Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Avast meldet bösartige Website blockiert (URL:Mal) - Prozess: "svchost.exe

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.01.2015, 14:02   #1
Blondie64
 
Avast meldet bösartige Website blockiert (URL:Mal) - Prozess: "svchost.exe - Standard

Avast meldet bösartige Website blockiert (URL:Mal) - Prozess: "svchost.exe



Hallo zusammen,

ich habe vor ca. 14 Tagen mein System komplett neu aufgesetzt und seit etwa 4 Tagen meldet Avast mir "Infektion blockiert" -URL: hxxp:///epictory.com/2828/Readster_142089814567546.DLL - Infektion:URL:Mal - Prozess : C:\Windows\system32\svchost.exe wobei die URL variert.

Bin dann,wie an anderer Stelle aufgefordert,folgendermassen vorgegangen:

Schritt 1: In der Systemsteuerung geschaut ob sich irgendwelche Programme mit dem "Zusatz" Toolbar auf dem Rechner befinden,was nicht der Fall ist.

Schritt 2: Habe mir AdwCleaner herunter geladen und gestartet
Code:
ATTFilter
# AdwCleaner v4.109 - Bericht erstellt am 28/01/2015 um 12:42:52
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-26.1 [Live]
# Betriebssystem : Windows 7 Ultimate  (32 bits)
# Benutzername : Frank - BLONDIE
# Gestartet von : D:\Eigene Dateien\Downloads\adwcleaner_4.109.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : WindowsMangerProtect

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\WindowsMangerProtect
Ordner Gelöscht : C:\Users\Frank\AppData\Local\SearchProtect
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\jlu6xu9f.default\user.js

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\supWindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\vi-viewSoftware

***** [ Browser ] *****

-\\ Internet Explorer v8.0.7600.16385

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [2032 octets] - [28/01/2015 12:31:40]
AdwCleaner[S0].txt - [1761 octets] - [28/01/2015 12:42:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1821 octets] ##########
         
Schritt 3: Scan mit DDS

Code:
ATTFilter
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.7600.16385
Run by Frank at 12:50:35 on 2015-01-28
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.3582.2166 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = about:blank
mStart Page = about:blank
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = about:blank
mDefault_Search_URL = hxxp://www.google.com
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Google Update] "c:\users\frank\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [IJNetworkScannerSelectorEX] c:\program files\canon\ij network scanner selector ex\CNMNSST.exe /FORCE
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.178.1
TCP: Interfaces\{0AFC3C83-C970-4B81-812B-A87C375955CA} : DHCPNameServer = 192.168.178.1
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\frank\appdata\roaming\mozilla\firefox\profiles\jlu6xu9f.default\
FF - plugin: c:\users\frank\appdata\local\google\update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_16_0_0_296.dll
FF - ExtSQL: 2015-01-07 11:07; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\frank\appdata\roaming\mozilla\firefox\profiles\jlu6xu9f.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2015-01-21 17:05; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2015-1-21 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2015-1-21 206248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2015-1-21 787800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2015-1-21 423784]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2015-1-21 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2015-1-21 70384]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2015-1-21 91496]
R3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
.
=============== Created Last 30 ================
.
2015-01-28 11:31:36	--------	d-----w-	C:\AdwCleaner
2015-01-21 16:21:31	--------	d-----w-	c:\users\frank\appdata\roaming\AVAST Software
2015-01-21 16:07:08	5163344	----a-w-	c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2015-01-21 16:07:00	9054624	----a-w-	c:\programdata\microsoft\windows defender\definition updates\{56163b86-c37b-4c5d-890f-cd9f46b5ed23}\mpengine.dll
2015-01-21 16:05:11	91496	----a-w-	c:\windows\system32\drivers\aswStm.sys
2015-01-21 16:05:11	24184	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2015-01-21 16:05:02	43152	----a-w-	c:\windows\avastSS.scr
2015-01-21 15:54:30	81768	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2015-01-21 15:54:30	787800	----a-w-	c:\windows\system32\drivers\aswsnx.sys
2015-01-21 15:54:30	206248	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2015-01-21 15:54:29	49944	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2015-01-21 15:54:27	70384	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2015-01-21 15:53:09	--------	d-----w-	c:\program files\AVAST Software
2015-01-21 15:49:23	--------	d-----w-	c:\programdata\AVAST Software
2015-01-20 00:41:51	77824	----a-w-	c:\windows\system32\fmcodec.DLL
2015-01-20 00:09:24	--------	d-----w-	c:\program files\VideoLAN
2015-01-19 21:15:27	--------	d-----w-	c:\users\frank\appdata\local\Thunderbird
2015-01-18 01:59:35	--------	d-----w-	c:\users\frank\appdata\roaming\VirtualSafe
2015-01-18 01:59:27	--------	d-----w-	c:\program files\VirtualSafe
2015-01-18 01:58:57	--------	d-----w-	c:\users\frank\appdata\roaming\dlg
2015-01-14 11:36:51	18944	----a-w-	c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
2015-01-14 11:36:51	17920	----a-w-	c:\windows\system32\mdimon.dll
2015-01-14 11:35:32	--------	d-----w-	c:\windows\PCHEALTH
2015-01-13 10:56:23	--------	d-----w-	c:\programdata\CanonIJPLM
2015-01-13 10:55:59	--------	d-----w-	c:\programdata\Canon IJ Network Tool
2015-01-13 10:55:48	320000	----a-w-	c:\windows\system32\CNC_BBL.dll
2015-01-13 10:55:48	15872	----a-w-	c:\windows\system32\CNHMCA.dll
2015-01-13 10:55:48	103424	----a-w-	c:\windows\system32\CNC_BBU.dll
2015-01-13 10:55:17	--------	d-----w-	c:\programdata\CanonIJWSpt
2015-01-13 10:55:14	--------	d-----w-	c:\program files\common files\CANON
2015-01-13 10:54:47	85504	----a-w-	c:\windows\system32\spool\prtprocs\w32x86\CNMPPBB.DLL
2015-01-13 10:54:47	29184	----a-w-	c:\windows\system32\spool\prtprocs\w32x86\CNMPDBB.DLL
2015-01-13 10:54:39	96768	----a-w-	c:\windows\system32\CNC_BBI.dll
2015-01-13 10:54:39	266752	----a-w-	c:\windows\system32\CNC_BBC.dll
2015-01-13 10:54:25	314880	----a-w-	c:\windows\system32\CNMLMBB.DLL
2015-01-13 10:53:47	35840	----a-w-	c:\windows\system32\CNMNPUI.DLL
2015-01-13 10:53:47	--------	d-----w-	c:\windows\system32\STRING
2015-01-13 10:52:35	--------	d-----w-	c:\program files\Canon
2015-01-09 21:39:20	--------	d-----w-	c:\users\frank\appdata\roaming\CrystalIdea Software
2015-01-08 23:37:52	--------	d-----w-	c:\users\frank\appdata\local\Macromedia
2015-01-08 23:35:57	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-08 23:35:57	701616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2015-01-08 23:34:58	--------	d-----w-	c:\users\frank\appdata\local\Adobe
2015-01-07 22:06:02	--------	d-----r-	c:\program files\Skype
2015-01-07 22:04:33	--------	d-----w-	c:\program files\CCleaner
2015-01-07 15:35:22	--------	d-----w-	c:\windows\system32\appmgmt
2015-01-07 12:44:57	--------	d-----w-	c:\users\frank\appdata\roaming\WinTrack
2015-01-07 12:44:43	--------	d-----w-	c:\program files\WinTrack
2015-01-07 09:58:32	--------	d-----w-	c:\users\frank\appdata\local\Skype
2015-01-07 09:58:11	--------	d-sh--w-	c:\windows\Installer
2015-01-07 09:49:35	--------	d-----w-	c:\programdata\928458613
2015-01-07 09:46:33	--------	d-----w-	c:\users\frank\appdata\local\Programs
2015-01-07 09:31:43	--------	d-----w-	c:\users\frank\appdata\local\Google
2015-01-07 09:24:01	--------	d-----w-	c:\windows\system32\RTCOM
2015-01-07 09:20:52	--------	d-----w-	c:\users\frank\appdata\local\Mozilla
2015-01-07 09:20:47	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2015-01-07 09:20:37	--------	d-----w-	c:\program files\Mozilla
2015-01-07 09:12:52	--------	d-sh--w-	C:\Recovery
2015-01-07 09:12:51	--------	d-sh--we	C:\Programme
2015-01-07 09:12:51	--------	d-sh--we	c:\programdata\Vorlagen
2015-01-07 09:12:51	--------	d-sh--we	c:\programdata\Startmenü
2015-01-07 09:12:51	--------	d-sh--we	c:\programdata\Favoriten
2015-01-07 09:12:51	--------	d-sh--we	c:\programdata\Dokumente
2015-01-07 09:12:51	--------	d-sh--we	c:\programdata\Anwendungsdaten
2015-01-07 09:12:51	--------	d-sh--we	c:\program files\Gemeinsame Dateien
2015-01-07 09:12:51	--------	d-sh--we	C:\Dokumente und Einstellungen
2015-01-07 09:05:20	--------	d-sh--w-	C:\Boot
.
==================== Find3M  ====================
.
2015-01-08 08:55:52	249488	------w-	c:\windows\system32\MpSigStub.exe
.
============= FINISH: 12:53:42,49 ===============
         
Code:
ATTFilter
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume1
Install Date: 07.01.2015 10:09:45
System Uptime: 28.01.2015 12:44:03 (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | EP35-DS3
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | Socket 775 | 3200/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 54,431 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 272,678 GiB free.
E: is FIXED (NTFS) - 75 GiB total, 73,235 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 07.01.2015 12:00:29 - Geplanter Prüfpunkt
RP2: 07.01.2015 16:34:56 - Removed Skype™ 7.0
RP3: 07.01.2015 23:02:52 - Removed Skype™ 7.0
RP4: 14.01.2015 12:35:09 - Microsoft Office Professional Edition 2003 wird installiert
RP5: 21.01.2015 16:52:57 - avast! Free Antivirus Setup
RP7: 21.01.2015 17:02:04 - avast! antivirus system restore point
RP8: 21.01.2015 17:06:38 - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 16 NPAPI
Avast Free Antivirus
Canon IJ Network Scanner Selector EX
Canon IJ Network Tool
Canon IJ Scan Utility
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MG5400 series Benutzerregistrierung
Canon MG5400 series MP Drivers
Canon My Printer
CCleaner
Google Chrome
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 31.4.0 ESR (x86 de)
Mozilla Maintenance Service
Mozilla Thunderbird (6.0)
Realtek High Definition Audio Driver
Skype™ 7.0
VirtualSafe 2.0
VLC media player
WinTrack v11.06
.
==== End Of File ===========================
         
Desweiteren habe ich einen Vollscan mit Avast durchgeführt,der nichts gefunden hat sowie einen Scan mit aswMBR.exe
Code:
ATTFilter
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-01-28 13:52:22
-----------------------------
13:52:22.089    OS Version: Windows 6.1.7600 
13:52:22.089    Number of processors: 2 586 0x403
13:52:22.108    ComputerName: BLONDIE  UserName: Frank
13:52:22.813    Initialize success
13:52:22.931    VM: initialized successfully
13:52:22.939    VM: Intel CPU virtualization not supported 
13:52:26.753    AVAST engine defs: 15012800
13:52:29.407    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-4
13:52:29.424    Disk 0 Vendor: ST3160815AS 3.CHH Size: 152627MB BusType: 3
13:52:29.445    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-6
13:52:29.462    Disk 1 Vendor: Hitachi_HDS721050CLA362 JP2OA25C Size: 476938MB BusType: 3
13:52:29.590    Disk 0 MBR read successfully
13:52:29.610    Disk 0 MBR scan
13:52:29.640    Disk 0 Windows 7 default MBR code
13:52:29.667    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        76312 MB offset 2048
13:52:29.712    Disk 0 Boot: NTFS     code=2
13:52:29.756    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        76312 MB offset 156289024
13:52:29.816    Disk 0 scanning sectors +312576000
13:52:30.497    Disk 0 scanning C:\Windows\system32\drivers
13:52:51.794    Service scanning
13:53:29.014    Modules scanning
13:53:29.049    Disk 0 trace - called modules:
13:53:29.093    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys 
13:53:29.117    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x860f93e8]
13:53:29.145    3 CLASSPNP.SYS[8c59559e] -> nt!IofCallDriver -> [0x85fb6918]
13:53:29.174    5 ACPI.sys[8c0a43b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-4[0x8601e030]
13:53:29.706    AVAST engine scan C:\Windows
13:53:33.947    AVAST engine scan C:\Windows\system32
13:58:12.617    AVAST engine scan C:\Windows\system32\drivers
13:58:36.273    AVAST engine scan C:\Users\Frank
13:59:41.834    AVAST engine scan C:\ProgramData
14:00:00.535    Disk 0 statistics 2295899/0/0 @ 7,72 MB/s
14:00:00.550    Scan finished successfully
14:00:28.940    Disk 0 MBR has been saved successfully to "D:\Eigene Dateien\Texte\MBR.dat"
14:00:28.953    The log file has been saved successfully to "D:\Eigene Dateien\Texte\aswMBR.txt"
         
Aber nach wievor bekommen ich die Fehlermeldung von Avast. Wie werde ich diese nervige Meldung los?

