Inbox.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{612AD33D-9824-4E87-8396-92374E91C4BB}_is1 - c:\program files (x86)\Inbox Toolbar\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\SysWOW64\rundll32.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files (x86)\Launch Manager\LMworker.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-11-26  20:20:00 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-11-26 19:20
.
Vor Suchlauf: 13 Verzeichnis(se), 434.086.260.736 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 433.568.301.056 Bytes frei
.
- - End Of File - - DA5B810861C0F207DAE51A061068D1EE
und hier das Logfile FRST.txt

aharonov 26.11.2013 21:01
Zitat:
und hier das Logfile FRST.txt
Das kann ich nicht sehen...

Schulle57 26.11.2013 21:14
ich versuche es noch einmal.
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-11-2013 01
Ran by Schulle (administrator) on SCHULLE-PC on 26-11-2013 21:03:54
Running from C:\Users\Schulle\Desktop
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NTI, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-02-05] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2107176 2010-03-11] (Synaptics Incorporated)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [496160 2010-06-15] (Acer Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [MDS_Menu] - C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe [124136 2010-06-25] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1532992 2013-03-13] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.inbox.com/homepage.aspx?tbid=80742&iwk=283&lng=de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=HitachiXHTS545050B9A300_101118PBN406M7GHPGSEX&ts=1381611085
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=HitachiXHTS545050B9A300_101118PBN406M7GHPGSEX&ts=1381611085&type=default&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=HitachiXHTS545050B9A300_101118PBN406M7GHPGSEX&ts=1381611085&type=default&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = hxxp://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80742&iwk=283&lng=de
BHO: No Name - {27B4851A-3207-45A2-B947-BE8AFE6163AB} -  No File
BHO: QuickShare WidgetEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120628094544.dll (McAfee, Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox64.dll No File
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files\McAfee\MSK\mskapbho.dll ()
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120628094544.dll (McAfee, Inc.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll No File
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox64.dll No File
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll No File
Toolbar: HKCU - &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox64.dll No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox64.dll No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Extension: (Docs) - C:\Users\Schulle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\Schulle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Schulle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Schulle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (SiteAdvisor) - C:\Users\Schulle\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.4.1291_0
CHR Extension: (Google Wallet) - C:\Users\Schulle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Schulle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx

==================== Services (Whitelisted) =================

R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [822304 2010-06-15] (Acer Incorporated)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2010-04-17] (NTI, Inc.)
S4 RemoteAccess; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-02-03] ()

