Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Bin am Verzweifeln ...

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 30.03.2015, 17:41   #1
snoopyb510
 
Bin am Verzweifeln ... - Standard

Bin am Verzweifeln ...



Moin,

ich bin so langsam am Verzweifeln. Seit heute früh (obwohl ich mir nicht bewusst bin irgendetwas installiert zu haben) habe ich doppelt unterstrichene Worte auf allen Webseiten und jede Menge Popup Werbefenster und Werbebanner in Firefox.

Ich habe schon alle hier im Board empfohlenen Programme ausprobiert, aber keines davon findet etwas. Surfen ist inzwischen beinahe unmöglich da es durch die Vielzahl der Popups und Werbungen derart langsam wird, das es eine Qual ist überhaupt noch irgendetwas zu tun.

Ich wäre für jede Hilfe sehr dankbar!

Alt 30.03.2015, 17:53   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Bin am Verzweifeln ... - Standard

Bin am Verzweifeln ...



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 30.03.2015, 18:02   #3
snoopyb510
 
Bin am Verzweifeln ... - Standard

Bin am Verzweifeln ...



Ok, hier kommts ...

FRST.txt
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Andreas (administrator) on ANDREASPC on 30-03-2015 18:00:13
Running from C:\Users\Andreas\DOWNLOADS
Loaded Profiles: Andreas (Available profiles: Andreas)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Crawler Group) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(Crawler Group) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
(Crawler Group) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDesktop.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [3860304 2015-03-16] (Crawler Group)
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [5456720 2015-03-16] (Crawler Group)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe [9566192 2015-03-10] ()
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124720 2014-10-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1419150269-489388272-1060694731-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Andreas\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-1419150269-489388272-1060694731-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1303872 2015-03-12] (Lavasoft)
HKU\S-1-5-21-1419150269-489388272-1060694731-1000\...\MountPoints2: {360bd9f1-d524-11e3-8032-74d43555818b} - H:\AutoRun.exe
HKU\S-1-5-21-1419150269-489388272-1060694731-1000\...\MountPoints2: {360bd9ff-d524-11e3-8032-74d43555818b} - H:\AutoRun.exe
HKU\S-1-5-21-1419150269-489388272-1060694731-1000\...\MountPoints2: {360bda95-d524-11e3-8032-74d43555818b} - H:\AutoRun.exe
HKU\S-1-5-21-1419150269-489388272-1060694731-1000\...\MountPoints2: {360bdaa1-d524-11e3-8032-74d43555818b} - H:\AutoRun.exe
HKU\S-1-5-21-1419150269-489388272-1060694731-1000\...\MountPoints2: {360bdab1-d524-11e3-8032-74d43555818b} - H:\AutoRun.exe
HKU\S-1-5-21-1419150269-489388272-1060694731-1000\...\MountPoints2: {930ffd2d-d5c9-11e3-9f21-001e101f82a0} - H:\AutoRun.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52773;https=127.0.0.1:52773;
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
HKU\S-1-5-21-1419150269-489388272-1060694731-1000\Software\Microsoft\Internet Explorer\Main,Start Page = Ad-Aware SecureSearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1419150269-489388272-1060694731-1000 -> URL hxxp://search.conduit.com/Results.aspx?ctid=CT3321902&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP360BC84B-92EF-44B4-98F0-EC94E06433CC&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1419150269-489388272-1060694731-1000 -> SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-1419150269-489388272-1060694731-1000 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = hxxp://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10140_adaware_150330&q={searchTerms}
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [326288] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [326288] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [326288] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [326288] (Lavasoft Limited)
Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [326288] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [373864] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [373864] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [373864] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [373864] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [373864] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ejl49x4f.default-1408209462410
FF NewTab: hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10140_adaware_150330
FF DefaultSearchEngine: Ad-Aware SecureSearch
FF SelectedSearchEngine: Ad-Aware SecureSearch
FF Homepage: hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10140_adaware_150330
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-26] ()
FF Plugin: @videolan.org/vlc,version=2.1.3 -> F:\Program Files\VideoLAN\VLC\npvlc.dll [2014-01-31] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-26] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-04-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-04-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-04-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-04-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-04-26] (Apple Inc.)
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ejl49x4f.default-1408209462410\searchplugins\securesearch.xml [2015-03-30]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ejl49x4f.default-1408209462410\Extensions\artur.dubovoy@gmail.com [2015-03-15]
FF Extension: Mozilla Firefox Hotfixer - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ejl49x4f.default-1408209462410\Extensions\veggy@veggyAddon.com [2015-03-28]
FF Extension: Zoom It - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ejl49x4f.default-1408209462410\Extensions\{72728758-574c-6fe4-83fc-bd10c12f1035} [2015-03-30]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ejl49x4f.default-1408209462410\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2015-03-03]
FF Extension: Easy Youtube Video Downloader Express - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ejl49x4f.default-1408209462410\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2015-03-03]
FF Extension: Video DownloadHelper - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ejl49x4f.default-1408209462410\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-15]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-03-21]
FF Extension: Super Web Accelerator ! - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\firefox [2015-03-28]

