Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Unsauberer PC weil kein Antivirenprog (https://www.trojaner-board.de/155712-unsauberer-pc-weil-kein-antivirenprog.html)

Djchaos 25.06.2014 16:29
Unsauberer PC weil kein Antivirenprog
 
Hallo,

ich habe hier einen PC der leider ohne Antivirenprogramm lief.
Nun haben sich einige unschöne Sachen eingenistet.

Könnte mir jemnad helfen? Bin hier auf dem Forum immer super betreut worden.

Mfg DjChaos

schrauber 25.06.2014 16:40
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Djchaos 25.06.2014 16:54
Hier die Ergebnisse von FRST


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-06-2014
Ran by Sascha (administrator) on SASCHA-PC on 25-06-2014 17:45:15
Running from C:\Users\Sascha\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [183376 2014-05-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-17] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2721694102-2595870871-535589134-1000\...\Run: [genesis_06191619] => /r
HKU\S-1-5-21-2721694102-2595870871-535589134-1000\...\MountPoints2: {5a389ff2-fa2c-11e3-8cf4-d02788012f18} - K:\LaunchU3.exe -a
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1403194784&from=tugs&uid=ST3250310AS_6RYB8ZY5XXXX6RYB8ZY5&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1403194784&from=tugs&uid=ST3250310AS_6RYB8ZY5XXXX6RYB8ZY5&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = hxxp://www.default-search.net/search?sid=492&aid=103&itype=a&ver=12791&tm=384&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = hxxp://www.default-search.net/search?sid=492&aid=103&itype=a&ver=12791&tm=384&src=ds&p={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = hxxp://www.default-search.net/search?sid=492&aid=103&itype=a&ver=12791&tm=384&src=ds&p={searchTerms}
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\blba04aw.default
FF DefaultSearchEngine: webssearches
FF SearchEngineOrder.1: default-search.net
FF SelectedSearchEngine: webssearches
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF user.js: detected! => C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\blba04aw.default\user.js
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Settings Manager - C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\blba04aw.default\Extensions\{34FA153F-3A2C-364C-E68F-3F8A21AA8D9D} [2014-06-20]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-17] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [123984 2014-05-14] (Avira Operations GmbH & Co. KG)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-06-19] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-06-19] (globalUpdate) [File not signed]

