Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Win 7: TR/Injector.agfa und gmer.exe stürzt ab (https://www.trojaner-board.de/148251-win-7-tr-injector-agfa-gmer-exe-stuerzt-ab.html)

franz12 20.01.2014 08:48
Win 7: TR/Injector.agfa und gmer.exe stürzt ab
 
Liste der Anhänge anzeigen (Anzahl: 2)
Guten Morgen!

Nach den gelösten Problem mit meinem PC s. www.trojaner-board.de/147972-tr-crypt-xpack-41536-outlook-pst.html habe ich auch mein altes Netbook gescannt.
Hier wurde auch einiges gefunden und leider stürzt gmer.exe ab.

Auffällig ist auch: Ich habe auf dem Netbook Filezilla mit 3 FTP Accounts installiert. Auf allen drei Accounts wurde Schadsoftware installiert. Dabei wurde vornehmlich die index.php am Webserver umgeschrieben. Die FTP-Passwörter habe ich geändert und die Schadsoftware entfernt. Es könnte sein, dass ein Hacker die XML von Filezilla geladen und genutzt hat, um an die Passwörter zu kommen.

defogger_disable ist erledigt.
Hier die Logs von Avira Rescue CD (USB Stick), mbam und FRST.
gmer.exe stürzt ab. Auch im abgesicherten Modus. Screenshot dazu anbei.



Addition

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2014
Ran by acerhell at 2014-01-19 15:05:15
Running from C:\Users\acerhell\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: Microsoft Security Essentials (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32 Version:  - Microsoft)
µTorrent (HKCU Version: 3.3.2.30180 - BitTorrent Inc.)
Acer Crystal Eye webcam Ver:1.1.95.714 (x32 Version: 1.1.95.714 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (x32 Version: 4.05.3004 - Acer Incorporated)
Acer eRecovery Management (x32 Version: 4.05.3005 - Acer Incorporated)
Acer GameZone Console (x32 Version: 5.1.0.2 - Oberon Media, Inc.)
Acer GridVista (x32 Version: 3.01.0730 - Acer Inc.)
Acer Registration (x32 Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (x32 Version: 1.06.0804 - Acer Incorporated)
Acer Updater (x32 Version: 1.01.3017 - Acer Incorporated)
Acer VCM (x32 Version: 4.05.3000 - Acer Incorporated)
Acrobat.com (x32 Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat 8 Professional - English, Français, Deutsch (x32 Version: 8.1.0 - Adobe Systems) Hidden
Adobe After Effects CS3 (x32 Version: 8 - Adobe Systems Incorporated) Hidden
Adobe After Effects CS3 Presets (x32 Version: 8 - Adobe Systems Incorporated) Hidden
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Anchor Service CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (x32 Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe BridgeTalk Plugin CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (x32 Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Recommended Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Contribute CS3 (x32 Version: 4.1 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 3 Master Collection (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen (x32 Version: 1.0 - Adobe Systems Incorporated)
Adobe Default Language CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Download Manager (x32 Version: 1.6.2.60 - NOS Microsystems Ltd.)
Adobe Dreamweaver CS3 (x32 Version: 9 - Adobe Systems Incorporated) Hidden
Adobe Encore CS3 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Encore CS3 Codecs (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS3 (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Fireworks CS3 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Flash CS3 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (x32 Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 9 ActiveX (x32 Version: 9.0.45.0 - Adobe Systems, Inc.)
Adobe Flash Video Encoder (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Fonts All (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS3 (x32 Version: 13.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS3 (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS3 Icon Handler (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe MotionPicture Color Files (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (x32 Version: 10 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS3 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS3 Functional Content (x32 Version: 8 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS3 Third Party Content (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Reader 9.1 MUI (x32 Version: 9.1.0 - Adobe Systems Incorporated)
Adobe Setup (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe SING CS3 (x32 Version: 0.1 - Adobe Systems Incorporated) Hidden
Adobe Soundbooth CS3 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Soundbooth CS3 Codecs (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos CS3 (x32 Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (x32 Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Server (x32 Version: 3.0 - Adobe Systems Incorporated) Hidden
Adobe Video Profiles (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe WAS CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP DVA Panels CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
AHV content for Acrobat and Flash (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Alcor Micro USB Card Reader (x32 Version: 1.2.17.05001 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.17.05001 - Alcor Micro Corp.) Hidden
Any Video Converter 3.5.2 (x32 Version:  - Any-Video-Converter.com)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.5 - Atheros Communications Inc.)
Audacity 1.3.12 (Unicode) (x32 Version:  - Audacity Team)
Band-in-a-Box 2009 12PAK Video (x32 Version:  - PG Music Inc.)
Band-in-a-Box 2009 New Features Video (x32 Version:  - PG Music Inc.)
Blues Pianist Volume 1 (x32 Version:  - PG Music Inc.)
bob internet (x32 Version:  - mobilkom austria AG)
bob internet (x32 Version: 1.0.0.139 - mobilkom austria AG) Hidden
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Bulk Rename Utility 2.7.1.2 (Version:  - TGRMN Software)
Cinergy T Stick RC V9.06.3.01 (x32 Version: 9.06.3.01 - )
Cinergy T-Stick V8.08.18.01 (x32 Version: 8.08.18.01 - )
ColorChecker Passport 1.0 (x32 Version:  - X-Rite)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6425.1000 - Microsoft Corporation)
Conduit Engine (x32 Version:  - Conduit Ltd.) <==== ATTENTION
CyberLink PowerDVD 8 (x32 Version: 8.1.3405.50 - CyberLink Corp.)
CyberLink PowerDVD 8 (x32 Version: 8.1.3405.50 - CyberLink Corp.) Hidden
Dairy Dash (x32 Version:  - Oberon Media)
Dream Day First Home (x32 Version:  - Oberon Media)
DriveImage XML (Private Edition) (x32 Version: 2.14 - Runtime Software)
Dropbox (HKCU Version: 1.4.7 - Dropbox, Inc.)
EASEUS Todo Backup 1.1 (x32 Version:  - EASEUS)
EazelBar (x32 Version: EazelBar 1.7 - EazelBar)
elmeg WIN-Tools V7.63 (x32 Version: 7.63.0000 - Funkwerk Enterprise Communications GmbH)
elmeg WIN-Tools V7.63 (x32 Version: 7.63.0000 - Funkwerk Enterprise Communications GmbH) Hidden
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Farm Frenzy 2 (x32 Version:  - Oberon Media)
FileZilla Client 3.3.2.1 (x32 Version: 3.3.2.1 - )
First Class Flurry (x32 Version:  - Oberon Media)
Free PDF Unlocker (x32 Version:  - Free PDF Unlocker)
FRITZ!Fernzugang (Version: 1.2.3 - AVM Berlin)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Granny In Paradise (x32 Version:  - Oberon Media)
HappyFoto Bestellsoftware (HKCU Version:  - Happy Foto GmbH. (c) Aberger 2009)
Heroes of Hellas (x32 Version:  - Oberon Media)
Identity Card (x32 Version: 1.00.3003 - Acer Incorporated)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.2202 - Intel Corporation)
Intel® Matrix Storage Manager (Version:  - Intel Corporation)
IrfanView (remove only) (x32 Version: 4.27 - Irfan Skiljan)
iTunes (Version: 11.1.3.8 - Apple Inc.)
JDownloader 0.9 (x32 Version: 0.9 - AppWork GmbH)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
LAME v3.98.2 for Audacity (x32 Version:  - )
Launch Manager (x32 Version: 3.0.06 - Acer Inc.)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Merriam Websters Spell Jam (x32 Version:  - Oberon Media)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Antimalware (Version: 3.0.8107.0 - Microsoft Corporation) Hidden
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8107.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.0.30729.1 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.0.30729.1 - Microsoft Corporation) Hidden
Microsoft LifeCam (Version: 3.0.215.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 2 (SP2) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (x32 Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 2.0.0657.0 - Microsoft Corporation) Hidden
Microsoft Security Client DE-DE Language Pack (Version: 2.0.0657.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 2.0.657.0 - Microsoft Corporation)
Microsoft Silverlight (x32 Version: 4.0.60531.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218 (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (x32 Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (x32 Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
Mozilla Thunderbird (3.1.4) (x32 Version: 3.1.4 (de) - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKCU Version:  - )
MyFreeCodec (x32 Version:  - )
MyWinLocker (x32 Version: 3.1.76.0 - Egis Technology Inc.)
Nvu 1.0 (x32 Version: 1.0 - Thorsten Fritz)
PC Connectivity Solution (x32 Version: 8.47.7.0 - Nokia)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PG Music DirectX Plugins 2.0.0.0 (x32 Version:  - PG Music Inc.)
RealDrums Sets 1-20 (x32 Version:  - PG Music Inc.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5901 - Realtek Semiconductor Corp.)
Safari (x32 Version: 5.31.22.7 - Apple Inc.)
Samsung Kies (x32 Version: 2.0.1.11053_99 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.0.1.11053_99 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (Version: 1.4.4.0 - SAMSUNG Electronics Co., Ltd.)
Skype Click to Call (x32 Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 5.8 (x32 Version: 5.8.158 - Skype Technologies S.A.)
Stellarium 0.12.4 (Version: 0.12.4 - Stellarium team)
Synaptics Pointing Device Driver (Version: 13.2.2.0 - Synaptics Incorporated)
TerraTec Home Cinema (x32 Version: 6.11.5 - )
Textmosaic Generator 1.10 (x32 Version: 1.10 - Philipp Winterberg)
TextPad 5 (x32 Version: 5.3.1 - Helios)
TrueCrypt (x32 Version: 6.3a - TrueCrypt Foundation)
TuxGuitar 1.2 (x32 Version:  - )
UltraStar Deluxe (x32 Version: 1.1 - USDX Team)
UPC Konfigurator (x32 Version:  - UPC Telekabel GmbH)
UPC Konfigurator (x32 Version: 5.0.0.62 - UPC Telekabel GmbH) Hidden
Update for 2007 Microsoft Office System (KB2284654) (x32 Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 System (KB2539530) (x32 Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 (KB980729) (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2509470) (x32 Version:  - Microsoft)
Update for Outlook 2007 Junk Email Filter (KB2553975) (x32 Version:  - Microsoft)
VLC media player 1.1.4 (x32 Version: 1.1.4 - VideoLAN)
VMware vCenter Converter Standalone (x32 Version: 5.5.0.1362012 - VMware, Inc.)
Vuze (x32 Version: 4.5 - Vuze Inc.)
Vuze Remote Toolbar (x32 Version: 6.2.3.0 - Vuze Remote)
Welcome Center (x32 Version: 1.00.3008 - Acer Incorporated)
Whilokii 1.0.0 (Version: 1.0.0 - Whilokii) <==== ATTENTION
Windows Home Server-Connector (Version: 6.0.3436.0 - Microsoft Corporation)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (x32 Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8 - Microsoft Corp)
Windows7FirewallControl (x64) 3.0.3.21 (Version: 3.0.3.21 - Sphinx Software)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0 - Nokia)
WinRAR (Version:  - )