Lg Frank

Alt 28.01.2015, 14:09   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Avast meldet bösartige Website blockiert (URL:Mal) - Prozess: "svchost.exe - Standard

Avast meldet bösartige Website blockiert (URL:Mal) - Prozess: "svchost.exe



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 28.01.2015, 14:49   #3
Blondie64
 
Avast meldet bösartige Website blockiert (URL:Mal) - Prozess: "svchost.exe - Standard

Avast meldet bösartige Website blockiert (URL:Mal) - Prozess: "svchost.exe



Hallo,

hier nun die beiden Logs von Farbar:

First.txt

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2015
Ran by Frank (administrator) on BLONDIE on 28-01-2015 14:40:23
Running from D:\Eigene Dateien\Downloads
Loaded Profiles: Frank (Available profiles: Frank)
Platform: Microsoft Windows 7 Ultimate  (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10996368 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKU\S-1-5-21-3392053727-3579388301-3246320709-1001\...\Run: [Google Update] => C:\Users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2015-01-07] (Google Inc.)
HKU\S-1-5-21-3392053727-3579388301-3246320709-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-3392053727-3579388301-3246320709-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\jlu6xu9f.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-3392053727-3579388301-3246320709-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Frank\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3392053727-3579388301-3246320709-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Frank\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Adblock Plus - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\jlu6xu9f.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-07]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-21]
StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla\Firefox\firefox.exe
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "https://www.google.de/"
CHR DefaultSearchURL: Default -> https://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&channel=fflb&q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&channel=rcs
CHR DefaultSuggestURL: Default -> https://www.google.com/complete/search?q={searchTerms}
CHR Profile: C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2015-01-07]
CHR Extension: (Google Docs) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-07]
CHR Extension: (Google Drive) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-07]
CHR Extension: (WOT) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-01-07]
CHR Extension: (YouTube) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-07]
CHR Extension: (Adblock Plus) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-07]
CHR Extension: (Google-Suche) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-07]
CHR Extension: (Google Tabellen) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-07]
CHR Extension: (AdBlock Premium) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\fndlhnanhedoklpdaacidomdnplcjcpj [2015-01-07]
CHR Extension: (Avast Online Security) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-21]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2015-01-07]
CHR Extension: (Google Wallet) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-07]
CHR Extension: (Google Mail) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-07]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-21]
StartMenuInternet: Google Chrome.DAFMAZDWQNLGW53H2JSQCWNWJM - C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-21] (AVAST Software)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2015-01-21] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2015-01-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2015-01-21] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2015-01-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2015-01-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2015-01-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2015-01-21] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2015-01-21] ()
U3 aswMBR; \??\C:\Users\Frank\AppData\Local\Temp\aswMBR.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-28 14:39 - 2015-01-28 14:40 - 00000000 ____D () C:\FRST
2015-01-28 13:45 - 2015-01-28 13:46 - 00159288 _____ () C:\Windows\Minidump\012815-26582-01.dmp
2015-01-28 13:45 - 2015-01-28 13:45 - 211299028 _____ () C:\Windows\MEMORY.DMP
2015-01-28 13:45 - 2015-01-28 13:45 - 00000000 ____D () C:\Windows\Minidump
2015-01-28 12:54 - 2015-01-28 12:54 - 00001881 _____ () C:\Users\Frank\Desktop\attach.txt
2015-01-28 12:54 - 2015-01-28 12:53 - 00010519 _____ () C:\Users\Frank\Desktop\dds.txt
2015-01-28 12:31 - 2015-01-28 13:05 - 00000000 ____D () C:\AdwCleaner
2015-01-21 17:21 - 2015-01-21 17:21 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\AVAST Software
2015-01-21 17:05 - 2015-01-21 17:05 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-21 17:05 - 2015-01-21 17:05 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-01-21 17:05 - 2015-01-21 17:05 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-01-21 17:05 - 2015-01-21 17:05 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-21 17:05 - 2015-01-21 17:05 - 00002054 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-21 16:54 - 2015-01-21 17:35 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-21 16:54 - 2015-01-21 17:35 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-01-21 16:54 - 2015-01-21 17:05 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-21 16:54 - 2015-01-21 17:05 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-01-21 16:54 - 2015-01-21 17:05 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-01-21 16:54 - 2015-01-21 17:05 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-21 16:53 - 2015-01-21 16:53 - 00000000 ____D () C:\Program Files\AVAST Software
2015-01-21 16:49 - 2015-01-21 17:01 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-20 01:41 - 2008-08-18 18:18 - 00077824 _____ (Fox Magic Software) C:\Windows\system32\fmcodec.DLL
2015-01-20 01:38 - 2015-01-20 01:44 - 00000049 _____ () C:\Windows\system32\ScrRecX.log
2015-01-20 01:09 - 2015-01-23 02:06 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\vlc
2015-01-20 01:09 - 2015-01-20 01:09 - 00001037 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-01-20 01:09 - 2015-01-20 01:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-01-20 01:09 - 2015-01-20 01:09 - 00000000 ____D () C:\Program Files\VideoLAN
2015-01-19 22:15 - 2015-01-24 11:49 - 00000000 ____D () C:\Users\Frank\AppData\Local\Thunderbird
2015-01-19 22:15 - 2015-01-19 22:15 - 00002123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2015-01-19 22:15 - 2015-01-19 22:15 - 00002111 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2015-01-19 22:15 - 2015-01-19 22:15 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\Thunderbird
2015-01-18 02:59 - 2015-01-18 03:00 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\VirtualSafe
2015-01-18 02:59 - 2015-01-18 02:59 - 00001016 _____ () C:\Users\Frank\Desktop\VirtualSafe.lnk
2015-01-18 02:59 - 2015-01-18 02:59 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualSafe 2.0
2015-01-18 02:59 - 2015-01-18 02:59 - 00000000 ____D () C:\Program Files\VirtualSafe
2015-01-18 02:58 - 2015-01-18 02:58 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\dlg
2015-01-17 10:19 - 2015-01-28 14:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-14 12:36 - 2015-01-14 12:36 - 00000400 _____ () C:\Windows\ODBC.INI
2015-01-14 12:36 - 2003-06-18 17:31 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\mdimon.dll
2015-01-14 12:35 - 2015-01-14 12:35 - 00000000 ____D () C:\Windows\PCHEALTH
2015-01-14 12:35 - 2015-01-14 12:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-01-14 12:35 - 2015-01-14 12:35 - 00000000 ____D () C:\Program Files\Microsoft.NET
2015-01-14 12:35 - 2015-01-14 12:35 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-01-14 12:35 - 2015-01-14 12:35 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-01-13 11:56 - 2015-01-13 12:02 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-01-13 11:56 - 2015-01-13 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5400 series
2015-01-13 11:55 - 2015-01-13 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-01-13 11:55 - 2015-01-13 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5400 series Benutzerregistrierung
2015-01-13 11:55 - 2015-01-13 11:55 - 00000000 ____D () C:\ProgramData\CanonIJWSpt
2015-01-13 11:55 - 2015-01-13 11:55 - 00000000 ____D () C:\ProgramData\Canon IJ Network Tool
2015-01-13 11:55 - 2015-01-13 11:55 - 00000000 ____D () C:\Program Files\Common Files\CANON
2015-01-13 11:55 - 2012-02-08 16:34 - 00320000 _____ (CANON INC.) C:\Windows\system32\CNC_BBL.dll
2015-01-13 11:55 - 2012-01-26 10:28 - 00081920 _____ () C:\Windows\system32\CNC1764D.TBL
2015-01-13 11:55 - 2012-01-16 14:21 - 00103424 _____ (CANON INC.) C:\Windows\system32\CNC_BBU.dll
2015-01-13 11:55 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\Windows\system32\CNHMCA.dll
2015-01-13 11:54 - 2015-01-13 11:54 - 00000000 ___HD () C:\Windows\system32\CanonIJ Uninstaller Information
2015-01-13 11:54 - 2015-01-13 11:54 - 00000000 ___HD () C:\ProgramData\CanonBJ
2015-01-13 11:54 - 2015-01-13 11:54 - 00000000 ___HD () C:\Program Files\CanonBJ
2015-01-13 11:54 - 2012-04-16 05:00 - 00314880 _____ (CANON INC.) C:\Windows\system32\CNMLMBB.DLL
2015-01-13 11:54 - 2012-01-16 14:20 - 00266752 _____ (CANON INC.) C:\Windows\system32\CNC_BBC.dll
2015-01-13 11:54 - 2012-01-16 14:19 - 00096768 _____ (CANON INC.) C:\Windows\system32\CNC_BBI.dll
2015-01-13 11:53 - 2015-01-13 11:53 - 00000000 ____D () C:\Windows\system32\STRING
2015-01-13 11:53 - 2012-03-28 18:00 - 00035840 _____ (CANON INC.) C:\Windows\system32\CNMNPUI.DLL
2015-01-13 11:52 - 2015-01-13 11:56 - 00000000 ____D () C:\Program Files\Canon
2015-01-13 11:50 - 2015-01-13 11:50 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-01-13 11:47 - 2015-01-13 11:47 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-09 22:39 - 2015-01-09 22:39 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\CrystalIdea Software
2015-01-09 00:37 - 2015-01-13 11:47 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\Adobe
2015-01-09 00:37 - 2015-01-09 00:37 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\Macromedia
2015-01-09 00:37 - 2015-01-09 00:37 - 00000000 ____D () C:\Users\Frank\AppData\Local\Macromedia
2015-01-09 00:35 - 2015-01-25 19:03 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-09 00:35 - 2015-01-25 19:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-09 00:35 - 2015-01-09 00:35 - 00000000 ____D () C:\Windows\system32\Macromed
2015-01-09 00:34 - 2015-01-13 11:47 - 00000000 ____D () C:\Users\Frank\AppData\Local\Adobe
2015-01-08 19:33 - 2015-01-08 19:33 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-01-08 08:46 - 2015-01-28 12:44 - 00157524 _____ () C:\Windows\PFRO.log
2015-01-07 23:13 - 2015-01-28 13:46 - 00003089 _____ () C:\Windows\setupact.log
2015-01-07 23:13 - 2015-01-07 23:13 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-07 23:06 - 2015-01-28 14:35 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\Skype
2015-01-07 23:06 - 2015-01-07 23:06 - 00002687 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-01-07 23:06 - 2015-01-07 23:06 - 00000000 ___RD () C:\Program Files\Skype
2015-01-07 23:06 - 2015-01-07 23:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-01-07 23:06 - 2015-01-07 23:06 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-01-07 23:04 - 2015-01-07 23:04 - 00000978 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-07 23:04 - 2015-01-07 23:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-07 23:04 - 2015-01-07 23:04 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-07 16:35 - 2015-01-07 16:35 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-01-07 16:28 - 2015-01-14 14:51 - 00062304 _____ () C:\Users\Frank\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-07 13:44 - 2015-01-28 11:53 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\WinTrack
2015-01-07 13:44 - 2015-01-07 13:44 - 00000959 _____ () C:\Users\Frank\Desktop\WinTrack.lnk
2015-01-07 13:44 - 2015-01-07 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinTrack
2015-01-07 13:44 - 2015-01-07 13:44 - 00000000 ____D () C:\Program Files\WinTrack
2015-01-07 10:58 - 2015-01-07 10:58 - 00000000 ____D () C:\Users\Frank\AppData\Local\Skype
2015-01-07 10:49 - 2015-01-07 10:49 - 00000000 ____D () C:\ProgramData\928458613
2015-01-07 10:45 - 2015-01-07 10:45 - 00792216 _____ (%PROD_NAME%) C:\Users\Frank\Downloads\skype.exe
2015-01-07 10:44 - 2015-01-07 10:44 - 11490056 _____ () C:\Users\Frank\Downloads\Nicht bestätigt 108482.crdownload
2015-01-07 10:39 - 2015-01-07 23:06 - 00000000 ____D () C:\ProgramData\Skype
2015-01-07 10:39 - 2015-01-07 10:44 - 44844128 _____ (Skype Technologies S.A.) C:\Users\Frank\Downloads\SkypeSetupFull.exe
2015-01-07 10:33 - 2015-01-27 10:44 - 00002367 _____ () C:\Users\Frank\Desktop\Google Chrome.lnk
2015-01-07 10:33 - 2015-01-07 10:33 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-07 10:31 - 2015-01-28 14:41 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3392053727-3579388301-3246320709-1001UA.job
2015-01-07 10:31 - 2015-01-28 10:41 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3392053727-3579388301-3246320709-1001Core.job
2015-01-07 10:31 - 2015-01-07 10:32 - 00000000 ____D () C:\Users\Frank\AppData\Local\Google
2015-01-07 10:24 - 2015-01-07 10:24 - 00000000 ____D () C:\Windows\system32\RTCOM
2015-01-07 10:23 - 2015-01-07 10:24 - 00000000 ___HD () C:\Program Files\Temp
2015-01-07 10:23 - 2015-01-07 10:23 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-07 10:23 - 2015-01-07 10:23 - 00000000 ____D () C:\Program Files\Realtek
2015-01-07 10:23 - 2015-01-07 10:23 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2015-01-07 10:23 - 2012-06-19 16:54 - 03240400 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2015-01-07 10:23 - 2012-06-19 13:30 - 00293889 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-01-07 10:23 - 2012-06-08 16:23 - 00071808 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp32.dll
2015-01-07 10:23 - 2012-06-08 16:21 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO32.dll
2015-01-07 10:23 - 2012-06-08 16:18 - 03173008 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll
2015-01-07 10:23 - 2012-06-06 10:44 - 00645776 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2015-01-07 10:23 - 2012-06-01 09:37 - 02417808 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2015-01-07 10:23 - 2012-05-31 18:08 - 00087696 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
2015-01-07 10:23 - 2012-05-25 18:06 - 01706640 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2015-01-07 10:23 - 2012-04-10 14:40 - 02193472 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
2015-01-07 10:23 - 2012-04-03 18:41 - 00709976 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell.dll
2015-01-07 10:23 - 2012-03-08 11:47 - 00176736 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2015-01-07 10:23 - 2012-03-08 11:47 - 00095840 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
2015-01-07 10:23 - 2011-12-18 17:57 - 01836376 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2015-01-07 10:23 - 2011-12-16 14:57 - 00054360 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld32.dll
2015-01-07 10:23 - 2011-12-13 16:58 - 01497704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2015-01-07 10:23 - 2011-11-22 16:28 - 00013416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR.dll
2015-01-07 10:23 - 2010-11-08 07:31 - 00359768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll
2015-01-07 10:23 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
2015-01-07 10:23 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
2015-01-07 10:23 - 2010-11-08 07:31 - 00170840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll
2015-01-07 10:23 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll
2015-01-07 10:23 - 2010-11-08 07:31 - 00064856 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll
2015-01-07 10:23 - 2010-09-27 09:34 - 00232792 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-01-07 10:23 - 2009-12-04 15:43 - 00132368 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO.dll
2015-01-07 10:23 - 2009-11-24 09:55 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
2015-01-07 10:23 - 2009-11-24 09:55 - 00185584 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSHD.dll
2015-01-07 10:23 - 2009-11-24 09:55 - 00173296 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP360.dll
2015-01-07 10:23 - 2009-11-24 09:55 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2015-01-07 10:23 - 2009-11-18 18:42 - 01783056 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesLib.dll
2015-01-07 10:23 - 2009-11-18 07:13 - 00050776 _____ (Creative Technology Ltd.) C:\Windows\system32\MBPPCn32.dll
2015-01-07 10:20 - 2015-01-28 09:11 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-07 10:20 - 2015-01-27 14:09 - 00000000 ____D () C:\Users\Frank\AppData\Local\Mozilla
2015-01-07 10:20 - 2015-01-19 22:15 - 00000000 ____D () C:\Program Files\Mozilla
2015-01-07 10:20 - 2015-01-07 10:20 - 00001194 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-07 10:20 - 2015-01-07 10:20 - 00001182 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-07 10:20 - 2015-01-07 10:20 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\Mozilla
2015-01-07 10:20 - 2015-01-07 10:20 - 00000000 ____D () C:\ProgramData\Mozilla
2015-01-07 10:16 - 2015-01-07 10:16 - 00001413 _____ () C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-07 10:15 - 2015-01-27 21:16 - 00000000 ____D () C:\Users\Frank
2015-01-07 10:15 - 2015-01-16 19:06 - 00000000 ____D () C:\Users\Frank\AppData\Local\VirtualStore
2015-01-07 10:15 - 2015-01-07 10:15 - 00000020 ___SH () C:\Users\Frank\ntuser.ini
2015-01-07 10:15 - 2015-01-07 10:15 - 00000000 _SHDL () C:\Users\Frank\Startmenü
2015-01-07 10:15 - 2015-01-07 10:15 - 00000000 _SHDL () C:\Users\Frank\Netzwerkumgebung
2015-01-07 10:15 - 2015-01-07 10:15 - 00000000 _SHDL () C:\Users\Frank\Druckumgebung
2015-01-07 10:15 - 2015-01-07 10:15 - 00000000 _SHDL () C:\Users\Frank\Documents\Eigene Musik
2015-01-07 10:15 - 2015-01-07 10:15 - 00000000 _SHDL () C:\Users\Frank\Documents\Eigene Bilder
2015-01-07 10:15 - 2015-01-07 10:15 - 00000000 _SHDL () C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-07 10:15 - 2015-01-07 10:15 - 00000000 _SHDL () C:\Users\Frank\AppData\Local\Verlauf
2015-01-07 10:15 - 2009-07-14 05:42 - 00000000 ___RD () C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-07 10:15 - 2009-07-14 05:37 - 00000000 ___RD () C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-07 10:13 - 2015-01-07 10:13 - 00171136 __RSH () C:\w7ldr
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\Users\Default\Startmenü
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\Programme
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\ProgramData\Startmenü
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\ProgramData\Dokumente
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 __SHD () C:\Recovery
2015-01-07 10:09 - 2015-01-28 13:51 - 00128943 _____ () C:\Windows\WindowsUpdate.log
2015-01-07 10:06 - 2015-01-07 10:06 - 00000000 ____D () C:\Windows\CSC
2015-01-07 10:05 - 2015-01-07 10:05 - 00008192 __RSH () C:\BOOTSECT.BAK
2015-01-07 10:05 - 2009-07-14 02:38 - 00383562 __RSH () C:\bootmgr

