Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Interpol-Virus - Rechner ist gesperrt (https://www.trojaner-board.de/140809-interpol-virus-rechner-gesperrt.html)

mauli.mauli 01.09.2013 05:39
Interpol-Virus - Rechner ist gesperrt
 
Hallo zusammen,

bereits im letzten September ereilte mich ein solches Problem, jetzt wieder: Während der Internetnutzung erscheint plötzlich zuerst mein Wallpaper, dann eine Seite mit Interpol-Aufdruck und Pseudogesetzestexten sowie der Aufforderung, für die Entsperrung des Rechners Geld zu überweisen.

Damals habt Ihr mir dankenswerterweise geholfen, nun bitte ich erneut darum. Wie soll ich anfangen?

Es handelt sich um einen Windows-7-Rechner und ich bin allenfalls mäßig kenntnisreich.

Gruß

Mauli

schrauber 01.09.2013 06:56
hi,

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST Download FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Ja und klicke Untersuchen
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).


mauli.mauli 01.09.2013 10:15
Hallo Schrauber,

hier mein Code:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-09-2013
Ran by SYSTEM on MININT-5PJP5LV on 01-09-2013 11:37:20
Running from H:\
Windows 7 Professional (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-11] (CANON INC.)
HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-10-21] (NEC Electronics Corporation)
HKLM-x32\...\Run: [B2C_AGENT] - C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe [404568 2012-03-28] (LG Electronics)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKU\Andreas Kries\...\Run: [AnyDVD] - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [3464128 2010-05-04] (SlySoft, Inc.)
HKU\Andreas Kries\...\Run: [SDP] - C:\Users\Andreas Kries\AppData\Local\FilesFrog Update Checker\update_checker.exe [201808 2013-01-31] (Somoto)
HKU\Andreas Kries\...\Run: [AppsHat] - C:\Users\Andreas Kries\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe [202752 2012-10-26] ()
AppInit_DLLs-x32: c:\progra~3\browse~1\261562~1.220\{c16c1~1\browse~1.dll [2699216 2013-08-13] ()
Startup: C:\Users\Andreas Kries\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\Andreas Kries\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk
ShortcutTarget: lollipop.lnk ->  (No File)
Startup: C:\Users\Andreas Kries\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sskbcxcjoiwojxjxlba.lnk
ShortcutTarget: sskbcxcjoiwojxjxlba.lnk -> C:\Users\ANDREA~1\AppData\Local\Temp\ablxjxjowiojcxcbkss.exe (Microsoft Corporation)

==================== Services (Whitelisted) =================

S2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2838480 2013-08-13] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation)
S2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S2 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2013-04-04] (Wajam)
S2 Crypkey License; crypserv.exe [x]
S2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [x]

==================== Drivers (Whitelisted) ====================

S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [123840 2010-04-23] (SlySoft, Inc.)
S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-28] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-28] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-28] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
S1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
S3 Andbus; system32\DRIVERS\lgandbus64.sys [x]
S3 AndDiag; system32\DRIVERS\lganddiag64.sys [x]
S3 AndGps; system32\DRIVERS\lgandgps64.sys [x]
S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [x]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [x]
S3 AndNetGps; system32\DRIVERS\lgandnetgps64.sys [x]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [x]
S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 cpuz132; \??\C:\Users\ANDREA~1\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-01 09:40 - 2013-09-01 09:55 - 00003436 _____ C:\Windows\System32\Tasks\BrowserDefendert
2013-09-01 08:31 - 2013-09-01 08:31 - 00000000 ____D C:\Program Files (x86)\PricePeep
2013-09-01 08:30 - 2013-09-01 08:30 - 00000000 ____D C:\Users\Andreas Kries\AppData\Local\Conduit
2013-09-01 08:30 - 2013-09-01 08:30 - 00000000 ____D C:\Program Files (x86)\FileConverter_1.3
2013-09-01 08:30 - 2013-09-01 08:30 - 00000000 ____D C:\Program Files (x86)\Conduit
2013-09-01 08:29 - 2013-09-01 08:29 - 00002128 _____ C:\Users\Andreas Kries\Desktop\AppsHat.lnk
2013-09-01 08:29 - 2013-09-01 08:29 - 00000000 ____D C:\Users\Andreas Kries\AppData\Roaming\BabSolution
2013-09-01 08:29 - 2013-09-01 08:29 - 00000000 ____D C:\Users\Andreas Kries\AppData\Local\WebPlayer
2013-09-01 08:29 - 2013-09-01 08:29 - 00000000 ____D C:\Users\Andreas Kries\AppData\Local\Minibar
2013-09-01 08:29 - 2013-09-01 08:29 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-09-01 08:29 - 2013-09-01 08:29 - 00000000 ____D C:\Program Files (x86)\Minibar
2013-09-01 08:29 - 2013-09-01 08:29 - 00000000 ____D C:\Program Files (x86)\BabylonToolbar
2013-09-01 08:28 - 2013-09-01 08:28 - 00000000 ____D C:\Users\Andreas Kries\AppData\Roaming\Babylon
2013-09-01 08:28 - 2013-09-01 08:28 - 00000000 ____D C:\Users\Andreas Kries\AppData\Local\Lollipop
2013-09-01 08:28 - 2013-09-01 08:28 - 00000000 ____D C:\ProgramData\Babylon
2013-09-01 08:27 - 2013-09-01 08:27 - 00000000 ____D C:\Users\Andreas Kries\AppData\Local\FilesFrog Update Checker
2013-09-01 05:10 - 2013-09-01 05:10 - 00000165 _____ C:\ProgramData\sskbcxcjoiwojxjxlba.reg
2013-09-01 05:10 - 2013-09-01 05:10 - 00000070 _____ C:\ProgramData\sskbcxcjoiwojxjxlba.bat
2013-08-18 02:05 - 2013-07-26 06:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-08-18 02:05 - 2013-07-26 06:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-08-18 02:05 - 2013-07-26 06:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-08-18 02:05 - 2013-07-26 06:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-08-18 02:05 - 2013-07-26 06:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-08-18 02:05 - 2013-07-26 06:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-08-18 02:05 - 2013-07-26 06:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-08-18 02:05 - 2013-07-26 06:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-08-18 02:05 - 2013-07-26 06:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-08-18 02:05 - 2013-07-26 06:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-08-18 02:05 - 2013-07-26 06:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-08-18 02:05 - 2013-07-26 06:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-08-18 02:05 - 2013-07-26 06:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-08-18 02:05 - 2013-07-26 06:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-08-18 02:05 - 2013-07-26 04:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-08-18 02:05 - 2013-07-26 04:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-18 02:05 - 2013-07-26 04:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-18 02:05 - 2013-07-26 04:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-18 02:05 - 2013-07-26 04:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-18 02:05 - 2013-07-26 04:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-18 02:05 - 2013-07-26 04:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-18 02:05 - 2013-07-26 04:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-18 02:05 - 2013-07-26 04:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-18 02:05 - 2013-07-26 04:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-18 02:05 - 2013-07-26 04:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-18 02:05 - 2013-07-26 04:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-18 02:05 - 2013-07-26 04:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-18 02:05 - 2013-07-26 04:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-18 02:05 - 2013-07-26 03:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-18 02:05 - 2013-07-26 03:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-18 02:05 - 2013-07-26 02:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-18 02:01 - 2013-08-18 02:01 - 00000000 ____D C:\Windows\System32\MRT
2013-08-17 22:21 - 2013-07-25 10:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-08-17 22:21 - 2013-07-25 09:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-17 22:21 - 2013-07-19 02:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-08-17 22:21 - 2013-07-19 02:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-17 22:21 - 2013-07-09 06:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-08-17 22:21 - 2013-07-09 06:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-08-17 22:21 - 2013-07-09 06:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-08-17 22:21 - 2013-07-09 06:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-08-17 22:21 - 2013-07-09 06:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-08-17 22:21 - 2013-07-09 05:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-17 22:21 - 2013-07-09 05:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-17 22:21 - 2013-07-09 05:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-17 22:21 - 2013-07-09 05:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-17 22:21 - 2013-07-09 05:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-17 22:21 - 2013-07-06 07:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-08-17 22:21 - 2013-06-15 05:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-01 10:07 - 2013-04-11 07:30 - 00000812 _____ C:\Windows\errord.log
2013-09-01 09:55 - 2013-09-01 09:40 - 00003436 _____ C:\Windows\System32\Tasks\BrowserDefendert
2013-09-01 09:55 - 2013-05-14 14:56 - 00001426 _____ C:\Users\Andreas Kries\Desktop\Registry kostenlos entrümpeln!.lnk
2013-09-01 09:55 - 2013-04-09 17:17 - 00000000 ___RD C:\Users\Andreas Kries\Dropbox
2013-09-01 09:55 - 2013-04-09 17:12 - 00000000 ____D C:\Users\Andreas Kries\AppData\Roaming\Dropbox
2013-09-01 09:55 - 2010-10-18 14:48 - 00000000 ____D C:\Users\Public\Documents\phase6_19_Daten
2013-09-01 09:54 - 2013-04-11 07:31 - 00003224 _____ C:\Windows\error.log
2013-09-01 09:54 - 2010-07-19 16:14 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-01 09:53 - 2013-04-11 07:31 - 00001512 _____ C:\Windows\setupact.log
2013-09-01 09:53 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-01 09:40 - 2013-04-11 07:30 - 00013242 _____ C:\Windows\PFRO.log
2013-09-01 08:31 - 2013-09-01 08:31 - 00000000 ____D C:\Program Files (x86)\PricePeep
2013-09-01 08:30 - 2013-09-01 08:30 - 00000000 ____D C:\Users\Andreas Kries\AppData\Local\Conduit
2013-09-01 08:30 - 2013-09-01 08:30 - 00000000 ____D C:\Program Files (x86)\FileConverter_1.3
2013-09-01 08:30 - 2013-09-01 08:30 - 00000000 ____D C:\Program Files (x86)\Conduit
2013-09-01 08:29 - 2013-09-01 08:29 - 00002128 _____ C:\Users\Andreas Kries\Desktop\AppsHat.lnk
2013-09-01 08:29 - 2013-09-01 08:29 - 00000000 ____D C:\Users\Andreas Kries\AppData\Roaming\BabSolution
2013-09-01 08:29 - 2013-09-01 08:29 - 00000000 ____D C:\Users\Andreas Kries\AppData\Local\WebPlayer
2013-09-01 08:29 - 2013-09-01 08:29 - 00000000 ____D C:\Users\Andreas Kries\AppData\Local\Minibar
2013-09-01 08:29 - 2013-09-01 08:29 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-09-01 08:29 - 2013-09-01 08:29 - 00000000 ____D C:\Program Files (x86)\Minibar
2013-09-01 08:29 - 2013-09-01 08:29 - 00000000 ____D C:\Program Files (x86)\BabylonToolbar
2013-09-01 08:28 - 2013-09-01 08:28 - 00000000 ____D C:\Users\Andreas Kries\AppData\Roaming\Babylon
2013-09-01 08:28 - 2013-09-01 08:28 - 00000000 ____D C:\Users\Andreas Kries\AppData\Local\Lollipop
2013-09-01 08:28 - 2013-09-01 08:28 - 00000000 ____D C:\ProgramData\Babylon
2013-09-01 08:27 - 2013-09-01 08:27 - 00000000 ____D C:\Users\Andreas Kries\AppData\Local\FilesFrog Update Checker
2013-09-01 08:27 - 2010-05-10 20:55 - 00000000 ____D C:\users\Andreas Kries
2013-09-01 06:54 - 2010-05-11 12:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-09-01 05:14 - 2012-09-13 17:19 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-01 05:14 - 2012-01-07 12:46 - 01072913 _____ C:\Windows\WindowsUpdate.log
2013-09-01 05:10 - 2013-09-01 05:10 - 00000165 _____ C:\ProgramData\sskbcxcjoiwojxjxlba.reg
2013-09-01 05:10 - 2013-09-01 05:10 - 00000070 _____ C:\ProgramData\sskbcxcjoiwojxjxlba.bat
2013-09-01 05:00 - 2010-07-19 17:26 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-01 02:39 - 2009-07-14 05:45 - 00014832 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-01 02:39 - 2009-07-14 05:45 - 00014832 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-31 15:06 - 2013-05-07 17:29 - 00000292 _____ C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2013-08-31 15:05 - 2013-05-07 17:29 - 00003108 _____ C:\Windows\System32\Tasks\RegClean Pro
2013-08-31 13:45 - 2010-09-04 15:33 - 00000000 ____D C:\ProgramData\tmp
2013-08-31 09:36 - 2011-01-18 07:10 - 00003990 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2C2445AC-E01D-4060-8C95-9199466740A1}
2013-08-30 07:55 - 2012-09-13 17:48 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-08-30 07:50 - 2010-07-29 18:45 - 00002242 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-28 21:07 - 2013-05-07 17:29 - 00000300 _____ C:\Windows\Tasks\RegClean Pro_UPDATES.job
2013-08-26 10:14 - 2010-09-07 19:23 - 00000000 ____D C:\Users\Andreas Kries\AppData\Roaming\EurekaLog
2013-08-24 10:56 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\NDF
2013-08-23 14:38 - 2013-04-08 20:17 - 00000000 _____ C:\END
2013-08-21 17:14 - 2012-09-13 17:19 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-21 17:14 - 2012-09-13 17:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-21 17:14 - 2012-09-13 17:19 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-18 03:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-08-18 02:01 - 2013-08-18 02:01 - 00000000 ____D C:\Windows\System32\MRT
2013-08-18 02:00 - 2010-05-11 11:44 - 78161360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-08-07 03:22 - 2010-05-10 21:11 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