Chrome: 
=======
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\gcswf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-17]
CHR Extension: (Google Search) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-19]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-04]
CHR Extension: (Google Wallet) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-26]
CHR Extension: (Google Quick Scroll) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc [2015-03-28]
CHR Extension: (Gmail) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-17]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1419150269-489388272-1060694731-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Andreas\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]
CHR HKU\S-1-5-21-1419150269-489388272-1060694731-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [162096 2014-10-09] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-03-17] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-03-17] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2011-10-19] (Creative Technology Ltd) [File not signed]
S3 FirebirdServerMAGIXInstance; F:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed]
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe [720760 2015-03-10] ()
S2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe [836984 2015-03-12] (Lavasoft Limited)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17768 2015-03-12] ()
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [3037520 2015-03-16] (Crawler Group)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 sppsvc; %SystemRoot%\system32\sppsvc.exe [X]
S4 sppuinotify; %SystemRoot%\system32\sppuinotify.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-05-01] ()
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.98.0\gzflt.sys [155912 2015-01-22] (BitDefender LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
S2 secdrv; No ImagePath
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2011-08-24] (Windows (R) Win 7 DDK provider)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-01-22] (BitDefender S.R.L.)
S3 UHSfiltv; C:\Windows\System32\drivers\UHSfiltv.sys [23552 2011-07-15] (Creative Technology Ltd.)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [231112 2013-01-03] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [301256 2013-01-03] (VIA Technologies, Inc.)
S3 avchv; system32\DRIVERS\avchv.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-30 18:00 - 2015-03-30 18:00 - 00022654 _____ () C:\Users\Andreas\Downloads\FRST.txt
2015-03-30 18:00 - 2015-03-30 18:00 - 00000000 ____D () C:\FRST
2015-03-30 17:59 - 2015-03-30 18:00 - 02095616 _____ (Farbar) C:\Users\Andreas\Downloads\FRST64 (1).exe
2015-03-30 17:59 - 2015-03-30 17:59 - 02095616 _____ (Farbar) C:\Users\Andreas\Downloads\FRST64.exe
2015-03-30 17:32 - 2015-03-30 17:32 - 00000017 _____ () C:\ProgramData\adaware-installer-reboot-required.tmp
2015-03-30 17:22 - 2015-03-30 17:22 - 00000000 ____D () C:\Users\Andreas\AppData\Local\Lavasoft
2015-03-30 17:21 - 2015-03-30 17:21 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2015-03-30 17:20 - 2015-03-30 17:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-03-30 17:20 - 2015-03-30 17:20 - 00000000 ____D () C:\Program Files\Lavasoft
2015-03-30 17:19 - 2015-03-30 17:21 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Lavasoft
2015-03-30 17:19 - 2015-03-30 17:21 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-03-30 17:19 - 2015-03-30 17:19 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2015-03-30 17:15 - 2015-03-30 17:21 - 00000000 ____D () C:\ProgramData\Spyware Terminator
2015-03-30 17:15 - 2015-03-30 17:15 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Spyware Terminator
2015-03-30 17:15 - 2015-03-30 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2015
2015-03-30 17:15 - 2015-03-30 17:15 - 00000000 ____D () C:\Program Files (x86)\Spyware Terminator
2015-03-30 17:13 - 2015-03-30 17:13 - 02071768 _____ () C:\Users\Andreas\Downloads\AdAware116WebInstaller (1).exe
2015-03-30 17:10 - 2015-03-30 17:21 - 00000175 _____ () C:\Users\Andreas\Desktop\avast_free_antivirus_setup.exe
2015-03-30 17:05 - 2015-03-30 17:05 - 00000522 _____ () C:\DelFix.txt
2015-03-30 17:05 - 2015-03-30 17:05 - 00000000 ____D () C:\Windows\ERUNT
2015-03-30 16:43 - 2015-03-30 16:43 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-30 16:32 - 2015-03-30 16:36 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-03-30 16:32 - 2015-03-30 16:32 - 00000000 ____D () C:\Program Files\HitmanPro
2015-03-30 09:16 - 2015-03-30 16:24 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-30 09:16 - 2015-03-30 09:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-30 09:16 - 2015-03-30 09:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-30 09:16 - 2015-03-30 09:16 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-03-30 09:16 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-30 09:16 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-30 09:16 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-30 09:05 - 2015-03-30 09:15 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-03-30 09:05 - 2015-03-30 09:05 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-03-30 09:05 - 2015-03-30 09:05 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-03-30 09:05 - 2015-03-30 09:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-03-30 09:05 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-03-30 09:04 - 2015-03-30 09:09 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-03-30 09:02 - 2015-03-30 17:30 - 00000000 ____D () C:\Users\Andreas\Desktop\Sicherheit
2015-03-28 16:13 - 2015-03-28 16:44 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\jellylam
2015-03-28 16:13 - 2015-03-28 16:13 - 00000900 __RSH () C:\ProgramData\ntuser.pol
2015-03-28 16:13 - 2015-03-28 16:13 - 00000066 _____ () C:\Windows\SysWOW64\sn.txt
2015-03-27 14:42 - 2015-03-27 14:42 - 06776231 _____ () C:\Users\Andreas\Downloads\asdasd.wmv
2015-03-27 14:18 - 2015-03-27 14:33 - 00009968 _____ () C:\Users\Andreas\Downloads\studio - audience.mp3.sfk
2015-03-27 14:05 - 2015-03-27 14:11 - 00019936 _____ () C:\Users\Andreas\Downloads\Applaus - jubelnder.mp3.sfk
2015-03-27 14:05 - 2015-03-27 14:11 - 00009496 _____ () C:\Users\Andreas\Downloads\Applaus Bravo Beifall klatschen Geräusche Klänge - Soundeffekte für Vid.mp3.sfk
2015-03-27 14:05 - 2015-03-27 14:11 - 00007664 _____ () C:\Users\Andreas\Downloads\Applaus - klatschen.mp3.sfk
2015-03-27 13:35 - 2015-03-27 13:35 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\PDFConvert
2015-03-27 13:34 - 2015-03-27 13:33 - 01711954 _____ () C:\Users\Andreas\Downloads\MP3CutterSetup [1].exe
2015-03-27 10:55 - 2015-03-27 10:55 - 66216372 _____ () C:\Users\Andreas\Downloads\Mega Oral Creampie Compilation - Spankwire.com.mp4
2015-03-27 00:31 - 2015-03-27 00:56 - 938652387 _____ () C:\Users\Andreas\Downloads\Der-zweite-30-jaehrige-Krieg-Teil-3.mp4
2015-03-27 00:01 - 2015-03-27 00:13 - 587564069 _____ () C:\Users\Andreas\Downloads\Der-zweite-30-jaehrige-Krieg-Teil-1.mp4
2015-03-26 23:51 - 2015-03-27 00:01 - 501706695 _____ () C:\Users\Andreas\Downloads\Der-zweite-30-jaehrige-Krieg-Teil-2.mp4
2015-03-22 22:41 - 2015-03-22 23:20 - 422971220 _____ () C:\Users\Andreas\Desktop\CasinoRoyale.mp4
2015-03-21 22:47 - 2015-03-28 16:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-16 16:53 - 2015-03-16 16:53 - 00003584 _____ () C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-11 01:15 - 2015-03-16 16:48 - 00000000 ____D () C:\Users\Andreas\Desktop\Neuer Ordner (6)
2015-03-05 20:30 - 2015-03-05 20:30 - 00000000 ____D () C:\Program Files (x86)\MarkAny
2015-03-05 19:33 - 2015-03-05 20:29 - 00000000 ____D () C:\Users\Andreas\Documents\SelfMV
2015-03-05 19:27 - 2015-03-26 09:11 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Samsung
2015-03-05 19:27 - 2015-03-26 09:11 - 00000000 ____D () C:\Users\Andreas\AppData\Local\Samsung
2015-03-05 19:27 - 2015-03-05 19:27 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2015-03-05 19:27 - 2015-03-05 19:27 - 00000000 ____D () C:\Users\Andreas\Documents\samsung
2015-03-05 19:26 - 2013-12-30 11:53 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
2015-03-05 19:26 - 2013-06-14 20:57 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2015-03-05 19:25 - 2015-03-26 09:11 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-03-05 19:22 - 2015-03-05 20:26 - 00000000 ____D () C:\Users\Andreas\AppData\Local\Downloaded Installations
2015-03-05 19:20 - 2015-03-05 19:20 - 00000000 ____D () C:\Program Files\SAMSUNG
2015-03-05 19:19 - 2015-03-26 09:10 - 00000000 ____D () C:\ProgramData\Samsung