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-28 13:54 - 2010-02-09 20:56 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-28 13:51 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-28 13:51 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-28 13:46 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-21 17:01 - 2009-07-14 03:04 - 00002577 _____ () C:\Windows\system32\config.nt
2015-01-21 16:54 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-01-18 22:14 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-01-15 07:08 - 2009-07-14 05:33 - 00285320 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-14 12:35 - 2009-07-14 09:56 - 00000000 ____D () C:\Windows\ShellNew
2015-01-14 12:32 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system
2015-01-13 11:55 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\twain_32
2015-01-13 11:55 - 2009-07-14 03:37 - 00000000 __RSD () C:\Windows\Media
2015-01-08 09:55 - 2010-02-09 21:01 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-07 23:04 - 2010-02-09 20:45 - 00000000 ____D () C:\Windows\Panther
2015-01-07 23:01 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-01-07 12:00 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\restore
2015-01-07 11:42 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-07 10:12 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-07 10:12 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2015-01-07 10:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-01-07 10:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Windows NT
2015-01-07 10:05 - 2009-07-14 05:57 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2015-01-07 10:05 - 2009-07-14 05:52 - 00028672 _____ () C:\Windows\system32\config\BCD-Template

Some content of TEMP:
====================
C:\Users\Frank\AppData\Local\Temp\atcMedia9581421718010.exe
C:\Users\Frank\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Frank\AppData\Local\Temp\optprosetup.exe
C:\Users\Frank\AppData\Local\Temp\Quarantine.exe
C:\Users\Frank\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 12:44

==================== End Of Log ============================
         
--- --- ---


Addition.txt :

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-01-2015
Ran by Frank at 2015-01-28 14:41:14
Running from D:\Eigene Dateien\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - ‪Canon Inc.‬)
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MG5400 series Benutzerregistrierung (HKLM\...\Canon MG5400 series Benutzerregistrierung) (Version:  - Canon Inc.‎)
Canon MG5400 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5400_series) (Version: 1.00 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.28 - Piriform)
Google Chrome (HKU\S-1-5-21-3392053727-3579388301-3246320709-1001\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 31.4.0 ESR (x86 de) (HKLM\...\Mozilla Firefox 31.4.0 ESR (x86 de)) (Version: 31.4.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.4.0 - Mozilla)
Mozilla Thunderbird (6.0) (HKLM\...\Mozilla Thunderbird (6.0)) (Version: 6.0 (de) - Mozilla)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
VirtualSafe 2.0 (HKLM\...\VirtualSafe 2.0) (Version:  - )
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinTrack v11.06 (HKLM\...\WinTrack_is1) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3392053727-3579388301-3246320709-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3392053727-3579388301-3246320709-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Frank\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3392053727-3579388301-3246320709-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Frank\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3392053727-3579388301-3246320709-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Frank\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3392053727-3579388301-3246320709-1001_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Frank\AppData\Local\Google\Chrome\Application\40.0.2214.93\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3392053727-3579388301-3246320709-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Frank\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3392053727-3579388301-3246320709-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Frank\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3392053727-3579388301-3246320709-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Frank\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3392053727-3579388301-3246320709-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Frank\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3392053727-3579388301-3246320709-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Frank\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)

==================== Restore Points  =========================

07-01-2015 12:00:29 Geplanter Prüfpunkt
07-01-2015 16:34:56 Removed Skype™ 7.0
07-01-2015 23:02:52 Removed Skype™ 7.0
14-01-2015 12:35:09 Microsoft Office Professional Edition 2003 wird installiert
21-01-2015 16:52:57 avast! Free Antivirus Setup
21-01-2015 17:02:04 avast! antivirus system restore point
21-01-2015 17:06:38 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {10842D9F-7348-4B2B-9E1C-3451CDC7EDF2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-02-19] (Piriform Ltd)
Task: {1372CAD0-01E8-4D4C-BA83-DBAA0B7CB787} - System32\Tasks\{FADAEAF4-ACC5-4E53-BD2A-942E85431E9F} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.3.0.105&amp;LastError=404
Task: {17F52E08-BA2F-454B-936F-3DA8B3280B87} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {24FCFCD6-1458-4F71-AD1D-7B3C52C3FC14} - System32\Tasks\{B383DEC7-0330-46EE-96B9-E85BA8B1C0B3} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.3.0.105&amp;LastError=404
Task: {4C66FC1B-E58F-4F58-9C59-D67B164D3C56} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-21] (AVAST Software)
Task: {5C3E6BBC-1F03-4227-9BB7-86341C8823B8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3392053727-3579388301-3246320709-1001UA => C:\Users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-07] (Google Inc.)
Task: {7E7DEFC9-67D7-470F-ACB5-149FE0AB63E0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3392053727-3579388301-3246320709-1001Core => C:\Users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-07] (Google Inc.)
Task: {A327E741-CF92-494C-B095-4C2B02268F85} - System32\Tasks\{73318080-903A-4850-B6FE-11CCB037964A} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.3.0.105&amp;LastError=404

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3392053727-3579388301-3246320709-1001Core.job => C:\Users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3392053727-3579388301-3246320709-1001UA.job => C:\Users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2015-01-28 09:12 - 2015-01-28 09:12 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012800\algo.dll
2015-01-13 11:56 - 2012-03-28 13:49 - 00140456 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2015-01-21 17:05 - 2015-01-21 17:05 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-27 10:43 - 2015-01-25 07:08 - 01117512 _____ () C:\Users\Frank\AppData\Local\Google\Chrome\Application\40.0.2214.93\libglesv2.dll
2015-01-27 10:43 - 2015-01-25 07:08 - 00211272 _____ () C:\Users\Frank\AppData\Local\Google\Chrome\Application\40.0.2214.93\libegl.dll
2015-01-27 10:43 - 2015-01-25 07:08 - 09170760 _____ () C:\Users\Frank\AppData\Local\Google\Chrome\Application\40.0.2214.93\pdf.dll
2015-01-27 10:43 - 2015-01-25 07:08 - 14913864 _____ () C:\Users\Frank\AppData\Local\Google\Chrome\Application\40.0.2214.93\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3392053727-3579388301-3246320709-500 - Administrator - Disabled)
Frank (S-1-5-21-3392053727-3579388301-3246320709-1001 - Administrator - Enabled) => C:\Users\Frank
Gast (S-1-5-21-3392053727-3579388301-3246320709-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3392053727-3579388301-3246320709-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/21/2015 05:06:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary aswFsBlk.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (01/21/2015 05:06:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary avast! Network Shield Support.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (01/21/2015 04:55:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: aswRunDll.exe, Version: 8.0.1489.300, Zeitstempel: 0x518b64a9
Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.6161, Zeitstempel: 0x4dace5b9
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000311d9
ID des fehlerhaften Prozesses: 0x8f0
Startzeit der fehlerhaften Anwendung: 0xaswRunDll.exe0
Pfad der fehlerhaften Anwendung: aswRunDll.exe1
Pfad des fehlerhaften Moduls: aswRunDll.exe2
Berichtskennung: aswRunDll.exe3

Error: (01/07/2015 11:03:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (01/07/2015 04:36:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (01/07/2015 04:35:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (01/07/2015 11:42:10 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (01/07/2015 11:41:54 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (01/07/2015 11:41:52 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (01/07/2015 11:41:51 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.


System errors:
=============
Error: (01/28/2015 01:46:02 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000007f (0x0000000a, 0x00000000, 0x00000000, 0x00000000)C:\Windows\MEMORY.DMP012815-26582-01

Error: (01/28/2015 01:46:00 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎28.‎01.‎2015 um 13:44:26 unerwartet heruntergefahren.

Error: (01/28/2015 01:06:03 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/28/2015 00:45:33 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (01/25/2015 09:54:11 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎25.‎01.‎2015 um 09:41:01 unerwartet heruntergefahren.

Error: (01/18/2015 03:23:00 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/09/2015 09:00:26 AM) (Source: Microsoft-Windows-Application-Experience) (EventID: 205) (User: NT-AUTORITÄT)
Description: Der Dienst "Programmkompatibilitäts-Assistent" konnte Phase 2 nicht initialisieren.

Error: (01/07/2015 11:35:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/07/2015 05:15:20 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.

Error: (01/07/2015 04:06:18 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.