==================== Drivers (Whitelisted) ====================

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-26 20:22 - 2013-11-26 21:03 - 00016240 _____ C:\Users\Schulle\Desktop\FRST.txt
2013-11-26 20:20 - 2013-11-26 20:20 - 00020290 _____ C:\ComboFix.txt
2013-11-26 20:04 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-26 20:04 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-26 20:04 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-26 20:04 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-26 20:04 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-26 20:04 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-26 20:04 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-26 20:04 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-26 20:03 - 2013-11-26 20:20 - 00000000 ____D C:\Qoobox
2013-11-26 20:03 - 2013-11-26 20:18 - 00000000 ____D C:\Windows\erdnt
2013-11-26 20:02 - 2013-11-26 20:02 - 05149261 ____R (Swearware) C:\Users\Schulle\Downloads\ComboFix.exe
2013-11-26 19:58 - 2013-11-26 19:58 - 00000000 ____D C:\AdwCleaner
2013-11-26 19:57 - 2013-11-26 19:58 - 01091882 _____ C:\Users\Schulle\Downloads\adwcleaner.exe
2013-11-26 19:36 - 2013-11-26 20:46 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-26 19:36 - 2013-11-26 20:15 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-26 19:36 - 2013-11-26 20:02 - 00002179 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-26 19:36 - 2013-11-26 19:41 - 00004108 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-26 19:36 - 2013-11-26 19:41 - 00003856 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-26 19:35 - 2013-11-26 20:43 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-26 19:35 - 2013-11-26 19:43 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-26 19:32 - 2013-11-26 19:53 - 02724016 _____ (Inbox.com, Inc.                                            ) C:\Users\Schulle\Downloads\EmailNotifierSetup.exe
2013-11-26 06:25 - 2013-11-26 06:25 - 00000000 ____D C:\Users\Gast\AppData\Roaming\ATI
2013-11-26 06:25 - 2013-11-26 06:25 - 00000000 ____D C:\Users\Gast\AppData\Local\ATI
2013-11-25 20:02 - 2013-11-22 17:04 - 01958070 _____ (Farbar) C:\Users\Schulle\Desktop\FRST64.exe
2013-11-25 19:58 - 2013-11-25 19:58 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Adobe
2013-11-25 19:57 - 2013-11-25 19:57 - 00064024 _____ C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-25 19:57 - 2013-11-25 19:57 - 00000000 ____D C:\Users\Gast\AppData\Local\EgisTec IPS
2013-11-25 19:56 - 2013-11-25 19:56 - 00001409 _____ C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-11-25 19:55 - 2013-11-25 19:56 - 00001443 _____ C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-25 19:55 - 2013-11-25 19:56 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-25 19:55 - 2013-11-25 19:56 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-25 19:55 - 2013-11-25 19:55 - 00000020 ___SH C:\Users\Gast\ntuser.ini
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 _SHDL C:\Users\Gast\Vorlagen
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 _SHDL C:\Users\Gast\Startmenü
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 _SHDL C:\Users\Gast\Netzwerkumgebung
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 _SHDL C:\Users\Gast\Lokale Einstellungen
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 _SHDL C:\Users\Gast\Eigene Dateien
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 _SHDL C:\Users\Gast\Druckumgebung
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 _SHDL C:\Users\Gast\Documents\Eigene Musik
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 _SHDL C:\Users\Gast\Documents\Eigene Bilder
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 _SHDL C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 _SHDL C:\Users\Gast\AppData\Local\Verlauf
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 _SHDL C:\Users\Gast\AppData\Local\Anwendungsdaten
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 _SHDL C:\Users\Gast\Anwendungsdaten
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 ____D C:\Users\Gast\AppData\Local\VirtualStore
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 ____D C:\Users\Gast
2013-11-25 19:55 - 2011-07-29 15:56 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Macromedia
2013-11-25 19:55 - 2009-07-14 05:54 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-11-25 19:55 - 2009-07-14 05:49 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-11-24 17:51 - 2013-11-24 17:51 - 00000000 ____D C:\Users\Schulle\AppData\Roaming\Malwarebytes
2013-11-24 17:50 - 2013-11-24 17:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-24 17:50 - 2013-11-24 17:50 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-24 17:50 - 2013-11-24 17:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-24 17:50 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-23 02:47 - 2013-11-23 02:47 - 00000000 ____D C:\FRST
2013-11-21 23:16 - 2013-11-26 20:14 - 00291346 _____ C:\Windows\PFRO.log
2013-11-17 13:14 - 2013-11-26 20:14 - 00001064 _____ C:\Windows\setupact.log
2013-11-17 13:14 - 2013-11-17 13:14 - 00000000 _____ C:\Windows\setuperr.log
2013-11-16 22:25 - 2013-11-16 22:32 - 00027136 _____ C:\Users\Schulle\Downloads\Mitgliederzahlen.xls
2013-11-13 20:16 - 2013-11-16 20:17 - 00000000 ____D C:\Windows\system32\MpEngineStore
2013-11-13 20:16 - 2013-11-13 20:16 - 00000000 ____D C:\1d1f670d4d142ce06840f642e140