Files to move or delete:
====================
c:\progra~3\browse~1\261562~1.220\{c16c1~1\browse~1.dll
C:\ProgramData\sskbcxcjoiwojxjxlba.bat
C:\ProgramData\sskbcxcjoiwojxjxlba.reg
C:\Users\Andreas Kries\AppData\Local\Temp\7z920.exe
C:\Users\Andreas Kries\AppData\Local\Temp\ablxjxjowiojcxcbkss.exe
C:\Users\Andreas Kries\AppData\Local\Temp\appshat-distribution.exe
C:\Users\Andreas Kries\AppData\Local\Temp\BabylonTB.exe
C:\Users\Andreas Kries\AppData\Local\Temp\LollipopInstaller_somoto_14693.exe
C:\Users\Andreas Kries\AppData\Local\Temp\pricepeep_130001_0101.exe
C:\Users\Andreas Kries\AppData\Local\Temp\tbedrs.dll
C:\Users\Andreas Kries\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer.exe
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Desktop.exe
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_ar.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_cs.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_da.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_de.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_en.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_es.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_fi.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_fr.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_it.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_ja.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_ko.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_nl.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_no.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_pl.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_pt.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_ru.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_sv.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_tr.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_zh.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Service.exe
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\tv_w32.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\tv_w32.exe
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\tv_x64.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\tv_x64.exe
C:\Users\Andreas Kries\AppData\Local\Temp\nsz42D.tmp\UAC.dll
C:\Users\Andreas Kries\AppData\Local\Temp\nsoDFDA.tmp\DropboxNSISTools.dll
C:\Users\Andreas Kries\AppData\Local\Temp\nsoDFDA.tmp\UAC.dll
C:\Users\Andreas Kries\AppData\Local\Temp\nseDF30.tmp\DropboxNSISTools.dll
C:\Users\Andreas Kries\AppData\Local\Temp\nseDF30.tmp\nsExec.dll
C:\Users\Andreas Kries\AppData\Local\Temp\nseDF30.tmp\UAC.dll
C:\Users\Andreas Kries\AppData\Local\Temp\nse7CC6.tmp\UAC.dll
C:\Users\Andreas Kries\AppData\Local\Temp\nsd3EFB.tmp\DropboxNSISTools.dll
C:\Users\Andreas Kries\AppData\Local\Temp\nsd3EFB.tmp\UAC.dll
C:\Users\Andreas Kries\AppData\Local\Temp\CDBurnerXP-updates\cdbxp_setup_4.5.1.4003.exe
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\BabMaint.exe
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\BExternal.dll
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\BUSolForMontiera.dll
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\BUSolution.dll
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\ccp.exe
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\ChromeToolbarSetup.dll
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\CrxInstaller.dll
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\enhancedNT.dll
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\GUninstaller.exe
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\IEHelper.dll
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\MntrDLLInstall.dll
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\MyBabylonTB.exe
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\Setup.exe
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\sqlite3.dll

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-08-01 06:22:28
Restore point made on: 2013-08-18 02:00:26
Restore point made on: 2013-08-19 07:24:14
Restore point made on: 2013-08-21 05:32:37
Restore point made on: 2013-08-25 07:02:18
Restore point made on: 2013-08-28 07:10:58
Restore point made on: 2013-09-01 05:10:01

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 8183.05 MB
Available physical RAM: 7359.24 MB
Total Pagefile: 8181.2 MB
Available Pagefile: 7350.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (Seagate_05_10_P1) (Fixed) (Total:322.17 GB) (Free:251.28 GB) NTFS
Drive e: (Seagate_05_10_P2) (Fixed) (Total:609.24 GB) (Free:513.85 GB) NTFS
Drive g: (GRMCPRXFREO_DE_DVD) (CDROM) (Total:2.97 GB) (Free:0 GB) UDF
Drive h: () (Removable) (Total:7.47 GB) (Free:7.26 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: BA70ACE0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=322 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=609 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 15A7647D)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)