Microsoft Office Sessions:
=========================
Error: (01/21/2015 05:06:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary aswFsBlk.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (01/21/2015 05:06:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary avast! Network Shield Support.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (01/21/2015 04:55:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: aswRunDll.exe8.0.1489.300518b64a9MSVCR90.dll9.0.30729.61614dace5b9c0000417000311d98f001d0359296ae7086C:\Program Files\AVAST Software\Avast\aswRunDll.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dllde923e63-a185-11e4-bcb2-001d7dd2b200

Error: (01/07/2015 11:03:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (01/07/2015 04:36:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (01/07/2015 04:35:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (01/07/2015 11:42:10 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (01/07/2015 11:41:54 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (01/07/2015 11:41:52 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (01/07/2015 11:41:51 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz
Percentage of memory in use: 48%
Total physical RAM: 3582.49 MB
Available physical RAM: 1846.61 MB
Total Pagefile: 7163.26 MB
Available Pagefile: 5376.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1883.27 MB

==================== Drives ================================

Drive c: (Windows 7) (Fixed) (Total:74.52 GB) (Free:54.53 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HITACHI) (Fixed) (Total:465.76 GB) (Free:272.68 GB) NTFS
Drive e: () (Fixed) (Total:74.52 GB) (Free:73.23 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 00000001)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 6011FE8B)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Lg Frank
__________________

Alt 28.01.2015, 18:31   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Avast meldet bösartige Website blockiert (URL:Mal) - Prozess: "svchost.exe - Standard

Avast meldet bösartige Website blockiert (URL:Mal) - Prozess: "svchost.exe



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 28.01.2015, 19:25   #5
Blondie64
 
Avast meldet bösartige Website blockiert (URL:Mal) - Prozess: "svchost.exe - Standard

Avast meldet bösartige Website blockiert (URL:Mal) - Prozess: "svchost.exe



Hi schrauber,

wie gewünscht hier die Log-Datei von Kombofix

Code:
ATTFilter
ComboFix 15-01-28.01 - Frank 28.01.2015  18:49:30.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.3582.2681 [GMT 1:00]
ausgeführt von:: d:\eigene dateien\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-12-28 bis 2015-01-28  ))))))))))))))))))))))))))))))
.
.
2015-01-28 18:12 . 2015-01-28 18:12	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-01-28 13:39 . 2015-01-28 13:45	--------	d-----w-	C:\FRST
2015-01-28 11:31 . 2015-01-28 12:05	--------	d-----w-	C:\AdwCleaner
2015-01-21 16:07 . 2014-12-15 03:13	9054624	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{56163B86-C37B-4C5D-890F-CD9F46B5ED23}\mpengine.dll
2015-01-21 16:05 . 2015-01-21 16:05	91496	----a-w-	c:\windows\system32\drivers\aswStm.sys
2015-01-21 16:05 . 2015-01-21 16:05	24184	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2015-01-21 16:05 . 2015-01-21 16:05	291352	----a-w-	c:\windows\system32\aswBoot.exe
2015-01-21 16:05 . 2015-01-21 16:05	43152	----a-w-	c:\windows\avastSS.scr
2015-01-21 15:54 . 2015-01-21 16:35	423784	----a-w-	c:\windows\system32\drivers\aswsp.sys
2015-01-21 15:54 . 2015-01-21 16:35	787800	----a-w-	c:\windows\system32\drivers\aswsnx.sys
2015-01-21 15:54 . 2015-01-21 16:05	81768	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2015-01-21 15:54 . 2015-01-21 16:05	206248	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2015-01-21 15:54 . 2015-01-21 16:05	49944	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2015-01-21 15:54 . 2015-01-21 16:05	70384	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2015-01-21 15:53 . 2015-01-21 15:53	--------	d-----w-	c:\program files\AVAST Software
2015-01-21 15:49 . 2015-01-21 16:01	--------	d-----w-	c:\programdata\AVAST Software
2015-01-20 00:41 . 2008-08-18 17:18	77824	----a-w-	c:\windows\system32\fmcodec.DLL
2015-01-20 00:09 . 2015-01-20 00:09	--------	d-----w-	c:\program files\VideoLAN
2015-01-18 01:59 . 2015-01-18 01:59	--------	d-----w-	c:\program files\VirtualSafe
2015-01-14 11:36 . 2003-06-18 16:31	18944	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2015-01-14 11:36 . 2003-06-18 16:31	17920	----a-w-	c:\windows\system32\mdimon.dll
2015-01-14 11:35 . 2015-01-14 11:35	--------	d-----w-	c:\windows\PCHEALTH
2015-01-14 11:35 . 2015-01-14 11:35	--------	d-----w-	c:\program files\Microsoft.NET
2015-01-13 10:56 . 2015-01-13 11:02	--------	d-----w-	c:\programdata\CanonIJPLM
2015-01-13 10:55 . 2015-01-13 10:55	--------	d-----w-	c:\programdata\Canon IJ Network Tool
2015-01-13 10:55 . 2012-02-08 15:34	320000	----a-w-	c:\windows\system32\CNC_BBL.dll
2015-01-13 10:55 . 2012-01-16 13:21	103424	----a-w-	c:\windows\system32\CNC_BBU.dll
2015-01-13 10:55 . 2008-08-25 17:02	15872	----a-w-	c:\windows\system32\CNHMCA.dll
2015-01-13 10:55 . 2015-01-13 10:55	--------	d-----w-	c:\programdata\CanonIJWSpt
2015-01-13 10:55 . 2015-01-13 10:55	--------	d-----w-	c:\program files\Common Files\CANON
2015-01-13 10:54 . 2015-01-13 10:54	--------	d--h--w-	c:\programdata\CanonBJ
2015-01-13 10:54 . 2012-04-16 04:00	85504	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\CNMPPBB.DLL
2015-01-13 10:54 . 2012-04-16 04:00	29184	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\CNMPDBB.DLL
2015-01-13 10:54 . 2015-01-13 10:54	--------	d--h--w-	c:\windows\system32\CanonIJ Uninstaller Information
2015-01-13 10:54 . 2012-01-16 13:20	266752	----a-w-	c:\windows\system32\CNC_BBC.dll
2015-01-13 10:54 . 2012-01-16 13:19	96768	----a-w-	c:\windows\system32\CNC_BBI.dll
2015-01-13 10:54 . 2012-04-16 04:00	314880	----a-w-	c:\windows\system32\CNMLMBB.DLL
2015-01-13 10:53 . 2015-01-13 10:53	--------	d-----w-	c:\windows\system32\STRING
2015-01-13 10:53 . 2012-03-28 17:00	35840	----a-w-	c:\windows\system32\CNMNPUI.DLL
2015-01-13 10:52 . 2015-01-13 10:56	--------	d-----w-	c:\program files\Canon
2015-01-13 10:47 . 2015-01-13 10:47	--------	d-----w-	c:\program files\Common Files\Adobe
2015-01-08 23:35 . 2015-01-25 18:03	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-08 23:35 . 2015-01-25 18:03	701616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2015-01-08 23:35 . 2015-01-08 23:35	--------	d-----w-	c:\windows\system32\Macromed
2015-01-07 22:06 . 2015-01-07 22:06	--------	d-----w-	c:\program files\Common Files\Skype
2015-01-07 22:06 . 2015-01-07 22:06	--------	d-----r-	c:\program files\Skype
2015-01-07 22:04 . 2015-01-07 22:04	--------	d-----w-	c:\program files\CCleaner
2015-01-07 12:44 . 2015-01-07 12:44	--------	d-----w-	c:\program files\WinTrack
2015-01-07 09:58 . 2015-01-21 15:54	--------	d-sh--w-	c:\windows\Installer
2015-01-07 09:49 . 2015-01-07 09:49	--------	d-----w-	c:\programdata\928458613
2015-01-07 09:39 . 2015-01-07 22:06	--------	d-----w-	c:\programdata\Skype
2015-01-07 09:24 . 2015-01-07 09:24	--------	d-----w-	c:\windows\system32\RTCOM
2015-01-07 09:20 . 2015-01-28 08:11	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2015-01-07 09:20 . 2015-01-19 21:15	--------	d-----w-	c:\program files\Mozilla
2015-01-07 09:15 . 2015-01-27 20:16	--------	d-----w-	c:\users\Frank
2015-01-07 09:05 . 2015-01-07 09:05	--------	d-----w-	C:\Boot
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-08 08:55 . 2010-02-09 20:01	249488	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-01-21 16:05	723976	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-12-11 30877280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-06-11 10996368]
"IJNetworkScannerSelectorEX"="c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2012-03-26 449168]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-27 5227112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2015-01-21 91496]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-12-11 315496]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2015-01-21 787800]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2015-01-21 423784]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2015-01-21 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2015-01-21 70384]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - aswMBR
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-08 18:03]
.
2015-01-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3392053727-3579388301-3246320709-1001Core.job
- c:\users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-07 09:36]
.
2015-01-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3392053727-3579388301-3246320709-1001UA.job
- c:\users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-07 09:36]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\jlu6xu9f.default\
FF - ExtSQL: 2015-01-07 11:07; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\jlu6xu9f.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2015-01-21 17:05; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-01-28  19:18:30
ComboFix-quarantined-files.txt  2015-01-28 18:18
.
Vor Suchlauf: 7 Verzeichnis(se), 61.271.879.680 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 61.305.040.896 Bytes frei
.
- - End Of File - - 450CD35EDBF5C98E3278F68B73696D1F
A36C5E4F47E84449FF07ED3517B43A31
         
Lg Frank


Alt 29.01.2015, 07:02   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Avast meldet bösartige Website blockiert (URL:Mal) - Prozess: "svchost.exe - Standard

Avast meldet bösartige Website blockiert (URL:Mal) - Prozess: "svchost.exe



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Avast meldet bösartige Website blockiert (URL:Mal) - Prozess: "svchost.exe

Alt 29.01.2015, 11:45   #7
Blondie64
 
Avast meldet bösartige Website blockiert (URL:Mal) - Prozess: "svchost.exe - Standard

Avast meldet bösartige Website blockiert (URL:Mal) - Prozess: "svchost.exe



Moin,

hab heute morgen den Rechner gestartet und siehe da,die Meldung ist weg.

Habe dennoch alles so gemacht wie du geschrieben hast.

Hier nun die Log Files:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 29.01.2015
Suchlauf-Zeit: 10:19:33
Logdatei: Mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.29.05
Rootkit Datenbank: v2015.01.14.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7
CPU: x86
Dateisystem: NTFS
Benutzer: Frank

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 306292
Verstrichene Zeit: 13 Min, 50 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 1
Rogue.Multiple, C:\ProgramData\928458613, In Quarantäne, [9792d825157444f253c98aabdc27857b], 

Dateien: 1
Rogue.Multiple, C:\ProgramData\928458613\BIT2D1.tmp, In Quarantäne, [9792d825157444f253c98aabdc27857b], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)]
         
Code:
ATTFilter
# AdwCleaner v4.109 - Bericht erstellt am 29/01/2015 um 10:40:59
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-26.1 [Live]
# Betriebssystem : Windows 7 Ultimate  (32 bits)
# Benutzername : Frank - BLONDIE
# Gestartet von : C:\Users\Frank\Desktop\adwcleaner_4.109.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v8.0.7600.16385