==================== Restore Points  =========================

16-12-2013 21:25:01 Windows Update
17-12-2013 16:38:47 Windows Update
20-12-2013 14:30:10 Installed iTunes
21-12-2013 02:00:14 Windows Update
30-12-2013 07:30:35 Windows Update
30-12-2013 19:13:08 Windows Update
03-01-2014 08:36:41 Windows Update
06-01-2014 13:01:41 Installed VMware vCenter Converter Standalone.
06-01-2014 13:17:23 Windows Update
06-01-2014 19:26:39 Windows Update
10-01-2014 02:00:14 Windows Update
11-01-2014 02:00:14 Windows Update
14-01-2014 05:27:13 Windows Update
15-01-2014 19:58:55 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1009E690-1ACC-4739-8E16-81068746DC5B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-12] (Google Inc.)
Task: {30363878-32E7-4313-A563-A8F7C12239E0} - System32\Tasks\EPUpdater => C:\Users\acerhell\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe <==== ATTENTION
Task: {5467AF03-3AF7-4D40-9D2C-18D630B60DC4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-16] (Adobe Systems Incorporated)
Task: {6AFF4273-C5DA-443C-A289-5CF6645D430A} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION
Task: {A0F4FB23-D6EF-4011-BD94-A55690D496B5} - System32\Tasks\{5ED52A28-DD61-4E0A-AA6A-099F786D4D14} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-02-29] (Skype Technologies S.A.)
Task: {D42C8AC8-A8CA-4174-9712-42B7A96357BC} - System32\Tasks\{3FAD7224-1DB0-41B8-9D48-17DBE275B859} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=4.1.0.179&amp;LastError=12029
Task: {D45B19A9-A55E-415D-95A6-D6B954A64856} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11] (Microsoft Corporation)
Task: {F39C25A3-E0FA-4F54-A068-6B36AFB3D2FF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-12] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-01-24 20:28 - 2009-12-12 15:12 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-07 18:44 - 2013-10-07 18:44 - 00086096 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\mspack.dll
2013-10-07 18:43 - 2013-10-07 18:43 - 01296976 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\libxml2.dll
2013-10-07 18:42 - 2013-10-07 18:42 - 00542288 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\sqlite3.dll
2011-12-10 08:15 - 2011-12-10 08:15 - 00115137 _____ () C:\Users\acerhell\AppData\Local\Temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll
2013-12-30 08:50 - 2013-12-30 08:51 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-12-30 08:25 - 2014-01-19 15:03 - 00398104 _____ () C:\Program Files (x86)\Whilokii\bin\Whilokii.BrowserFilter.Helper.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/15/2014 03:02:03 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (01/14/2014 11:18:14 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (01/14/2014 01:01:13 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15475

Error: (01/14/2014 01:01:13 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15475

Error: (01/14/2014 01:01:13 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/14/2014 01:00:54 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10815097

Error: (01/14/2014 01:00:54 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10815097

Error: (01/14/2014 01:00:54 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/12/2014 01:33:56 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5815920

Error: (01/12/2014 01:33:56 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5815920


System errors:
=============
Error: (01/19/2014 02:50:36 PM) (Source: Microsoft Antimalware) (User: )
Description: Fehler in %NT-AUTORITÄT60 beim Aktualisieren von Signaturen.

        Neue Signaturversion:

        Vorherige Signaturversion: 1.165.1751.0

        Aktualisierungsquelle: %NT-AUTORITÄT51

        Aktualisierungsstufe: 3.0.8107.00

        Quellpfad: 3.0.8107.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\NETZWERKDIENST

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (01/19/2014 02:50:36 PM) (Source: Microsoft Antimalware) (User: )
Description: Fehler in %NT-AUTORITÄT60 beim Aktualisieren von Signaturen.

        Neue Signaturversion:

        Vorherige Signaturversion: 1.165.1751.0

        Aktualisierungsquelle: %NT-AUTORITÄT51

        Aktualisierungsstufe: 3.0.8107.00

        Quellpfad: 3.0.8107.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\NETZWERKDIENST

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (01/19/2014 02:50:36 PM) (Source: Microsoft Antimalware) (User: )
Description: Fehler in %NT-AUTORITÄT60 beim Aktualisieren von Signaturen.

        Neue Signaturversion:

        Vorherige Signaturversion: 1.165.1751.0

        Aktualisierungsquelle: %NT-AUTORITÄT51

        Aktualisierungsstufe: 3.0.8107.00

        Quellpfad: 3.0.8107.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\NETZWERKDIENST

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (01/19/2014 02:50:36 PM) (Source: Microsoft Antimalware) (User: )
Description: Fehler in %NT-AUTORITÄT60 beim Aktualisieren von Signaturen.

        Neue Signaturversion:

        Vorherige Signaturversion: 1.165.1751.0

        Aktualisierungsquelle: %NT-AUTORITÄT51

        Aktualisierungsstufe: 3.0.8107.00

        Quellpfad: 3.0.8107.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\NETZWERKDIENST

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (01/19/2014 02:50:36 PM) (Source: Microsoft Antimalware) (User: )
Description: Fehler in %NT-AUTORITÄT60 beim Aktualisieren von Signaturen.

        Neue Signaturversion:

        Vorherige Signaturversion: 1.165.1751.0

        Aktualisierungsquelle: %NT-AUTORITÄT51

        Aktualisierungsstufe: 3.0.8107.00

        Quellpfad: 3.0.8107.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\NETZWERKDIENST

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (01/19/2014 02:50:36 PM) (Source: Microsoft Antimalware) (User: )
Description: Fehler in %NT-AUTORITÄT60 beim Aktualisieren von Signaturen.

        Neue Signaturversion:

        Vorherige Signaturversion: 1.165.1751.0

        Aktualisierungsquelle: %NT-AUTORITÄT51

        Aktualisierungsstufe: 3.0.8107.00

        Quellpfad: 3.0.8107.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\NETZWERKDIENST

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (01/19/2014 02:50:36 PM) (Source: Microsoft Antimalware) (User: )
Description: Fehler in %NT-AUTORITÄT60 beim Aktualisieren von Signaturen.

        Neue Signaturversion:

        Vorherige Signaturversion: 1.165.1751.0

        Aktualisierungsquelle: %NT-AUTORITÄT51

        Aktualisierungsstufe: 3.0.8107.00

        Quellpfad: 3.0.8107.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\NETZWERKDIENST

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (01/19/2014 02:50:36 PM) (Source: Microsoft Antimalware) (User: )
Description: Fehler in %NT-AUTORITÄT60 beim Aktualisieren von Signaturen.

        Neue Signaturversion:

        Vorherige Signaturversion: 1.165.1751.0

        Aktualisierungsquelle: %NT-AUTORITÄT51

        Aktualisierungsstufe: 3.0.8107.00

        Quellpfad: 3.0.8107.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\NETZWERKDIENST

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (01/19/2014 02:50:35 PM) (Source: Microsoft Antimalware) (User: )
Description: Fehler in %NT-AUTORITÄT60 beim Aktualisieren von Signaturen.

        Neue Signaturversion:

        Vorherige Signaturversion: 1.165.1751.0

        Aktualisierungsquelle: %NT-AUTORITÄT59

        Aktualisierungsstufe: 3.0.8107.00

        Quellpfad: 3.0.8107.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\SYSTEM

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (01/19/2014 02:37:54 PM) (Source: Microsoft Antimalware) (User: )
Description: Fehler in %%860-Echtzeitschutzfunktion.

        Funktion: %%835

        Fehlercode: 0x80004005

        Fehlerbeschreibung: Unbekannter Fehler

        Ursache: %%842


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 78%
Total physical RAM: 1978.91 MB
Available physical RAM: 426.13 MB
Total Pagefile: 3957.83 MB
Available Pagefile: 1949.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:220.79 GB) (Free:102.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 3E57EED3)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=221 GB) - (Type=07 NTFS)

==================== End Of Log ============================
FRST
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2014
Ran by acerhell (administrator) on ACERHELL-PC on 19-01-2014 15:03:36
Running from C:\Users\acerhell\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\esClient.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Whilokii) C:\Program Files (x86)\Whilokii\updateWhilokii.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
() C:\Program Files (x86)\EazelBar\ToolbarUpdaterService.exe
() C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
(Sphinx Software) C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe
(Sphinx Software) C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\WHSTrayApp.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\WHSConnector.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.EXE
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Nokia.) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
() C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
() C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981600 2009-07-23] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-10] (Egis Technology Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2009-12-04] ()
HKLM\...\Run: [Windows7FirewallControl] - C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe [1021440 2009-06-29] (Sphinx Software)
HKLM\...\Run: [VX1000] - C:\Windows\vVX1000.exe [762224 2009-07-24] (Microsoft Corporation)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1436224 2010-11-30] (Microsoft Corporation)
HKLM-x32\...\Run: [RemoteControl8] - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-16] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-16] (CyberLink Corp.)
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [825864 2009-09-24] (Dritek System Inc.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624248 2007-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [LifeCam] - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [118624 2009-07-24] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-10-23] (Google Inc.)
HKCU\...\Run: [KiesHelper] - C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [929680 2011-09-29] (Samsung)
HKCU\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3508112 2011-09-29] (Samsung Electronics Co., Ltd.)
HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [20880 2011-09-29] ()
MountPoints2: {5db1443d-c7f7-11df-8a50-001e64277d44} - D:\LaunchU3.exe -a
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
AppInit_DLLs-x32: c:\progra~3\bitguard\261694~1.246\{c16c1~1\bitguard.dll => File Not Found

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&m=aspire_1810tz&r=273601101406l0353z105t4881a81n
URLSearchHook: HKLM-x32 - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
URLSearchHook: HKCU - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
SearchScopes: HKLM-x32 - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deAT363AT363
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deAT363AT363
SearchScopes: HKCU - {CA2A3C16-2A71-47B1-B03F-F73CB0B6BA7D} URL = hxxp://en.eazel.com/results.php?id=AAA361350b7ad09934dd1790707de4e2116&oid=7&cat=web&co=&lg=en&q={searchTerms}
SearchScopes: HKCU - {EBD839AE-B08C-4fb7-859B-F54AF16C159F} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deAT363AT363
BHO: BrowserHelper Class - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: EazelBar Helper - {FE478DC2-E4AD-4197-8F80-5E456BEBC57F} - C:\Program Files (x86)\EazelBar\Toolbar64.dll ()
BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (Adobe Systems Incorporated.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: EazelBar Helper - {FE478DC2-E4AD-4197-8F80-5E456BEBC57F} - C:\Program Files (x86)\EazelBar\Toolbar32.dll ()
Toolbar: HKLM - Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
Toolbar: HKLM - EazelBar - {EBD839AE-B08C-4fb7-859B-F54AF16C159F} - C:\Program Files (x86)\EazelBar\Toolbar64.dll ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (Adobe Systems Incorporated.)
Toolbar: HKLM-x32 - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
Toolbar: HKLM-x32 - EazelBar - {EBD839AE-B08C-4fb7-859B-F54AF16C159F} - C:\Program Files (x86)\EazelBar\Toolbar32.dll ()
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\acerhell\AppData\Roaming\Mozilla\Firefox\Profiles\c2atbeu3.default
FF user.js: detected! => C:\Users\acerhell\AppData\Roaming\Mozilla\Firefox\Profiles\c2atbeu3.default\user.js
FF NewTab: hxxp://www.searchgol.com/?babsrc=NT_ss&mntrId=863E001E64277D44&affID=125035&tsp=5034
FF Homepage: hxxp://www.google.at/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Users\acerhell\AppData\Roaming\Mozilla\Firefox\Profiles\c2atbeu3.default\searchplugins\searchgol.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: German Dictionary - C:\Users\acerhell\AppData\Roaming\Mozilla\Firefox\Profiles\c2atbeu3.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2012-11-02]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\acerhell\AppData\Roaming\Mozilla\Firefox\Profiles\c2atbeu3.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-05]
FF Extension: Web Developer - C:\Users\acerhell\AppData\Roaming\Mozilla\Firefox\Profiles\c2atbeu3.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012-08-18]
FF Extension: JavaScript Debugger - C:\Users\acerhell\AppData\Roaming\Mozilla\Firefox\Profiles\c2atbeu3.default\Extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi [2012-08-05]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2013-12-30]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-30]
FF HKLM-x32\...\Firefox\Extensions: [{EBD839AE-B08C-4fb7-859B-F54AF16C159F}] - C:\Program Files (x86)\EazelBar\Firefox
FF Extension: EazelBar - C:\Program Files (x86)\EazelBar\Firefox [2013-10-13]