LastRegBack: 2013-08-22 15:47

==================== End Of Log ============================
--- --- ---


Vielen Dank schon jetzt, Gruß

Andreas aka. mauli.mauli

schrauber 01.09.2013 12:52
Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
Startup: C:\Users\Andreas Kries\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk
ShortcutTarget: lollipop.lnk ->  (No File)
Startup: C:\Users\Andreas Kries\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sskbcxcjoiwojxjxlba.lnk
ShortcutTarget: sskbcxcjoiwojxjxlba.lnk -> C:\Users\ANDREA~1\AppData\Local\Temp\ablxjxjowiojcxcbkss.exe (Microsoft Corporation)
c:\progra~3\browse~1\261562~1.220\{c16c1~1\browse~1.dll
C:\ProgramData\sskbcxcjoiwojxjxlba.bat
C:\ProgramData\sskbcxcjoiwojxjxlba.reg
C:\Users\Andreas Kries\AppData\Local\Temp\7z920.exe
C:\Users\Andreas Kries\AppData\Local\Temp\ablxjxjowiojcxcbkss.exe
C:\Users\Andreas Kries\AppData\Local\Temp\appshat-distribution.exe
C:\Users\Andreas Kries\AppData\Local\Temp\BabylonTB.exe
C:\Users\Andreas Kries\AppData\Local\Temp\LollipopInstaller_somoto_14693.exe
C:\Users\Andreas Kries\AppData\Local\Temp\pricepeep_130001_0101.exe
C:\Users\Andreas Kries\AppData\Local\Temp\tbedrs.dll
C:\Users\Andreas Kries\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer.exe
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Desktop.exe
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_ar.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_cs.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_da.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_de.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_en.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_es.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_fi.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_fr.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_it.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_ja.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_ko.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_nl.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_no.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_pl.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_pt.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_ru.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_sv.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_tr.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_zh.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Service.exe
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\tv_w32.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\tv_w32.exe
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\tv_x64.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\tv_x64.exe
C:\Users\Andreas Kries\AppData\Local\Temp\nsz42D.tmp\UAC.dll
C:\Users\Andreas Kries\AppData\Local\Temp\nsoDFDA.tmp\DropboxNSISTools.dll
C:\Users\Andreas Kries\AppData\Local\Temp\nsoDFDA.tmp\UAC.dll
C:\Users\Andreas Kries\AppData\Local\Temp\nseDF30.tmp\DropboxNSISTools.dll
C:\Users\Andreas Kries\AppData\Local\Temp\nseDF30.tmp\nsExec.dll
C:\Users\Andreas Kries\AppData\Local\Temp\nseDF30.tmp\UAC.dll
C:\Users\Andreas Kries\AppData\Local\Temp\nse7CC6.tmp\UAC.dll
C:\Users\Andreas Kries\AppData\Local\Temp\nsd3EFB.tmp\DropboxNSISTools.dll
C:\Users\Andreas Kries\AppData\Local\Temp\nsd3EFB.tmp\UAC.dll
C:\Users\Andreas Kries\AppData\Local\Temp\CDBurnerXP-updates\cdbxp_setup_4.5.1.4003.exe
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\BabMaint.exe
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\BExternal.dll
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\BUSolForMontiera.dll
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\BUSolution.dll
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\ccp.exe
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\ChromeToolbarSetup.dll
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\CrxInstaller.dll
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\enhancedNT.dll
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\GUninstaller.exe
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\IEHelper.dll
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\MntrDLLInstall.dll
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\MyBabylonTB.exe
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\Setup.exe
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\sqlite3.dll
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.


rechner normal starten :)

mauli.mauli 01.09.2013 14:09
Vielen Dank! Der Rechner läuft wieder. Hier der gewünschte Code:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-09-2013
Ran by SYSTEM at 2013-09-01 14:59:47 Run:1
Running from H:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
Startup: C:\Users\Andreas Kries\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk
ShortcutTarget: lollipop.lnk ->  (No File)
Startup: C:\Users\Andreas Kries\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sskbcxcjoiwojxjxlba.lnk
ShortcutTarget: sskbcxcjoiwojxjxlba.lnk -> C:\Users\ANDREA~1\AppData\Local\Temp\ablxjxjowiojcxcbkss.exe (Microsoft Corporation)
c:\progra~3\browse~1\261562~1.220\{c16c1~1\browse~1.dll
C:\ProgramData\sskbcxcjoiwojxjxlba.bat
C:\ProgramData\sskbcxcjoiwojxjxlba.reg
C:\Users\Andreas Kries\AppData\Local\Temp\7z920.exe
C:\Users\Andreas Kries\AppData\Local\Temp\ablxjxjowiojcxcbkss.exe
C:\Users\Andreas Kries\AppData\Local\Temp\appshat-distribution.exe
C:\Users\Andreas Kries\AppData\Local\Temp\BabylonTB.exe
C:\Users\Andreas Kries\AppData\Local\Temp\LollipopInstaller_somoto_14693.exe
C:\Users\Andreas Kries\AppData\Local\Temp\pricepeep_130001_0101.exe
C:\Users\Andreas Kries\AppData\Local\Temp\tbedrs.dll
C:\Users\Andreas Kries\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer.exe
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Desktop.exe
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_ar.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_cs.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_da.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_de.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_en.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_es.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_fi.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_fr.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_it.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_ja.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_ko.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_nl.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_no.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_pl.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_pt.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_ru.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_sv.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_tr.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_zh.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Service.exe
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\tv_w32.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\tv_w32.exe
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\tv_x64.dll
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\tv_x64.exe
C:\Users\Andreas Kries\AppData\Local\Temp\nsz42D.tmp\UAC.dll
C:\Users\Andreas Kries\AppData\Local\Temp\nsoDFDA.tmp\DropboxNSISTools.dll
C:\Users\Andreas Kries\AppData\Local\Temp\nsoDFDA.tmp\UAC.dll
C:\Users\Andreas Kries\AppData\Local\Temp\nseDF30.tmp\DropboxNSISTools.dll
C:\Users\Andreas Kries\AppData\Local\Temp\nseDF30.tmp\nsExec.dll
C:\Users\Andreas Kries\AppData\Local\Temp\nseDF30.tmp\UAC.dll
C:\Users\Andreas Kries\AppData\Local\Temp\nse7CC6.tmp\UAC.dll
C:\Users\Andreas Kries\AppData\Local\Temp\nsd3EFB.tmp\DropboxNSISTools.dll
C:\Users\Andreas Kries\AppData\Local\Temp\nsd3EFB.tmp\UAC.dll
C:\Users\Andreas Kries\AppData\Local\Temp\CDBurnerXP-updates\cdbxp_setup_4.5.1.4003.exe
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\BabMaint.exe
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\BExternal.dll
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\BUSolForMontiera.dll
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\BUSolution.dll
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\ccp.exe
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\ChromeToolbarSetup.dll
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\CrxInstaller.dll
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\enhancedNT.dll
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\GUninstaller.exe
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\IEHelper.dll
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\MntrDLLInstall.dll
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\MyBabylonTB.exe
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\Setup.exe
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\sqlite3.dll
       
*****************

C:\Users\Andreas Kries\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk => Moved successfully.
ShortcutTarget: lollipop.lnk ->  (No File) not found.
C:\Users\Andreas Kries\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sskbcxcjoiwojxjxlba.lnk => Moved successfully.
C:\Users\ANDREA~1\AppData\Local\Temp\ablxjxjowiojcxcbkss.exe => Moved successfully.
c:\progra~3\browse~1\261562~1.220\{c16c1~1\browse~1.dll => Moved successfully.
C:\ProgramData\sskbcxcjoiwojxjxlba.bat => Moved successfully.
C:\ProgramData\sskbcxcjoiwojxjxlba.reg => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\7z920.exe => Moved successfully.
"C:\Users\Andreas Kries\AppData\Local\Temp\ablxjxjowiojcxcbkss.exe" => File/Directory not found.
C:\Users\Andreas Kries\AppData\Local\Temp\appshat-distribution.exe => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\BabylonTB.exe => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\LollipopInstaller_somoto_14693.exe => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\pricepeep_130001_0101.exe => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\tbedrs.dll => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\UpdateCheckerSetup.exe => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer.exe => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Desktop.exe => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_ar.dll => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_cs.dll => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_da.dll => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_de.dll => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_en.dll => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_es.dll => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_fi.dll => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_fr.dll => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_it.dll => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_ja.dll => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_ko.dll => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_nl.dll => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_no.dll => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_pl.dll => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_pt.dll => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_ru.dll => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_sv.dll => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_tr.dll => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Resource_zh.dll => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Service.exe => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\tv_w32.dll => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\tv_w32.exe => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\tv_x64.dll => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\TeamViewer\Version6\tv_x64.exe => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\nsz42D.tmp\UAC.dll => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\nsoDFDA.tmp\DropboxNSISTools.dll => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\nsoDFDA.tmp\UAC.dll => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\nseDF30.tmp\DropboxNSISTools.dll => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\nseDF30.tmp\nsExec.dll => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\nseDF30.tmp\UAC.dll => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\nse7CC6.tmp\UAC.dll => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\nsd3EFB.tmp\DropboxNSISTools.dll => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\nsd3EFB.tmp\UAC.dll => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\CDBurnerXP-updates\cdbxp_setup_4.5.1.4003.exe => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\BabMaint.exe => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\BExternal.dll => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\BUSolForMontiera.dll => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\BUSolution.dll => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\ccp.exe => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\ChromeToolbarSetup.dll => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\CrxInstaller.dll => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\enhancedNT.dll => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\GUninstaller.exe => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\IEHelper.dll => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\MntrDLLInstall.dll => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\MyBabylonTB.exe => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\Setup.exe => Moved successfully.
C:\Users\Andreas Kries\AppData\Local\Temp\6893D216-BAB0-7891-945A-A62B60811927\Latest\sqlite3.dll => Moved successfully.