-\\ Mozilla Firefox v


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [2032 octets] - [28/01/2015 12:31:40]
AdwCleaner[R1].txt - [889 octets] - [29/01/2015 10:36:42]
AdwCleaner[S0].txt - [1901 octets] - [28/01/2015 12:42:52]
AdwCleaner[S1].txt - [811 octets] - [29/01/2015 10:40:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [870 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Ultimate x86
Ran by Frank on 29.01.2015 at 10:48:44,49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.01.2015 at 11:18:29,99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2015 01
Ran by Frank (administrator) on BLONDIE on 29-01-2015 11:31:11
Running from C:\Users\Frank\Desktop
Loaded Profiles: Frank (Available profiles: Frank)
Platform: Microsoft Windows 7 Ultimate  (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10996368 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKU\S-1-5-21-3392053727-3579388301-3246320709-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3392053727-3579388301-3246320709-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3392053727-3579388301-3246320709-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3392053727-3579388301-3246320709-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\jlu6xu9f.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-3392053727-3579388301-3246320709-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Frank\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3392053727-3579388301-3246320709-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Frank\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Adblock Plus - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\jlu6xu9f.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-07]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-21]
StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla\Firefox\firefox.exe
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "https://www.google.de/"
CHR DefaultSearchURL: Default -> https://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&channel=fflb&q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&channel=rcs
CHR DefaultSuggestURL: Default -> https://www.google.com/complete/search?q={searchTerms}
CHR Profile: C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2015-01-07]
CHR Extension: (Google Docs) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-07]
CHR Extension: (Google Drive) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-07]
CHR Extension: (WOT) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-01-07]
CHR Extension: (YouTube) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-07]
CHR Extension: (Adblock Plus) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-07]
CHR Extension: (Google-Suche) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-07]
CHR Extension: (Google Tabellen) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-07]
CHR Extension: (AdBlock Premium) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\fndlhnanhedoklpdaacidomdnplcjcpj [2015-01-07]
CHR Extension: (Avast Online Security) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-21]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2015-01-07]
CHR Extension: (Google Wallet) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-07]
CHR Extension: (Google Mail) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-07]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-21]
StartMenuInternet: Google Chrome.DAFMAZDWQNLGW53H2JSQCWNWJM - C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-21] (AVAST Software)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2015-01-21] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2015-01-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2015-01-21] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2015-01-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2015-01-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2015-01-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2015-01-21] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2015-01-21] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-29] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
S3 catchme; \??\C:\Users\Frank\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-29 11:31 - 2015-01-29 11:31 - 00010595 _____ () C:\Users\Frank\Desktop\FRST.txt
2015-01-29 11:30 - 2015-01-29 11:30 - 00000000 ____D () C:\Users\Frank\Desktop\FRST-OlderVersion
2015-01-29 11:18 - 2015-01-29 11:18 - 00000621 _____ () C:\Users\Frank\Desktop\JRT.txt
2015-01-29 10:48 - 2015-01-29 10:48 - 00000000 ____D () C:\Windows\ERUNT
2015-01-29 10:17 - 2015-01-29 10:43 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-29 10:17 - 2015-01-29 10:17 - 00001073 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-29 10:17 - 2015-01-29 10:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-29 10:17 - 2015-01-29 10:16 - 01707939 _____ (Thisisu) C:\Users\Frank\Desktop\JunkwareRemovalTool.exe
2015-01-29 10:16 - 2015-01-29 10:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-29 10:16 - 2015-01-29 10:16 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-01-29 10:16 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-29 10:16 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-29 10:16 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-29 10:13 - 2015-01-28 12:30 - 02194432 _____ () C:\Users\Frank\Desktop\adwcleaner_4.109.exe
2015-01-29 10:11 - 2015-01-29 11:30 - 01121792 _____ (Farbar) C:\Users\Frank\Desktop\FRST.exe
2015-01-29 10:11 - 2015-01-29 10:11 - 00001078 _____ () C:\Users\Frank\Desktop\ComboFix.lnk
2015-01-29 10:11 - 2015-01-28 12:35 - 00688992 ____R (Swearware) C:\Users\Frank\Desktop\dds.exe
2015-01-29 10:11 - 2015-01-21 17:07 - 05198336 _____ (AVAST Software) C:\Users\Frank\Desktop\aswMBR.exe
2015-01-28 19:18 - 2015-01-28 19:18 - 00009444 _____ () C:\ComboFix.txt
2015-01-28 18:46 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-28 18:46 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-28 18:46 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-28 18:46 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-28 18:46 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-28 18:46 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-28 18:46 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-28 18:46 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-28 18:45 - 2015-01-28 19:18 - 00000000 ____D () C:\Qoobox
2015-01-28 18:45 - 2015-01-28 19:14 - 00000000 ____D () C:\Windows\erdnt
2015-01-28 14:39 - 2015-01-29 11:31 - 00000000 ____D () C:\FRST
2015-01-28 13:45 - 2015-01-28 13:46 - 00159288 _____ () C:\Windows\Minidump\012815-26582-01.dmp
2015-01-28 13:45 - 2015-01-28 13:45 - 211299028 _____ () C:\Windows\MEMORY.DMP
2015-01-28 13:45 - 2015-01-28 13:45 - 00000000 ____D () C:\Windows\Minidump
2015-01-28 12:31 - 2015-01-29 10:41 - 00000000 ____D () C:\AdwCleaner
2015-01-21 17:21 - 2015-01-21 17:21 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\AVAST Software
2015-01-21 17:05 - 2015-01-21 17:05 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-21 17:05 - 2015-01-21 17:05 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-01-21 17:05 - 2015-01-21 17:05 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-01-21 17:05 - 2015-01-21 17:05 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-21 17:05 - 2015-01-21 17:05 - 00002054 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-21 16:54 - 2015-01-21 17:35 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-21 16:54 - 2015-01-21 17:35 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-01-21 16:54 - 2015-01-21 17:05 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-21 16:54 - 2015-01-21 17:05 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-01-21 16:54 - 2015-01-21 17:05 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-01-21 16:54 - 2015-01-21 17:05 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-21 16:53 - 2015-01-21 16:53 - 00000000 ____D () C:\Program Files\AVAST Software
2015-01-21 16:49 - 2015-01-21 17:01 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-20 01:41 - 2008-08-18 18:18 - 00077824 _____ (Fox Magic Software) C:\Windows\system32\fmcodec.DLL
2015-01-20 01:38 - 2015-01-20 01:44 - 00000049 _____ () C:\Windows\system32\ScrRecX.log
2015-01-20 01:09 - 2015-01-23 02:06 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\vlc
2015-01-20 01:09 - 2015-01-20 01:09 - 00001037 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-01-20 01:09 - 2015-01-20 01:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-01-20 01:09 - 2015-01-20 01:09 - 00000000 ____D () C:\Program Files\VideoLAN
2015-01-19 22:15 - 2015-01-24 11:49 - 00000000 ____D () C:\Users\Frank\AppData\Local\Thunderbird
2015-01-19 22:15 - 2015-01-19 22:15 - 00002123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2015-01-19 22:15 - 2015-01-19 22:15 - 00002111 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2015-01-19 22:15 - 2015-01-19 22:15 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\Thunderbird
2015-01-18 02:59 - 2015-01-18 03:00 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\VirtualSafe
2015-01-18 02:59 - 2015-01-18 02:59 - 00001016 _____ () C:\Users\Frank\Desktop\VirtualSafe.lnk
2015-01-18 02:59 - 2015-01-18 02:59 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualSafe 2.0
2015-01-18 02:59 - 2015-01-18 02:59 - 00000000 ____D () C:\Program Files\VirtualSafe
2015-01-18 02:58 - 2015-01-18 02:58 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\dlg
2015-01-17 10:19 - 2015-01-29 11:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-14 12:36 - 2015-01-14 12:36 - 00000400 _____ () C:\Windows\ODBC.INI
2015-01-14 12:36 - 2003-06-18 17:31 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\mdimon.dll
2015-01-14 12:35 - 2015-01-14 12:35 - 00000000 ____D () C:\Windows\PCHEALTH
2015-01-14 12:35 - 2015-01-14 12:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-01-14 12:35 - 2015-01-14 12:35 - 00000000 ____D () C:\Program Files\Microsoft.NET
2015-01-14 12:35 - 2015-01-14 12:35 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-01-14 12:35 - 2015-01-14 12:35 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-01-13 11:56 - 2015-01-13 12:02 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-01-13 11:56 - 2015-01-13 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5400 series
2015-01-13 11:55 - 2015-01-13 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-01-13 11:55 - 2015-01-13 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5400 series Benutzerregistrierung
2015-01-13 11:55 - 2015-01-13 11:55 - 00000000 ____D () C:\ProgramData\CanonIJWSpt
2015-01-13 11:55 - 2015-01-13 11:55 - 00000000 ____D () C:\ProgramData\Canon IJ Network Tool
2015-01-13 11:55 - 2015-01-13 11:55 - 00000000 ____D () C:\Program Files\Common Files\CANON
2015-01-13 11:55 - 2012-02-08 16:34 - 00320000 _____ (CANON INC.) C:\Windows\system32\CNC_BBL.dll
2015-01-13 11:55 - 2012-01-26 10:28 - 00081920 _____ () C:\Windows\system32\CNC1764D.TBL
2015-01-13 11:55 - 2012-01-16 14:21 - 00103424 _____ (CANON INC.) C:\Windows\system32\CNC_BBU.dll
2015-01-13 11:55 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\Windows\system32\CNHMCA.dll
2015-01-13 11:54 - 2015-01-13 11:54 - 00000000 ___HD () C:\Windows\system32\CanonIJ Uninstaller Information
2015-01-13 11:54 - 2015-01-13 11:54 - 00000000 ___HD () C:\ProgramData\CanonBJ
2015-01-13 11:54 - 2015-01-13 11:54 - 00000000 ___HD () C:\Program Files\CanonBJ
2015-01-13 11:54 - 2012-04-16 05:00 - 00314880 _____ (CANON INC.) C:\Windows\system32\CNMLMBB.DLL
2015-01-13 11:54 - 2012-01-16 14:20 - 00266752 _____ (CANON INC.) C:\Windows\system32\CNC_BBC.dll
2015-01-13 11:54 - 2012-01-16 14:19 - 00096768 _____ (CANON INC.) C:\Windows\system32\CNC_BBI.dll
2015-01-13 11:53 - 2015-01-13 11:53 - 00000000 ____D () C:\Windows\system32\STRING
2015-01-13 11:53 - 2012-03-28 18:00 - 00035840 _____ (CANON INC.) C:\Windows\system32\CNMNPUI.DLL
2015-01-13 11:52 - 2015-01-13 11:56 - 00000000 ____D () C:\Program Files\Canon
2015-01-13 11:50 - 2015-01-13 11:50 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-01-13 11:47 - 2015-01-13 11:47 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-09 22:39 - 2015-01-09 22:39 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\CrystalIdea Software
2015-01-09 00:37 - 2015-01-13 11:47 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\Adobe
2015-01-09 00:37 - 2015-01-09 00:37 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\Macromedia
2015-01-09 00:37 - 2015-01-09 00:37 - 00000000 ____D () C:\Users\Frank\AppData\Local\Macromedia
2015-01-09 00:35 - 2015-01-25 19:03 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-09 00:35 - 2015-01-25 19:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-09 00:35 - 2015-01-09 00:35 - 00000000 ____D () C:\Windows\system32\Macromed
2015-01-09 00:34 - 2015-01-13 11:47 - 00000000 ____D () C:\Users\Frank\AppData\Local\Adobe
2015-01-08 19:33 - 2015-01-08 19:33 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-01-08 08:46 - 2015-01-29 10:42 - 00158636 _____ () C:\Windows\PFRO.log
2015-01-07 23:13 - 2015-01-29 10:42 - 00003257 _____ () C:\Windows\setupact.log
2015-01-07 23:13 - 2015-01-07 23:13 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-07 23:06 - 2015-01-29 11:27 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\Skype
2015-01-07 23:06 - 2015-01-07 23:06 - 00002687 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-01-07 23:06 - 2015-01-07 23:06 - 00000000 ___RD () C:\Program Files\Skype
2015-01-07 23:06 - 2015-01-07 23:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-01-07 23:06 - 2015-01-07 23:06 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-01-07 23:04 - 2015-01-07 23:04 - 00000978 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-07 23:04 - 2015-01-07 23:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-07 23:04 - 2015-01-07 23:04 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-07 16:35 - 2015-01-07 16:35 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-01-07 16:28 - 2015-01-14 14:51 - 00062304 _____ () C:\Users\Frank\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-07 13:44 - 2015-01-28 11:53 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\WinTrack
2015-01-07 13:44 - 2015-01-07 13:44 - 00000959 _____ () C:\Users\Frank\Desktop\WinTrack.lnk
2015-01-07 13:44 - 2015-01-07 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinTrack
2015-01-07 13:44 - 2015-01-07 13:44 - 00000000 ____D () C:\Program Files\WinTrack
2015-01-07 10:58 - 2015-01-07 10:58 - 00000000 ____D () C:\Users\Frank\AppData\Local\Skype
2015-01-07 10:45 - 2015-01-07 10:45 - 00792216 _____ (%PROD_NAME%) C:\Users\Frank\Downloads\skype.exe
2015-01-07 10:44 - 2015-01-07 10:44 - 11490056 _____ () C:\Users\Frank\Downloads\Nicht bestätigt 108482.crdownload
2015-01-07 10:39 - 2015-01-07 23:06 - 00000000 ____D () C:\ProgramData\Skype
2015-01-07 10:39 - 2015-01-07 10:44 - 44844128 _____ (Skype Technologies S.A.) C:\Users\Frank\Downloads\SkypeSetupFull.exe
2015-01-07 10:33 - 2015-01-27 10:44 - 00002367 _____ () C:\Users\Frank\Desktop\Google Chrome.lnk
2015-01-07 10:33 - 2015-01-07 10:33 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-07 10:31 - 2015-01-29 10:41 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3392053727-3579388301-3246320709-1001UA.job
2015-01-07 10:31 - 2015-01-29 10:41 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3392053727-3579388301-3246320709-1001Core.job
2015-01-07 10:31 - 2015-01-07 10:32 - 00000000 ____D () C:\Users\Frank\AppData\Local\Google
2015-01-07 10:24 - 2015-01-07 10:24 - 00000000 ____D () C:\Windows\system32\RTCOM
2015-01-07 10:23 - 2015-01-07 10:24 - 00000000 ___HD () C:\Program Files\Temp
2015-01-07 10:23 - 2015-01-07 10:23 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-07 10:23 - 2015-01-07 10:23 - 00000000 ____D () C:\Program Files\Realtek
2015-01-07 10:23 - 2015-01-07 10:23 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2015-01-07 10:23 - 2012-06-19 16:54 - 03240400 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2015-01-07 10:23 - 2012-06-19 13:30 - 00293889 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-01-07 10:23 - 2012-06-08 16:23 - 00071808 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp32.dll
2015-01-07 10:23 - 2012-06-08 16:21 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO32.dll
2015-01-07 10:23 - 2012-06-08 16:18 - 03173008 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll
2015-01-07 10:23 - 2012-06-06 10:44 - 00645776 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2015-01-07 10:23 - 2012-06-01 09:37 - 02417808 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2015-01-07 10:23 - 2012-05-31 18:08 - 00087696 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
2015-01-07 10:23 - 2012-05-25 18:06 - 01706640 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2015-01-07 10:23 - 2012-04-10 14:40 - 02193472 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
2015-01-07 10:23 - 2012-04-03 18:41 - 00709976 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell.dll
2015-01-07 10:23 - 2012-03-08 11:47 - 00176736 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2015-01-07 10:23 - 2012-03-08 11:47 - 00095840 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
2015-01-07 10:23 - 2011-12-18 17:57 - 01836376 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2015-01-07 10:23 - 2011-12-16 14:57 - 00054360 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld32.dll
2015-01-07 10:23 - 2011-12-13 16:58 - 01497704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2015-01-07 10:23 - 2011-11-22 16:28 - 00013416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR.dll
2015-01-07 10:23 - 2010-11-08 07:31 - 00359768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll
2015-01-07 10:23 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
2015-01-07 10:23 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
2015-01-07 10:23 - 2010-11-08 07:31 - 00170840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll
2015-01-07 10:23 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll
2015-01-07 10:23 - 2010-11-08 07:31 - 00064856 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll
2015-01-07 10:23 - 2010-09-27 09:34 - 00232792 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-01-07 10:23 - 2009-12-04 15:43 - 00132368 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO.dll
2015-01-07 10:23 - 2009-11-24 09:55 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
2015-01-07 10:23 - 2009-11-24 09:55 - 00185584 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSHD.dll
2015-01-07 10:23 - 2009-11-24 09:55 - 00173296 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP360.dll
2015-01-07 10:23 - 2009-11-24 09:55 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2015-01-07 10:23 - 2009-11-18 18:42 - 01783056 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesLib.dll
2015-01-07 10:23 - 2009-11-18 07:13 - 00050776 _____ (Creative Technology Ltd.) C:\Windows\system32\MBPPCn32.dll
2015-01-07 10:20 - 2015-01-28 09:11 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-07 10:20 - 2015-01-27 14:09 - 00000000 ____D () C:\Users\Frank\AppData\Local\Mozilla
2015-01-07 10:20 - 2015-01-19 22:15 - 00000000 ____D () C:\Program Files\Mozilla
2015-01-07 10:20 - 2015-01-07 10:20 - 00001194 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-07 10:20 - 2015-01-07 10:20 - 00001182 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-07 10:20 - 2015-01-07 10:20 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\Mozilla
2015-01-07 10:20 - 2015-01-07 10:20 - 00000000 ____D () C:\ProgramData\Mozilla
2015-01-07 10:16 - 2015-01-07 10:16 - 00001413 _____ () C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-07 10:15 - 2015-01-27 21:16 - 00000000 ____D () C:\Users\Frank
2015-01-07 10:15 - 2015-01-16 19:06 - 00000000 ____D () C:\Users\Frank\AppData\Local\VirtualStore
2015-01-07 10:15 - 2015-01-07 10:15 - 00000020 ___SH () C:\Users\Frank\ntuser.ini
2015-01-07 10:15 - 2015-01-07 10:15 - 00000000 _SHDL () C:\Users\Frank\Startmenü
2015-01-07 10:15 - 2015-01-07 10:15 - 00000000 _SHDL () C:\Users\Frank\Netzwerkumgebung
2015-01-07 10:15 - 2015-01-07 10:15 - 00000000 _SHDL () C:\Users\Frank\Druckumgebung
2015-01-07 10:15 - 2015-01-07 10:15 - 00000000 _SHDL () C:\Users\Frank\Documents\Eigene Musik
2015-01-07 10:15 - 2015-01-07 10:15 - 00000000 _SHDL () C:\Users\Frank\Documents\Eigene Bilder
2015-01-07 10:15 - 2015-01-07 10:15 - 00000000 _SHDL () C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-07 10:15 - 2015-01-07 10:15 - 00000000 _SHDL () C:\Users\Frank\AppData\Local\Verlauf
2015-01-07 10:15 - 2009-07-14 05:42 - 00000000 ___RD () C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-07 10:15 - 2009-07-14 05:37 - 00000000 ___RD () C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-07 10:13 - 2015-01-07 10:13 - 00171136 __RSH () C:\w7ldr
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\Users\Default\Startmenü
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\Programme
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\ProgramData\Startmenü
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\ProgramData\Dokumente
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 ____D () C:\Recovery
2015-01-07 10:09 - 2015-01-29 10:53 - 00139726 _____ () C:\Windows\WindowsUpdate.log
2015-01-07 10:06 - 2015-01-07 10:06 - 00000000 ____D () C:\Windows\CSC
2015-01-07 10:05 - 2015-01-07 10:05 - 00008192 __RSH () C:\BOOTSECT.BAK
2015-01-07 10:05 - 2009-07-14 02:38 - 00383562 __RSH () C:\bootmgr