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-30 17:59 - 2014-03-17 15:04 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-30 17:22 - 2014-12-03 01:35 - 00005472 _____ () C:\Windows\SysWOW64\LavasoftTcpService.ini
2015-03-30 17:22 - 2014-12-03 01:35 - 00002552 _____ () C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2015-03-30 17:22 - 2014-12-03 01:35 - 00002552 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-03-30 17:12 - 2014-03-17 21:57 - 01987302 _____ () C:\Windows\WindowsUpdate.log
2015-03-30 17:09 - 2014-03-17 15:04 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-30 17:09 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-30 17:09 - 2009-07-14 06:51 - 00081817 _____ () C:\Windows\setupact.log
2015-03-30 17:08 - 2015-01-28 09:08 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-30 17:08 - 2010-11-21 05:47 - 00726506 _____ () C:\Windows\PFRO.log
2015-03-30 17:06 - 2014-12-03 01:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-30 14:08 - 2014-03-18 00:14 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\vlc
2015-03-30 14:04 - 2014-11-26 22:49 - 00000000 ____D () C:\Users\Andreas\Downloads\MehrFilme
2015-03-30 13:10 - 2014-12-31 11:51 - 00000000 ____D () C:\Users\Andreas\Desktop\Programme
2015-03-30 13:07 - 2014-03-25 15:10 - 00155136 _____ () C:\Windows\SysWOW64\unrar.dll
2015-03-30 13:07 - 2014-03-25 15:10 - 00034308 _____ () C:\Windows\SysWOW64\bassmod.dll
2015-03-30 09:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2015-03-29 22:52 - 2014-03-17 22:03 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\TS3Client
2015-03-29 21:28 - 2014-04-22 18:44 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Skype
2015-03-29 20:21 - 2015-02-08 18:16 - 00000000 ____D () C:\Users\Andreas\Desktop\zeug
2015-03-29 20:10 - 2014-04-25 02:52 - 00000000 ____D () C:\Users\Andreas\Documents\Vegas Movie Studio PE 9.0 Projects
2015-03-28 16:13 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-03-28 16:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-03-27 20:30 - 2014-04-09 21:16 - 00000952 ___SH () C:\ProgramData\KGyGaAvL.sys
2015-03-27 13:50 - 2014-11-17 23:48 - 00000000 ____D () C:\Users\Andreas\Downloads\Musik
2015-03-26 11:47 - 2014-03-17 15:04 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-26 09:10 - 2014-03-17 15:09 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-26 09:07 - 2015-01-28 09:08 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-26 09:07 - 2014-03-17 15:45 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-26 09:07 - 2014-03-17 15:45 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-26 09:07 - 2014-03-17 15:43 - 00000000 ____D () C:\Users\Andreas\AppData\Local\Adobe
2015-03-23 16:23 - 2014-12-03 01:37 - 00000000 ____D () C:\ProgramData\Avira
2015-03-23 08:43 - 2014-03-17 15:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-22 17:02 - 2014-03-17 15:27 - 00000000 ____D () C:\Users\Andreas\AppData\Local\Battle.net
2015-03-15 22:03 - 2014-04-18 13:54 - 00000000 ____D () C:\Users\Andreas\dwhelper
2015-03-15 12:52 - 2014-04-25 19:11 - 00000000 ____D () C:\Users\Andreas\Desktop\Neuer Ordner
2015-03-12 11:59 - 2014-12-03 01:35 - 00373864 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-03-12 11:58 - 2014-12-03 01:35 - 00326288 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-03-05 20:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-02 21:15 - 2014-09-20 09:31 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-02 21:15 - 2014-04-22 18:44 - 00000000 ____D () C:\ProgramData\Skype

==================== Files in the root of some directories =======

2014-04-18 14:25 - 2015-01-04 14:37 - 0099384 _____ () C:\Users\Andreas\AppData\Roaming\inst.exe
2014-04-18 14:25 - 2015-01-04 14:37 - 0007859 _____ () C:\Users\Andreas\AppData\Roaming\pcouffin.cat
2014-04-18 14:25 - 2015-01-04 14:37 - 0001167 _____ () C:\Users\Andreas\AppData\Roaming\pcouffin.inf
2014-04-18 14:25 - 2015-01-04 14:37 - 0000055 _____ () C:\Users\Andreas\AppData\Roaming\pcouffin.log
2014-04-18 14:25 - 2015-01-04 14:37 - 0082816 _____ (VSO Software) C:\Users\Andreas\AppData\Roaming\pcouffin.sys
2015-01-04 14:40 - 2015-02-14 22:56 - 0001057 _____ () C:\Users\Andreas\AppData\Roaming\vso_ts_preview.xml
2015-03-16 16:53 - 2015-03-16 16:53 - 0003584 _____ () C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-08 17:29 - 2014-11-08 17:29 - 0000095 _____ () C:\Users\Andreas\AppData\Local\fusioncache.dat
2015-03-30 17:32 - 2015-03-30 17:32 - 0000017 _____ () C:\ProgramData\adaware-installer-reboot-required.tmp
2014-04-09 21:16 - 2015-03-27 20:30 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys

Some content of TEMP:
====================
C:\Users\Andreas\AppData\Local\Temp\avgnt.exe
C:\Users\Andreas\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Andreas\AppData\Local\Temp\fdc43d6c-6f33-4911-882c-595f0de486e0.exe
C:\Users\Andreas\AppData\Local\Temp\ResetDevice.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 19:14