==================== Drivers (Whitelisted) ====================

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-06-17] (Avira Operations GmbH & Co. KG)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-25 17:45 - 2014-06-25 17:45 - 00008194 _____ () C:\Users\Sascha\Desktop\FRST.txt
2014-06-25 17:45 - 2014-06-25 17:45 - 00000000 ____D () C:\FRST
2014-06-25 17:43 - 2014-06-25 17:43 - 02082816 _____ (Farbar) C:\Users\Sascha\Desktop\FRST64.exe
2014-06-25 17:22 - 2014-06-25 17:22 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\Avira
2014-06-25 17:21 - 2014-06-17 16:25 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-25 17:21 - 2014-06-17 16:25 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-25 17:21 - 2014-06-17 16:25 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-06-25 17:20 - 2014-06-25 17:21 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-25 17:20 - 2014-06-25 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-25 17:20 - 2014-06-25 17:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-25 17:20 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-25 17:20 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-25 17:19 - 2014-06-25 17:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-06-25 17:19 - 2014-06-25 17:21 - 00000000 ____D () C:\ProgramData\Avira
2014-06-25 17:19 - 2014-06-25 17:21 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-06-25 17:19 - 2014-06-25 17:19 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-06-25 17:18 - 2014-06-25 17:20 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-25 17:18 - 2014-06-25 17:18 - 04536336 _____ (Avira Operations GmbH & Co. KG) C:\Users\Sascha\Downloads\avira_de_av___ws.exe
2014-06-25 17:18 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-25 17:14 - 2014-06-25 17:20 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\Malwarebytes
2014-06-23 17:15 - 2014-06-25 17:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-23 17:14 - 2014-06-23 17:14 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sascha\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-23 17:13 - 2014-06-23 17:13 - 00003178 _____ () C:\Windows\System32\Tasks\{7FDD5ECC-66AC-4F11-BA80-BF936AB91FB7}
2014-06-21 04:36 - 2014-06-23 17:13 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\Probit Software
2014-06-20 22:02 - 2014-06-20 22:02 - 00623616 _____ (Click Me In Limited) C:\Users\Sascha\AppData\Local\nsjC449.tmp
2014-06-20 21:45 - 2014-06-23 17:13 - 00000000 ____D () C:\Program Files (x86)\Probit Software
2014-06-20 21:45 - 2014-06-20 21:45 - 00003624 _____ () C:\Windows\System32\Tasks\Mext Guard FBE8818C-5B13-48C2-A93E-AD731167DBF2
2014-06-20 21:43 - 2014-06-25 17:42 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-20 21:43 - 2014-06-25 17:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-20 21:43 - 2014-06-25 17:37 - 00000000 ____D () C:\Program Files (x86)\Settings Manager
2014-06-20 21:43 - 2014-06-25 17:03 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\Settings Manager
2014-06-20 21:43 - 2014-06-21 04:35 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-06-20 21:43 - 2014-06-21 04:35 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-06-20 21:43 - 2014-06-20 22:04 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-06-20 21:43 - 2014-06-20 22:03 - 00000312 _____ () C:\Users\Sascha\AppData\Roaming\aps.uninstall.scan.results
2014-06-20 21:43 - 2014-06-20 21:44 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-06-20 21:43 - 2014-06-20 21:44 - 00002828 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-06-20 21:43 - 2014-06-20 21:44 - 00002828 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-06-20 21:43 - 2014-06-20 21:43 - 00000000 ____D () C:\Users\Sascha\AppData\Local\PennyBee
2014-06-20 21:42 - 2014-06-18 11:44 - 00608179 _____ (Click Me In Limited) C:\Users\Sascha\AppData\Local\AnyProtectScannerSetup.exe
2014-06-19 18:25 - 2014-06-19 18:25 - 00000000 ____D () C:\Users\Sascha\Documents\Optimizer Pro
2014-06-19 18:25 - 2014-06-19 18:25 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-19 18:21 - 2014-06-19 18:21 - 00000000 ____D () C:\Users\Sascha\AppData\Local\com
2014-06-19 18:20 - 2014-06-25 16:59 - 00000904 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-06-19 18:20 - 2014-06-19 18:20 - 00003902 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-06-19 18:20 - 2014-06-19 18:20 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\SupTab
2014-06-19 18:20 - 2014-06-19 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer
2014-06-19 18:19 - 2014-06-25 17:38 - 00000900 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-06-19 18:19 - 2014-06-25 17:26 - 00000000 ____D () C:\Users\Sascha\AppData\Local\Genesis_06191619
2014-06-19 18:19 - 2014-06-23 17:13 - 00000444 __RSH () C:\ProgramData\ntuser.pol
2014-06-19 18:19 - 2014-06-23 17:10 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-06-19 18:19 - 2014-06-19 18:19 - 00003648 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-06-19 18:19 - 2014-06-19 18:19 - 00000000 ____D () C:\Users\Sascha\AppData\Local\globalUpdate
2014-06-19 18:19 - 2014-06-19 18:19 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-06-19 11:56 - 2014-06-19 11:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-09 00:12 - 2014-06-09 00:59 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\TS3Client