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

==================== Services (Whitelisted) =================

R2 arXfrSvc; C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [231280 2011-01-10] (Microsoft Corporation)
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [335224 2010-03-30] (AVM Berlin)
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143224 2010-03-30] (AVM Berlin)
R2 esClient; C:\Program Files\Windows Home Server\esClient.exe [109936 2011-01-10] (Microsoft Corporation)
S3 getPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll [67360 2010-01-25] (NOS Microsystems Ltd.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2010-11-11] (Microsoft Corporation)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
R3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [282616 2010-11-11] (Microsoft Corporation)
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [189304 2010-03-30] (AVM Berlin)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated)
R2 Update Whilokii; C:\Program Files (x86)\Whilokii\updateWhilokii.exe [65304 2013-10-05] (Whilokii)
R2 Updater Service for EazelBar; C:\Program Files (x86)\EazelBar\ToolbarUpdaterService.exe [223232 2013-06-05] ()
R2 Util Whilokii; C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe [97048 2014-01-19] ()
R2 vmware-converter-agent; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [479312 2013-10-07] (VMware, Inc.)
R2 vmware-converter-server; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [479312 2013-10-07] (VMware, Inc.)
R2 vmware-converter-worker; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [479312 2013-10-07] (VMware, Inc.)
R2 WHSConnector; C:\Program Files\Windows Home Server\WHSConnector.exe [489840 2011-01-10] (Microsoft Corporation)
R2 Windows7FirewallService; C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe [545792 2009-06-29] (Sphinx Software)
S3 KiesAllShare; C:\Program Files (x86)\Samsung\Kies\WiselinkPro\WiselinkPro.exe [x]

==================== Drivers (Whitelisted) ====================

S3 AF9035BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [513656 2011-01-25] (ITETech                  )
S3 bmdrvr; C:\Windows\SysWow64\drivers\bmdrvr.sys [75344 2013-08-28] (VMware, Inc.)
S3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20568 2010-05-13] (Devguru Co., Ltd)
R0 EUBAKUP; C:\Windows\SysWow64\drivers\eubakup.sys [30600 2009-12-02] (CHENGDU YIWO Tech Development Co., Ltd)
R3 EuDisk; C:\Windows\System32\DRIVERS\EuDisk.sys [137608 2009-12-02] (CHENGDU YIWO Tech Development Co., Ltd)
S3 EUDSKACS; C:\Windows\sysWow64\drivers\eudskacs.sys [17800 2009-12-02] (CHENGDU YIWO Tech Development Co., Ltd)
R0 EUFS; C:\Windows\SysWow64\drivers\eufs.sys [26504 2009-12-02] (CHENGDU YIWO Tech Development Co., Ltd)
S3 int15.sys; C:\Windows\System32\OEM\Factory\int15.sys [17952 2008-03-28] (Acer, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [188928 2010-10-24] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [72064 2010-10-24] (Microsoft Corporation)
R3 NWIM; C:\Windows\System32\DRIVERS\avmnwim.sys [412024 2010-03-30] (AVM Berlin)
R1 truecrypt; C:\Windows\SysWow64\drivers\truecrypt.sys [222160 2010-01-22] (TrueCrypt Foundation)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-08-28] (VMware, Inc.)
S1 bxlrmfbw; \??\C:\Windows\system32\drivers\bxlrmfbw.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-19 15:03 - 2014-01-19 15:04 - 00023876 _____ C:\Users\acerhell\Downloads\FRST.txt
2014-01-19 15:03 - 2014-01-19 15:03 - 00000000 ____D C:\FRST
2014-01-19 14:47 - 2014-01-19 14:48 - 02076672 _____ (Farbar) C:\Users\acerhell\Downloads\FRST64.exe
2014-01-19 14:47 - 2014-01-19 14:47 - 00000478 _____ C:\Users\acerhell\Downloads\defogger_disable.log
2014-01-19 14:47 - 2014-01-19 14:47 - 00000000 _____ C:\Users\acerhell\defogger_reenable
2014-01-19 14:45 - 2014-01-19 14:46 - 00050477 _____ C:\Users\acerhell\Downloads\Defogger.exe
2014-01-19 14:37 - 2014-01-19 14:38 - 00000000 ___RD C:\Users\acerhell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2014-01-15 09:23 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 09:23 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 09:23 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 09:23 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 09:23 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 09:23 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 09:23 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 09:05 - 2014-01-15 09:05 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\acerhell\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-14 16:41 - 2014-01-15 11:43 - 00000000 ____D C:\Users\acerhell\Desktop\Hacker 2014 01
2014-01-14 08:19 - 2014-01-14 08:19 - 00047104 ___SH C:\Users\acerhell\AppData\Thumbs.db
2014-01-09 08:28 - 2014-01-09 08:28 - 00000204 _____ C:\Users\acerhell\Desktop\Lerncenter WD My Cloud.url
2014-01-09 08:28 - 2014-01-09 08:28 - 00000158 _____ C:\Users\acerhell\Desktop\WD My Cloud – Öffentliche Freigabe.url
2014-01-09 08:28 - 2014-01-09 08:28 - 00000154 _____ C:\Users\acerhell\Desktop\WD My Cloud-Dashboard.url
2014-01-09 08:28 - 2014-01-09 08:28 - 00000000 ____D C:\ProgramData\Western Digital
2014-01-08 18:34 - 2014-01-08 18:34 - 00000000 ____D C:\Users\acerhell\AppData\Local\Western Digital
2014-01-06 14:04 - 2014-01-06 14:04 - 00001298 _____ C:\Users\Public\Desktop\VMware vCenter Converter Standalone Client.lnk
2014-01-06 14:04 - 2014-01-06 14:04 - 00001024 _____ C:\.rnd
2014-01-06 14:03 - 2014-01-06 14:52 - 00000000 ____D C:\Users\acerhell\AppData\Local\VMware
2014-01-06 14:03 - 2014-01-06 14:03 - 00000000 ____D C:\Program Files (x86)\VMware
2014-01-06 14:01 - 2014-01-06 14:03 - 00000000 ____D C:\ProgramData\VMware
2014-01-06 13:57 - 2014-01-06 13:58 - 00000000 ____D C:\Users\acerhell\Desktop\VMware vCenter Converter Standalone 5.5
2013-12-31 13:25 - 2013-12-31 13:25 - 00000000 ____D C:\Users\acerhell\AppData\Roaming\Stellarium
2013-12-31 13:25 - 2013-12-31 13:25 - 00000000 ____D C:\Users\acerhell\AppData\Local\stellarium
2013-12-30 08:50 - 2013-12-30 08:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-30 08:37 - 2013-12-30 08:37 - 00001724 _____ C:\Users\Public\Desktop\Stellarium.lnk
2013-12-30 08:36 - 2013-12-30 08:37 - 00000000 ____D C:\Program Files\Stellarium
2013-12-20 15:35 - 2013-12-20 15:35 - 00001787 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-20 15:34 - 2013-12-20 15:35 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-20 15:34 - 2013-12-20 15:35 - 00000000 ____D C:\Program Files\iTunes
2013-12-20 15:34 - 2013-12-20 15:35 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-20 15:34 - 2013-12-20 15:34 - 00000000 ____D C:\Program Files\iPod

==================== One Month Modified Files and Folders =======

2014-01-19 15:04 - 2014-01-19 15:03 - 00023876 _____ C:\Users\acerhell\Downloads\FRST.txt
2014-01-19 15:04 - 2009-12-04 15:36 - 01681492 _____ C:\Windows\WindowsUpdate.log
2014-01-19 15:03 - 2014-01-19 15:03 - 00000000 ____D C:\FRST
2014-01-19 14:52 - 2010-02-12 21:30 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-19 14:48 - 2014-01-19 14:47 - 02076672 _____ (Farbar) C:\Users\acerhell\Downloads\FRST64.exe
2014-01-19 14:47 - 2014-01-19 14:47 - 00000478 _____ C:\Users\acerhell\Downloads\defogger_disable.log
2014-01-19 14:47 - 2014-01-19 14:47 - 00000000 _____ C:\Users\acerhell\defogger_reenable
2014-01-19 14:47 - 2010-01-22 19:47 - 00000000 ____D C:\Users\acerhell
2014-01-19 14:46 - 2014-01-19 14:45 - 00050477 _____ C:\Users\acerhell\Downloads\Defogger.exe
2014-01-19 14:45 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-19 14:45 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-19 14:41 - 2012-11-04 07:43 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-19 14:38 - 2014-01-19 14:37 - 00000000 ___RD C:\Users\acerhell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2014-01-19 14:37 - 2010-02-12 21:30 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-19 14:37 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-19 14:36 - 2009-07-14 05:51 - 00067650 _____ C:\Windows\setupact.log
2014-01-15 21:03 - 2013-10-07 14:12 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 20:59 - 2010-01-31 17:22 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 11:45 - 2009-10-23 08:21 - 00838410 _____ C:\Windows\PFRO.log
2014-01-15 11:43 - 2014-01-14 16:41 - 00000000 ____D C:\Users\acerhell\Desktop\Hacker 2014 01
2014-01-15 11:43 - 2013-10-13 07:05 - 00000000 ____D C:\Program Files (x86)\searchgol
2014-01-15 09:19 - 2012-06-29 10:24 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-15 09:19 - 2012-06-29 10:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-15 09:05 - 2014-01-15 09:05 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\acerhell\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-14 18:57 - 2010-01-25 21:34 - 00000000 ____D C:\Users\acerhell\AppData\Roaming\FileZilla
2014-01-14 08:19 - 2014-01-14 08:19 - 00047104 ___SH C:\Users\acerhell\AppData\Thumbs.db
2014-01-14 08:06 - 2010-09-30 20:07 - 00000000 ____D C:\Users\acerhell\Documents\Filezilla-DB
2014-01-14 06:32 - 2013-12-10 18:59 - 00036952 _____ C:\Windows\IE11_main.log
2014-01-10 03:44 - 2009-12-05 00:27 - 00656266 _____ C:\Windows\system32\perfh007.dat
2014-01-10 03:44 - 2009-12-05 00:27 - 00131006 _____ C:\Windows\system32\perfc007.dat
2014-01-10 03:44 - 2009-07-14 06:13 - 01526402 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-09 08:28 - 2014-01-09 08:28 - 00000204 _____ C:\Users\acerhell\Desktop\Lerncenter WD My Cloud.url
2014-01-09 08:28 - 2014-01-09 08:28 - 00000158 _____ C:\Users\acerhell\Desktop\WD My Cloud – Öffentliche Freigabe.url
2014-01-09 08:28 - 2014-01-09 08:28 - 00000154 _____ C:\Users\acerhell\Desktop\WD My Cloud-Dashboard.url
2014-01-09 08:28 - 2014-01-09 08:28 - 00000000 ____D C:\ProgramData\Western Digital
2014-01-08 18:34 - 2014-01-08 18:34 - 00000000 ____D C:\Users\acerhell\AppData\Local\Western Digital
2014-01-08 12:34 - 2012-08-04 21:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-06 18:24 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2014-01-06 14:52 - 2014-01-06 14:03 - 00000000 ____D C:\Users\acerhell\AppData\Local\VMware
2014-01-06 14:04 - 2014-01-06 14:04 - 00001298 _____ C:\Users\Public\Desktop\VMware vCenter Converter Standalone Client.lnk
2014-01-06 14:04 - 2014-01-06 14:04 - 00001024 _____ C:\.rnd
2014-01-06 14:03 - 2014-01-06 14:03 - 00000000 ____D C:\Program Files (x86)\VMware
2014-01-06 14:03 - 2014-01-06 14:01 - 00000000 ____D C:\ProgramData\VMware
2014-01-06 13:58 - 2014-01-06 13:57 - 00000000 ____D C:\Users\acerhell\Desktop\VMware vCenter Converter Standalone 5.5
2013-12-31 13:25 - 2013-12-31 13:25 - 00000000 ____D C:\Users\acerhell\AppData\Roaming\Stellarium
2013-12-31 13:25 - 2013-12-31 13:25 - 00000000 ____D C:\Users\acerhell\AppData\Local\stellarium
2013-12-30 08:51 - 2013-12-30 08:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-30 08:37 - 2013-12-30 08:37 - 00001724 _____ C:\Users\Public\Desktop\Stellarium.lnk
2013-12-30 08:37 - 2013-12-30 08:36 - 00000000 ____D C:\Program Files\Stellarium
2013-12-21 03:02 - 2013-10-13 07:04 - 00000000 ____D C:\Program Files (x86)\Whilokii
2013-12-20 15:35 - 2013-12-20 15:35 - 00001787 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-20 15:35 - 2013-12-20 15:34 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-20 15:35 - 2013-12-20 15:34 - 00000000 ____D C:\Program Files\iTunes
2013-12-20 15:35 - 2013-12-20 15:34 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-20 15:34 - 2013-12-20 15:34 - 00000000 ____D C:\Program Files\iPod
2013-12-20 15:02 - 2009-07-14 05:45 - 02415880 _____ C:\Windows\system32\FNTCACHE.DAT