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-29 10:49 - 2010-02-09 20:56 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-29 10:47 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-29 10:47 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-29 10:42 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-28 19:18 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2015-01-28 19:18 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-01-28 19:12 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-01-21 17:01 - 2009-07-14 03:04 - 00002577 _____ () C:\Windows\system32\config.nt
2015-01-21 16:54 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-01-18 22:14 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-01-15 07:08 - 2009-07-14 05:33 - 00285320 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-14 12:35 - 2009-07-14 09:56 - 00000000 ____D () C:\Windows\ShellNew
2015-01-14 12:32 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system
2015-01-13 11:55 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\twain_32
2015-01-13 11:55 - 2009-07-14 03:37 - 00000000 __RSD () C:\Windows\Media
2015-01-08 09:55 - 2010-02-09 21:01 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-07 23:04 - 2010-02-09 20:45 - 00000000 ____D () C:\Windows\Panther
2015-01-07 23:01 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-01-07 12:00 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\restore
2015-01-07 11:42 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-07 10:12 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-07 10:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-01-07 10:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Windows NT
2015-01-07 10:05 - 2009-07-14 05:57 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2015-01-07 10:05 - 2009-07-14 05:52 - 00028672 _____ () C:\Windows\system32\config\BCD-Template

Some content of TEMP:
====================
C:\Users\Frank\AppData\Local\Temp\Quarantine.exe
C:\Users\Frank\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 12:44

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-01-2015 01
Ran by Frank at 2015-01-29 11:32:17
Running from C:\Users\Frank\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - ‪Canon Inc.‬)
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MG5400 series Benutzerregistrierung (HKLM\...\Canon MG5400 series Benutzerregistrierung) (Version:  - Canon Inc.‎)
Canon MG5400 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5400_series) (Version: 1.00 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.28 - Piriform)
Google Chrome (HKU\S-1-5-21-3392053727-3579388301-3246320709-1001\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 31.4.0 ESR (x86 de) (HKLM\...\Mozilla Firefox 31.4.0 ESR (x86 de)) (Version: 31.4.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.4.0 - Mozilla)
Mozilla Thunderbird (6.0) (HKLM\...\Mozilla Thunderbird (6.0)) (Version: 6.0 (de) - Mozilla)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
VirtualSafe 2.0 (HKLM\...\VirtualSafe 2.0) (Version:  - )
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinTrack v11.06 (HKLM\...\WinTrack_is1) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3392053727-3579388301-3246320709-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3392053727-3579388301-3246320709-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Frank\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3392053727-3579388301-3246320709-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Frank\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3392053727-3579388301-3246320709-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Frank\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3392053727-3579388301-3246320709-1001_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Frank\AppData\Local\Google\Chrome\Application\40.0.2214.93\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3392053727-3579388301-3246320709-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Frank\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3392053727-3579388301-3246320709-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Frank\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3392053727-3579388301-3246320709-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Frank\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3392053727-3579388301-3246320709-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Frank\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3392053727-3579388301-3246320709-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Frank\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)

==================== Restore Points  =========================

21-01-2015 16:52:57 avast! Free Antivirus Setup
21-01-2015 17:02:04 avast! antivirus system restore point
21-01-2015 17:06:38 Windows Update
28-01-2015 18:46:15 ComboFix created restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {10842D9F-7348-4B2B-9E1C-3451CDC7EDF2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-02-19] (Piriform Ltd)
Task: {1372CAD0-01E8-4D4C-BA83-DBAA0B7CB787} - System32\Tasks\{FADAEAF4-ACC5-4E53-BD2A-942E85431E9F} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.3.0.105&amp;LastError=404
Task: {17F52E08-BA2F-454B-936F-3DA8B3280B87} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {24FCFCD6-1458-4F71-AD1D-7B3C52C3FC14} - System32\Tasks\{B383DEC7-0330-46EE-96B9-E85BA8B1C0B3} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.3.0.105&amp;LastError=404
Task: {4C66FC1B-E58F-4F58-9C59-D67B164D3C56} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-21] (AVAST Software)
Task: {5C3E6BBC-1F03-4227-9BB7-86341C8823B8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3392053727-3579388301-3246320709-1001UA => C:\Users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-07] (Google Inc.)
Task: {7E7DEFC9-67D7-470F-ACB5-149FE0AB63E0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3392053727-3579388301-3246320709-1001Core => C:\Users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-07] (Google Inc.)
Task: {A327E741-CF92-494C-B095-4C2B02268F85} - System32\Tasks\{73318080-903A-4850-B6FE-11CCB037964A} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.3.0.105&amp;LastError=404

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3392053727-3579388301-3246320709-1001Core.job => C:\Users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3392053727-3579388301-3246320709-1001UA.job => C:\Users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2015-01-28 09:12 - 2015-01-28 09:12 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012800\algo.dll
2015-01-29 10:44 - 2015-01-29 10:44 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012900\algo.dll
2015-01-21 17:05 - 2015-01-21 17:05 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-13 11:56 - 2012-03-28 13:49 - 00140456 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2015-01-27 10:43 - 2015-01-25 07:08 - 01117512 _____ () C:\Users\Frank\AppData\Local\Google\Chrome\Application\40.0.2214.93\libglesv2.dll
2015-01-27 10:43 - 2015-01-25 07:08 - 00211272 _____ () C:\Users\Frank\AppData\Local\Google\Chrome\Application\40.0.2214.93\libegl.dll
2015-01-27 10:43 - 2015-01-25 07:08 - 09170760 _____ () C:\Users\Frank\AppData\Local\Google\Chrome\Application\40.0.2214.93\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3392053727-3579388301-3246320709-500 - Administrator - Disabled)
Frank (S-1-5-21-3392053727-3579388301-3246320709-1001 - Administrator - Enabled) => C:\Users\Frank
Gast (S-1-5-21-3392053727-3579388301-3246320709-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3392053727-3579388301-3246320709-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz
Percentage of memory in use: 41%
Total physical RAM: 3582.49 MB
Available physical RAM: 2090.59 MB
Total Pagefile: 7163.26 MB
Available Pagefile: 5402.88 MB
Total Virtual: 2047.88 MB
Available Virtual: 1902.21 MB

==================== Drives ================================

Drive c: (Windows 7) (Fixed) (Total:74.52 GB) (Free:56.93 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HITACHI) (Fixed) (Total:465.76 GB) (Free:306.5 GB) NTFS
Drive e: () (Fixed) (Total:74.52 GB) (Free:73.23 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 00000001)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 6011FE8B)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Lg Frank

Geändert von Blondie64 (29.01.2015 um 12:21 Uhr)

Alt 29.01.2015, 17:22   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Avast meldet bösartige Website blockiert (URL:Mal) - Prozess: "svchost.exe - Standard

Avast meldet bösartige Website blockiert (URL:Mal) - Prozess: "svchost.exe




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 30.01.2015, 09:20   #9
Blondie64
 
Avast meldet bösartige Website blockiert (URL:Mal) - Prozess: "svchost.exe - Standard

Avast meldet bösartige Website blockiert (URL:Mal) - Prozess: "svchost.exe



Moin Schrauber,

hier die Logs:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=5638786715fb744baf4ef9e1c4c5d5d0
# engine=22209
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-29 11:57:19
# local_time=2015-01-30 12:57:19 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7600 NT 
# compatibility_mode_1='avast! Internet Security'
# compatibility_mode=779 16777213 85 72 143169 186992729 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 719418 175014582 0 0
# scanned=127876
# found=12
# cleaned=0
# scan_time=24083
sh=9DF3638EE93AB2DB89A89AC6B67BF088DC64416B ft=1 fh=c71c00110e78363b vn="Variante von Win32/ELEX.BH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=12BA62FBE31F98A527913602DB52AA0AC031ECB8 ft=1 fh=60026dbb5f72dc03 vn="Variante von Win32/InstallCore.UQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Frank\Downloads\skype.exe"
sh=F26457FB15A750BC85C9BEAA411E38E69A3AC057 ft=1 fh=b0faa751761ef971 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\WinSplit Revolution - CHIP-Installer.exe"
sh=19876B0C21073CE7AC4725124851FC36B7EA7301 ft=1 fh=31b372839de59c7b vn="Variante von Win32/CNETInstaller.B evtl. unerwünschte Anwendung" ac=I fn="D:\Eigene Dateien\Downloads\cbsidlm-cbsi188-3GP_to_MP3_Converter-ORG-10969186.exe"
sh=8182DB9D5B7573D1F7D7BA0587397BFD6F6CA9FA ft=1 fh=7623cac7b9c602ab vn="Variante von Win32/OpenInstall evtl. unerwünschte Anwendung" ac=I fn="D:\Eigene Dateien\Downloads\Desk-Timer-Downloader.exe"
sh=1867142971E46CEFBDC91D1C32BDDB89B9CC2FCB ft=1 fh=bed49cb1acf2aab9 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="D:\Eigene Dateien\Downloads\DTLite4471-0333.exe"
sh=D86D2FC37B1FED635CAF6F25254D7A575466ED1E ft=1 fh=7614c1446a9b863f vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung" ac=I fn="D:\Eigene Dateien\Downloads\FFSetup3.3.4.0.exe"
sh=7336EEB27416A7F6A03F92979BCC619CF550EBBD ft=1 fh=32ad90c470794ca7 vn="Variante von MSIL/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="D:\Eigene Dateien\Downloads\free-system-utilities-DE.exe"
sh=E86EA9D4B8C4A82B9AF597E9FA5B076433EC6BBA ft=1 fh=e3f249e467ef5245 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="D:\Eigene Dateien\Downloads\google-chrome-26-0-final-1410-43.exe"
sh=9974426E63D2AD1445425F84384709A331264202 ft=0 fh=0000000000000000 vn="NSIS/TrojanDownloader.Agent.NPI Trojaner" ac=I fn="D:\Eigene Dateien\Downloads\Project XXX Star.zip"
sh=F4465D29186D5ECEC9E20B9BBA5713DA439A1973 ft=1 fh=4de80f964cc5036a vn="Variante von Win32/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="D:\Eigene Dateien\Downloads\VirtualSafe_V2.0-Downloader.exe"
sh=92C2ED46CCABFD57142C3C42D70773C4A384ED19 ft=1 fh=0f17379e74e89995 vn="Variante von Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="D:\Eigene Dateien\Downloads\YouTubeDownloaderSetup35.exe"
         
Von SecurityCheck gibt es kein Log,da mir das Programm folgende Meldung gibt:

UNSUPPORTED OPERATING SYSTEM! ABORTED!