==================== One Month Modified Files and Folders =======

2014-06-25 17:45 - 2014-06-25 17:45 - 00008194 _____ () C:\Users\Sascha\Desktop\FRST.txt
2014-06-25 17:45 - 2014-06-25 17:45 - 00000000 ____D () C:\FRST
2014-06-25 17:43 - 2014-06-25 17:43 - 02082816 _____ (Farbar) C:\Users\Sascha\Desktop\FRST64.exe
2014-06-25 17:42 - 2014-06-20 21:43 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-25 17:42 - 2014-06-20 21:43 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-25 17:42 - 2014-04-02 19:55 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-25 17:42 - 2014-04-02 19:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-25 17:41 - 2014-04-02 18:20 - 00131874 _____ () C:\Windows\WindowsUpdate.log
2014-06-25 17:38 - 2014-06-19 18:19 - 00000900 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-06-25 17:38 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-25 17:38 - 2009-07-14 06:51 - 00031376 _____ () C:\Windows\setupact.log
2014-06-25 17:37 - 2014-06-20 21:43 - 00000000 ____D () C:\Program Files (x86)\Settings Manager
2014-06-25 17:37 - 2010-11-21 05:47 - 00303522 _____ () C:\Windows\PFRO.log
2014-06-25 17:26 - 2014-06-19 18:19 - 00000000 ____D () C:\Users\Sascha\AppData\Local\Genesis_06191619
2014-06-25 17:22 - 2014-06-25 17:22 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\Avira
2014-06-25 17:21 - 2014-06-25 17:20 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-25 17:21 - 2014-06-25 17:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-06-25 17:21 - 2014-06-25 17:19 - 00000000 ____D () C:\ProgramData\Avira
2014-06-25 17:21 - 2014-06-25 17:19 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-06-25 17:20 - 2014-06-25 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-25 17:20 - 2014-06-25 17:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-25 17:20 - 2014-06-25 17:18 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-25 17:20 - 2014-06-25 17:14 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\Malwarebytes
2014-06-25 17:19 - 2014-06-25 17:19 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-06-25 17:18 - 2014-06-25 17:18 - 04536336 _____ (Avira Operations GmbH & Co. KG) C:\Users\Sascha\Downloads\avira_de_av___ws.exe
2014-06-25 17:18 - 2014-04-02 18:46 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-25 17:16 - 2009-07-14 06:45 - 00026528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-25 17:16 - 2009-07-14 06:45 - 00026528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-25 17:15 - 2014-04-03 04:15 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2014-06-25 17:15 - 2014-04-03 04:15 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2014-06-25 17:15 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-25 17:14 - 2014-06-23 17:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-25 17:03 - 2014-06-20 21:43 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\Settings Manager
2014-06-25 17:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Web
2014-06-25 16:59 - 2014-06-19 18:20 - 00000904 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-06-25 08:22 - 2014-04-02 18:48 - 00000000 ____D () C:\Users\Sascha\AppData\Local\Battle.net
2014-06-23 17:14 - 2014-06-23 17:14 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sascha\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-23 17:13 - 2014-06-23 17:13 - 00003178 _____ () C:\Windows\System32\Tasks\{7FDD5ECC-66AC-4F11-BA80-BF936AB91FB7}
2014-06-23 17:13 - 2014-06-21 04:36 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\Probit Software
2014-06-23 17:13 - 2014-06-20 21:45 - 00000000 ____D () C:\Program Files (x86)\Probit Software
2014-06-23 17:13 - 2014-06-19 18:19 - 00000444 __RSH () C:\ProgramData\ntuser.pol
2014-06-23 17:10 - 2014-06-19 18:19 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-06-22 18:45 - 2014-04-07 15:30 - 00000000 ____D () C:\Users\Sascha\AppData\Local\Deployment
2014-06-22 18:43 - 2014-04-02 18:37 - 00000000 ____D () C:\Users\Sascha
2014-06-21 04:35 - 2014-06-20 21:43 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-06-21 04:35 - 2014-06-20 21:43 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-06-21 04:34 - 2014-04-02 18:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-20 22:04 - 2014-06-20 21:43 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-06-20 22:03 - 2014-06-20 21:43 - 00000312 _____ () C:\Users\Sascha\AppData\Roaming\aps.uninstall.scan.results
2014-06-20 22:02 - 2014-06-20 22:02 - 00623616 _____ (Click Me In Limited) C:\Users\Sascha\AppData\Local\nsjC449.tmp
2014-06-20 21:45 - 2014-06-20 21:45 - 00003624 _____ () C:\Windows\System32\Tasks\Mext Guard FBE8818C-5B13-48C2-A93E-AD731167DBF2
2014-06-20 21:44 - 2014-06-20 21:43 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-06-20 21:44 - 2014-06-20 21:43 - 00002828 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-06-20 21:44 - 2014-06-20 21:43 - 00002828 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-06-20 21:43 - 2014-06-20 21:43 - 00000000 ____D () C:\Users\Sascha\AppData\Local\PennyBee
2014-06-19 18:25 - 2014-06-19 18:25 - 00000000 ____D () C:\Users\Sascha\Documents\Optimizer Pro
2014-06-19 18:25 - 2014-06-19 18:25 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-19 18:21 - 2014-06-19 18:21 - 00000000 ____D () C:\Users\Sascha\AppData\Local\com
2014-06-19 18:20 - 2014-06-19 18:20 - 00003902 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-06-19 18:20 - 2014-06-19 18:20 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\SupTab
2014-06-19 18:20 - 2014-06-19 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer
2014-06-19 18:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-06-19 18:19 - 2014-06-19 18:19 - 00003648 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-06-19 18:19 - 2014-06-19 18:19 - 00000000 ____D () C:\Users\Sascha\AppData\Local\globalUpdate
2014-06-19 18:19 - 2014-06-19 18:19 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-06-19 18:19 - 2014-04-02 18:43 - 00001361 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-19 18:19 - 2014-04-02 18:43 - 00001349 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-19 18:19 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-19 18:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-06-19 11:56 - 2014-06-19 11:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 11:44 - 2014-06-20 21:42 - 00608179 _____ (Click Me In Limited) C:\Users\Sascha\AppData\Local\AnyProtectScannerSetup.exe
2014-06-17 16:25 - 2014-06-25 17:21 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-17 16:25 - 2014-06-25 17:21 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-17 16:25 - 2014-06-25 17:21 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-06-09 00:59 - 2014-06-09 00:12 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\TS3Client