==== End of Fixlog ====
Gruß

Andreas aka. mauli.mauli

PS: Habe mal eine kleine Spende angewiesen ...

PPS: Habe ich noch Weiteres zu tun?

schrauber 01.09.2013 16:57
Kontrollscans im normalen Modus :)

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


mauli.mauli 01.09.2013 19:05
Hallo Schrauber,

hier sind die txt-Dateien in der von Dir genannten Reihenfolge:

Code:
Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.09.01.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Andreas Kries :: ANDREASKRIES-PC [Administrator]

Schutz: Aktiviert

01.09.2013 18:23:24
mbam-log-2013-09-01 (18-23-24).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 467505
Laufzeit: 52 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 3
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (PUP.Optional.BrowserProtect.A) -> 2040 -> Löschen bei Neustart.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (PUP.Optional.BrowserProtect.A) -> 2216 -> Löschen bei Neustart.
C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe (PUP.Optional.Wajam.A) -> 2864 -> Löschen bei Neustart.

Infizierte Speichermodule: 1
C:\Program Files (x86)\Wajam\IE\priam_bho.dll (PUP.Optional.Wajam.A) -> Löschen bei Neustart.

Infizierte Registrierungsschlüssel: 33
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (PUP.Optional.PricePeep.A) -> Keine Aktion durchgeführt.
HKLM\SYSTEM\CurrentControlSet\Services\WajamUpdater (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D} (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\wajam.WajamBHO.1 (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\wajam.WajamBHO (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892} (PUP.Optional.PricePeep.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (PUP.Optional.PricePeep.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408} (PUP.Optional.PricePeep.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8} (PUP.Optional.PricePeep.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\PricePeep.PricePeepBho.1 (PUP.Optional.PricePeep.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\PricePeep.PricePeepBho (PUP.Optional.PricePeep.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (PUP.Optional.PricePeep.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (PUP.Optional.PricePeep.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Typelib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} (PUP.Optional.BrowserProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AppsHat Mobile Apps (PUP.Optional.Somoto.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker (PUP.Optional.Somoto.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lollipop (Adware.LolliPop.IT) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep (PUP.Optional.PricePeep.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1 (PUP.Optional.RegCleanPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\AppID\PricePeep.DLL (PUP.Optional.PricePeep.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\DataMngr (PUP.Optional.DataMngr) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\BabylonToolbar (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Daten: hxxp://search.babylon.com/?babsrc=HP_ss_wls&mntrId=04F9E0CB4EDA9579&affID=123897&tsp=4992 -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|bProtectorDefaultScope (PUP.BProtector) -> Daten: {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 4
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=93c9ac0f-9150-4250-96be-e693e5533493&searchtype=ds&q={searchTerms}&installDate=08/04/2013) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=93c9ac0f-9150-4250-96be-e693e5533493&searchtype=ds&q={searchTerms}&installDate=08/04/2013) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=93c9ac0f-9150-4250-96be-e693e5533493&searchtype=ds&q={searchTerms}&installDate=08/04/2013) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|SearchAssistant (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=93c9ac0f-9150-4250-96be-e693e5533493&searchtype=ds&q={searchTerms}&installDate=08/04/2013) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 13
C:\Users\Andreas Kries\AppData\Local\Lollipop (Adware.LolliPop.IT) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Andreas Kries\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\PricePeep (PUP.Optional.PricePeep.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\RegClean Pro (PUP.Optional.RegCleanPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BrowserDefender\2.6.1562.220 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8} (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Andreas Kries\AppData\Roaming\BabSolution (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Andreas Kries\AppData\Roaming\BabSolution\Shared (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Wajam (PUP.Optional.Wajam.A) -> Löschen bei Neustart.
C:\Program Files (x86)\Wajam\Firefox (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Wajam\IE (PUP.Optional.Wajam.A) -> Löschen bei Neustart.
C:\Program Files (x86)\Wajam\Updater (PUP.Optional.Wajam.A) -> Löschen bei Neustart.

Infizierte Dateien: 89
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (PUP.Optional.BrowserProtect.A) -> Löschen bei Neustart.
C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe (PUP.Optional.Wajam.A) -> Löschen bei Neustart.
C:\Program Files (x86)\Wajam\IE\priam_bho.dll (PUP.Optional.Wajam.A) -> Löschen bei Neustart.
C:\FRST\Quarantine\ablxjxjowiojcxcbkss.exe (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\FRST\Quarantine\appshat-distribution.exe (PUP.Optional.Somoto.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\FRST\Quarantine\BabMaint.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\FRST\Quarantine\BabylonTB.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\FRST\Quarantine\BUSolution.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\FRST\Quarantine\Setup.exe (PUP.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\FRST\Quarantine\UpdateCheckerSetup.exe (PUP.Optional.Somoto.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\uninstall.exe (PUP.Optional.BrowserProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Andreas Kries\AppData\Local\AppsHat Mobile Apps\Uninstall.exe (PUP.Optional.Somoto.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Andreas Kries\AppData\Local\FilesFrog Update Checker\uninstall.exe (PUP.Optional.Somoto.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Andreas Kries\AppData\Local\Mozilla\Firefox\Profiles\ub420qck.default\Cache\B9A7EFE1d01 (PUP.Optional.RegCleanerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Andreas Kries\AppData\Local\Temp\btqqbrd (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Andreas Kries\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\67db8900-6e4ea5b0 (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Andreas Kries\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\4c91d715-30858c01 (Trojan.Reveton.LS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Andreas Kries\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\3d094a84-255365d5 (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Andreas Kries\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\7e9b88fb-3cbfe507 (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Andreas Kries\AppData\Roaming\BabSolution\Shared\BabMaint.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Andreas Kries\AppData\Roaming\BabSolution\Shared\BUSolution.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Downloads\rcpsetup_ad_de_10217_ad_de_10217.exe (PUP.Optional.RegCleanerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Andreas Kries\AppData\Local\Lollipop\lollipop.bat (Adware.LolliPop.IT) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Andreas Kries\AppData\Local\Lollipop\logo.ico (Adware.LolliPop.IT) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Andreas Kries\AppData\Local\Lollipop\Lollipop.exe (Adware.LolliPop.IT) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Andreas Kries\AppData\Local\Lollipop\lollipop.lpd (Adware.LolliPop.IT) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Andreas Kries\AppData\Local\Lollipop\lollipop_cfg.lpd (Adware.LolliPop.IT) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Andreas Kries\AppData\Local\Lollipop\lollipop_ps.lpd (Adware.LolliPop.IT) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Andreas Kries\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\PricePeep\installer.ico (PUP.Optional.PricePeep.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\PricePeep\uninstall.exe (PUP.Optional.PricePeep.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\PricePeep\unutil.exe (PUP.Optional.PricePeep.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\RegClean Pro\TraditionalCn_rcp_zh-tw.ini (PUP.Optional.RegCleanPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\RegClean Pro\Chinese_rcp.ini (PUP.Optional.RegCleanPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\RegClean Pro\CleanSchedule.exe (PUP.Optional.RegCleanPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\RegClean Pro\Cloud_Backup_Setup.exe (PUP.Optional.RegCleanPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\RegClean Pro\Cloud_Backup_Setup_Intl.exe (PUP.Optional.RegCleanPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\RegClean Pro\Danish_rcp.ini (PUP.Optional.RegCleanPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\RegClean Pro\Dutch_rcp.ini (PUP.Optional.RegCleanPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\RegClean Pro\eng_rcp.ini (PUP.Optional.RegCleanPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\RegClean Pro\Finnish_rcp_fi.ini (PUP.Optional.RegCleanPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\RegClean Pro\French_rcp.ini (PUP.Optional.RegCleanPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\RegClean Pro\German_rcp.ini (PUP.Optional.RegCleanPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\RegClean Pro\greek_rcp_el.ini (PUP.Optional.RegCleanPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\RegClean Pro\install_left_image.bmp (PUP.Optional.RegCleanPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\RegClean Pro\isxdl.dll (PUP.Optional.RegCleanPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\RegClean Pro\Italian_rcp.ini (PUP.Optional.RegCleanPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\RegClean Pro\Japanese_rcp.ini (PUP.Optional.RegCleanPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\RegClean Pro\korean_rcp_ko.ini (PUP.Optional.RegCleanPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\RegClean Pro\Norwegian_rcp.ini (PUP.Optional.RegCleanPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\RegClean Pro\polish_rcp_pl.ini (PUP.Optional.RegCleanPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\RegClean Pro\portugese_rcp_pt.ini (PUP.Optional.RegCleanPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\RegClean Pro\Portuguese_rcp.ini (PUP.Optional.RegCleanPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\RegClean Pro\RCPUninstall.exe (PUP.Optional.RegCleanPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\RegClean Pro\RegCleanPro.dll (PUP.Optional.RegCleanPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe (PUP.Optional.RegCleanPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\RegClean Pro\russian_rcp_ru.ini (PUP.Optional.RegCleanPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\RegClean Pro\Spanish_rcp.ini (PUP.Optional.RegCleanPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\RegClean Pro\Swedish_rcp.ini (PUP.Optional.RegCleanPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\RegClean Pro\systweakasp.exe (PUP.Optional.RegCleanPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\RegClean Pro\turkish_rcp_tr.ini (PUP.Optional.RegCleanPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\RegClean Pro\unins000.dat (PUP.Optional.RegCleanPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\RegClean Pro\unins000.exe (PUP.Optional.RegCleanPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\RegClean Pro\unins000.msg (PUP.Optional.RegCleanPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\RegClean Pro\xmllite.dll (PUP.Optional.RegCleanPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Tasks\RegClean Pro_DEFAULT.job (PUP.Optional.RegCleanPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bl (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.settings (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\dm (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\00 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\01 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\02 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\03 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\10 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\11 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\12 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\13 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\20 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\21 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\22 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\23 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Andreas Kries\AppData\Roaming\BabSolution\Shared\GUninstaller.exe (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Andreas Kries\AppData\Roaming\BabSolution\Shared\SetupParams.ini (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Andreas Kries\AppData\Roaming\BabSolution\Shared\sqlite3.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Wajam\uninstall.exe (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Wajam\IE\favicon.ico (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Wajam\IE\wajamLogo.bmp (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Wajam\Updater\update.exe (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Code:
# AdwCleaner v3.001 - Report created 01/09/2013 at 19:29:32
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Andreas Kries - ANDREASKRIES-PC
# Running from : D:\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : BrowserDefendert