==================== One Month Modified Files and Folders =======

2013-11-26 21:04 - 2013-11-26 20:22 - 00016240 _____ C:\Users\Schulle\Desktop\FRST.txt
2013-11-26 20:46 - 2013-11-26 19:36 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-26 20:43 - 2013-11-26 19:35 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-26 20:23 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-26 20:23 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-26 20:20 - 2013-11-26 20:20 - 00020290 _____ C:\ComboFix.txt
2013-11-26 20:20 - 2013-11-26 20:03 - 00000000 ____D C:\Qoobox
2013-11-26 20:20 - 2013-10-13 19:21 - 00780001 _____ C:\Windows\WindowsUpdate.log
2013-11-26 20:20 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-11-26 20:19 - 2012-12-14 14:18 - 00262144 _____ C:\Windows\system32\config\ELAM
2013-11-26 20:18 - 2013-11-26 20:03 - 00000000 ____D C:\Windows\erdnt
2013-11-26 20:15 - 2013-11-26 19:36 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-26 20:15 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-11-26 20:14 - 2013-11-21 23:16 - 00291346 _____ C:\Windows\PFRO.log
2013-11-26 20:14 - 2013-11-17 13:14 - 00001064 _____ C:\Windows\setupact.log
2013-11-26 20:14 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-26 20:03 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-26 20:02 - 2013-11-26 20:02 - 05149261 ____R (Swearware) C:\Users\Schulle\Downloads\ComboFix.exe
2013-11-26 20:02 - 2013-11-26 19:36 - 00002179 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-26 19:58 - 2013-11-26 19:58 - 00000000 ____D C:\AdwCleaner
2013-11-26 19:58 - 2013-11-26 19:57 - 01091882 _____ C:\Users\Schulle\Downloads\adwcleaner.exe
2013-11-26 19:58 - 2012-12-27 18:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-26 19:53 - 2013-11-26 19:32 - 02724016 _____ (Inbox.com, Inc.                                            ) C:\Users\Schulle\Downloads\EmailNotifierSetup.exe
2013-11-26 19:43 - 2013-11-26 19:35 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-26 19:43 - 2012-08-06 19:36 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-26 19:41 - 2013-11-26 19:36 - 00004108 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-26 19:41 - 2013-11-26 19:36 - 00003856 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-26 19:37 - 2011-04-01 21:13 - 00000000 ____D C:\Users\Schulle\AppData\Local\Adobe
2013-11-26 19:36 - 2012-12-29 13:38 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-26 06:25 - 2013-11-26 06:25 - 00000000 ____D C:\Users\Gast\AppData\Roaming\ATI
2013-11-26 06:25 - 2013-11-26 06:25 - 00000000 ____D C:\Users\Gast\AppData\Local\ATI
2013-11-25 20:17 - 2011-04-01 19:06 - 00000000 ____D C:\Users\Schulle\AppData\Roaming\SoftGrid Client
2013-11-25 19:58 - 2013-11-25 19:58 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Adobe
2013-11-25 19:57 - 2013-11-25 19:57 - 00064024 _____ C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-25 19:57 - 2013-11-25 19:57 - 00000000 ____D C:\Users\Gast\AppData\Local\EgisTec IPS
2013-11-25 19:56 - 2013-11-25 19:56 - 00001409 _____ C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-11-25 19:56 - 2013-11-25 19:55 - 00001443 _____ C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-25 19:56 - 2013-11-25 19:55 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-25 19:56 - 2013-11-25 19:55 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-25 19:55 - 2013-11-25 19:55 - 00000020 ___SH C:\Users\Gast\ntuser.ini
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 _SHDL C:\Users\Gast\Vorlagen
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 _SHDL C:\Users\Gast\Startmenü
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 _SHDL C:\Users\Gast\Netzwerkumgebung
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 _SHDL C:\Users\Gast\Lokale Einstellungen
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 _SHDL C:\Users\Gast\Eigene Dateien
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 _SHDL C:\Users\Gast\Druckumgebung
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 _SHDL C:\Users\Gast\Documents\Eigene Musik
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 _SHDL C:\Users\Gast\Documents\Eigene Bilder
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 _SHDL C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 _SHDL C:\Users\Gast\AppData\Local\Verlauf
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 _SHDL C:\Users\Gast\AppData\Local\Anwendungsdaten
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 _SHDL C:\Users\Gast\Anwendungsdaten
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 ____D C:\Users\Gast\AppData\Local\VirtualStore
2013-11-25 19:55 - 2013-11-25 19:55 - 00000000 ____D C:\Users\Gast
2013-11-24 17:51 - 2013-11-24 17:51 - 00000000 ____D C:\Users\Schulle\AppData\Roaming\Malwarebytes
2013-11-24 17:51 - 2013-11-24 17:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-24 17:50 - 2013-11-24 17:50 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-24 17:50 - 2013-11-24 17:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-24 17:41 - 2011-01-13 20:41 - 00654852 _____ C:\Windows\system32\perfh007.dat