Some content of TEMP:
====================
C:\Users\acerhell\AppData\Local\Temp\6_Offer_10.exe
C:\Users\acerhell\AppData\Local\Temp\80176-670969-jdownloader.exe
C:\Users\acerhell\AppData\Local\Temp\DevSetup32.dll
C:\Users\acerhell\AppData\Local\Temp\DevSetup64.dll
C:\Users\acerhell\AppData\Local\Temp\DriverInstall32.exe
C:\Users\acerhell\AppData\Local\Temp\DriverInstall64.exe
C:\Users\acerhell\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\acerhell\AppData\Local\Temp\GLFDCFA.tmp.ConduitEngineSetup.exe
C:\Users\acerhell\AppData\Local\Temp\ICReinstall_JDownloaderSetup.exe
C:\Users\acerhell\AppData\Local\Temp\incredibar_installer.exe
C:\Users\acerhell\AppData\Local\Temp\ipswDownloaderSFX.exe
C:\Users\acerhell\AppData\Local\Temp\jre-1.6.0_20-windows-i586-iftw.exe_90744722.exe
C:\Users\acerhell\AppData\Local\Temp\jre-6u20-windows-i586-jinstall_uac.exe
C:\Users\acerhell\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\acerhell\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\acerhell\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\acerhell\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\acerhell\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\acerhell\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\acerhell\AppData\Local\Temp\ose00000.exe
C:\Users\acerhell\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\acerhell\AppData\Local\Temp\SkypeSetup.exe
C:\Users\acerhell\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\acerhell\AppData\Local\Temp\_isE446.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-09 01:37

==================== End Of Log ============================

Avira Rescue CD (USB Stick)
Code:
s. Screenshot anbei:

EXP/Java.HLP.A.2085
TR/Injector.agfa
mbam nach dem AVIRA Scan
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.01.19.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16750
acerhell :: ACERHELL-PC [Administrator]

19.01.2014 19:58:04
mbam-log-2014-01-19 (19-58-04).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 520134
Laufzeit: 1 Stunde(n), 32 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

schrauber 20.01.2014 10:20
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

franz12 20.01.2014 12:31
Hier das Log. Leider habe ich "am Desktop speichern" übersehen. Ich wollte es dann aber nicht mehr abbrechen. Soll ich es nochmal machen?

Code:
ComboFix 14-01-16.03 - acerhell 20.01.2014  11:55:52.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.43.1031.18.1979.637 [GMT 1:00]
ausgeführt von:: c:\users\acerhell\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Outdated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Outdated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\users\acerhell\AppData\Local\Temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll
c:\users\acerhell\AppData\Roaming\.#
c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-12-20 bis 2014-01-20  ))))))))))))))))))))))))))))))
.
.
2014-01-19 21:13 . 2013-12-04 03:28        10315576        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F76DC82A-BACA-4048-8101-18D46FC0C909}\mpengine.dll
2014-01-19 15:45 . 2013-12-04 08:53        379904        ----a-w-        C:\gmer.exe
2014-01-19 14:04 . 2013-11-26 10:32        3156480        ----a-w-        c:\windows\system32\win32k.sys
2014-01-19 14:03 . 2014-01-19 14:03        --------        d-----w-        C:\FRST
2014-01-15 08:23 . 2013-11-27 01:41        343040        ----a-w-        c:\windows\system32\drivers\usbhub.sys
2014-01-15 08:23 . 2013-11-27 01:41        99840        ----a-w-        c:\windows\system32\drivers\usbccgp.sys
2014-01-15 08:23 . 2013-11-27 01:41        53248        ----a-w-        c:\windows\system32\drivers\usbehci.sys
2014-01-15 08:23 . 2013-11-27 01:41        325120        ----a-w-        c:\windows\system32\drivers\usbport.sys
2014-01-15 08:23 . 2013-11-27 01:41        7808        ----a-w-        c:\windows\system32\drivers\usbd.sys
2014-01-15 08:23 . 2013-11-27 01:41        25600        ----a-w-        c:\windows\system32\drivers\usbohci.sys
2014-01-15 08:23 . 2013-11-27 01:41        30720        ----a-w-        c:\windows\system32\drivers\usbuhci.sys
2014-01-09 07:28 . 2014-01-09 07:28        --------        d-----w-        c:\programdata\Western Digital
2014-01-08 17:34 . 2014-01-08 17:34        --------        d-----w-        c:\users\acerhell\AppData\Local\Western Digital
2014-01-06 13:03 . 2014-01-06 13:52        --------        d-----w-        c:\users\acerhell\AppData\Local\VMware
2014-01-06 13:03 . 2014-01-06 13:03        --------        d-----w-        c:\program files (x86)\VMware
2014-01-06 13:01 . 2014-01-06 13:03        --------        d-----w-        c:\programdata\VMware
2013-12-31 12:25 . 2013-12-31 12:25        --------        d-----w-        c:\users\acerhell\AppData\Local\stellarium
2013-12-31 12:25 . 2013-12-31 12:25        --------        d-----w-        c:\users\acerhell\AppData\Roaming\Stellarium
2013-12-30 07:36 . 2013-12-30 07:37        --------        d-----w-        c:\program files\Stellarium
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2020-08-20 14:11 . 2011-04-19 12:54        1150        ----a-w-        c:\windows\Fonts\Concorde-Roman.pfm
2014-01-15 19:59 . 2010-01-31 16:22        86054176        ----a-w-        c:\windows\system32\MRT.exe
2013-12-16 07:42 . 2012-11-04 06:43        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-16 07:42 . 2012-11-04 06:43        692616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-04 03:28 . 2011-05-03 11:45        10315576        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-11-19 02:33 . 2010-01-22 19:21        267936        ------w-        c:\windows\system32\MpSigStub.exe
2013-11-12 02:23 . 2013-12-16 06:57        2048        ----a-w-        c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-16 06:57        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2013-10-25 06:19 . 2013-12-17 16:44        51712        ----a-w-        c:\windows\system32\ie4uinit.exe
2013-10-25 06:19 . 2013-12-17 16:44        2241536        ----a-w-        c:\windows\system32\wininet.dll
2013-10-25 06:19 . 2013-12-17 16:44        1365504        ----a-w-        c:\windows\system32\urlmon.dll
2013-10-25 06:18 . 2013-12-17 16:43        19271168        ----a-w-        c:\windows\system32\mshtml.dll
2013-10-25 06:18 . 2013-12-17 16:44        603136        ----a-w-        c:\windows\system32\msfeeds.dll
2013-10-25 06:17 . 2013-12-17 16:44        855552        ----a-w-        c:\windows\system32\jscript.dll
2013-10-25 06:17 . 2013-12-17 16:44        3959808        ----a-w-        c:\windows\system32\jscript9.dll
2013-10-25 06:17 . 2013-12-17 16:44        53248        ----a-w-        c:\windows\system32\jsproxy.dll
2013-10-25 06:17 . 2013-12-17 16:44        526336        ----a-w-        c:\windows\system32\ieui.dll
2013-10-25 06:17 . 2013-12-17 16:44        67072        ----a-w-        c:\windows\system32\iesetup.dll
2013-10-25 06:17 . 2013-12-17 16:44        39936        ----a-w-        c:\windows\system32\iernonce.dll
2013-10-25 06:17 . 2013-12-17 16:44        136704        ----a-w-        c:\windows\system32\iesysprep.dll
2013-10-25 06:17 . 2013-12-17 16:44        2648576        ----a-w-        c:\windows\system32\iertutil.dll
2013-10-25 06:17 . 2013-12-17 16:44        15404032        ----a-w-        c:\windows\system32\ieframe.dll
2013-10-25 04:45 . 2013-12-17 16:44        1767936        ----a-w-        c:\windows\SysWow64\wininet.dll
2013-10-25 04:43 . 2013-12-17 16:44        2877952        ----a-w-        c:\windows\SysWow64\jscript9.dll
2013-10-25 04:43 . 2013-12-17 16:44        61440        ----a-w-        c:\windows\SysWow64\iesetup.dll
2013-10-25 04:43 . 2013-12-17 16:44        109056        ----a-w-        c:\windows\SysWow64\iesysprep.dll
2013-10-25 04:07 . 2013-12-17 16:44        2706432        ----a-w-        c:\windows\system32\mshtml.tlb
2013-10-25 03:41 . 2013-12-17 16:44        2706432        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2013-10-25 03:17 . 2013-12-17 16:44        89600        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2013-10-25 02:49 . 2013-12-17 16:44        71680        ----a-w-        c:\windows\SysWow64\RegisterIEPKEYs.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-11-13 3913000]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-13 20:58        3913000        ----a-w-        c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-11-13 20:58        3913000        ----a-w-        c:\program files (x86)\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FE478DC2-E4AD-4197-8F80-5E456BEBC57F}]
2013-04-18 06:08        499200        ----a-w-        c:\program files (x86)\EazelBar\Toolbar32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-11-13 3913000]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-11-13 3913000]
"{EBD839AE-B08C-4fb7-859B-F54AF16C159F}"= "c:\program files (x86)\EazelBar\Toolbar32.dll" [2013-04-18 499200]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{ebd839ae-b08c-4fb7-859b-f54af16c159f}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\acerhell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\acerhell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\acerhell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41        120104        ----a-w-        c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-23 39408]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-09-29 929680]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-09-29 3508112]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-09-29 20880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-09-24 825864]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118624]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-01 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2009-10-23 708608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 bxlrmfbw;bxlrmfbw;c:\windows\system32\drivers\bxlrmfbw.sys;c:\windows\SYSNATIVE\drivers\bxlrmfbw.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AF9035BDA;Cinergy T-Stick service;c:\windows\system32\DRIVERS\AF15BDA.sys;c:\windows\SYSNATIVE\DRIVERS\AF15BDA.sys [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 bmdrvr;Modified Clusters Tracking Driver;SysWOW64\drivers\bmdrvr.sys;SysWOW64\drivers\bmdrvr.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 EUDSKACS;EUDSKACS;c:\windows\sysWow64\drivers\eudskacs.sys;c:\windows\sysWow64\drivers\eudskacs.sys [x]
R3 KiesAllShare;SAMSUNG KiesAllShare Service;c:\program files (x86)\Samsung\Kies\WiselinkPro\WiselinkPro.exe;c:\program files (x86)\Samsung\Kies\WiselinkPro\WiselinkPro.exe [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys;c:\windows\SYSNATIVE\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 vcd10bus;Virtual CD v10 Bus Enumerator;c:\windows\system32\DRIVERS\vcd10bus.sys;c:\windows\SYSNATIVE\DRIVERS\vcd10bus.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 EUBAKUP;EUBAKUP;c:\windows\sysWow64\drivers\eubakup.sys;c:\windows\sysWow64\drivers\eubakup.sys [x]
S0 EUFS;EUFS;c:\windows\sysWow64\drivers\eufs.sys;c:\windows\sysWow64\drivers\eufs.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [x]
S2 avmike;AVM FRITZ!Fernzugang IKE Service;c:\program files\FRITZ!Fernzugang\avmike.exe;c:\program files\FRITZ!Fernzugang\avmike.exe [x]
S2 certsrv;AVM FRITZ!Fernzugang Cert Service;c:\program files\FRITZ!Fernzugang\certsrv.exe;c:\program files\FRITZ!Fernzugang\certsrv.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe;c:\program files\Windows Home Server\esClient.exe [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x]
S2 nwtsrv;AVM FRITZ!Fernzugang Client;c:\program files\FRITZ!Fernzugang\nwtsrv.exe;c:\program files\FRITZ!Fernzugang\nwtsrv.exe [x]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [x]
S2 Update Whilokii;Update Whilokii;c:\program files (x86)\Whilokii\updateWhilokii.exe;c:\program files (x86)\Whilokii\updateWhilokii.exe [x]
S2 Updater Service for EazelBar;Updater Service for EazelBar;c:\program files (x86)\EazelBar\ToolbarUpdaterService.exe;c:\program files (x86)\EazelBar\ToolbarUpdaterService.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 Util Whilokii;Util Whilokii;c:\program files (x86)\Whilokii\bin\utilWhilokii.exe;c:\program files (x86)\Whilokii\bin\utilWhilokii.exe [x]
S2 vmware-converter-agent;VMware vCenter Converter Standalone Agent;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [x]
S2 vmware-converter-server;VMware vCenter Converter Standalone Server;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [x]
S2 vmware-converter-worker;VMware vCenter Converter Standalone Worker;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [x]
S2 vstor2-mntapi20-shared;Vstor2 MntApi 2.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi20-shared.sys;SysWOW64\drivers\vstor2-mntapi20-shared.sys [x]
S2 WHSConnector;Windows Home Server-Connectordienst;c:\program files\Windows Home Server\WHSConnector.exe;c:\program files\Windows Home Server\WHSConnector.exe [x]
S2 Windows7FirewallService;Windows7FirewallService;c:\program files\Windows7FirewallControl\Windows7FirewallService.exe;c:\program files\Windows7FirewallControl\Windows7FirewallService.exe [x]
S3 BackupReader;BackupReader;c:\windows\system32\DRIVERS\BackupReader.sys;c:\windows\SYSNATIVE\DRIVERS\BackupReader.sys [x]
S3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\DRIVERS\EuDisk.sys;c:\windows\SYSNATIVE\DRIVERS\EuDisk.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 NWIM;AVM VPN Miniport;c:\windows\system32\DRIVERS\avmnwim.sys;c:\windows\SYSNATIVE\DRIVERS\avmnwim.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper        REG_MULTI_SZ          getPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2014-01-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-04 07:42]
.
2014-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-12 20:30]
.
2014-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-12 20:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\acerhell\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\acerhell\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\acerhell\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\acerhell\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44        137512        ----a-w-        c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-23 7981600]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-12-04 200704]
"Windows7FirewallControl"="c:\program files\Windows7FirewallControl\Windows7FirewallControl.exe" [2009-06-29 1021440]
"VX1000"="c:\windows\vVX1000.exe" [2009-07-24 762224]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An vorhandenes PDF anfügen - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: In Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\acerhell\AppData\Roaming\Mozilla\Firefox\Profiles\c2atbeu3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
FF - user.js: extensions.searchgol.tlbrSrchUrl -
FF - user.js: extensions.searchgol.id - 863eee73000000000000001e64277d44
FF - user.js: extensions.searchgol.appId - {4277F7CF-0000-46CF-BA49-D624465C4BAB}
FF - user.js: extensions.searchgol.instlDay - 15991
FF - user.js: extensions.searchgol.vrsn - 1.8.16.19
FF - user.js: extensions.searchgol.vrsni - 1.8.16.19
FF - user.js: extensions.searchgol.vrsnTs - 1.8.16.198:05
FF - user.js: extensions.searchgol.prtnrId - searchgol
FF - user.js: extensions.searchgol.prdct - searchgol
FF - user.js: extensions.searchgol.aflt - babsst
FF - user.js: extensions.searchgol.smplGrp - none
FF - user.js: extensions.searchgol.tlbrId - base
FF - user.js: extensions.searchgol.instlRef - sst
FF - user.js: extensions.searchgol.dfltLng - de
FF - user.js: extensions.searchgol.excTlbr - false
FF - user.js: extensions.searchgol.ffxUnstlRst - false
FF - user.js: extensions.searchgol.admin - false
FF - user.js: extensions.searchgol.autoRvrt - false
FF - user.js: extensions.searchgol.rvrt - false
FF - user.js: extensions.searchgol.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-HappyFoto Bestellsoftware - c:\windows\system32\javaws.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-01-20  12:22:15 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-01-20 11:22
.
Vor Suchlauf: 14 Verzeichnis(se), 123.120.525.312 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 124.009.922.560 Bytes frei
.
- - End Of File - - 5CE568ABEAF74E5C5A57D11BC377542B
A36C5E4F47E84449FF07ED3517B43A31