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BrowserDefender
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Folder Deleted : C:\Program Files (x86)\BabylonToolbar
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Minibar
Folder Deleted : C:\Program Files (x86)\FileConverter_1.3
Folder Deleted : C:\Users\Andreas Kries\AppData\Local\Conduit
Folder Deleted : C:\Users\Andreas Kries\AppData\Local\FilesFrog Update Checker
Folder Deleted : C:\Users\Andreas Kries\AppData\Local\Minibar
Folder Deleted : C:\Users\Andreas Kries\AppData\Local\Wajam
Folder Deleted : C:\Users\Andreas Kries\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Andreas Kries\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Andreas Kries\AppData\LocalLow\Minibar
Folder Deleted : C:\Users\Andreas Kries\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Andreas Kries\AppData\LocalLow\FileConverter_1.3
Folder Deleted : C:\Users\Andreas Kries\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\Andreas Kries\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Andreas Kries\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
Folder Deleted : C:\Users\Andreas Kries\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
Folder Deleted : C:\Users\Andreas Kries\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Folder Deleted : C:\Users\Andreas Kries\AppData\Roaming\Mozilla\Firefox\Profiles\ub420qck.default\Extensions\{97A78363-B868-4B48-AC91-A783A31215AF}
Folder Deleted : C:\Users\Andreas Kries\AppData\Roaming\Mozilla\Firefox\Profiles\ub420qck.default\Extensions\ffxtlbr@incredibar.com
Folder Deleted : C:\Users\Andreas Kries\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Folder Deleted : C:\Users\Andreas Kries\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
File Deleted : C:\Users\Andreas Kries\AppData\Roaming\Mozilla\Firefox\Profiles\ub420qck.default\Extensions\pdfforge@mybrowserbar.com
File Deleted : C:\Users\Andreas Kries\AppData\Roaming\Mozilla\Firefox\Profiles\ub420qck.default\Extensions\pricepeep@getpricepeep.com.xpi
File Deleted : C:\Users\Andreas Kries\AppData\Roaming\Mozilla\Firefox\Profiles\ub420qck.default\Extensions\wtxpcom@mybrowserbar.com
File Deleted : C:\END
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Andreas Kries\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\lollipop.lnk
File Deleted : C:\Users\Andreas Kries\AppData\Roaming\Mozilla\Firefox\Profiles\ub420qck.default\searchplugins\Web Search.xml
File Deleted : C:\Users\Andreas Kries\AppData\Roaming\Mozilla\Firefox\Profiles\ub420qck.default\bProtector_extensions.rdf
File Deleted : C:\Users\Andreas Kries\AppData\Roaming\Mozilla\Firefox\Profiles\ub420qck.default\bprotector_extensions.sqlite
File Deleted : C:\Users\Andreas Kries\AppData\Roaming\Mozilla\Firefox\Profiles\ub420qck.default\user.js
File Deleted : C:\Users\Andreas Kries\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Windows\Tasks\RegClean Pro_UPDATES.job
File Deleted : C:\Windows\System32\Tasks\RegClean Pro_UPDATES

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{5A95A9E0-59DD-4314-BD84-4D18CA83A0E2}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SDP]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\I
Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKCU\Software\5b288d0b03bbf10
Key Deleted : HKLM\SOFTWARE\5b288d0b03bbf10
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_tinypic_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_tinypic_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{539F76FD-084E-4858-86D5-62F02F54AE86}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AA74D58F-ACD0-450D-A85E-6C04B171C044}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E516EF-11DE-47A1-8364-A99B917EC5EE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{153D7D79-706C-443D-BA98-41CA86982C9D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F13D3582-1359-4F8F-9A48-EF3AE9F5701C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA74D58F-ACD0-450D-A85E-6C04B171C044}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78E516EF-11DE-47A1-8364-A99B917EC5EE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA74D58F-ACD0-450D-A85E-6C04B171C044}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78E516EF-11DE-47A1-8364-A99B917EC5EE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AA74D58F-ACD0-450D-A85E-6C04B171C044}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{78E516EF-11DE-47A1-8364-A99B917EC5EE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{153D7D79-706C-443D-BA98-41CA86982C9D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{684930F3-F2D8-4B75-AD66-41F2C06C80AD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{389810CF-6CC6-49BF-87DA-3A5C54839A2B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{78E516EF-11DE-47A1-8364-A99B917EC5EE}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{78E516EF-11DE-47A1-8364-A99B917EC5EE}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{539F76FD-084E-4858-86D5-62F02F54AE86}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{78E516EF-11DE-47A1-8364-A99B917EC5EE}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{78E516EF-11DE-47A1-8364-A99B917EC5EE}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\distromatic
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\lollipop
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Somoto
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\Wajam
Key Deleted : HKCU\Software\Webplayer
Key Deleted : HKCU\Software\FileConverter_1.3
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\FileConverter_1.3
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\incredibar.com
Key Deleted : HKLM\Software\Minibar
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Wajam
Key Deleted : HKLM\Software\Web Assistant
Key Deleted : HKLM\Software\FileConverter_1.3
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileConverter_1.3 Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\Web Assistant

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v3.6.3 (de)

[ File : C:\Users\Andreas Kries\AppData\Roaming\Mozilla\Firefox\Profiles\ub420qck.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("browser.search.selectedEngine", "Web Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=93c9ac0f-9150-4250-96be-e693e5533493&searchtype=hp&installDate=08/04/2013");
Line Deleted : user_pref("extensions.enabledItems", "pdfforge@mybrowserbar.com:5.8,wtxpcom@mybrowserbar.com:5.8,{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31,ffxtlbr@incredibar.com:1.5.0,wrc@avast.com:8.0.1489,{9A20[...]
Line Deleted : user_pref("extensions.incredibar.admin", false);
Line Deleted : user_pref("extensions.incredibar.aflt", "orgnl");
Line Deleted : user_pref("extensions.incredibar.cntry", "DE");
Line Deleted : user_pref("extensions.incredibar.dfltLng", "");
Line Deleted : user_pref("extensions.incredibar.dfltSrch", false);
Line Deleted : user_pref("extensions.incredibar.did", "10671");
Line Deleted : user_pref("extensions.incredibar.envrmnt", "production");
Line Deleted : user_pref("extensions.incredibar.excTlbr", false);
Line Deleted : user_pref("extensions.incredibar.hdrMd5", "E89491401B3D0A5FD2DA735C7FB5FC77");
Line Deleted : user_pref("extensions.incredibar.hmpg", false);
Line Deleted : user_pref("extensions.incredibar.id", "04f947ca000000000000e0cb4eda9579");
Line Deleted : user_pref("extensions.incredibar.installerproductid", "26");
Line Deleted : user_pref("extensions.incredibar.instlDay", "15591");
Line Deleted : user_pref("extensions.incredibar.instlRef", "");
Line Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1413:16:51");
Line Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Line Deleted : user_pref("extensions.incredibar.newTab", false);
Line Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);
Line Deleted : user_pref("extensions.incredibar.ppd", "7777720");
Line Deleted : user_pref("extensions.incredibar.prdct", "incredibar");
Line Deleted : user_pref("extensions.incredibar.productid", "26");
Line Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Line Deleted : user_pref("extensions.incredibar.sg", "none");
Line Deleted : user_pref("extensions.incredibar.smplGrp", "none");
Line Deleted : user_pref("extensions.incredibar.tlbrId", "base");
Line Deleted : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQJ145fwB&loc=IB_TB&i=26&search=");
Line Deleted : user_pref("extensions.incredibar.upn2", "6PQJ145fwB");
Line Deleted : user_pref("extensions.incredibar.upn2n", "92543545609024601");
Line Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Line Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1413:16:51");
Line Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Line Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Line Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Line Deleted : user_pref("extensions.incredibar_i.did", "10671");
Line Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Line Deleted : user_pref("extensions.incredibar_i.id", "04f947ca000000000000e0cb4eda9579");
Line Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Line Deleted : user_pref("extensions.incredibar_i.instlDay", "15591");
Line Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Line Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Line Deleted : user_pref("extensions.incredibar_i.newTab", false);
Line Deleted : user_pref("extensions.incredibar_i.ppd", "7777720");
Line Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Line Deleted : user_pref("extensions.incredibar_i.productid", "26");
Line Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Line Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Line Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQJ145fwB&loc=IB_TB&i=26&search=");
Line Deleted : user_pref("extensions.incredibar_i.upn2", "6PQJ145fwB");
Line Deleted : user_pref("extensions.incredibar_i.upn2n", "92543545609024601");
Line Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Line Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1413:16:51");
Line Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Line Deleted : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
Line Deleted : user_pref("keyword.URL", "hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=93c9ac0f-9150-4250-96be-e693e5533493&searchtype=ds&installDate=08/04/2013&q=");