2013-11-24 17:41 - 2011-01-13 20:41 - 00130434 _____ C:\Windows\system32\perfc007.dat
2013-11-24 17:41 - 2009-07-14 06:13 - 01500104 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-23 02:47 - 2013-11-23 02:47 - 00000000 ____D C:\FRST
2013-11-22 17:04 - 2013-11-25 20:02 - 01958070 _____ (Farbar) C:\Users\Schulle\Desktop\FRST64.exe
2013-11-21 23:14 - 2013-10-11 19:17 - 00006584 _____ C:\Users\Schulle\Documents\Re_Ferienwohnung_Fam_Norbert_Schulz.eml
2013-11-21 23:14 - 2013-06-02 17:22 - 00339968 _____ C:\Users\Schulle\Documents\kopfbogen neu 2013 Aufnahmeantrag nur Abbuchung.dot
2013-11-21 23:14 - 2012-08-05 12:04 - 00016384 ___SH C:\Users\Schulle\Documents\Thumbs.db
2013-11-21 23:14 - 2011-10-09 18:27 - 00910624 _____ C:\Users\Schulle\Documents\jre-6u27-windows-i586-iftw.exe&File=jre-6u27-windows-i586-iftw.exe&BHost=javadl.sun.com
2013-11-21 23:13 - 2013-10-12 16:57 - 00117760 _____ C:\Users\Schulle\Documents\10110 SV Dreetz 1980.xls
2013-11-21 23:13 - 2013-02-24 19:39 - 04189792 _____ C:\Users\Schulle\Documents\ccsetup327.exe
2013-11-21 23:13 - 2012-10-17 18:43 - 00107008 _____ C:\Users\Schulle\Documents\10110%20SV%20Dreetz%201980 (2).xls
2013-11-21 22:26 - 2011-04-01 13:59 - 00000000 ____D C:\Users\Schulle
2013-11-21 22:24 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\servicing
2013-11-21 22:23 - 2013-03-17 10:09 - 00000000 ____D C:\Users\Schulle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyHeritage.com
2013-11-21 22:23 - 2012-12-27 19:07 - 00000000 ____D C:\Users\Schulle\Desktop\OpenOffice.org 3.4.1 (de) Installation Files
2013-11-21 22:23 - 2011-09-22 18:16 - 00000000 __RSD C:\Users\Schulle\Documents\My Stationery
2013-11-21 22:23 - 2011-04-01 19:12 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-11-21 22:23 - 2011-04-01 14:00 - 00000000 ___RD C:\Users\Schulle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-21 22:23 - 2011-04-01 14:00 - 00000000 ___RD C:\Users\Schulle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-21 22:23 - 2011-04-01 13:59 - 00000000 ___RD C:\Users\Schulle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-11-21 22:23 - 2011-04-01 13:59 - 00000000 ___RD C:\Users\Schulle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-11-21 22:23 - 2009-07-14 08:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-11-21 22:23 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\restore
2013-11-21 22:23 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-11-21 22:23 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-11-21 22:23 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-11-21 22:23 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2013-11-21 22:23 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-11-21 22:23 - 2009-07-14 04:20 - 00000000 __RSD C:\Windows\Media
2013-11-21 22:23 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-11-21 22:23 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\migwiz
2013-11-21 22:23 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\IME
2013-11-21 22:23 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Cursors
2013-11-21 22:22 - 2013-02-24 19:43 - 00000000 ____D C:\Program Files\CCleaner
2013-11-21 22:22 - 2012-08-06 19:34 - 00000000 ____D C:\Program Files (x86)\Rossmann Fotowelt Software
2013-11-21 22:22 - 2011-06-21 17:32 - 00000000 ____D C:\Program Files (x86)\MyTomTom 3
2013-11-21 22:22 - 2011-04-03 15:41 - 00000000 ____D C:\Program Files (x86)\T-Online_Software_6
2013-11-21 22:22 - 2011-04-01 19:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-11-21 22:22 - 2011-01-13 11:54 - 00000000 ____D C:\Program Files (x86)\Launch Manager
2013-11-21 22:22 - 2010-09-08 08:55 - 00000000 ____D C:\Program Files (x86)\EgisTec IPS
2013-11-21 22:22 - 2010-09-08 08:49 - 00000000 ____D C:\ProgramData\McAfee
2013-11-21 22:22 - 2010-09-08 08:34 - 00000000 ____D C:\Program Files (x86)\AmIcoSingLun
2013-11-21 22:22 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-11-21 22:22 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-11-21 21:59 - 2013-03-13 21:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-11-21 21:59 - 2013-03-13 21:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-11-17 13:14 - 2013-11-17 13:14 - 00000000 _____ C:\Windows\setuperr.log
2013-11-16 22:32 - 2013-11-16 22:25 - 00027136 _____ C:\Users\Schulle\Downloads\Mitgliederzahlen.xls
2013-11-16 20:17 - 2013-11-13 20:16 - 00000000 ____D C:\Windows\system32\MpEngineStore
2013-11-13 20:16 - 2013-11-13 20:16 - 00000000 ____D C:\1d1f670d4d142ce06840f642e140
2013-11-13 20:16 - 2013-08-15 08:47 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 20:16 - 2011-06-15 18:33 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-13 19:44 - 2011-04-02 14:11 - 00000000 ____D C:\Users\Schulle\AppData\Local\Google
ZeroAccess:
C:\Users\Schulle\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-10 18:24