==================== End Of Log ============================
         
--- --- ---



Und die Addition.txtFRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Andreas at 2015-03-30 18:01:03
Running from C:\Users\Andreas\DOWNLOADS
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Ad-Aware Antivirus (Enabled - Up to date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AS: Ad-Aware Antivirus (Enabled - Up to date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.30 - GIGABYTE)
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Ad-Aware Antivirus (HKLM\...\{FF054A8C-C0A4-4C78-8910-E2A459BEFF05}_AdAwareUpdater) (Version: 11.6.306.7947 - Lavasoft)
Ad-Aware Web Companion (x32 Version: 1.1.922.1860 - Lavasoft) Hidden
AdAwareInstaller (Version: 11.6.306.7947 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.6.306.7947 - Lavasoft) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{ACA7CBDB-A6F3-4D1A-0B03-A519B6EC0FF0}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AutoGreen B12.1220.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B12.1220.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Avira (HKLM-x32\...\{905d3ded-fe60-432c-b56e-7cd19f2899ac}) (Version: 1.1.24.28609 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.24.28609 - Avira Operations GmbH & Co. KG) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BitTorrent (HKU\S-1-5-21-1419150269-489388272-1060694731-1000\...\BitTorrent) (Version: 7.9.2.37755 - BitTorrent Inc.)
BitTorrent Sync (HKLM-x32\...\BitTorrent Sync) (Version: 1.4.106 - BitTorrent Inc.)
ClipGrab 3.4.3 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)
ConvertXtoDVD 4.1.19.365 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.19.365 - )
Corel Shell Extension - 64Bit (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Content (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Draw (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Filters (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - ICA (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - IPM - No VBA (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang BR (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang DE (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang EN (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang ES (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang FR (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang IT (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang NL (x32 Version: 4.0 - Uw bedrijfsnaam) Hidden
CorelDRAW Essentials 4 - PHOTO-PAINT (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Windows Shell Extension (HKLM-x32\...\_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}) (Version:  - Corel Corporation)
CorelDRAW Essentials 4 - Windows Shell Extension (x32 Version: 1.1 - Corel Corporation) Hidden
CorelDRAW Essentials 4 (HKLM-x32\...\_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}) (Version:  - Corel Corporation)
CorelDRAW Essentials 4 (x32 Version: 4.0 - Corel Corporation) Hidden
Creative Systeminformationen (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
Dungeons and Dragons Online (HKU\S-1-5-21-1419150269-489388272-1060694731-1000\...\DDO_highres_en) (Version:  - )
Easy Tune 6 B13.0323.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B13.0323.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Ezvid (HKLM-x32\...\{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1) (Version: 0982 - Ezvid, inc.)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\Firebird SQL Server D) (Version: 2.0.1.13 - MAGIX AG)
Freemake Video Converter Version 4.1.3 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.3 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
K-Lite Codec Pack 9.9.9 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.9.9 - )
LavasoftTcpService (x32 Version: 2.3.3.0 - Lavasoft) Hidden
MAGIX Music Maker for MySpace 15.0.1.8 (D) (HKLM-x32\...\MAGIX Music Maker for MySpace D) (Version: 15.0.1.8 - MAGIX AG)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 36.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
OMC ModPack Version 0.9.0.0 (HKLM-x32\...\{CF9086F7-0490-42CE-8029-09CCB8FB942A}_is1) (Version: 0.9.0.0 - Odem Mortis)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Port Royale (HKLM-x32\...\Port Royale_is1) (Version:  - )
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Sound Blaster Tactic(3D) (HKLM-x32\...\{92000C16-939B-44CA-802F-0D552019D7C8}) (Version: 1.0 - Creative Technology Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Spyware Terminator 2015 (HKLM-x32\...\{56736259-613E-4A3B-B428-6235F2E76F44}_is1) (Version: 3.0.0.101 - Crawler Group)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Vegas Movie Studio Platinum 9.0 (HKLM-x32\...\{97E038E1-41AD-4C93-BCDC-6A2394AEE352}) (Version: 9.0.92 - Sony)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Web Companion (HKLM-x32\...\{902C3D36-9254-437D-98AC-913B78E60864}_WebCompanion) (Version: 1.1.922.1860 - Lavasoft)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

26-03-2015 09:09:05 Removed Samsung Kies
26-03-2015 11:46:33 Removed Google Drive
30-03-2015 17:19:11 AA11
30-03-2015 17:21:15 LavasoftWeCompanion
30-03-2015 17:31:40 AA11