schrauber 21.01.2014 09:47
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

franz12 21.01.2014 15:44
Hier die Logs:

mbam - alles virenfrei

Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.01.21.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16750
acerhell :: ACERHELL-PC [Administrator]

21.01.2014 11:23:44
mbam-log-2014-01-21 (11-23-44).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 526907
Laufzeit: 1 Stunde(n), 30 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
AdwCleaner

Code:
# AdwCleaner v3.017 - Bericht erstellt am 21/01/2014 um 14:04:39
# Aktualisiert 12/01/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : acerhell - ACERHELL-PC
# Gestartet von : C:\Users\acerhell\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : update whilokii
Dienst Gelöscht : Updater Service for EazelBar
[#] Dienst Gelöscht : Util Whilokii

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Ordner Gelöscht : C:\Program Files (x86)\BonanzaDeals
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\ConduitEngine
Ordner Gelöscht : C:\Program Files (x86)\EazelBar
Ordner Gelöscht : C:\Program Files (x86)\myfree codec
Ordner Gelöscht : C:\Program Files (x86)\searchgol
Ordner Gelöscht : C:\Program Files (x86)\Vuze_Remote
Ordner Gelöscht : C:\Program Files (x86)\Whilokii
Ordner Gelöscht : C:\Program Files (x86)\Vuze
Ordner Gelöscht : C:\Users\acerhell\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\acerhell\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\acerhell\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\acerhell\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\acerhell\AppData\LocalLow\Vuze_Remote
Ordner Gelöscht : C:\Users\acerhell\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\acerhell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Ordner Gelöscht : C:\Users\acerhell\AppData\Roaming\Mozilla\Firefox\Profiles\c2atbeu3.default\ConduitCommon
Ordner Gelöscht : C:\Users\acerhell\AppData\Roaming\Mozilla\Firefox\Profiles\c2atbeu3.default\CT2504091
Ordner Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Ordner Gelöscht : C:\Users\acerhell\AppData\Roaming\Mozilla\Firefox\Profiles\c2atbeu3.default___old__hellid\Extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\acerhell\AppData\Roaming\Mozilla\Firefox\Profiles\c2atbeu3.default\bProtector_extensions.rdf
Datei Gelöscht : C:\Users\acerhell\AppData\Roaming\Mozilla\Firefox\Profiles\c2atbeu3.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\acerhell\AppData\Roaming\Mozilla\Firefox\Profiles\c2atbeu3.default\bprotector_prefs.js
Datei Gelöscht : C:\Users\acerhell\AppData\Roaming\Mozilla\Firefox\Profiles\c2atbeu3.default\invalidprefs.js
Datei Gelöscht : C:\Users\acerhell\AppData\Roaming\Mozilla\Firefox\Profiles\c2atbeu3.default\searchplugins\searchgol.xml
Datei Gelöscht : C:\Users\acerhell\AppData\Roaming\Mozilla\Firefox\Profiles\c2atbeu3.default\user.js
Datei Gelöscht : C:\Windows\System32\Tasks\BitGuard
Datei Gelöscht : C:\Windows\System32\Tasks\EPUpdater

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{EBD839AE-B08C-4FB7-859B-F54AF16C159F}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Schlüssel Gelöscht : HKCU\Software\530dd8ce169eb42
Schlüssel Gelöscht : HKLM\SOFTWARE\530dd8ce169eb42
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4277F7CF-0000-46CF-BA49-D624465C4BAB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{88AF4F6A-C6B7-4229-9275-824E98BF97F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EBD839AE-B08C-4FB7-859B-F54AF16C159F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE478DC2-E4AD-4197-8F80-5E456BEBC57F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{319476CE-931C-4A64-8EE9-A0E374CB4FC6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE478DC2-E4AD-4197-8F80-5E456BEBC57F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{319476CE-931C-4A64-8EE9-A0E374CB4FC6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C5CBB76-7379-4490-AA5B-B037C0A36381}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{847C8C65-4D05-4912-9664-18E790E61502}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B4A80EFE-D9CC-49D3-A450-854ADBFCBB03}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EBD839AE-B08C-4FB7-859B-F54AF16C159F}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBD839AE-B08C-4FB7-859B-F54AF16C159F}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3860D897-7DCD-473C-9744-B21DB133AB20}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\EazelBar
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\Whilokii
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Vuze_Remote
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\conduitEngine
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\EazelBar
Schlüssel Gelöscht : HKLM\Software\Myfree Codec
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Vittalia
Schlüssel Gelöscht : HKLM\Software\Whilokii
Schlüssel Gelöscht : HKLM\Software\Vuze_Remote
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EazelBar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Whilokii

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16750


-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\acerhell\AppData\Roaming\Mozilla\Firefox\Profiles\c2atbeu3.default\prefs.js ]

Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://www.searchgol.com/?babsrc=NT_ss&mntrId=863E001E64277D44&affID=125035&tsp=5034");
Zeile gelöscht : user_pref("extensions.searchgol.admin", false);
Zeile gelöscht : user_pref("extensions.searchgol.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.searchgol.appId", "{4277F7CF-0000-46CF-BA49-D624465C4BAB}");
Zeile gelöscht : user_pref("extensions.searchgol.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.searchgol.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.searchgol.excTlbr", false);
Zeile gelöscht : user_pref("extensions.searchgol.ffxUnstlRst", false);
Zeile gelöscht : user_pref("extensions.searchgol.id", "863eee73000000000000001e64277d44");
Zeile gelöscht : user_pref("extensions.searchgol.instlDay", "15991");
Zeile gelöscht : user_pref("extensions.searchgol.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.searchgol.newTab", false);
Zeile gelöscht : user_pref("extensions.searchgol.prdct", "searchgol");
Zeile gelöscht : user_pref("extensions.searchgol.prtnrId", "searchgol");
Zeile gelöscht : user_pref("extensions.searchgol.rvrt", "false");
Zeile gelöscht : user_pref("extensions.searchgol.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.searchgol.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.searchgol.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.searchgol.vrsn", "1.8.16.19");
Zeile gelöscht : user_pref("extensions.searchgol.vrsnTs", "1.8.16.198:05:47");
Zeile gelöscht : user_pref("extensions.searchgol.vrsni", "1.8.16.19");

[ Datei : C:\Users\acerhell\AppData\Roaming\Mozilla\Firefox\Profiles\c2atbeu3.default___old__hellid\prefs.js ]


[ Datei : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cho6ugg7.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [16618 octets] - [21/01/2014 14:02:55]
AdwCleaner[S0].txt - [14083 octets] - [21/01/2014 14:04:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14144 octets] ##########
JRT

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by acerhell on 21.01.2014 at 14:18:22,76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-635040389-67074062-2019949517-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update whilokii
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatewhilokii_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatewhilokii_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CA2A3C16-2A71-47B1-B03F-F73CB0B6BA7D}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\acerhell\AppData\Roaming\mozilla\firefox\profiles\c2atbeu3.default\minidumps [7 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.01.2014 at 14:30:13,50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2014
Ran by acerhell (administrator) on ACERHELL-PC on 21-01-2014 15:15:16
Running from C:\Users\acerhell\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\esClient.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
(Sphinx Software) C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Sphinx Software) C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\WHSConnector.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.EXE
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nokia.) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
() C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
() C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981600 2009-07-23] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-10] (Egis Technology Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2009-12-04] ()
HKLM\...\Run: [Windows7FirewallControl] - C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe [1021440 2009-06-29] (Sphinx Software)
HKLM\...\Run: [VX1000] - C:\Windows\vVX1000.exe [762224 2009-07-24] (Microsoft Corporation)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1436224 2010-11-30] (Microsoft Corporation)
HKLM-x32\...\Run: [RemoteControl8] - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-16] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-16] (CyberLink Corp.)
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [825864 2009-09-24] (Dritek System Inc.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624248 2007-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [LifeCam] - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [118624 2009-07-24] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-10-23] (Google Inc.)
HKCU\...\Run: [KiesHelper] - C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [929680 2011-09-29] (Samsung)
HKCU\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3508112 2011-09-29] (Samsung Electronics Co., Ltd.)
HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [20880 2011-09-29] ()
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deAT363AT363
BHO: BrowserHelper Class - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (Adobe Systems Incorporated.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM - Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (Adobe Systems Incorporated.)
Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\acerhell\AppData\Roaming\Mozilla\Firefox\Profiles\c2atbeu3.default
FF Homepage: hxxp://www.google.at/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: German Dictionary - C:\Users\acerhell\AppData\Roaming\Mozilla\Firefox\Profiles\c2atbeu3.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2012-11-02]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\acerhell\AppData\Roaming\Mozilla\Firefox\Profiles\c2atbeu3.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-05]
FF Extension: Web Developer - C:\Users\acerhell\AppData\Roaming\Mozilla\Firefox\Profiles\c2atbeu3.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012-08-18]
FF Extension: JavaScript Debugger - C:\Users\acerhell\AppData\Roaming\Mozilla\Firefox\Profiles\c2atbeu3.default\Extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi [2012-08-05]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-30]