-\\ Google Chrome v29.0.1547.62

[ File : C:\Users\Andreas Kries\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : search_url
Deleted : icon_url
Deleted : keyword

*************************

AdwCleaner[R0].txt - [25365 octets] - [01/09/2013 19:28:56]
AdwCleaner[S0].txt - [24561 octets] - [01/09/2013 19:29:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [24622 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.6 (08.30.2013:1)
OS: Windows 7 Professional x64
Ran by Andreas Kries on 01.09.2013 at 19:36:53,59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Successfully deleted: [Registry Key] "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2242555042-2413310147-2121924782-1000\Software\web assistant"
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\systweakasp_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\systweakasp_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\uniblue
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3241949
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CA877014-4985-4F80-9A64-FDCF87E51E7D}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [Folder] C:\Users\Andreas Kries\AppData\Roaming\mozilla\firefox\profiles\ub420qck.default\extensions\staged



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\extensioninstallforcelist [Blacklisted Policy]
Successfully deleted: [Folder] C:\Users\Andreas Kries\appdata\local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Successfully deleted: [Folder] C:\Users\Andreas Kries\appdata\local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.09.2013 at 19:44:33,75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-09-2013
Ran by Andreas Kries (administrator) on ANDREASKRIES-PC on 01-09-2013 19:48:54
Running from D:\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(CrypKey (Canada) Ltd.) C:\Windows\system32\crypserv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
() C:\Users\Andreas Kries\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe
(Matsushita Electric Industrial Co., Ltd.) C:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
(Dropbox, Inc.) C:\Users\Andreas Kries\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(LG Electronics) C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-11] (CANON INC.)
HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKCU\...\Run: [AnyDVD] - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [3464128 2010-05-04] (SlySoft, Inc.)
HKCU\...\Run: [AppsHat] - C:\Users\Andreas Kries\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe [202752 2012-10-26] ()
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-10-21] (NEC Electronics Corporation)
HKLM-x32\...\Run: [B2C_AGENT] - C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe [404568 2012-03-28] (LG Electronics)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\p6_19_erinnerung.lnk
ShortcutTarget: p6_19_erinnerung.lnk -> C:\Program Files (x86)\phase6\phase6_19\WinStart\p6erinnerung.exe (phase6)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk
ShortcutTarget: PHOTOfunSTUDIO -viewer-.lnk -> C:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe (Matsushita Electric Industrial Co., Ltd.)
Startup: C:\Users\Andreas Kries\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Andreas Kries\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Andreas Kries\AppData\Roaming\Mozilla\Firefox\Profiles\ub420qck.default
FF NewTab: about:blank
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF HKCU\...\Firefox\Extensions: [{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}] C:\Users\Andreas Kries\AppData\Roaming\01001.085
FF Extension: Java Link Helper - C:\Users\Andreas Kries\AppData\Roaming\01001.085

Chrome:
=======
CHR HomePage:        "homepage":        "hxxp://www.google.com",
CHR RestoreOnStartup: "hxxp://www.google.de/"
CHR Plugin: (                                "name":        "Remoting Viewer",) -                                "path":        "internal-remoting-viewer",
CHR Plugin: (                                "name":        "Native Client",) -                                "path":        "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll", No File
CHR Plugin: (                                "name":        "Chrome PDF Viewer",) -                                "path":        "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\pdf.dll", No File
CHR Plugin: (                                "name":        "Shockwave Flash",) -                                "path":        "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\gcswf32.dll", No File
CHR Plugin: (                                "name":        "Shockwave Flash",) -                                "path":        "C:\Windows\system32\Macromed\Flash\NPSWF32.dll", No File
CHR Plugin: (                                "name":        "Adobe Acrobat",) -                                "path":        "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll", No File
CHR Plugin: (                                "name":        "Java Deployment Toolkit 6.0.310.5",) -                                "path":        "C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll", No File
CHR Plugin: (                                "name":        "Java(TM) Platform SE 6 U31",) -                                "path":        "C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll", No File
CHR Plugin: (                                "name":        "Microsoft Office 2003",) -                                "path":        "C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL", No File
CHR Plugin: (                                "name":        "Google Earth Plugin",) -                                "path":        "C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll", No File
CHR Plugin: (                                "name":        "Google Update",) -                                "path":        "C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll", No File
CHR Plugin: (                                "name":        "Shockwave for Director",) -                                "path":        "C:\Windows\system32\Adobe\Director\np32dsw.dll", No File
CHR Extension: (YouTube) - C:\Users\ANDREA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\ANDREA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AT_DolceGabbana) - C:\Users\ANDREA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\ANDREA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\ANDREA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 Crypkey License; crypserv.exe [x]
S2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [x]

==================== Drivers (Whitelisted) ====================

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [123840 2010-04-23] (SlySoft, Inc.)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-28] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-28] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-28] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
S3 Andbus; system32\DRIVERS\lgandbus64.sys [x]
S3 AndDiag; system32\DRIVERS\lganddiag64.sys [x]
S3 AndGps; system32\DRIVERS\lgandgps64.sys [x]
S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [x]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [x]
S3 AndNetGps; system32\DRIVERS\lgandnetgps64.sys [x]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [x]
S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 cpuz132; \??\C:\Users\ANDREA~1\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-01 19:36 - 2013-09-01 19:36 - 00000000 ____D C:\Windows\ERUNT
2013-09-01 19:28 - 2013-09-01 19:29 - 00000000 ____D C:\AdwCleaner
2013-09-01 12:37 - 2013-09-01 12:37 - 00000000 ____D C:\FRST
2013-09-01 09:29 - 2013-09-01 09:29 - 00002128 _____ C:\Users\Andreas Kries\Desktop\AppsHat.lnk
2013-09-01 09:29 - 2013-09-01 09:29 - 00000000 ____D C:\Users\Andreas Kries\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat
2013-09-01 09:29 - 2013-09-01 09:29 - 00000000 ____D C:\Users\ANDREA~1\AppData\Local\WebPlayer
2013-08-18 03:05 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-18 03:05 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-18 03:05 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-18 03:05 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-18 03:05 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-18 03:05 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-18 03:05 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-18 03:05 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-18 03:05 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-18 03:05 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-18 03:05 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-18 03:05 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-18 03:05 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-18 03:05 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-18 03:05 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-18 03:05 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-18 03:05 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-18 03:05 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-18 03:05 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-18 03:05 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-18 03:05 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-18 03:05 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-18 03:05 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-18 03:05 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-18 03:05 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-18 03:05 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-18 03:05 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-18 03:05 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-18 03:05 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-18 03:05 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-18 03:05 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-18 03:01 - 2013-08-18 03:01 - 00000000 ____D C:\Windows\system32\MRT
2013-08-17 23:21 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-17 23:21 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-17 23:21 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-17 23:21 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-17 23:21 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-17 23:21 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-17 23:21 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-17 23:21 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-17 23:21 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-17 23:21 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-17 23:21 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-17 23:21 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-17 23:21 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-17 23:21 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-17 23:21 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-17 23:21 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-02 11:08 - 2013-08-02 11:08 - 00013824 _____ D:\Documents\Notenspiegel.xls