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0FFFAD70-1860-4DE5-A552-C46D4A3BBBB5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-26] (Adobe Systems Incorporated)
Task: {31ED0FB1-8FA6-49AA-8303-E6D3FC10234F} - \DriverMgr No Task File <==== ATTENTION
Task: {3BD68B92-6354-4D76-B149-7C6B4931DF64} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {5C1C9E81-274E-4629-ABE6-CFA111547F4E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {5E691989-1CC0-4A14-B38A-2D0EAF819E28} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {7A22691F-066F-4788-8DB1-A92F74E2A6EC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {7E352693-A22A-45C4-AF71-8F04348B0E1D} - \keepup No Task File <==== ATTENTION
Task: {8E811EDD-D8CF-4C92-BB6A-9CF069AE1A64} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C84DBC7F-730E-42BC-9739-D9563B029DCB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {F75D7247-A1B2-45C3-A922-84B8146E0CA0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-03-28 23:31 - 2013-03-28 23:31 - 00210944 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-09-23 14:53 - 2012-09-23 14:53 - 00748544 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-09-23 14:53 - 2012-09-23 14:53 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-03-17 15:09 - 2012-08-09 12:55 - 00078480 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2014-03-17 15:09 - 2012-08-09 12:55 - 00386192 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2014-01-10 07:26 - 2014-01-10 07:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2013-03-28 23:30 - 2013-03-28 23:30 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-03-12 11:57 - 2015-03-12 11:57 - 00017768 _____ () C:\PROGRAM FILES (X86)\LAVASOFT\WEB COMPANION\APPLICATION\LAVASOFT.SEARCHPROTECT.WINSERVICE.EXE
2015-03-12 11:57 - 2015-03-12 11:57 - 00012144 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll
2015-03-12 11:57 - 2015-03-12 11:57 - 00034152 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 09566192 _____ () C:\PROGRAM FILES\LAVASOFT\AD-AWARE ANTIVIRUS\AD-AWARE ANTIVIRUS\11.6.306.7947\ADAWARETRAY.EXE
2015-03-10 18:50 - 2015-03-10 18:50 - 03396064 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\RCF.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00125464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_filesystem-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00024080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_system-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00055320 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_date_time-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00107024 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_thread-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00033296 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_chrono-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00499728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_locale-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 02144248 _____ () C:\PROGRAM FILES\LAVASOFT\AD-AWARE ANTIVIRUS\AD-AWARE ANTIVIRUS\11.6.306.7947\HtmlFramework.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00869896 _____ () C:\PROGRAM FILES\LAVASOFT\AD-AWARE ANTIVIRUS\AD-AWARE ANTIVIRUS\11.6.306.7947\AdAwareTrayDefaultSkin.dll
2015-03-10 18:47 - 2015-03-10 18:47 - 00720760 _____ () C:\PROGRAM FILES\LAVASOFT\AD-AWARE ANTIVIRUS\AD-AWARE ANTIVIRUS\11.6.306.7947\ADAWARESERVICE.EXE
2015-03-10 18:50 - 2015-03-10 18:50 - 12745216 _____ () C:\PROGRAM FILES\LAVASOFT\AD-AWARE ANTIVIRUS\AD-AWARE ANTIVIRUS\11.6.306.7947\AdAwareServiceKernel.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 03396064 _____ () C:\PROGRAM FILES\LAVASOFT\AD-AWARE ANTIVIRUS\AD-AWARE ANTIVIRUS\11.6.306.7947\RCF.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00785936 _____ () C:\PROGRAM FILES\LAVASOFT\AD-AWARE ANTIVIRUS\AD-AWARE ANTIVIRUS\11.6.306.7947\boost_regex-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00744960 _____ () C:\PROGRAM FILES\LAVASOFT\AD-AWARE ANTIVIRUS\AD-AWARE ANTIVIRUS\11.6.306.7947\AdAwareActivation.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00480272 _____ () C:\PROGRAM FILES\LAVASOFT\AD-AWARE ANTIVIRUS\AD-AWARE ANTIVIRUS\11.6.306.7947\AdAwareApplicationUpdater.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00812032 _____ () C:\PROGRAM FILES\LAVASOFT\AD-AWARE ANTIVIRUS\AD-AWARE ANTIVIRUS\11.6.306.7947\AdAwareGamingMode.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00099312 _____ () C:\PROGRAM FILES\LAVASOFT\AD-AWARE ANTIVIRUS\AD-AWARE ANTIVIRUS\11.6.306.7947\AdAwareReset.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00119792 _____ () C:\PROGRAM FILES\LAVASOFT\AD-AWARE ANTIVIRUS\AD-AWARE ANTIVIRUS\11.6.306.7947\AdAwareTime.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00963088 _____ () C:\PROGRAM FILES\LAVASOFT\AD-AWARE ANTIVIRUS\AD-AWARE ANTIVIRUS\11.6.306.7947\AdAwareDefinitionsUpdater.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00868896 _____ () C:\PROGRAM FILES\LAVASOFT\AD-AWARE ANTIVIRUS\AD-AWARE ANTIVIRUS\11.6.306.7947\AdAwareDefinitionsUpdaterScheduler.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01108992 _____ () C:\PROGRAM FILES\LAVASOFT\AD-AWARE ANTIVIRUS\AD-AWARE ANTIVIRUS\11.6.306.7947\AdAwareIgnoreList.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00247808 _____ () C:\PROGRAM FILES\LAVASOFT\AD-AWARE ANTIVIRUS\AD-AWARE ANTIVIRUS\11.6.306.7947\AdAwareQuarantine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01013256 _____ () C:\PROGRAM FILES\LAVASOFT\AD-AWARE ANTIVIRUS\AD-AWARE ANTIVIRUS\11.6.306.7947\AdAwareAntiMalwareEngine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00211464 _____ () C:\PROGRAM FILES\LAVASOFT\AD-AWARE ANTIVIRUS\AD-AWARE ANTIVIRUS\11.6.306.7947\AdAwareAntiRootkitEngine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01177608 _____ () C:\PROGRAM FILES\LAVASOFT\AD-AWARE ANTIVIRUS\AD-AWARE ANTIVIRUS\11.6.306.7947\AdAwareScannerHistory.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01302008 _____ () C:\PROGRAM FILES\LAVASOFT\AD-AWARE ANTIVIRUS\AD-AWARE ANTIVIRUS\11.6.306.7947\AdAwareScanner.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00034832 _____ () C:\PROGRAM FILES\LAVASOFT\AD-AWARE ANTIVIRUS\AD-AWARE ANTIVIRUS\11.6.306.7947\boost_timer-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00977416 _____ () C:\PROGRAM FILES\LAVASOFT\AD-AWARE ANTIVIRUS\AD-AWARE ANTIVIRUS\11.6.306.7947\AdAwareScannerScheduler.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01143824 _____ () C:\PROGRAM FILES\LAVASOFT\AD-AWARE ANTIVIRUS\AD-AWARE ANTIVIRUS\11.6.306.7947\AdAwareRealTimeProtection.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00237568 _____ () C:\PROGRAM FILES\LAVASOFT\AD-AWARE ANTIVIRUS\AD-AWARE ANTIVIRUS\11.6.306.7947\AdAwareIncompatibles.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00893432 _____ () C:\PROGRAM FILES\LAVASOFT\AD-AWARE ANTIVIRUS\AD-AWARE ANTIVIRUS\11.6.306.7947\AdAwareAntiSpam.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00847872 _____ () C:\PROGRAM FILES\LAVASOFT\AD-AWARE ANTIVIRUS\AD-AWARE ANTIVIRUS\11.6.306.7947\AdAwareAntiPhishing.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 03104776 _____ () C:\PROGRAM FILES\LAVASOFT\AD-AWARE ANTIVIRUS\AD-AWARE ANTIVIRUS\11.6.306.7947\AdAwareParentalControl.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 02958848 _____ () C:\PROGRAM FILES\LAVASOFT\AD-AWARE ANTIVIRUS\AD-AWARE ANTIVIRUS\11.6.306.7947\AdAwareWebProtection.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01288712 _____ () C:\PROGRAM FILES\LAVASOFT\AD-AWARE ANTIVIRUS\AD-AWARE ANTIVIRUS\11.6.306.7947\AdAwareEmailProtection.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00053272 _____ () C:\PROGRAM FILES\LAVASOFT\AD-AWARE ANTIVIRUS\AD-AWARE ANTIVIRUS\11.6.306.7947\boost_iostreams-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01293832 _____ () C:\PROGRAM FILES\LAVASOFT\AD-AWARE ANTIVIRUS\AD-AWARE ANTIVIRUS\11.6.306.7947\AdAwareNetworkProtection.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00969200 _____ () C:\PROGRAM FILES\LAVASOFT\AD-AWARE ANTIVIRUS\AD-AWARE ANTIVIRUS\11.6.306.7947\AdAwarePromo.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00366584 _____ () C:\PROGRAM FILES\LAVASOFT\AD-AWARE ANTIVIRUS\AD-AWARE ANTIVIRUS\11.6.306.7947\AdAwareFeedback.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 02787344 _____ () C:\PROGRAM FILES\LAVASOFT\AD-AWARE ANTIVIRUS\AD-AWARE ANTIVIRUS\11.6.306.7947\AdAwareThreatWorkAlliance.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01232888 _____ () C:\PROGRAM FILES\LAVASOFT\AD-AWARE ANTIVIRUS\AD-AWARE ANTIVIRUS\11.6.306.7947\AdAwarePinCode.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00969208 _____ () C:\PROGRAM FILES\LAVASOFT\AD-AWARE ANTIVIRUS\AD-AWARE ANTIVIRUS\11.6.306.7947\AdAwareNotice.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00963576 _____ () C:\PROGRAM FILES\LAVASOFT\AD-AWARE ANTIVIRUS\AD-AWARE ANTIVIRUS\11.6.306.7947\AdAwareAvcEngine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01184792 _____ () C:\PROGRAM FILES\LAVASOFT\AD-AWARE ANTIVIRUS\AD-AWARE ANTIVIRUS\11.6.306.7947\AdAwareRealTimeProtectionHistory.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 17104376 _____ () C:\PROGRAM FILES\LAVASOFT\AD-AWARE ANTIVIRUS\AD-AWARE ANTIVIRUS\11.6.306.7947\ADAWAREDESKTOP.EXE
2015-03-10 18:51 - 2015-03-10 18:51 - 00055320 _____ () C:\PROGRAM FILES\LAVASOFT\AD-AWARE ANTIVIRUS\AD-AWARE ANTIVIRUS\11.6.306.7947\boost_date_time-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00125464 _____ () C:\PROGRAM FILES\LAVASOFT\AD-AWARE ANTIVIRUS\AD-AWARE ANTIVIRUS\11.6.306.7947\boost_filesystem-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00024080 _____ () C:\PROGRAM FILES\LAVASOFT\AD-AWARE ANTIVIRUS\AD-AWARE ANTIVIRUS\11.6.306.7947\boost_system-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00107024 _____ () C:\PROGRAM FILES\LAVASOFT\AD-AWARE ANTIVIRUS\AD-AWARE ANTIVIRUS\11.6.306.7947\boost_thread-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00033296 _____ () C:\PROGRAM FILES\LAVASOFT\AD-AWARE ANTIVIRUS\AD-AWARE ANTIVIRUS\11.6.306.7947\boost_chrono-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00456224 _____ () C:\PROGRAM FILES\LAVASOFT\AD-AWARE ANTIVIRUS\AD-AWARE ANTIVIRUS\11.6.306.7947\boost_program_options-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00499728 _____ () C:\PROGRAM FILES\LAVASOFT\AD-AWARE ANTIVIRUS\AD-AWARE ANTIVIRUS\11.6.306.7947\boost_locale-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 07331856 _____ () C:\PROGRAM FILES\LAVASOFT\AD-AWARE ANTIVIRUS\AD-AWARE ANTIVIRUS\11.6.306.7947\AdAwareDesktopDefaultSkin.dll
2014-01-10 07:28 - 2014-01-10 07:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2015-03-30 09:05 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-03-30 09:05 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-03-30 09:05 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-03-30 09:05 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-03-30 09:05 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-03-21 19:00 - 2015-03-14 12:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dll
2015-03-21 19:00 - 2015-03-14 12:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libegl.dll
2015-03-21 19:00 - 2015-03-14 12:12 - 09278792 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1419150269-489388272-1060694731-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-1419150269-489388272-1060694731-500 - Administrator - Disabled)
Andreas (S-1-5-21-1419150269-489388272-1060694731-1000 - Administrator - Enabled) => C:\Users\Andreas
ASPNET (S-1-5-21-1419150269-489388272-1060694731-1005 - Limited - Enabled)
Gast (S-1-5-21-1419150269-489388272-1060694731-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1419150269-489388272-1060694731-1006 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Security Driver
Description: Security Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: secdrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/30/2015 05:30:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SpywareTerminator.exe, Version: 3.0.0.101, Zeitstempel: 0x54b4d222
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7bafa
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0000b727
ID des fehlerhaften Prozesses: 0x1364
Startzeit der fehlerhaften Anwendung: 0xSpywareTerminator.exe0
Pfad der fehlerhaften Anwendung: SpywareTerminator.exe1
Pfad des fehlerhaften Moduls: SpywareTerminator.exe2
Berichtskennung: SpywareTerminator.exe3