Some content of TEMP:
====================
C:\Users\Sascha\AppData\Local\Temp\avgnt.exe
C:\Users\Sascha\AppData\Local\Temp\BackupSetup.exe
C:\Users\Sascha\AppData\Local\Temp\optprosetup.exe
C:\Users\Sascha\AppData\Local\Temp\pennybee.exe
C:\Users\Sascha\AppData\Local\Temp\v-bates.exe
C:\Users\Sascha\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-18 16:21

==================== End Of Log ============================
--- --- ---

--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-06-2014
Ran by Sascha at 2014-06-25 17:45:56
Running from C:\Users\Sascha\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (HKLM-x32\...\{41042E28-CCA1-4147-869F-9E928B38F04C}) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
Avira (HKLM-x32\...\{68e29fba-92b1-4f6f-a604-1d8679da3a9f}) (Version: 1.1.13.24161 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.13.24161 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.444 - Avira)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.810 - Curse)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Genesis (HKCU\...\genesis_06191619) (Version:  - ) <==== ATTENTION
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Restore Points  =========================

23-04-2014 11:52:37 Geplanter Prüfpunkt
08-05-2014 14:14:11 Geplanter Prüfpunkt
15-05-2014 20:05:50 Geplanter Prüfpunkt
23-05-2014 09:50:34 Geplanter Prüfpunkt
30-05-2014 14:02:18 Geplanter Prüfpunkt
08-06-2014 13:02:59 Geplanter Prüfpunkt
15-06-2014 13:15:51 Geplanter Prüfpunkt
21-06-2014 08:54:34 Windows Defender Checkpoint

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0504E1B6-7225-41C2-98E2-6FF22695BCC3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-25] (Adobe Systems Incorporated)
Task: {79D0A9CF-0AA6-4CE5-A603-3769174AE55A} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {A5F9C14F-27AE-4914-849C-9A0D68253352} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-06-19] (globalUpdate) <==== ATTENTION
Task: {DB0474FA-41D1-4E88-BB7B-9A1A0861557F} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {E91D417E-E2EA-4BC3-B3EB-364FD2A963BD} - System32\Tasks\Mext Guard FBE8818C-5B13-48C2-A93E-AD731167DBF2 => C:\Program Files\V-bates\startsc.bat
Task: {EB595B09-2383-4A51-88C6-709D1DAA4621} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {F0690958-15B1-4322-842A-09E3F737297A} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-06-19] (globalUpdate) <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-12-06 16:06 - 2013-12-06 16:06 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-05-14 14:27 - 2014-05-14 14:27 - 00137296 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-06-25 17:22 - 2014-05-14 14:27 - 00049744 _____ () C:\Users\Sascha\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-05-14 14:27 - 2014-05-14 14:27 - 00065616 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-06-19 11:56 - 2014-06-19 11:56 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-06-25 17:42 - 2014-06-25 17:42 - 17024688 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/25/2014 05:39:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/25/2014 05:39:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe, Version: 1.1.13.24161, Zeitstempel: 0x537360b2
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ba58
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00038da9
ID des fehlerhaften Prozesses: 0x7b0
Startzeit der fehlerhaften Anwendung: 0xAvira.OE.ServiceHost.exe0
Pfad der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe1
Pfad des fehlerhaften Moduls: Avira.OE.ServiceHost.exe2
Berichtskennung: Avira.OE.ServiceHost.exe3