==================== One Month Modified Files and Folders =======

2013-09-01 19:46 - 2013-04-09 18:17 - 00000000 ___RD C:\Users\Andreas Kries\Dropbox
2013-09-01 19:46 - 2013-04-09 18:12 - 00000000 ____D C:\Users\Andreas Kries\AppData\Roaming\Dropbox
2013-09-01 19:44 - 2013-09-01 19:44 - 00002713 _____ C:\Users\Andreas Kries\Desktop\JRT.txt
2013-09-01 19:38 - 2009-07-14 06:45 - 00014832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-01 19:38 - 2009-07-14 06:45 - 00014832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-01 19:36 - 2013-09-01 19:36 - 00000000 ____D C:\Windows\ERUNT
2013-09-01 19:34 - 2012-01-07 13:46 - 01109152 _____ C:\Windows\WindowsUpdate.log
2013-09-01 19:32 - 2012-04-21 04:17 - 00002413 _____ C:\Windows\SysWOW64\lgAxconfig.ini
2013-09-01 19:31 - 2010-10-18 15:48 - 00000000 ____D C:\Users\Public\Documents\phase6_19_Daten
2013-09-01 19:31 - 2010-07-19 17:14 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-01 19:30 - 2013-04-11 08:31 - 00003596 _____ C:\Windows\error.log
2013-09-01 19:30 - 2013-04-11 08:31 - 00001680 _____ C:\Windows\setupact.log
2013-09-01 19:30 - 2013-04-11 08:30 - 00000896 _____ C:\Windows\errord.log
2013-09-01 19:30 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-01 19:29 - 2013-09-01 19:28 - 00000000 ____D C:\AdwCleaner
2013-09-01 19:24 - 2012-09-13 18:48 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-09-01 19:22 - 2013-04-11 08:30 - 00038304 _____ C:\Windows\PFRO.log
2013-09-01 19:14 - 2012-09-13 18:19 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-01 19:00 - 2010-07-19 18:26 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-01 15:59 - 2010-05-10 21:55 - 00000000 ___RD C:\Users\Andreas Kries\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-01 15:10 - 2013-05-07 18:29 - 00003108 _____ C:\Windows\System32\Tasks\RegClean Pro
2013-09-01 15:10 - 2011-01-18 08:10 - 00003990 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2C2445AC-E01D-4060-8C95-9199466740A1}
2013-09-01 15:07 - 2013-05-14 15:56 - 00001426 _____ C:\Users\Andreas Kries\Desktop\Registry kostenlos entrümpeln!.lnk
2013-09-01 12:37 - 2013-09-01 12:37 - 00000000 ____D C:\FRST
2013-09-01 09:29 - 2013-09-01 09:29 - 00002128 _____ C:\Users\Andreas Kries\Desktop\AppsHat.lnk
2013-09-01 09:29 - 2013-09-01 09:29 - 00000000 ____D C:\Users\Andreas Kries\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat
2013-09-01 09:29 - 2013-09-01 09:29 - 00000000 ____D C:\Users\ANDREA~1\AppData\Local\WebPlayer
2013-09-01 09:27 - 2010-05-10 21:55 - 00000000 ____D C:\Users\Andreas Kries
2013-09-01 07:54 - 2010-05-11 13:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-08-31 14:45 - 2010-09-04 16:33 - 00000000 ____D C:\ProgramData\tmp
2013-08-30 08:50 - 2010-07-29 19:45 - 00002242 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-26 11:14 - 2010-09-07 20:23 - 00000000 ____D C:\Users\Andreas Kries\AppData\Roaming\EurekaLog
2013-08-24 11:56 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-21 18:14 - 2012-09-13 18:19 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-21 18:14 - 2012-09-13 18:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-21 18:14 - 2012-09-13 18:19 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-18 04:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-18 03:01 - 2013-08-18 03:01 - 00000000 ____D C:\Windows\system32\MRT
2013-08-18 03:00 - 2010-05-11 12:44 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-07 04:22 - 2010-05-10 22:11 - 00278800 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-08-02 11:08 - 2013-08-02 11:08 - 00013824 _____ D:\Documents\Notenspiegel.xls

Files to move or delete:
====================
C:\Users\ANDREA~1\AppData\Local\Temp\Quarantine.exe
C:\Users\ANDREA~1\AppData\Local\Temp\jrt\erunt\ERUNT.EXE

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-22 16:47

==================== End Of Log ============================
--- --- ---


Dank und Gruß

Andreas aka. mauli.mauli

schrauber 02.09.2013 07:39

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

mauli.mauli 02.09.2013 20:45
Guten Abend Schrauber,

vielen schon mal wieder! Deine Anweisungen habe ich befolgt, leider funktioniert die SeruityCheck.exe nicht - das Programm behauptet, es werde vom System nicht unterstützt.

Die beiden anderen Files sind hier:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=e6ec5741136ef1409f98551cfd2371ec
# engine=14986
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-02 07:24:31
# local_time=2013-09-02 09:24:31 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 4347771 154859743 0 0
# compatibility_mode=5893 16776574 100 94 3808778 129779721 0 0
# scanned=233891
# found=13
# cleaned=0
# scan_time=4385
sh=D0D28485A972A363B5C286C54D52140A19C571F6 ft=1 fh=afd8579c0f07207a vn="a variant of Win32/Adware.Lollipop.P application" ac=I fn="C:\FRST\Quarantine\LollipopInstaller_somoto_14693.exe"
sh=057C97A59331A81112AF703FC6DAC1C9509CB1F0 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Andreas Kries\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\654e3c80-51dcbb00"
sh=E48A1A585E216D02F95FA61BAE03B281554DE5E8 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.OOZ trojan" ac=I fn="C:\Users\Andreas Kries\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\57bd408a-40955478"
sh=057C97A59331A81112AF703FC6DAC1C9509CB1F0 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Andreas Kries\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\7b401d13-2f31ae35"
sh=4CC09FDB224796D9043697F99C743785A6AD5096 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Andreas Kries\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\7dee0dd3-3d1af407"
sh=9746CAF80F293D040743C65938D3A406032CBC93 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.NNZ trojan" ac=I fn="C:\Users\Andreas Kries\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\5fad6d56-3f6b3c4a"
sh=B176674C4A2D27FF74E572875D4D3DBCC411CE61 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.PKV trojan" ac=I fn="C:\Users\Andreas Kries\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\865bb1d-2e2e4912"
sh=D215D7F271E1576454B1D8B7A6942F4683DECE70 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.PCV trojan" ac=I fn="C:\Users\Andreas Kries\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\4e0240e6-1a8a7bad"
sh=74498DD75E735C28F43A97CD976EA5BC464ACBEB ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.NPV trojan" ac=I fn="C:\Users\Andreas Kries\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\a55656a-3d2f9892"
sh=56F444616AB756E9244632ECC22719A6A75A57E3 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.PLL trojan" ac=I fn="C:\Users\Andreas Kries\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\9c986f2-2d1242c9"
sh=C71F83CED762BD7068E1E6B65AD11BB87FCA92E2 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Andreas Kries\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\102ebcf4-7ac452b1"
sh=090B2E5E3E5BC036A107D737304BE5D26C549EE8 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Andreas Kries\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\1353f0b5-461e23d8"
sh=D215D7F271E1576454B1D8B7A6942F4683DECE70 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.PCV trojan" ac=I fn="C:\Users\Andreas Kries\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\610b24c6-2b17c6a5"

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-09-2013
Ran by Andreas Kries (administrator) on ANDREASKRIES-PC on 02-09-2013 21:36:00
Running from D:\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(CrypKey (Canada) Ltd.) C:\Windows\system32\crypserv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
() C:\Users\Andreas Kries\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe
(Matsushita Electric Industrial Co., Ltd.) C:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
(Dropbox, Inc.) C:\Users\Andreas Kries\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(LG Electronics) C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-11] (CANON INC.)
HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKCU\...\Run: [AnyDVD] - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [3464128 2010-05-04] (SlySoft, Inc.)
HKCU\...\Run: [AppsHat] - C:\Users\Andreas Kries\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe [202752 2012-10-26] ()
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-10-21] (NEC Electronics Corporation)
HKLM-x32\...\Run: [B2C_AGENT] - C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe [404568 2012-03-28] (LG Electronics)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\p6_19_erinnerung.lnk
ShortcutTarget: p6_19_erinnerung.lnk -> C:\Program Files (x86)\phase6\phase6_19\WinStart\p6erinnerung.exe (phase6)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk
ShortcutTarget: PHOTOfunSTUDIO -viewer-.lnk -> C:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe (Matsushita Electric Industrial Co., Ltd.)
Startup: C:\Users\Andreas Kries\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Andreas Kries\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Andreas Kries\AppData\Roaming\Mozilla\Firefox\Profiles\ub420qck.default
FF NewTab: about:blank
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF HKCU\...\Firefox\Extensions: [{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}] C:\Users\Andreas Kries\AppData\Roaming\01001.085
FF Extension: Java Link Helper - C:\Users\Andreas Kries\AppData\Roaming\01001.085

Chrome:
=======
CHR HomePage:        "homepage":        "hxxp://www.google.com",
CHR RestoreOnStartup: "hxxp://www.google.de/"
CHR Plugin: (                                "name":        "Remoting Viewer",) -                                "path":        "internal-remoting-viewer",
CHR Plugin: (                                "name":        "Native Client",) -                                "path":        "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll", No File
CHR Plugin: (                                "name":        "Chrome PDF Viewer",) -                                "path":        "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\pdf.dll", No File
CHR Plugin: (                                "name":        "Shockwave Flash",) -                                "path":        "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\gcswf32.dll", No File
CHR Plugin: (                                "name":        "Shockwave Flash",) -                                "path":        "C:\Windows\system32\Macromed\Flash\NPSWF32.dll", No File
CHR Plugin: (                                "name":        "Adobe Acrobat",) -                                "path":        "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll", No File
CHR Plugin: (                                "name":        "Java Deployment Toolkit 6.0.310.5",) -                                "path":        "C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll", No File
CHR Plugin: (                                "name":        "Java(TM) Platform SE 6 U31",) -                                "path":        "C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll", No File
CHR Plugin: (                                "name":        "Microsoft Office 2003",) -                                "path":        "C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL", No File
CHR Plugin: (                                "name":        "Google Earth Plugin",) -                                "path":        "C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll", No File
CHR Plugin: (                                "name":        "Google Update",) -                                "path":        "C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll", No File
CHR Plugin: (                                "name":        "Shockwave for Director",) -                                "path":        "C:\Windows\system32\Adobe\Director\np32dsw.dll", No File
CHR Extension: (YouTube) - C:\Users\ANDREA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\ANDREA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AT_DolceGabbana) - C:\Users\ANDREA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\ANDREA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\ANDREA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 Crypkey License; crypserv.exe [x]
S2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [x]