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

==================== Services (Whitelisted) =================

R2 arXfrSvc; C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [231280 2011-01-10] (Microsoft Corporation)
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [335224 2010-03-30] (AVM Berlin)
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143224 2010-03-30] (AVM Berlin)
R2 esClient; C:\Program Files\Windows Home Server\esClient.exe [109936 2011-01-10] (Microsoft Corporation)
S3 getPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll [67360 2010-01-25] (NOS Microsystems Ltd.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2010-11-11] (Microsoft Corporation)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
S3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [282616 2010-11-11] (Microsoft Corporation)
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [189304 2010-03-30] (AVM Berlin)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated)
R2 vmware-converter-agent; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [479312 2013-10-07] (VMware, Inc.)
R2 vmware-converter-server; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [479312 2013-10-07] (VMware, Inc.)
R2 vmware-converter-worker; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [479312 2013-10-07] (VMware, Inc.)
R2 WHSConnector; C:\Program Files\Windows Home Server\WHSConnector.exe [489840 2011-01-10] (Microsoft Corporation)
R2 Windows7FirewallService; C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe [545792 2009-06-29] (Sphinx Software)
S3 KiesAllShare; C:\Program Files (x86)\Samsung\Kies\WiselinkPro\WiselinkPro.exe [x]

==================== Drivers (Whitelisted) ====================

S3 AF9035BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [513656 2011-01-25] (ITETech                  )
S3 bmdrvr; C:\Windows\SysWow64\drivers\bmdrvr.sys [75344 2013-08-28] (VMware, Inc.)
S3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20568 2010-05-13] (Devguru Co., Ltd)
R0 EUBAKUP; C:\Windows\SysWow64\drivers\eubakup.sys [30600 2009-12-02] (CHENGDU YIWO Tech Development Co., Ltd)
R3 EuDisk; C:\Windows\System32\DRIVERS\EuDisk.sys [137608 2009-12-02] (CHENGDU YIWO Tech Development Co., Ltd)
S3 EUDSKACS; C:\Windows\sysWow64\drivers\eudskacs.sys [17800 2009-12-02] (CHENGDU YIWO Tech Development Co., Ltd)
R0 EUFS; C:\Windows\SysWow64\drivers\eufs.sys [26504 2009-12-02] (CHENGDU YIWO Tech Development Co., Ltd)
S3 int15.sys; C:\Windows\System32\OEM\Factory\int15.sys [17952 2008-03-28] (Acer, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [188928 2010-10-24] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [72064 2010-10-24] (Microsoft Corporation)
R3 NWIM; C:\Windows\System32\DRIVERS\avmnwim.sys [412024 2010-03-30] (AVM Berlin)
R1 truecrypt; C:\Windows\SysWow64\drivers\truecrypt.sys [222160 2010-01-22] (TrueCrypt Foundation)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-08-28] (VMware, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S1 bxlrmfbw; \??\C:\Windows\system32\drivers\bxlrmfbw.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-21 15:15 - 2014-01-21 15:15 - 00019799 _____ C:\Users\acerhell\Desktop\FRST.txt
2014-01-21 14:30 - 2014-01-21 14:30 - 00001438 _____ C:\Users\acerhell\Desktop\JRT.txt
2014-01-21 14:18 - 2014-01-21 14:18 - 00000000 ____D C:\Windows\ERUNT
2014-01-21 14:06 - 2014-01-21 14:06 - 00000000 ___RD C:\Users\acerhell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2014-01-21 14:02 - 2014-01-21 14:04 - 00000000 ____D C:\AdwCleaner
2014-01-21 14:02 - 2014-01-21 14:02 - 00000280 _____ C:\Users\acerhell\Desktop\Win 7 TRInjector.agfa und gmer.exe stürzt ab - Trojaner-Board.URL
2014-01-21 11:19 - 2014-01-21 11:20 - 01037068 _____ (Thisisu) C:\Users\acerhell\Desktop\JRT.exe
2014-01-21 11:19 - 2014-01-21 11:19 - 01236282 _____ C:\Users\acerhell\Downloads\adwcleaner.exe
2014-01-20 12:22 - 2014-01-20 12:22 - 00030347 _____ C:\ComboFix.txt
2014-01-20 11:52 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-20 11:52 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-20 11:52 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-20 11:52 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-20 11:52 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-20 11:52 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-20 11:52 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-20 11:52 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-20 11:51 - 2014-01-20 12:22 - 00000000 ____D C:\Qoobox
2014-01-20 11:50 - 2014-01-20 12:18 - 00000000 ____D C:\Windows\erdnt
2014-01-20 11:47 - 2014-01-20 11:48 - 05167985 ____R (Swearware) C:\Users\acerhell\Downloads\ComboFix.exe
2014-01-19 22:17 - 2014-01-19 22:18 - 00000000 ____D C:\Users\acerhell\Downloads\scan01-netbook
2014-01-19 18:33 - 2014-01-19 18:33 - 00000816 _____ C:\Users\acerhell\Desktop\Problemsignatur absturz gmer.txt
2014-01-19 17:33 - 2014-01-19 17:33 - 00277464 _____ C:\Windows\Minidump\011914-108249-01.dmp
2014-01-19 16:45 - 2013-12-04 09:53 - 00379904 _____ C:\gmer.exe
2014-01-19 15:08 - 2014-01-19 15:08 - 00000000 ____D C:\Users\acerhell\Downloads\gmer_2.1.19323
2014-01-19 15:04 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-19 15:03 - 2014-01-19 15:03 - 00000000 ____D C:\FRST
2014-01-19 14:47 - 2014-01-19 14:48 - 02076672 _____ (Farbar) C:\Users\acerhell\Desktop\FRST64.exe
2014-01-19 14:47 - 2014-01-19 14:47 - 00000000 _____ C:\Users\acerhell\defogger_reenable
2014-01-19 14:45 - 2014-01-19 14:46 - 00050477 _____ C:\Users\acerhell\Downloads\Defogger.exe
2014-01-15 09:23 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 09:23 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 09:23 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 09:23 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 09:23 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 09:23 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 09:23 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 09:05 - 2014-01-15 09:05 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\acerhell\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-14 16:41 - 2014-01-21 14:01 - 00000000 ____D C:\Users\acerhell\Desktop\Hacker 2014 01
2014-01-14 08:19 - 2014-01-14 08:19 - 00047104 ___SH C:\Users\acerhell\AppData\Thumbs.db
2014-01-09 08:28 - 2014-01-09 08:28 - 00000204 _____ C:\Users\acerhell\Desktop\Lerncenter WD My Cloud.url
2014-01-09 08:28 - 2014-01-09 08:28 - 00000158 _____ C:\Users\acerhell\Desktop\WD My Cloud – Öffentliche Freigabe.url
2014-01-09 08:28 - 2014-01-09 08:28 - 00000154 _____ C:\Users\acerhell\Desktop\WD My Cloud-Dashboard.url
2014-01-09 08:28 - 2014-01-09 08:28 - 00000000 ____D C:\ProgramData\Western Digital
2014-01-08 18:34 - 2014-01-08 18:34 - 00000000 ____D C:\Users\acerhell\AppData\Local\Western Digital
2014-01-06 14:04 - 2014-01-06 14:04 - 00001298 _____ C:\Users\Public\Desktop\VMware vCenter Converter Standalone Client.lnk
2014-01-06 14:04 - 2014-01-06 14:04 - 00001024 _____ C:\.rnd
2014-01-06 14:03 - 2014-01-06 14:52 - 00000000 ____D C:\Users\acerhell\AppData\Local\VMware
2014-01-06 14:03 - 2014-01-06 14:03 - 00000000 ____D C:\Program Files (x86)\VMware
2014-01-06 14:01 - 2014-01-06 14:03 - 00000000 ____D C:\ProgramData\VMware
2014-01-06 13:57 - 2014-01-06 13:58 - 00000000 ____D C:\Users\acerhell\Desktop\VMware vCenter Converter Standalone 5.5
2013-12-31 13:25 - 2013-12-31 13:25 - 00000000 ____D C:\Users\acerhell\AppData\Roaming\Stellarium
2013-12-31 13:25 - 2013-12-31 13:25 - 00000000 ____D C:\Users\acerhell\AppData\Local\stellarium
2013-12-30 08:50 - 2013-12-30 08:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-30 08:37 - 2013-12-30 08:37 - 00001724 _____ C:\Users\Public\Desktop\Stellarium.lnk
2013-12-30 08:36 - 2013-12-30 08:37 - 00000000 ____D C:\Program Files\Stellarium