==================== End Of Log ============================
--- --- ---

aharonov 27.11.2013 13:29
Hallo,

wie läuft der Rechner jetzt? Kannst du immer noch keine Dateien öffnen?


Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=HitachiXHTS545050B9A300_101118PBN406M7GHPGSEX&ts=1381611085
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=HitachiXHTS545050B9A300_101118PBN406M7GHPGSEX&ts=1381611085&type=default&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=HitachiXHTS545050B9A300_101118PBN406M7GHPGSEX&ts=1381611085&type=default&q={searchTerms}
C:\Users\Schulle\AppData\Local\Google\Desktop\Install
C:\Program Files (x86)\Google\Desktop\Install

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Schritt 2
  • Öffne das Programm Malwarebytes Anti-Malware.
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Klicke auf Aktualisierung --> Suche nach Aktualisierung.
  • Wenn das Update beendet wurde, aktiviere im Reiter Suchlauf die Option Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan fertig ist, klicke auf Ergebnisse anzeigen.
  • Versichere dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter dem Reiter Logdateien finden.



Schritt 3


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Schulle57 27.11.2013 18:54
Hallo Leo,

ja genau, Dateien lassen sich immer noch nicht öffnen.

Hier die Fixlog.txt aus Schritt 1:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-11-2013
Ran by Schulle at 2013-11-27 18:44:24 Run:2
Running from C:\Users\Schulle\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=HitachiXHTS545050B9A300_101118PBN406M7GHPGSEX&ts=1381611085
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=HitachiXHTS545050B9A300_101118PBN406M7GHPGSEX&ts=1381611085&type=default&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=HitachiXHTS545050B9A300_101118PBN406M7GHPGSEX&ts=1381611085&type=default&q={searchTerms}
C:\Users\Schulle\AppData\Local\Google\Desktop\Install
C:\Program Files (x86)\Google\Desktop\Install
       
*****************

HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
C:\Users\Schulle\AppData\Local\Google\Desktop\Install => Moved successfully.
C:\Program Files (x86)\Google\Desktop\Install => Moved successfully.

==== End of Fixlog ====
Log-Datei Malewarebytes Antimaleware:

Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.11.27.07

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Schulle :: SCHULLE-PC [Administrator]

Schutz: Aktiviert

27.11.2013 18:47:25
mbam-log-2013-11-27 (18-47-25).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 236345
Laufzeit: 4 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 9
HKCR\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} (PUP.Optional.InboxToolBar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Inbox.Toolbar (PUP.Optional.InboxToolBar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} (PUP.Optional.InboxToolBar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} (PUP.Optional.InboxToolBar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} (PUP.Optional.InboxToolBar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} (PUP.Optional.InboxToolBar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} (PUP.Optional.QuickShare.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} (PUP.Optional.QuickShare.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Inbox Toolbar (PUP.Optional.InboxToolBar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 4
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D7E97865-918F-41E4-9CD0-25AB1C574CE8} (PUP.Optional.InboxToolBar.A) -> Daten: exéבäAœÐ%«WLè -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{D7E97865-918F-41E4-9CD0-25AB1C574CE8} (PUP.Optional.InboxToolBar.A) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} (PUP.Optional.InboxToolBar.A) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} (PUP.Optional.InboxToolBar.A) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://www.inbox.com/homepage.aspx?tbid=80742&iwk=283&lng=de) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Schulle\Downloads\EmailNotifierSetup.exe (PUP.Optional.Inbox) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

aharonov 27.11.2013 19:03
Ok, ich warte noch auf das ESET-Log und dann schauen wir, was da mit den Dateien passiert ist.

Schulle57 27.11.2013 20:41
Hallo Leo, nun noch das Logfile von ESET

tschau
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=1feaf224e3b9ad4698d7c7b09d903e4c
# engine=16048
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-27 07:26:31
# local_time=2013-11-27 08:26:31 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5122 16777213 100 90 515018 134362987 0 0
# compatibility_mode=5893 16776574 66 85 3980617 137210241 0 0
# scanned=147154
# found=0
# cleaned=0
# scan_time=4788


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:30 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131