Error: (03/30/2015 05:14:56 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT-AUTORITÄT)
Description: Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten.

Error: (03/30/2015 05:09:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/30/2015 05:09:04 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070002.

Error: (03/30/2015 04:51:09 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/30/2015 04:51:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (03/30/2015 05:11:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "sppsvc" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/30/2015 05:09:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Security Driver" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/30/2015 05:08:10 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}


Microsoft Office Sessions:
=========================
Error: (03/30/2015 05:30:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SpywareTerminator.exe3.0.0.10154b4d222KERNELBASE.dll6.1.7601.175144ce7bafa0eedfade0000b727136401d06afd4ebfd964C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exeC:\Windows\syswow64\KERNELBASE.dllac815499-d6f1-11e4-9f5c-74d43555818b

Error: (03/30/2015 05:14:56 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT-AUTORITÄT)
Description: 16000000000325000003250000980B0000

Error: (03/30/2015 05:09:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/30/2015 05:09:04 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700020x00000000

Error: (03/30/2015 04:51:09 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Andreas\Desktop\esetsmartinstaller_deu.exe

Error: (03/30/2015 04:51:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Andreas\Desktop\esetsmartinstaller_deu.exe


==================== Memory info =========================== 

Processor: AMD FX(tm)-4300 Quad-Core Processor 
Percentage of memory in use: 40%
Total physical RAM: 8173.55 MB
Available physical RAM: 4851.39 MB
Total Pagefile: 16345.31 MB
Available Pagefile: 13406.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:244.14 GB) (Free:18.16 GB) NTFS
Drive d: () (Fixed) (Total:67.24 GB) (Free:9.94 GB) NTFS
Drive e: () (Fixed) (Total:82.48 GB) (Free:10.56 GB) NTFS
Drive f: () (Fixed) (Total:221.62 GB) (Free:162.58 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 0A471E87)
Partition 1: (Active) - (Size=83.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149.7 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 77AE5663)
Partition 1: (Not Active) - (Size=244.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=221.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
--- --- ---
__________________

Alt 31.03.2015, 06:03   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Bin am Verzweifeln ... - Standard

Bin am Verzweifeln ...



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 31.03.2015, 08:31   #5
snoopyb510
 
Bin am Verzweifeln ... - Standard

Bin am Verzweifeln ...