==================== Drivers (Whitelisted) ====================

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [123840 2010-04-23] (SlySoft, Inc.)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-28] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-28] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-28] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
S3 Andbus; system32\DRIVERS\lgandbus64.sys [x]
S3 AndDiag; system32\DRIVERS\lganddiag64.sys [x]
S3 AndGps; system32\DRIVERS\lgandgps64.sys [x]
S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [x]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [x]
S3 AndNetGps; system32\DRIVERS\lgandnetgps64.sys [x]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [x]
S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 cpuz132; \??\C:\Users\ANDREA~1\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-01 19:44 - 2013-09-01 19:44 - 00002713 _____ C:\Users\Andreas Kries\Desktop\JRT.txt
2013-09-01 19:36 - 2013-09-01 19:36 - 00000000 ____D C:\Windows\ERUNT
2013-09-01 19:28 - 2013-09-01 19:29 - 00000000 ____D C:\AdwCleaner
2013-09-01 12:37 - 2013-09-01 12:37 - 00000000 ____D C:\FRST
2013-09-01 09:29 - 2013-09-01 09:29 - 00002128 _____ C:\Users\Andreas Kries\Desktop\AppsHat.lnk
2013-09-01 09:29 - 2013-09-01 09:29 - 00000000 ____D C:\Users\Andreas Kries\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat
2013-09-01 09:29 - 2013-09-01 09:29 - 00000000 ____D C:\Users\ANDREA~1\AppData\Local\WebPlayer
2013-08-18 03:05 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-18 03:05 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-18 03:05 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-18 03:05 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-18 03:05 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-18 03:05 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-18 03:05 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-18 03:05 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-18 03:05 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-18 03:05 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-18 03:05 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-18 03:05 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-18 03:05 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-18 03:05 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-18 03:05 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-18 03:05 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-18 03:05 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-18 03:05 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-18 03:05 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-18 03:05 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-18 03:05 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-18 03:05 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-18 03:05 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-18 03:05 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-18 03:05 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-18 03:05 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-18 03:05 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-18 03:05 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-18 03:05 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-18 03:05 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-18 03:05 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-18 03:01 - 2013-08-18 03:01 - 00000000 ____D C:\Windows\system32\MRT
2013-08-17 23:21 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-17 23:21 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-17 23:21 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-17 23:21 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-17 23:21 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-17 23:21 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-17 23:21 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-17 23:21 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-17 23:21 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-17 23:21 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-17 23:21 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-17 23:21 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-17 23:21 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-17 23:21 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-17 23:21 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-17 23:21 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-02 21:14 - 2012-09-13 18:19 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-02 21:00 - 2010-07-19 18:26 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-02 20:44 - 2013-04-09 18:17 - 00000000 ___RD C:\Users\Andreas Kries\Dropbox
2013-09-02 20:44 - 2013-04-09 18:12 - 00000000 ____D C:\Users\Andreas Kries\AppData\Roaming\Dropbox
2013-09-02 19:42 - 2012-01-07 13:46 - 01180332 _____ C:\Windows\WindowsUpdate.log
2013-09-02 17:14 - 2011-01-18 08:10 - 00003990 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2C2445AC-E01D-4060-8C95-9199466740A1}
2013-09-02 16:56 - 2013-09-02 16:56 - 00000000 ____D C:\Windows\Sun
2013-09-02 14:15 - 2010-05-11 13:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-09-02 07:00 - 2010-07-19 17:14 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-01 19:44 - 2013-09-01 19:44 - 00002713 _____ C:\Users\Andreas Kries\Desktop\JRT.txt
2013-09-01 19:38 - 2009-07-14 06:45 - 00014832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-01 19:38 - 2009-07-14 06:45 - 00014832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-01 19:36 - 2013-09-01 19:36 - 00000000 ____D C:\Windows\ERUNT
2013-09-01 19:32 - 2012-04-21 04:17 - 00002413 _____ C:\Windows\SysWOW64\lgAxconfig.ini
2013-09-01 19:31 - 2010-10-18 15:48 - 00000000 ____D C:\Users\Public\Documents\phase6_19_Daten
2013-09-01 19:30 - 2013-04-11 08:31 - 00003596 _____ C:\Windows\error.log
2013-09-01 19:30 - 2013-04-11 08:31 - 00001680 _____ C:\Windows\setupact.log
2013-09-01 19:30 - 2013-04-11 08:30 - 00000896 _____ C:\Windows\errord.log
2013-09-01 19:30 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-01 19:29 - 2013-09-01 19:28 - 00000000 ____D C:\AdwCleaner
2013-09-01 19:24 - 2012-09-13 18:48 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-09-01 19:22 - 2013-04-11 08:30 - 00038304 _____ C:\Windows\PFRO.log
2013-09-01 15:59 - 2010-05-10 21:55 - 00000000 ___RD C:\Users\Andreas Kries\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-01 15:10 - 2013-05-07 18:29 - 00003108 _____ C:\Windows\System32\Tasks\RegClean Pro
2013-09-01 15:07 - 2013-05-14 15:56 - 00001426 _____ C:\Users\Andreas Kries\Desktop\Registry kostenlos entrümpeln!.lnk
2013-09-01 12:37 - 2013-09-01 12:37 - 00000000 ____D C:\FRST
2013-09-01 09:29 - 2013-09-01 09:29 - 00002128 _____ C:\Users\Andreas Kries\Desktop\AppsHat.lnk
2013-09-01 09:29 - 2013-09-01 09:29 - 00000000 ____D C:\Users\Andreas Kries\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat
2013-09-01 09:29 - 2013-09-01 09:29 - 00000000 ____D C:\Users\ANDREA~1\AppData\Local\WebPlayer
2013-09-01 09:27 - 2010-05-10 21:55 - 00000000 ____D C:\Users\Andreas Kries
2013-08-31 14:45 - 2010-09-04 16:33 - 00000000 ____D C:\ProgramData\tmp
2013-08-30 08:50 - 2010-07-29 19:45 - 00002242 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-26 11:14 - 2010-09-07 20:23 - 00000000 ____D C:\Users\Andreas Kries\AppData\Roaming\EurekaLog
2013-08-24 11:56 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-21 18:14 - 2012-09-13 18:19 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-21 18:14 - 2012-09-13 18:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-21 18:14 - 2012-09-13 18:19 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-18 04:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-18 03:01 - 2013-08-18 03:01 - 00000000 ____D C:\Windows\system32\MRT
2013-08-18 03:00 - 2010-05-11 12:44 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-07 04:22 - 2010-05-10 22:11 - 00278800 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Files to move or delete:
====================
C:\Users\ANDREA~1\AppData\Local\Temp\Quarantine.exe
C:\Users\ANDREA~1\AppData\Local\Temp\RarSFX0\SecurityCheck\Objlist.exe
C:\Users\ANDREA~1\AppData\Local\Temp\RarSFX0\SecurityCheck\runprocesses.exe
C:\Users\ANDREA~1\AppData\Local\Temp\RarSFX0\SecurityCheck\uninstalllist.exe
C:\Users\ANDREA~1\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\cmdinfo.exe
C:\Users\ANDREA~1\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\nircmdc.exe
C:\Users\ANDREA~1\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\sed.exe
C:\Users\ANDREA~1\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\swreg.exe
C:\Users\ANDREA~1\AppData\Local\Temp\jrt\erunt\ERUNT.EXE

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-02 11:16

==================== End Of Log ============================
--- --- ---


Gruß

Andreas aka. mauli.mauli

schrauber 03.09.2013 07:46
Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.


Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

mauli.mauli 03.09.2013 17:26
Hallo Schrauber,

herzlichen Dank für Deine Mühe.

Defogger und Combofix haben wir bei dieser Reinigung nicht nicht benutzt. Sollte ich etwas übersehen haben, melde Dich bitte noch mal.

Delfix ist gelaufen.

Windows-Updates werden seit jeher täglich abgerufen.

Avast und Malwarebytes laufen, den CCCleaner habe ich soeben entfernt.

"Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe"

... mache ich nicht.

Ist noch etwas zu tun?

Dank und Gruß

Andreas aka. mauli.mauli

schrauber 03.09.2013 20:41
Fertig :)

mauli.mauli 03.09.2013 21:25
Danke, dann kannst Du das ABO löschen.

Gruß

Andreas aka. mauli.mauli

schrauber 04.09.2013 09:01
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:42 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131