==================== One Month Modified Files and Folders =======

2014-01-21 15:15 - 2014-01-21 15:15 - 00019799 _____ C:\Users\acerhell\Desktop\FRST.txt
2014-01-21 14:51 - 2010-02-12 21:30 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-21 14:41 - 2012-11-04 07:43 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-21 14:30 - 2014-01-21 14:30 - 00001438 _____ C:\Users\acerhell\Desktop\JRT.txt
2014-01-21 14:18 - 2014-01-21 14:18 - 00000000 ____D C:\Windows\ERUNT
2014-01-21 14:14 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-21 14:14 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-21 14:06 - 2014-01-21 14:06 - 00000000 ___RD C:\Users\acerhell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2014-01-21 14:06 - 2010-02-12 21:30 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-21 14:06 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-21 14:06 - 2009-07-14 05:51 - 00067930 _____ C:\Windows\setupact.log
2014-01-21 14:05 - 2009-12-04 15:36 - 01937664 _____ C:\Windows\WindowsUpdate.log
2014-01-21 14:04 - 2014-01-21 14:02 - 00000000 ____D C:\AdwCleaner
2014-01-21 14:02 - 2014-01-21 14:02 - 00000280 _____ C:\Users\acerhell\Desktop\Win 7 TRInjector.agfa und gmer.exe stürzt ab - Trojaner-Board.URL
2014-01-21 14:01 - 2014-01-14 16:41 - 00000000 ____D C:\Users\acerhell\Desktop\Hacker 2014 01
2014-01-21 11:20 - 2014-01-21 11:19 - 01037068 _____ (Thisisu) C:\Users\acerhell\Desktop\JRT.exe
2014-01-21 11:19 - 2014-01-21 11:19 - 01236282 _____ C:\Users\acerhell\Downloads\adwcleaner.exe
2014-01-21 03:02 - 2013-12-10 18:59 - 00049751 _____ C:\Windows\IE11_main.log
2014-01-20 12:22 - 2014-01-20 12:22 - 00030347 _____ C:\ComboFix.txt
2014-01-20 12:22 - 2014-01-20 11:51 - 00000000 ____D C:\Qoobox
2014-01-20 12:22 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2014-01-20 12:18 - 2014-01-20 11:50 - 00000000 ____D C:\Windows\erdnt
2014-01-20 12:12 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2014-01-20 12:10 - 2009-10-23 08:21 - 00838962 _____ C:\Windows\PFRO.log
2014-01-20 11:48 - 2014-01-20 11:47 - 05167985 ____R (Swearware) C:\Users\acerhell\Downloads\ComboFix.exe
2014-01-19 22:21 - 2009-12-05 00:27 - 00656266 _____ C:\Windows\system32\perfh007.dat
2014-01-19 22:21 - 2009-12-05 00:27 - 00131006 _____ C:\Windows\system32\perfc007.dat
2014-01-19 22:21 - 2009-07-14 06:13 - 01505034 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-19 22:18 - 2014-01-19 22:17 - 00000000 ____D C:\Users\acerhell\Downloads\scan01-netbook
2014-01-19 18:34 - 2011-04-03 15:31 - 00000000 ____D C:\Users\acerhell\AppData\Local\CrashDumps
2014-01-19 18:33 - 2014-01-19 18:33 - 00000816 _____ C:\Users\acerhell\Desktop\Problemsignatur absturz gmer.txt
2014-01-19 17:33 - 2014-01-19 17:33 - 00277464 _____ C:\Windows\Minidump\011914-108249-01.dmp
2014-01-19 17:33 - 2010-04-12 10:12 - 00000000 ____D C:\Windows\Minidump
2014-01-19 17:33 - 2009-07-14 05:45 - 02415880 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-19 17:32 - 2010-04-12 10:11 - 489687865 _____ C:\Windows\MEMORY.DMP
2014-01-19 15:08 - 2014-01-19 15:08 - 00000000 ____D C:\Users\acerhell\Downloads\gmer_2.1.19323
2014-01-19 15:03 - 2014-01-19 15:03 - 00000000 ____D C:\FRST
2014-01-19 14:48 - 2014-01-19 14:47 - 02076672 _____ (Farbar) C:\Users\acerhell\Desktop\FRST64.exe
2014-01-19 14:47 - 2014-01-19 14:47 - 00000000 _____ C:\Users\acerhell\defogger_reenable
2014-01-19 14:47 - 2010-01-22 19:47 - 00000000 ____D C:\Users\acerhell
2014-01-19 14:46 - 2014-01-19 14:45 - 00050477 _____ C:\Users\acerhell\Downloads\Defogger.exe
2014-01-15 21:03 - 2013-10-07 14:12 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 20:59 - 2010-01-31 17:22 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 09:19 - 2012-06-29 10:24 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-15 09:19 - 2012-06-29 10:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-15 09:05 - 2014-01-15 09:05 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\acerhell\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-14 18:57 - 2010-01-25 21:34 - 00000000 ____D C:\Users\acerhell\AppData\Roaming\FileZilla
2014-01-14 08:19 - 2014-01-14 08:19 - 00047104 ___SH C:\Users\acerhell\AppData\Thumbs.db
2014-01-14 08:06 - 2010-09-30 20:07 - 00000000 ____D C:\Users\acerhell\Documents\Filezilla-DB
2014-01-09 08:28 - 2014-01-09 08:28 - 00000204 _____ C:\Users\acerhell\Desktop\Lerncenter WD My Cloud.url
2014-01-09 08:28 - 2014-01-09 08:28 - 00000158 _____ C:\Users\acerhell\Desktop\WD My Cloud – Öffentliche Freigabe.url
2014-01-09 08:28 - 2014-01-09 08:28 - 00000154 _____ C:\Users\acerhell\Desktop\WD My Cloud-Dashboard.url
2014-01-09 08:28 - 2014-01-09 08:28 - 00000000 ____D C:\ProgramData\Western Digital
2014-01-08 18:34 - 2014-01-08 18:34 - 00000000 ____D C:\Users\acerhell\AppData\Local\Western Digital
2014-01-08 12:34 - 2012-08-04 21:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-06 18:24 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2014-01-06 14:52 - 2014-01-06 14:03 - 00000000 ____D C:\Users\acerhell\AppData\Local\VMware
2014-01-06 14:04 - 2014-01-06 14:04 - 00001298 _____ C:\Users\Public\Desktop\VMware vCenter Converter Standalone Client.lnk
2014-01-06 14:04 - 2014-01-06 14:04 - 00001024 _____ C:\.rnd
2014-01-06 14:03 - 2014-01-06 14:03 - 00000000 ____D C:\Program Files (x86)\VMware
2014-01-06 14:03 - 2014-01-06 14:01 - 00000000 ____D C:\ProgramData\VMware
2014-01-06 13:58 - 2014-01-06 13:57 - 00000000 ____D C:\Users\acerhell\Desktop\VMware vCenter Converter Standalone 5.5
2013-12-31 13:25 - 2013-12-31 13:25 - 00000000 ____D C:\Users\acerhell\AppData\Roaming\Stellarium
2013-12-31 13:25 - 2013-12-31 13:25 - 00000000 ____D C:\Users\acerhell\AppData\Local\stellarium
2013-12-30 08:51 - 2013-12-30 08:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-30 08:37 - 2013-12-30 08:37 - 00001724 _____ C:\Users\Public\Desktop\Stellarium.lnk
2013-12-30 08:37 - 2013-12-30 08:36 - 00000000 ____D C:\Program Files\Stellarium

Some content of TEMP:
====================
C:\Users\acerhell\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-19 16:04

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

schrauber 22.01.2014 10:08

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

franz12 22.01.2014 20:53
Hier die Logs. Das Netbook läuft gut. Ich kann mir aber nicht erklären, wie der Hacker an die Daten der 3 FTP Accounts von Filezilla gekommen ist. Es sind unterschiedliche Hosts - er kann es fast nur von dem Netbook haben. Deuten die ersten Logs auf einen Trojaner hin, mit dem es einem Hacker möglich war, Daten von Netbook zu sehen? Vielen Dank!

ests
Code:
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=992b60584981b449bd1fd0f2a5474f99
# engine=16751
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-22 05:20:06
# local_time=2014-01-22 06:20:06 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 16069831 142041056 0 0
# scanned=301517
# found=0
# cleaned=0
# scan_time=9370
checkup
Code:
Results of screen317's Security Check version 0.99.79 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials 
  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware Version 1.75.0.1300 
 Adobe Flash Player 9 Flash Player out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Flash Player 11.9.900.170 
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (26.0)
 Mozilla Thunderbird (3.1.4) Thunderbird out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials msseces.exe
 Windows Defender MSMpEng.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Microsoft Security Client Antimalware MsMpEng.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe 
 Windows7FirewallControl Windows7FirewallService.exe 
 Windows7FirewallControl Windows7FirewallControl.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
FRST

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2014
Ran by acerhell (administrator) on ACERHELL-PC on 22-01-2014 19:05:36
Running from C:\Users\acerhell\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\esClient.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
(Sphinx Software) C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\WHSConnector.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Sphinx Software) C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.EXE
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Nokia.) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
() C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
() C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981600 2009-07-23] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-10] (Egis Technology Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2009-12-04] ()
HKLM\...\Run: [Windows7FirewallControl] - C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe [1021440 2009-06-29] (Sphinx Software)
HKLM\...\Run: [VX1000] - C:\Windows\vVX1000.exe [762224 2009-07-24] (Microsoft Corporation)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1436224 2010-11-30] (Microsoft Corporation)
HKLM-x32\...\Run: [RemoteControl8] - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-16] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-16] (CyberLink Corp.)
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [825864 2009-09-24] (Dritek System Inc.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624248 2007-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [LifeCam] - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [118624 2009-07-24] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-10-23] (Google Inc.)
HKCU\...\Run: [KiesHelper] - C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [929680 2011-09-29] (Samsung)
HKCU\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3508112 2011-09-29] (Samsung Electronics Co., Ltd.)
HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [20880 2011-09-29] ()
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deAT363AT363
BHO: BrowserHelper Class - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (Adobe Systems Incorporated.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM - Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (Adobe Systems Incorporated.)
Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\acerhell\AppData\Roaming\Mozilla\Firefox\Profiles\c2atbeu3.default
FF Homepage: hxxp://www.google.at/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: German Dictionary - C:\Users\acerhell\AppData\Roaming\Mozilla\Firefox\Profiles\c2atbeu3.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2012-11-02]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\acerhell\AppData\Roaming\Mozilla\Firefox\Profiles\c2atbeu3.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-05]
FF Extension: Web Developer - C:\Users\acerhell\AppData\Roaming\Mozilla\Firefox\Profiles\c2atbeu3.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012-08-18]
FF Extension: JavaScript Debugger - C:\Users\acerhell\AppData\Roaming\Mozilla\Firefox\Profiles\c2atbeu3.default\Extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi [2012-08-05]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-30]

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

==================== Services (Whitelisted) =================

R2 arXfrSvc; C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [231280 2011-01-10] (Microsoft Corporation)
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [335224 2010-03-30] (AVM Berlin)
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143224 2010-03-30] (AVM Berlin)
R2 esClient; C:\Program Files\Windows Home Server\esClient.exe [109936 2011-01-10] (Microsoft Corporation)
S3 getPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll [67360 2010-01-25] (NOS Microsystems Ltd.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2010-11-11] (Microsoft Corporation)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
S3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [282616 2010-11-11] (Microsoft Corporation)
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [189304 2010-03-30] (AVM Berlin)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated)
R2 vmware-converter-agent; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [479312 2013-10-07] (VMware, Inc.)
R2 vmware-converter-server; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [479312 2013-10-07] (VMware, Inc.)
R2 vmware-converter-worker; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [479312 2013-10-07] (VMware, Inc.)
R2 WHSConnector; C:\Program Files\Windows Home Server\WHSConnector.exe [489840 2011-01-10] (Microsoft Corporation)
R2 Windows7FirewallService; C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe [545792 2009-06-29] (Sphinx Software)
S3 KiesAllShare; C:\Program Files (x86)\Samsung\Kies\WiselinkPro\WiselinkPro.exe [x]