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2015 01
Ran by Frank (administrator) on BLONDIE on 30-01-2015 09:17:25
Running from C:\Users\Frank\Desktop
Loaded Profiles: Frank (Available profiles: Frank)
Platform: Microsoft Windows 7 Ultimate  (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(ESET) C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
(Google Inc.) C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Google Inc.) C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10996368 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKU\S-1-5-21-3392053727-3579388301-3246320709-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3392053727-3579388301-3246320709-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3392053727-3579388301-3246320709-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3392053727-3579388301-3246320709-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\jlu6xu9f.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-3392053727-3579388301-3246320709-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Frank\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3392053727-3579388301-3246320709-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Frank\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Adblock Plus - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\jlu6xu9f.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-07]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-21]
StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla\Firefox\firefox.exe
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "https://www.google.de/"
CHR DefaultSearchURL: Default -> https://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&channel=fflb&q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&channel=rcs
CHR DefaultSuggestURL: Default -> https://www.google.com/complete/search?q={searchTerms}
CHR Profile: C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2015-01-07]
CHR Extension: (Google Docs) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-07]
CHR Extension: (Google Drive) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-07]
CHR Extension: (WOT) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-01-07]
CHR Extension: (YouTube) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-07]
CHR Extension: (Adblock Plus) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-07]
CHR Extension: (Google-Suche) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-07]
CHR Extension: (Google Tabellen) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-07]
CHR Extension: (AdBlock Premium) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\fndlhnanhedoklpdaacidomdnplcjcpj [2015-01-07]
CHR Extension: (Avast Online Security) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-21]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2015-01-07]
CHR Extension: (Google Wallet) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-07]
CHR Extension: (Google Mail) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-07]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-21]
StartMenuInternet: Google Chrome.DAFMAZDWQNLGW53H2JSQCWNWJM - C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-21] (AVAST Software)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2015-01-21] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2015-01-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2015-01-21] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2015-01-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2015-01-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2015-01-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2015-01-21] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2015-01-21] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-30] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
S3 catchme; \??\C:\Users\Frank\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-29 18:10 - 2015-01-29 18:10 - 00000000 ____D () C:\Program Files\ESET
2015-01-29 11:32 - 2015-01-29 11:36 - 00011948 _____ () C:\Users\Frank\Desktop\Addition.txt
2015-01-29 11:31 - 2015-01-30 09:17 - 00010666 _____ () C:\Users\Frank\Desktop\FRST.txt
2015-01-29 11:30 - 2015-01-29 11:30 - 00000000 ____D () C:\Users\Frank\Desktop\FRST-OlderVersion
2015-01-29 11:18 - 2015-01-29 11:18 - 00000621 _____ () C:\Users\Frank\Desktop\JRT.txt
2015-01-29 10:48 - 2015-01-29 10:48 - 00000000 ____D () C:\Windows\ERUNT
2015-01-29 10:17 - 2015-01-30 04:36 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-29 10:17 - 2015-01-29 10:17 - 00001073 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-29 10:17 - 2015-01-29 10:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-29 10:17 - 2015-01-29 10:16 - 01707939 _____ (Thisisu) C:\Users\Frank\Desktop\JunkwareRemovalTool.exe
2015-01-29 10:16 - 2015-01-29 10:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-29 10:16 - 2015-01-29 10:16 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-01-29 10:16 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-29 10:16 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-29 10:16 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-29 10:13 - 2015-01-28 12:30 - 02194432 _____ () C:\Users\Frank\Desktop\adwcleaner_4.109.exe
2015-01-29 10:11 - 2015-01-29 11:30 - 01121792 _____ (Farbar) C:\Users\Frank\Desktop\FRST.exe
2015-01-29 10:11 - 2015-01-29 10:11 - 00001078 _____ () C:\Users\Frank\Desktop\ComboFix.lnk
2015-01-29 10:11 - 2015-01-28 12:35 - 00688992 ____R (Swearware) C:\Users\Frank\Desktop\dds.exe
2015-01-29 10:11 - 2015-01-21 17:07 - 05198336 _____ (AVAST Software) C:\Users\Frank\Desktop\aswMBR.exe
2015-01-28 19:18 - 2015-01-28 19:18 - 00009444 _____ () C:\ComboFix.txt
2015-01-28 18:46 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-28 18:46 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-28 18:46 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-28 18:46 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-28 18:46 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-28 18:46 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-28 18:46 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-28 18:46 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-28 18:45 - 2015-01-28 19:18 - 00000000 ____D () C:\Qoobox
2015-01-28 18:45 - 2015-01-28 19:14 - 00000000 ____D () C:\Windows\erdnt
2015-01-28 14:39 - 2015-01-30 09:17 - 00000000 ____D () C:\FRST
2015-01-28 13:45 - 2015-01-28 13:46 - 00159288 _____ () C:\Windows\Minidump\012815-26582-01.dmp
2015-01-28 13:45 - 2015-01-28 13:45 - 211299028 _____ () C:\Windows\MEMORY.DMP
2015-01-28 13:45 - 2015-01-28 13:45 - 00000000 ____D () C:\Windows\Minidump
2015-01-28 12:31 - 2015-01-29 10:41 - 00000000 ____D () C:\AdwCleaner
2015-01-21 17:21 - 2015-01-21 17:21 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\AVAST Software
2015-01-21 17:05 - 2015-01-21 17:05 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-21 17:05 - 2015-01-21 17:05 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-01-21 17:05 - 2015-01-21 17:05 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-01-21 17:05 - 2015-01-21 17:05 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-21 17:05 - 2015-01-21 17:05 - 00002054 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-21 16:54 - 2015-01-21 17:35 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-21 16:54 - 2015-01-21 17:35 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-01-21 16:54 - 2015-01-21 17:05 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-21 16:54 - 2015-01-21 17:05 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-01-21 16:54 - 2015-01-21 17:05 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-01-21 16:54 - 2015-01-21 17:05 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-21 16:53 - 2015-01-21 16:53 - 00000000 ____D () C:\Program Files\AVAST Software
2015-01-21 16:49 - 2015-01-21 17:01 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-20 01:41 - 2008-08-18 18:18 - 00077824 _____ (Fox Magic Software) C:\Windows\system32\fmcodec.DLL
2015-01-20 01:38 - 2015-01-20 01:44 - 00000049 _____ () C:\Windows\system32\ScrRecX.log
2015-01-20 01:09 - 2015-01-23 02:06 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\vlc
2015-01-20 01:09 - 2015-01-20 01:09 - 00001037 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-01-20 01:09 - 2015-01-20 01:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-01-20 01:09 - 2015-01-20 01:09 - 00000000 ____D () C:\Program Files\VideoLAN
2015-01-19 22:15 - 2015-01-24 11:49 - 00000000 ____D () C:\Users\Frank\AppData\Local\Thunderbird
2015-01-19 22:15 - 2015-01-19 22:15 - 00002123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2015-01-19 22:15 - 2015-01-19 22:15 - 00002111 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2015-01-19 22:15 - 2015-01-19 22:15 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\Thunderbird
2015-01-18 02:59 - 2015-01-18 03:00 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\VirtualSafe
2015-01-18 02:59 - 2015-01-18 02:59 - 00001016 _____ () C:\Users\Frank\Desktop\VirtualSafe.lnk
2015-01-18 02:59 - 2015-01-18 02:59 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualSafe 2.0
2015-01-18 02:59 - 2015-01-18 02:59 - 00000000 ____D () C:\Program Files\VirtualSafe
2015-01-18 02:58 - 2015-01-18 02:58 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\dlg
2015-01-17 10:19 - 2015-01-30 09:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-14 12:36 - 2015-01-14 12:36 - 00000400 _____ () C:\Windows\ODBC.INI
2015-01-14 12:36 - 2003-06-18 17:31 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\mdimon.dll
2015-01-14 12:35 - 2015-01-14 12:35 - 00000000 ____D () C:\Windows\PCHEALTH
2015-01-14 12:35 - 2015-01-14 12:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-01-14 12:35 - 2015-01-14 12:35 - 00000000 ____D () C:\Program Files\Microsoft.NET
2015-01-14 12:35 - 2015-01-14 12:35 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-01-14 12:35 - 2015-01-14 12:35 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-01-13 11:56 - 2015-01-13 12:02 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-01-13 11:56 - 2015-01-13 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5400 series
2015-01-13 11:55 - 2015-01-13 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-01-13 11:55 - 2015-01-13 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5400 series Benutzerregistrierung
2015-01-13 11:55 - 2015-01-13 11:55 - 00000000 ____D () C:\ProgramData\CanonIJWSpt
2015-01-13 11:55 - 2015-01-13 11:55 - 00000000 ____D () C:\ProgramData\Canon IJ Network Tool
2015-01-13 11:55 - 2015-01-13 11:55 - 00000000 ____D () C:\Program Files\Common Files\CANON
2015-01-13 11:55 - 2012-02-08 16:34 - 00320000 _____ (CANON INC.) C:\Windows\system32\CNC_BBL.dll
2015-01-13 11:55 - 2012-01-26 10:28 - 00081920 _____ () C:\Windows\system32\CNC1764D.TBL
2015-01-13 11:55 - 2012-01-16 14:21 - 00103424 _____ (CANON INC.) C:\Windows\system32\CNC_BBU.dll
2015-01-13 11:55 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\Windows\system32\CNHMCA.dll
2015-01-13 11:54 - 2015-01-13 11:54 - 00000000 ___HD () C:\Windows\system32\CanonIJ Uninstaller Information
2015-01-13 11:54 - 2015-01-13 11:54 - 00000000 ___HD () C:\ProgramData\CanonBJ
2015-01-13 11:54 - 2015-01-13 11:54 - 00000000 ___HD () C:\Program Files\CanonBJ
2015-01-13 11:54 - 2012-04-16 05:00 - 00314880 _____ (CANON INC.) C:\Windows\system32\CNMLMBB.DLL
2015-01-13 11:54 - 2012-01-16 14:20 - 00266752 _____ (CANON INC.) C:\Windows\system32\CNC_BBC.dll
2015-01-13 11:54 - 2012-01-16 14:19 - 00096768 _____ (CANON INC.) C:\Windows\system32\CNC_BBI.dll
2015-01-13 11:53 - 2015-01-13 11:53 - 00000000 ____D () C:\Windows\system32\STRING
2015-01-13 11:53 - 2012-03-28 18:00 - 00035840 _____ (CANON INC.) C:\Windows\system32\CNMNPUI.DLL
2015-01-13 11:52 - 2015-01-13 11:56 - 00000000 ____D () C:\Program Files\Canon
2015-01-13 11:50 - 2015-01-13 11:50 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-01-13 11:47 - 2015-01-13 11:47 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-09 22:39 - 2015-01-09 22:39 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\CrystalIdea Software
2015-01-09 00:37 - 2015-01-13 11:47 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\Adobe
2015-01-09 00:37 - 2015-01-09 00:37 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\Macromedia
2015-01-09 00:37 - 2015-01-09 00:37 - 00000000 ____D () C:\Users\Frank\AppData\Local\Macromedia
2015-01-09 00:35 - 2015-01-25 19:03 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-09 00:35 - 2015-01-25 19:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-09 00:35 - 2015-01-09 00:35 - 00000000 ____D () C:\Windows\system32\Macromed
2015-01-09 00:34 - 2015-01-13 11:47 - 00000000 ____D () C:\Users\Frank\AppData\Local\Adobe
2015-01-08 19:33 - 2015-01-08 19:33 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-01-08 08:46 - 2015-01-29 10:42 - 00158636 _____ () C:\Windows\PFRO.log
2015-01-07 23:13 - 2015-01-29 10:42 - 00003257 _____ () C:\Windows\setupact.log
2015-01-07 23:13 - 2015-01-07 23:13 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-07 23:06 - 2015-01-30 09:03 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\Skype
2015-01-07 23:06 - 2015-01-07 23:06 - 00002687 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-01-07 23:06 - 2015-01-07 23:06 - 00000000 ___RD () C:\Program Files\Skype
2015-01-07 23:06 - 2015-01-07 23:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-01-07 23:06 - 2015-01-07 23:06 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-01-07 23:04 - 2015-01-07 23:04 - 00000978 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-07 23:04 - 2015-01-07 23:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-07 23:04 - 2015-01-07 23:04 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-07 16:35 - 2015-01-07 16:35 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-01-07 16:28 - 2015-01-14 14:51 - 00062304 _____ () C:\Users\Frank\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-07 13:44 - 2015-01-28 11:53 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\WinTrack
2015-01-07 13:44 - 2015-01-07 13:44 - 00000959 _____ () C:\Users\Frank\Desktop\WinTrack.lnk
2015-01-07 13:44 - 2015-01-07 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinTrack
2015-01-07 13:44 - 2015-01-07 13:44 - 00000000 ____D () C:\Program Files\WinTrack
2015-01-07 10:58 - 2015-01-07 10:58 - 00000000 ____D () C:\Users\Frank\AppData\Local\Skype
2015-01-07 10:45 - 2015-01-07 10:45 - 00792216 _____ (%PROD_NAME%) C:\Users\Frank\Downloads\skype.exe
2015-01-07 10:44 - 2015-01-07 10:44 - 11490056 _____ () C:\Users\Frank\Downloads\Nicht bestätigt 108482.crdownload
2015-01-07 10:39 - 2015-01-07 23:06 - 00000000 ____D () C:\ProgramData\Skype
2015-01-07 10:39 - 2015-01-07 10:44 - 44844128 _____ (Skype Technologies S.A.) C:\Users\Frank\Downloads\SkypeSetupFull.exe
2015-01-07 10:33 - 2015-01-30 02:44 - 00002367 _____ () C:\Users\Frank\Desktop\Google Chrome.lnk
2015-01-07 10:33 - 2015-01-07 10:33 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-07 10:31 - 2015-01-30 08:41 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3392053727-3579388301-3246320709-1001UA.job
2015-01-07 10:31 - 2015-01-29 10:41 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3392053727-3579388301-3246320709-1001Core.job
2015-01-07 10:31 - 2015-01-07 10:32 - 00000000 ____D () C:\Users\Frank\AppData\Local\Google
2015-01-07 10:24 - 2015-01-07 10:24 - 00000000 ____D () C:\Windows\system32\RTCOM
2015-01-07 10:23 - 2015-01-07 10:24 - 00000000 ___HD () C:\Program Files\Temp
2015-01-07 10:23 - 2015-01-07 10:23 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-07 10:23 - 2015-01-07 10:23 - 00000000 ____D () C:\Program Files\Realtek
2015-01-07 10:23 - 2015-01-07 10:23 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2015-01-07 10:23 - 2012-06-19 16:54 - 03240400 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2015-01-07 10:23 - 2012-06-19 13:30 - 00293889 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-01-07 10:23 - 2012-06-08 16:23 - 00071808 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp32.dll
2015-01-07 10:23 - 2012-06-08 16:21 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO32.dll
2015-01-07 10:23 - 2012-06-08 16:18 - 03173008 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll
2015-01-07 10:23 - 2012-06-06 10:44 - 00645776 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2015-01-07 10:23 - 2012-06-01 09:37 - 02417808 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2015-01-07 10:23 - 2012-05-31 18:08 - 00087696 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
2015-01-07 10:23 - 2012-05-25 18:06 - 01706640 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2015-01-07 10:23 - 2012-04-10 14:40 - 02193472 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
2015-01-07 10:23 - 2012-04-03 18:41 - 00709976 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell.dll
2015-01-07 10:23 - 2012-03-08 11:47 - 00176736 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2015-01-07 10:23 - 2012-03-08 11:47 - 00095840 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
2015-01-07 10:23 - 2011-12-18 17:57 - 01836376 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2015-01-07 10:23 - 2011-12-16 14:57 - 00054360 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld32.dll
2015-01-07 10:23 - 2011-12-13 16:58 - 01497704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2015-01-07 10:23 - 2011-11-22 16:28 - 00013416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR.dll
2015-01-07 10:23 - 2010-11-08 07:31 - 00359768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll
2015-01-07 10:23 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
2015-01-07 10:23 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
2015-01-07 10:23 - 2010-11-08 07:31 - 00170840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll
2015-01-07 10:23 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll
2015-01-07 10:23 - 2010-11-08 07:31 - 00064856 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll
2015-01-07 10:23 - 2010-09-27 09:34 - 00232792 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-01-07 10:23 - 2009-12-04 15:43 - 00132368 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO.dll
2015-01-07 10:23 - 2009-11-24 09:55 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
2015-01-07 10:23 - 2009-11-24 09:55 - 00185584 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSHD.dll
2015-01-07 10:23 - 2009-11-24 09:55 - 00173296 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP360.dll
2015-01-07 10:23 - 2009-11-24 09:55 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2015-01-07 10:23 - 2009-11-18 18:42 - 01783056 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesLib.dll
2015-01-07 10:23 - 2009-11-18 07:13 - 00050776 _____ (Creative Technology Ltd.) C:\Windows\system32\MBPPCn32.dll
2015-01-07 10:20 - 2015-01-28 09:11 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-07 10:20 - 2015-01-27 14:09 - 00000000 ____D () C:\Users\Frank\AppData\Local\Mozilla
2015-01-07 10:20 - 2015-01-19 22:15 - 00000000 ____D () C:\Program Files\Mozilla
2015-01-07 10:20 - 2015-01-07 10:20 - 00001194 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-07 10:20 - 2015-01-07 10:20 - 00001182 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-07 10:20 - 2015-01-07 10:20 - 00000000 ____D () C:\Users\Frank\AppData\Roaming\Mozilla
2015-01-07 10:20 - 2015-01-07 10:20 - 00000000 ____D () C:\ProgramData\Mozilla
2015-01-07 10:16 - 2015-01-07 10:16 - 00001413 _____ () C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-07 10:15 - 2015-01-27 21:16 - 00000000 ____D () C:\Users\Frank
2015-01-07 10:15 - 2015-01-16 19:06 - 00000000 ____D () C:\Users\Frank\AppData\Local\VirtualStore
2015-01-07 10:15 - 2015-01-07 10:15 - 00000020 ___SH () C:\Users\Frank\ntuser.ini
2015-01-07 10:15 - 2015-01-07 10:15 - 00000000 _SHDL () C:\Users\Frank\Startmenü
2015-01-07 10:15 - 2015-01-07 10:15 - 00000000 _SHDL () C:\Users\Frank\Netzwerkumgebung
2015-01-07 10:15 - 2015-01-07 10:15 - 00000000 _SHDL () C:\Users\Frank\Druckumgebung
2015-01-07 10:15 - 2015-01-07 10:15 - 00000000 _SHDL () C:\Users\Frank\Documents\Eigene Musik
2015-01-07 10:15 - 2015-01-07 10:15 - 00000000 _SHDL () C:\Users\Frank\Documents\Eigene Bilder
2015-01-07 10:15 - 2015-01-07 10:15 - 00000000 _SHDL () C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-07 10:15 - 2015-01-07 10:15 - 00000000 _SHDL () C:\Users\Frank\AppData\Local\Verlauf
2015-01-07 10:15 - 2009-07-14 05:42 - 00000000 ___RD () C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-07 10:15 - 2009-07-14 05:37 - 00000000 ___RD () C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-07 10:13 - 2015-01-07 10:13 - 00171136 __RSH () C:\w7ldr
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\Users\Default\Startmenü
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\Programme
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\ProgramData\Startmenü
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 _SHDL () C:\ProgramData\Dokumente
2015-01-07 10:12 - 2015-01-07 10:12 - 00000000 ____D () C:\Recovery
2015-01-07 10:09 - 2015-01-29 10:53 - 00139726 _____ () C:\Windows\WindowsUpdate.log
2015-01-07 10:06 - 2015-01-07 10:06 - 00000000 ____D () C:\Windows\CSC
2015-01-07 10:05 - 2015-01-07 10:05 - 00008192 __RSH () C:\BOOTSECT.BAK
2015-01-07 10:05 - 2009-07-14 02:38 - 00383562 __RSH () C:\bootmgr