So, hab den Rechner gescannt. Die Software hat gemeckert obwohl ich per Taskmanager die Antiviren- und Malware Software ausgeschaltet hatte.

Hier die Logfile...
Code:
ATTFilter
ComboFix 15-03-29.01 - Andreas 31.03.2015   8:21.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8174.6425 [GMT 2:00]
ausgeführt von:: c:\users\Andreas\Downloads\ComboFix.exe
AV: Ad-Aware Antivirus *Enabled/Updated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
SP: Ad-Aware Antivirus *Enabled/Updated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\users\Andreas\AppData\Local\Microsoft\Windows\Temporary Internet Files\JsBHO.dll.log
c:\users\Andreas\AppData\Roaming\inst.exe
c:\users\Andreas\AppData\Roaming\vso_ts_preview.xml
c:\windows\msdownld.tmp
c:\windows\SysWow64\sn.txt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-02-28 bis 2015-03-31  ))))))))))))))))))))))))))))))
.
.
2015-03-31 06:25 . 2015-03-31 06:25	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-03-30 22:31 . 2015-03-30 22:31	388096	----a-r-	c:\users\Andreas\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2015-03-30 22:31 . 2015-03-30 22:31	--------	d-----w-	c:\program files (x86)\Trend Micro
2015-03-30 16:00 . 2015-03-30 16:01	--------	d-----w-	C:\FRST
2015-03-30 15:20 . 2015-03-30 15:20	--------	d-----w-	c:\program files\Lavasoft
2015-03-30 15:19 . 2015-03-30 22:17	--------	d-----w-	c:\users\Andreas\AppData\Roaming\Lavasoft
2015-03-30 15:19 . 2015-03-30 15:19	--------	d-----w-	c:\program files\Common Files\Lavasoft
2015-03-30 15:19 . 2015-03-30 22:17	--------	d-----w-	c:\programdata\Lavasoft
2015-03-30 15:15 . 2015-03-30 23:45	--------	d-----w-	c:\programdata\Spyware Terminator
2015-03-30 15:15 . 2015-03-30 15:15	--------	d-----w-	c:\users\Andreas\AppData\Roaming\Spyware Terminator
2015-03-30 15:15 . 2015-03-30 15:15	--------	d-----w-	c:\program files (x86)\Spyware Terminator
2015-03-30 15:05 . 2015-03-30 15:05	--------	d-----w-	c:\windows\ERUNT
2015-03-30 14:43 . 2015-03-30 14:43	--------	d-----w-	c:\program files (x86)\VS Revo Group
2015-03-30 14:32 . 2015-03-30 14:32	--------	d-----w-	c:\program files\HitmanPro
2015-03-30 14:32 . 2015-03-30 14:36	--------	d-----w-	c:\programdata\HitmanPro
2015-03-30 07:16 . 2015-03-30 14:24	136408	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-30 07:16 . 2015-03-30 07:16	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2015-03-30 07:16 . 2015-03-30 07:16	--------	d-----w-	c:\programdata\Malwarebytes
2015-03-30 07:16 . 2015-03-17 04:15	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-03-30 07:16 . 2015-03-17 04:15	107736	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-03-30 07:16 . 2015-03-17 04:15	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-03-30 07:05 . 2013-09-20 08:49	21040	----a-w-	c:\windows\system32\sdnclean64.exe
2015-03-30 07:05 . 2015-03-30 07:15	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2015-03-30 07:04 . 2015-03-30 07:09	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy 2
2015-03-28 14:13 . 2015-03-28 14:44	--------	d-----w-	c:\users\Andreas\AppData\Roaming\jellylam
2015-03-27 11:35 . 2015-03-27 11:35	--------	d-----w-	c:\users\Andreas\AppData\Roaming\PDFConvert
2015-03-05 18:30 . 2015-03-05 18:30	--------	d-----w-	c:\program files (x86)\MarkAny
2015-03-05 17:27 . 2015-03-26 07:11	--------	d-----w-	c:\users\Andreas\AppData\Local\Samsung
2015-03-05 17:27 . 2015-03-26 07:11	--------	d-----w-	c:\users\Andreas\AppData\Roaming\Samsung
2015-03-05 17:26 . 2013-12-30 09:53	144664	----a-w-	c:\windows\SysWow64\secman.dll
2015-03-05 17:26 . 2013-06-14 18:57	4659712	----a-w-	c:\windows\SysWow64\Redemption.dll
2015-03-05 17:25 . 2015-03-26 07:11	--------	d-----w-	c:\program files (x86)\Samsung
2015-03-05 17:22 . 2015-03-05 18:26	--------	d-----w-	c:\users\Andreas\AppData\Local\Downloaded Installations
2015-03-05 17:20 . 2015-03-05 17:20	--------	d-----w-	c:\program files\SAMSUNG
2015-03-05 17:19 . 2015-03-26 07:10	--------	d-----w-	c:\programdata\Samsung
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-30 11:07 . 2014-03-25 13:10	155136	----a-w-	c:\windows\SysWow64\unrar.dll
2015-03-27 18:30 . 2014-04-09 19:16	952	--sha-w-	c:\programdata\KGyGaAvL.sys
2015-03-26 07:07 . 2014-03-17 13:45	778928	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-03-26 07:07 . 2014-03-17 13:45	142512	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-12 09:59 . 2014-12-02 23:35	373864	----a-w-	c:\windows\system32\LavasoftTcpService64.dll
2015-03-12 09:58 . 2014-12-02 23:35	326288	----a-w-	c:\windows\SysWow64\LavasoftTcpService.dll
2015-01-24 11:59 . 2014-10-31 12:38	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-01-22 14:16 . 2015-01-22 14:16	452040	----a-w-	c:\windows\system32\drivers\Trufos.sys
2015-01-04 12:37 . 2014-04-18 12:25	82816	----a-w-	c:\users\Andreas\AppData\Roaming\pcouffin.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-08-09 5263504]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2014-11-17 448856]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-10-09 124720]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys;c:\windows\SYSNATIVE\DRIVERS\avchv.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;f:\program files (x86)\MAGIX\Common\Database\bin\fbserver.exe;f:\program files (x86)\MAGIX\Common\Database\bin\fbserver.exe [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 UHSfiltv;UHSfiltv;c:\windows\system32\drivers\UHSfiltv.sys;c:\windows\SYSNATIVE\drivers\UHSfiltv.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 LavasoftAdAwareService11;Ad-Aware Service 11;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys;c:\windows\SYSNATIVE\DRIVERS\stflt.sys [x]
S2 ST2012_Svc;Spyware Terminator 2015 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 gzflt;gzflt;c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.98.0\gzflt.sys;c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.98.0\gzflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
S3 VUSB3HUB;VIA USB 3 Root Hub Service;c:\windows\system32\DRIVERS\ViaHub3.sys;c:\windows\SYSNATIVE\DRIVERS\ViaHub3.sys [x]
S3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\DRIVERS\xhcdrv.sys;c:\windows\SYSNATIVE\DRIVERS\xhcdrv.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-21 17:00	1061704	----a-w-	c:\program files (x86)\Google\Chrome\Application\41.0.2272.101\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-03-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-17 07:07]
.
2015-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-17 10:43]
.
2015-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-17 10:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2015-03-15 3860304]
"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2015-03-15 5456720]
"AdAwareTray"="c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe" [2015-03-10 9566192]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10140_adaware_150330
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ejl49x4f.default-1408209462410\
FF - prefs.js: browser.search.selectedEngine - Ad-Aware SecureSearch
FF - prefs.js: browser.startup.homepage - hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10140_adaware_150330
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\Andreas\AppData\Local\Akamai\netsession_win.exe
Wow6432Node-HKCU-Run-Web Companion - c:\program files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
Notify-SDWinLogon - SDWinLogon.dll
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-03-31  08:27:05
ComboFix-quarantined-files.txt  2015-03-31 06:27
.
Vor Suchlauf: 11 Verzeichnis(se), 30.119.702.528 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 29.604.741.120 Bytes frei
.
- - End Of File - - 56741FC57C853C465A61CED480C420B4
A36C5E4F47E84449FF07ED3517B43A31
         