==================== Drivers (Whitelisted) ====================

S3 AF9035BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [513656 2011-01-25] (ITETech                  )
S3 bmdrvr; C:\Windows\SysWow64\drivers\bmdrvr.sys [75344 2013-08-28] (VMware, Inc.)
S3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20568 2010-05-13] (Devguru Co., Ltd)
R0 EUBAKUP; C:\Windows\SysWow64\drivers\eubakup.sys [30600 2009-12-02] (CHENGDU YIWO Tech Development Co., Ltd)
R3 EuDisk; C:\Windows\System32\DRIVERS\EuDisk.sys [137608 2009-12-02] (CHENGDU YIWO Tech Development Co., Ltd)
S3 EUDSKACS; C:\Windows\sysWow64\drivers\eudskacs.sys [17800 2009-12-02] (CHENGDU YIWO Tech Development Co., Ltd)
R0 EUFS; C:\Windows\SysWow64\drivers\eufs.sys [26504 2009-12-02] (CHENGDU YIWO Tech Development Co., Ltd)
S3 int15.sys; C:\Windows\System32\OEM\Factory\int15.sys [17952 2008-03-28] (Acer, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [188928 2010-10-24] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [72064 2010-10-24] (Microsoft Corporation)
R3 NWIM; C:\Windows\System32\DRIVERS\avmnwim.sys [412024 2010-03-30] (AVM Berlin)
R1 truecrypt; C:\Windows\SysWow64\drivers\truecrypt.sys [222160 2010-01-22] (TrueCrypt Foundation)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-08-28] (VMware, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S1 bxlrmfbw; \??\C:\Windows\system32\drivers\bxlrmfbw.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-22 19:05 - 2014-01-22 19:05 - 00020012 _____ C:\Users\acerhell\Desktop\FRST.txt
2014-01-22 15:33 - 2014-01-22 15:33 - 00000000 ___RD C:\Users\acerhell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2014-01-22 15:21 - 2014-01-22 15:21 - 00987425 _____ C:\Users\acerhell\Desktop\SecurityCheck.exe
2014-01-22 15:20 - 2014-01-22 15:21 - 02347384 _____ (ESET) C:\Users\acerhell\Downloads\esetsmartinstaller_enu.exe
2014-01-21 14:18 - 2014-01-21 14:18 - 00000000 ____D C:\Windows\ERUNT
2014-01-21 14:02 - 2014-01-21 14:04 - 00000000 ____D C:\AdwCleaner
2014-01-21 11:19 - 2014-01-21 11:20 - 01037068 _____ (Thisisu) C:\Users\acerhell\Desktop\JRT.exe
2014-01-21 11:19 - 2014-01-21 11:19 - 01236282 _____ C:\Users\acerhell\Downloads\adwcleaner.exe
2014-01-20 12:22 - 2014-01-20 12:22 - 00030347 _____ C:\ComboFix.txt
2014-01-20 11:52 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-20 11:52 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-20 11:52 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-20 11:52 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-20 11:52 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-20 11:52 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-20 11:52 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-20 11:52 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-20 11:51 - 2014-01-20 12:22 - 00000000 ____D C:\Qoobox
2014-01-20 11:50 - 2014-01-20 12:18 - 00000000 ____D C:\Windows\erdnt
2014-01-20 11:47 - 2014-01-20 11:48 - 05167985 ____R (Swearware) C:\Users\acerhell\Downloads\ComboFix.exe
2014-01-19 22:17 - 2014-01-19 22:18 - 00000000 ____D C:\Users\acerhell\Downloads\scan01-netbook
2014-01-19 18:33 - 2014-01-19 18:33 - 00000816 _____ C:\Users\acerhell\Desktop\Problemsignatur absturz gmer.txt
2014-01-19 17:33 - 2014-01-19 17:33 - 00277464 _____ C:\Windows\Minidump\011914-108249-01.dmp
2014-01-19 16:45 - 2013-12-04 09:53 - 00379904 _____ C:\gmer.exe
2014-01-19 15:08 - 2014-01-19 15:08 - 00000000 ____D C:\Users\acerhell\Downloads\gmer_2.1.19323
2014-01-19 15:04 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-19 15:03 - 2014-01-19 15:03 - 00000000 ____D C:\FRST
2014-01-19 14:47 - 2014-01-19 14:48 - 02076672 _____ (Farbar) C:\Users\acerhell\Desktop\FRST64.exe
2014-01-19 14:47 - 2014-01-19 14:47 - 00000000 _____ C:\Users\acerhell\defogger_reenable
2014-01-19 14:45 - 2014-01-19 14:46 - 00050477 _____ C:\Users\acerhell\Downloads\Defogger.exe
2014-01-15 09:23 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 09:23 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 09:23 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 09:23 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 09:23 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 09:23 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 09:23 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 09:05 - 2014-01-15 09:05 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\acerhell\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-14 16:41 - 2014-01-22 18:52 - 00000000 ____D C:\Users\acerhell\Desktop\Hacker 2014 01
2014-01-14 08:19 - 2014-01-14 08:19 - 00047104 ___SH C:\Users\acerhell\AppData\Thumbs.db
2014-01-09 08:28 - 2014-01-09 08:28 - 00000204 _____ C:\Users\acerhell\Desktop\Lerncenter WD My Cloud.url
2014-01-09 08:28 - 2014-01-09 08:28 - 00000158 _____ C:\Users\acerhell\Desktop\WD My Cloud – Öffentliche Freigabe.url
2014-01-09 08:28 - 2014-01-09 08:28 - 00000154 _____ C:\Users\acerhell\Desktop\WD My Cloud-Dashboard.url
2014-01-09 08:28 - 2014-01-09 08:28 - 00000000 ____D C:\ProgramData\Western Digital
2014-01-08 18:34 - 2014-01-08 18:34 - 00000000 ____D C:\Users\acerhell\AppData\Local\Western Digital
2014-01-06 14:04 - 2014-01-06 14:04 - 00001298 _____ C:\Users\Public\Desktop\VMware vCenter Converter Standalone Client.lnk
2014-01-06 14:04 - 2014-01-06 14:04 - 00001024 _____ C:\.rnd
2014-01-06 14:03 - 2014-01-06 14:52 - 00000000 ____D C:\Users\acerhell\AppData\Local\VMware
2014-01-06 14:03 - 2014-01-06 14:03 - 00000000 ____D C:\Program Files (x86)\VMware
2014-01-06 14:01 - 2014-01-06 14:03 - 00000000 ____D C:\ProgramData\VMware
2014-01-06 13:57 - 2014-01-06 13:58 - 00000000 ____D C:\Users\acerhell\Desktop\VMware vCenter Converter Standalone 5.5
2013-12-31 13:25 - 2013-12-31 13:25 - 00000000 ____D C:\Users\acerhell\AppData\Roaming\Stellarium
2013-12-31 13:25 - 2013-12-31 13:25 - 00000000 ____D C:\Users\acerhell\AppData\Local\stellarium
2013-12-30 08:50 - 2013-12-30 08:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-30 08:37 - 2013-12-30 08:37 - 00001724 _____ C:\Users\Public\Desktop\Stellarium.lnk
2013-12-30 08:36 - 2013-12-30 08:37 - 00000000 ____D C:\Program Files\Stellarium

==================== One Month Modified Files and Folders =======

2014-01-22 19:05 - 2014-01-22 19:05 - 00020012 _____ C:\Users\acerhell\Desktop\FRST.txt
2014-01-22 18:52 - 2014-01-14 16:41 - 00000000 ____D C:\Users\acerhell\Desktop\Hacker 2014 01
2014-01-22 18:51 - 2010-02-12 21:30 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-22 18:41 - 2012-11-04 07:43 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-22 17:31 - 2009-12-04 15:36 - 01107381 _____ C:\Windows\WindowsUpdate.log
2014-01-22 15:39 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-22 15:39 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-22 15:33 - 2014-01-22 15:33 - 00000000 ___RD C:\Users\acerhell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2014-01-22 15:33 - 2010-02-12 21:30 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-22 15:31 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-22 15:31 - 2009-07-14 05:51 - 00068042 _____ C:\Windows\setupact.log
2014-01-22 15:28 - 2013-12-10 18:59 - 00058989 _____ C:\Windows\IE11_main.log
2014-01-22 15:21 - 2014-01-22 15:21 - 00987425 _____ C:\Users\acerhell\Desktop\SecurityCheck.exe
2014-01-22 15:21 - 2014-01-22 15:20 - 02347384 _____ (ESET) C:\Users\acerhell\Downloads\esetsmartinstaller_enu.exe
2014-01-21 14:18 - 2014-01-21 14:18 - 00000000 ____D C:\Windows\ERUNT
2014-01-21 14:04 - 2014-01-21 14:02 - 00000000 ____D C:\AdwCleaner
2014-01-21 11:20 - 2014-01-21 11:19 - 01037068 _____ (Thisisu) C:\Users\acerhell\Desktop\JRT.exe
2014-01-21 11:19 - 2014-01-21 11:19 - 01236282 _____ C:\Users\acerhell\Downloads\adwcleaner.exe
2014-01-20 12:22 - 2014-01-20 12:22 - 00030347 _____ C:\ComboFix.txt
2014-01-20 12:22 - 2014-01-20 11:51 - 00000000 ____D C:\Qoobox
2014-01-20 12:22 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2014-01-20 12:18 - 2014-01-20 11:50 - 00000000 ____D C:\Windows\erdnt
2014-01-20 12:12 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2014-01-20 12:10 - 2009-10-23 08:21 - 00838962 _____ C:\Windows\PFRO.log
2014-01-20 11:48 - 2014-01-20 11:47 - 05167985 ____R (Swearware) C:\Users\acerhell\Downloads\ComboFix.exe
2014-01-19 22:21 - 2009-12-05 00:27 - 00656266 _____ C:\Windows\system32\perfh007.dat
2014-01-19 22:21 - 2009-12-05 00:27 - 00131006 _____ C:\Windows\system32\perfc007.dat
2014-01-19 22:21 - 2009-07-14 06:13 - 01505034 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-19 22:18 - 2014-01-19 22:17 - 00000000 ____D C:\Users\acerhell\Downloads\scan01-netbook
2014-01-19 18:34 - 2011-04-03 15:31 - 00000000 ____D C:\Users\acerhell\AppData\Local\CrashDumps
2014-01-19 18:33 - 2014-01-19 18:33 - 00000816 _____ C:\Users\acerhell\Desktop\Problemsignatur absturz gmer.txt
2014-01-19 17:33 - 2014-01-19 17:33 - 00277464 _____ C:\Windows\Minidump\011914-108249-01.dmp
2014-01-19 17:33 - 2010-04-12 10:12 - 00000000 ____D C:\Windows\Minidump
2014-01-19 17:33 - 2009-07-14 05:45 - 02415880 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-19 17:32 - 2010-04-12 10:11 - 489687865 _____ C:\Windows\MEMORY.DMP
2014-01-19 15:08 - 2014-01-19 15:08 - 00000000 ____D C:\Users\acerhell\Downloads\gmer_2.1.19323
2014-01-19 15:03 - 2014-01-19 15:03 - 00000000 ____D C:\FRST
2014-01-19 14:48 - 2014-01-19 14:47 - 02076672 _____ (Farbar) C:\Users\acerhell\Desktop\FRST64.exe
2014-01-19 14:47 - 2014-01-19 14:47 - 00000000 _____ C:\Users\acerhell\defogger_reenable
2014-01-19 14:47 - 2010-01-22 19:47 - 00000000 ____D C:\Users\acerhell
2014-01-19 14:46 - 2014-01-19 14:45 - 00050477 _____ C:\Users\acerhell\Downloads\Defogger.exe
2014-01-19 08:33 - 2010-01-22 20:21 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-15 21:03 - 2013-10-07 14:12 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 20:59 - 2010-01-31 17:22 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 09:19 - 2012-06-29 10:24 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-15 09:19 - 2012-06-29 10:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-15 09:05 - 2014-01-15 09:05 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\acerhell\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-14 18:57 - 2010-01-25 21:34 - 00000000 ____D C:\Users\acerhell\AppData\Roaming\FileZilla
2014-01-14 08:19 - 2014-01-14 08:19 - 00047104 ___SH C:\Users\acerhell\AppData\Thumbs.db
2014-01-14 08:06 - 2010-09-30 20:07 - 00000000 ____D C:\Users\acerhell\Documents\Filezilla-DB
2014-01-09 08:28 - 2014-01-09 08:28 - 00000204 _____ C:\Users\acerhell\Desktop\Lerncenter WD My Cloud.url
2014-01-09 08:28 - 2014-01-09 08:28 - 00000158 _____ C:\Users\acerhell\Desktop\WD My Cloud – Öffentliche Freigabe.url
2014-01-09 08:28 - 2014-01-09 08:28 - 00000154 _____ C:\Users\acerhell\Desktop\WD My Cloud-Dashboard.url
2014-01-09 08:28 - 2014-01-09 08:28 - 00000000 ____D C:\ProgramData\Western Digital
2014-01-08 18:34 - 2014-01-08 18:34 - 00000000 ____D C:\Users\acerhell\AppData\Local\Western Digital
2014-01-08 12:34 - 2012-08-04 21:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-06 18:24 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2014-01-06 14:52 - 2014-01-06 14:03 - 00000000 ____D C:\Users\acerhell\AppData\Local\VMware
2014-01-06 14:04 - 2014-01-06 14:04 - 00001298 _____ C:\Users\Public\Desktop\VMware vCenter Converter Standalone Client.lnk
2014-01-06 14:04 - 2014-01-06 14:04 - 00001024 _____ C:\.rnd
2014-01-06 14:03 - 2014-01-06 14:03 - 00000000 ____D C:\Program Files (x86)\VMware
2014-01-06 14:03 - 2014-01-06 14:01 - 00000000 ____D C:\ProgramData\VMware
2014-01-06 13:58 - 2014-01-06 13:57 - 00000000 ____D C:\Users\acerhell\Desktop\VMware vCenter Converter Standalone 5.5
2013-12-31 13:25 - 2013-12-31 13:25 - 00000000 ____D C:\Users\acerhell\AppData\Roaming\Stellarium
2013-12-31 13:25 - 2013-12-31 13:25 - 00000000 ____D C:\Users\acerhell\AppData\Local\stellarium
2013-12-30 08:51 - 2013-12-30 08:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-30 08:37 - 2013-12-30 08:37 - 00001724 _____ C:\Users\Public\Desktop\Stellarium.lnk
2013-12-30 08:37 - 2013-12-30 08:36 - 00000000 ____D C:\Program Files\Stellarium

Some content of TEMP:
====================
C:\Users\acerhell\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-19 16:04

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 23.01.2014 19:15
Nee. Flash, Adobe und Thunderbird updaten.

Passwort auf jeden Fall ändern wenn noch nicht getan.

Fertig :)

Falls Du Lob oder Kritik loswerden möchtest kannst Du das hier tun :)


Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

franz12 24.01.2014 07:30
Super - vielen Dank und ein schönes Wochenende!

schrauber 24.01.2014 14:43
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:18 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131