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-29 10:49 - 2010-02-09 20:56 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-29 10:47 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-29 10:47 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-29 10:42 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-28 19:18 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2015-01-28 19:18 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-01-28 19:12 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-01-21 17:01 - 2009-07-14 03:04 - 00002577 _____ () C:\Windows\system32\config.nt
2015-01-21 16:54 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-01-18 22:14 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-01-15 07:08 - 2009-07-14 05:33 - 00285320 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-14 12:35 - 2009-07-14 09:56 - 00000000 ____D () C:\Windows\ShellNew
2015-01-14 12:32 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system
2015-01-13 11:55 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\twain_32
2015-01-13 11:55 - 2009-07-14 03:37 - 00000000 __RSD () C:\Windows\Media
2015-01-08 09:55 - 2010-02-09 21:01 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-07 23:04 - 2010-02-09 20:45 - 00000000 ____D () C:\Windows\Panther
2015-01-07 23:01 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-01-07 12:00 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\restore
2015-01-07 11:42 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-07 10:12 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-07 10:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-01-07 10:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Windows NT
2015-01-07 10:05 - 2009-07-14 05:57 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2015-01-07 10:05 - 2009-07-14 05:52 - 00028672 _____ () C:\Windows\system32\config\BCD-Template

Some content of TEMP:
====================
C:\Users\Frank\AppData\Local\Temp\Quarantine.exe
C:\Users\Frank\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 12:44

==================== End Of Log ============================
         
--- --- ---


Die Meldung ist wie gesagt weg,ich hoffe nun,das mein System wieder sauber ist.

Lg Frank

Alt 30.01.2015, 11:42   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Avast meldet bösartige Website blockiert (URL:Mal) - Prozess: "svchost.exe - Standard

Avast meldet bösartige Website blockiert (URL:Mal) - Prozess: "svchost.exe



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Users\Frank\Downloads\skype.exe

D:\Downloads\WinSplit Revolution - CHIP-Installer.exe

D:\Eigene Dateien\Downloads\cbsidlm-cbsi188-3GP_to_MP3_Converter-ORG-10969186.exe

D:\Eigene Dateien\Downloads\Desk-Timer-Downloader.exe

D:\Eigene Dateien\Downloads\DTLite4471-0333.exe

D:\Eigene Dateien\Downloads\FFSetup3.3.4.0.exe

D:\Eigene Dateien\Downloads\free-system-utilities-DE.exe

D:\Eigene Dateien\Downloads\google-chrome-26-0-final-1410-43.exe

D:\Eigene Dateien\Downloads\Project XXX Star.zip

D:\Eigene Dateien\Downloads\VirtualSafe_V2.0-Downloader.exe

D:\Eigene Dateien\Downloads\YouTubeDownloaderSetup35.exe
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 30.01.2015, 12:32   #11
Blondie64
 
Avast meldet bösartige Website blockiert (URL:Mal) - Prozess: "svchost.exe - Standard

Avast meldet bösartige Website blockiert (URL:Mal) - Prozess: "svchost.exe



Hi Schrauber,

hier nun der First Log:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-01-2015 01
Ran by Frank at 2015-01-30 12:14:34 Run:1
Running from C:\Users\Frank\Desktop
Loaded Profiles: Frank (Available profiles: Frank)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Users\Frank\Downloads\skype.exe

D:\Downloads\WinSplit Revolution - CHIP-Installer.exe

D:\Eigene Dateien\Downloads\cbsidlm-cbsi188-3GP_to_MP3_Converter-ORG-10969186.exe

D:\Eigene Dateien\Downloads\Desk-Timer-Downloader.exe

D:\Eigene Dateien\Downloads\DTLite4471-0333.exe

D:\Eigene Dateien\Downloads\FFSetup3.3.4.0.exe

D:\Eigene Dateien\Downloads\free-system-utilities-DE.exe

D:\Eigene Dateien\Downloads\google-chrome-26-0-final-1410-43.exe

D:\Eigene Dateien\Downloads\Project XXX Star.zip

D:\Eigene Dateien\Downloads\VirtualSafe_V2.0-Downloader.exe

D:\Eigene Dateien\Downloads\YouTubeDownloaderSetup35.exe
Emptytemp:
         
*****************

C:\Users\Frank\Downloads\skype.exe => Moved successfully.
D:\Downloads\WinSplit Revolution - CHIP-Installer.exe => Moved successfully.
"D:\Eigene Dateien\Downloads\cbsidlm-cbsi188-3GP_to_MP3_Converter-ORG-10969186.exe" => File/Directory not found.
D:\Eigene Dateien\Downloads\Desk-Timer-Downloader.exe => Moved successfully.
"D:\Eigene Dateien\Downloads\DTLite4471-0333.exe" => File/Directory not found.
"D:\Eigene Dateien\Downloads\FFSetup3.3.4.0.exe" => File/Directory not found.
"D:\Eigene Dateien\Downloads\free-system-utilities-DE.exe" => File/Directory not found.
"D:\Eigene Dateien\Downloads\google-chrome-26-0-final-1410-43.exe" => File/Directory not found.
D:\Eigene Dateien\Downloads\Project XXX Star.zip => Moved successfully.
D:\Eigene Dateien\Downloads\VirtualSafe_V2.0-Downloader.exe => Moved successfully.
D:\Eigene Dateien\Downloads\YouTubeDownloaderSetup35.exe => Moved successfully.
EmptyTemp: => Removed 220.1 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 12:15:06 ====
         
Nachdem ich nun Combofix entfernt habe,meldete sich Avast wieder mit einer Warnung,dass ein schädlicher Prozess blockiert wurde,von CombiFix.Aber nur einmal.Ich hoffe,das hatte jetzt nichts bedeuten.

Lg Frank

Geändert von Blondie64 (30.01.2015 um 12:59 Uhr)

Alt 30.01.2015, 14:31   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Avast meldet bösartige Website blockiert (URL:Mal) - Prozess: "svchost.exe - Standard

Avast meldet bösartige Website blockiert (URL:Mal) - Prozess: "svchost.exe



Nee, Fehlalarm wenn er Combofix angemeckert hat
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Avast meldet bösartige Website blockiert (URL:Mal) - Prozess: "svchost.exe
antivirus, blockiert, browser, computer, cpu, defender, excel, fehlermeldung, firefox, flash player, google, internet, internet explorer, log file, monitor, mozilla, prozess, realtek, scan, security, software, svchost.exe, system, updates, windows



Ähnliche Themen: Avast meldet bösartige Website blockiert (URL:Mal) - Prozess: "svchost.exe


  1. Malwarebytes Anti-Malware meldet als bösartige Website blockiert
    Plagegeister aller Art und deren Bekämpfung - 21.10.2015 (13)
  2. Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal"
    Log-Analyse und Auswertung - 13.07.2015 (17)
  3. Avast meldet "schädliche Webseite blockiert " - svchost
    Plagegeister aller Art und deren Bekämpfung - 19.06.2015 (22)
  4. Avast meldet "schädliche Webseite blockiert " - svchost
    Plagegeister aller Art und deren Bekämpfung - 13.06.2015 (18)
  5. Avast meldet ständig bösartige Website blockiert (URL:Mal) - Prozess "svchost.exe"
    Plagegeister aller Art und deren Bekämpfung - 07.04.2015 (9)
  6. Malwarebyte meldet immer wieder "habe bösartige Website blockiert"
    Plagegeister aller Art und deren Bekämpfung - 02.12.2014 (14)
  7. Windows 8.1: Avast meldet im Uninetz ständig "schädliche Website blockiert.."
    Log-Analyse und Auswertung - 11.06.2014 (17)
  8. Windows 7: Avast meldet bei JEDER Website "schädliche Website blockiert"!
    Plagegeister aller Art und deren Bekämpfung - 02.02.2014 (20)
  9. Winows 7: Avast meldet ständig "Bösartige Website blockiert"
    Log-Analyse und Auswertung - 21.10.2013 (25)
  10. Avast häufige Meldung "bösartige Website gefunden" (nach voherigen PC Problemen)
    Plagegeister aller Art und deren Bekämpfung - 31.07.2013 (9)
  11. Info: avast! blockiert URL und meldet bösartige website
    Plagegeister aller Art und deren Bekämpfung - 30.06.2013 (11)
  12. Avast meldet permanent "Bösartige Website blockiert"
    Log-Analyse und Auswertung - 30.06.2013 (5)
  13. Rootkit? Avast: Bösartige Website blockiert, svchost.exe ...
    Log-Analyse und Auswertung - 04.06.2013 (13)
  14. Avast meldet bösartige Website blockiert (URL:Mal) - Prozess: "svchost.exe
    Log-Analyse und Auswertung - 14.11.2012 (5)
  15. Avast meldet "Bösartige Webseite blockiert"
    Log-Analyse und Auswertung - 05.10.2012 (7)
  16. avast meldet Bösartige Website Blockiert
    Log-Analyse und Auswertung - 09.07.2012 (7)
  17. avast - bösartige website, Objekt: "newporto.cn/cgi-bin/options.cgi?"
    Plagegeister aller Art und deren Bekämpfung - 01.10.2010 (1)

Zum Thema Avast meldet bösartige Website blockiert (URL:Mal) - Prozess: "svchost.exe - Hallo zusammen, ich habe vor ca. 14 Tagen mein System komplett neu aufgesetzt und seit etwa 4 Tagen meldet Avast mir "Infektion blockiert" -URL: hxxp:///epictory.com/2828/Readster_142089814567546.DLL - Infektion:URL:Mal - Prozess : - Avast meldet bösartige Website blockiert (URL:Mal) - Prozess: "svchost.exe...
Archiv
Du betrachtest: Avast meldet bösartige Website blockiert (URL:Mal) - Prozess: "svchost.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.