Alt 31.03.2015, 17:49   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Bin am Verzweifeln ... - Standard

Bin am Verzweifeln ...



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Bin am Verzweifeln ...

Alt 01.04.2015, 12:32   #7
snoopyb510
 
Bin am Verzweifeln ... - Standard

Bin am Verzweifeln ...



Ok, alles durchlaufen lassen.
Ich hab hier die zwei logs...

Es scheint funktioniert zu haben ... zumindest hab ich im Moment keine unterstrichenen Worte mehr und auch keine Popup Fenster ... im Moment

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.0 (03.31.2015:2)
OS: Windows 7 Professional x64
Ran by Andreas on 01.04.2015 at 12:28:14,08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.04.2015 at 12:30:44,00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Code:
ATTFilter
# AdwCleaner v4.200 - Bericht erstellt 01/04/2015 um 12:25:12
# Aktualisiert 29/03/2015 von Xplode
# Datenbank : 2015-03-29.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : Andreas - ANDREASPC
# Gestarted von : C:\Users\Andreas\Desktop\Sicherheit\adwcleaner_4.200.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : sp_rsdrv2

***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ejl49x4f.default-1408209462410\searchplugins\securesearch.xml

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\adawarebp

***** [ Internetbrowser ] *****

-\\ Internet Explorer v8.0.7601.17514

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v

[ejl49x4f.default-1408209462410\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10140_adaware_150330");
[ejl49x4f.default-1408209462410\prefs.js] - Zeile Gelöscht : user_pref("browser.startup.homepage", "hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10140_adaware_150330");

-\\ Google Chrome v41.0.2272.101

[C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10140_adaware_150330&q={searchTerms}

-\\ Chromium v


*************************

AdwCleaner[R0].txt - [3051 Bytes] - [01/04/2015 12:24:05]
AdwCleaner[S0].txt - [2709 Bytes] - [01/04/2015 12:25:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2768  Bytes] ##########
         

Geändert von snoopyb510 (01.04.2015 um 12:37 Uhr)

Alt 01.04.2015, 19:45   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Bin am Verzweifeln ... - Standard

Bin am Verzweifeln ...



ich hab aber nach 4 Logs gefragt
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Bin am Verzweifeln ...
ausprobiert, bewusst, board, dankbar, doppel, doppelt, heute, installier, installiert, irgendetwas, langsam, menge, popup, popups, programme, surfe, surfen, unmöglich, verzweifeln, webseite, webseiten, werbefenster, worte, überhaupt, zwischen



Ähnliche Themen: Bin am Verzweifeln ...


  1. Bundestrojaner bin am Verzweifeln.
    Log-Analyse und Auswertung - 29.09.2012 (14)
  2. 50€ Virus - am verzweifeln...
    Log-Analyse und Auswertung - 08.01.2012 (32)
  3. Am Verzweifeln: HiJack This Log
    Log-Analyse und Auswertung - 13.09.2009 (7)
  4. Bitte um Hilfe, bin am verzweifeln !!!!!!
    Plagegeister aller Art und deren Bekämpfung - 07.03.2007 (3)
  5. Winfixer - bin am verzweifeln
    Log-Analyse und Auswertung - 08.11.2006 (1)
  6. Bin am VERZWEIFELN !!!
    Log-Analyse und Auswertung - 10.09.2006 (13)
  7. CPU-Auslastung 100%, bin am Verzweifeln...
    Log-Analyse und Auswertung - 18.06.2006 (2)
  8. Ich bin am verzweifeln
    Log-Analyse und Auswertung - 08.04.2006 (3)
  9. total am verzweifeln, helft mir!
    Log-Analyse und Auswertung - 24.03.2006 (1)
  10. Hilfe bin am verzweifeln...
    Log-Analyse und Auswertung - 16.11.2005 (1)
  11. ich könnte verzweifeln !
    Log-Analyse und Auswertung - 11.10.2005 (2)
  12. Bin am verzweifeln...
    Log-Analyse und Auswertung - 30.08.2005 (6)
  13. Bitte um auswertung - bin am verzweifeln
    Log-Analyse und Auswertung - 27.07.2005 (2)
  14. Azesearch-bin auch am verzweifeln!!!
    Log-Analyse und Auswertung - 28.04.2005 (4)
  15. bin seit tagen am verzweifeln
    Log-Analyse und Auswertung - 12.04.2005 (10)
  16. bitte mal auswerten.bin am verzweifeln
    Log-Analyse und Auswertung - 23.02.2005 (3)
  17. Am verzweifeln :(
    Plagegeister aller Art und deren Bekämpfung - 31.05.2004 (11)

Zum Thema Bin am Verzweifeln ... - Moin, ich bin so langsam am Verzweifeln. Seit heute früh (obwohl ich mir nicht bewusst bin irgendetwas installiert zu haben) habe ich doppelt unterstrichene Worte auf allen Webseiten und jede - Bin am Verzweifeln ......
Archiv
Du betrachtest: Bin am Verzweifeln ... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.