Error: (06/25/2014 05:39:01 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
Stack:
  at Avira.OE.AvConnector.AvConnectorNativeMethods.CreateInstance(System.Guid, System.String)
  at Avira.OE.AvConnector.AvConnectorNativeFactory`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].CreateInstance(System.String)
  at Avira.OE.AvConnector.AvStatusReporter..ctor(System.String)
  at Avira.OE.AvConnector.AvConnector.<get_AvStatusReporterFactory>b__0()
  at Avira.OE.AvConnector.AvConnector.GetAvStatusData()
  at Avira.OE.AvConnector.AvConnector.RefreshDeviceState()
  at Avira.OE.AvConnector.AvConnector.OnEventDatabaseFileChanged(System.Object, System.EventArgs)
  at Avira.OE.AvConnector.AvFileMonitor.FileWatcher_Changed(System.Object, System.IO.FileSystemEventArgs)
  at System.IO.FileSystemWatcher.OnChanged(System.IO.FileSystemEventArgs)
  at System.IO.FileSystemWatcher.NotifyFileSystemEventArgs(Int32, System.String)
  at System.IO.FileSystemWatcher.CompletionStatusChanged(UInt32, UInt32, System.Threading.NativeOverlapped*)
  at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)

Error: (06/25/2014 05:16:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233
Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x4990
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (06/25/2014 05:03:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm mbam.exe, Version 1.0.0.532 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1330

Startzeit: 01cf8ef5eb2cdcc5

Endzeit: 0

Anwendungspfad: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

Berichts-ID: d403999c-fc79-11e3-8cf4-d02788012f18

Error: (06/23/2014 08:08:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233
Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0xca4
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (06/22/2014 06:46:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233
Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x89c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (06/22/2014 06:46:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233
Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x12b8
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (06/22/2014 06:44:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Re-markitaj174.exe, Version: 1.174.0.0, Zeitstempel: 0x53a17e72
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0xb20
Startzeit der fehlerhaften Anwendung: 0xRe-markitaj174.exe0
Pfad der fehlerhaften Anwendung: Re-markitaj174.exe1
Pfad des fehlerhaften Moduls: Re-markitaj174.exe2
Berichtskennung: Re-markitaj174.exe3

Error: (06/22/2014 06:44:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/25/2014 05:39:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/25/2014 05:38:14 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎25.‎06.‎2014 um 17:33:09 unerwartet heruntergefahren.

Error: (06/25/2014 05:33:28 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "DCOM-Server-Prozessstart" Korrekturmaßnahmen (Neustart des Computers) durchzuführen, ist fehlgeschlagen. Fehler:
%%1190

Error: (06/25/2014 05:33:28 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Plug & Play" Korrekturmaßnahmen (Neustart des Computers) durchzuführen, ist fehlgeschlagen. Fehler:
%%1190

Error: (06/25/2014 05:33:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Stromversorgung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Computers.

Error: (06/25/2014 05:33:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Plug & Play" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Computers.

Error: (06/25/2014 05:33:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "DCOM-Server-Prozessstart" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Computers.

Error: (06/25/2014 05:26:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Mext Guard" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/25/2014 05:26:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "IePlugin Services" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/24/2014 10:54:31 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {577975B8-C40E-43E6-B0DE-4C6B44088B52}


Microsoft Office Sessions:
=========================
Error: (06/25/2014 05:39:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/25/2014 05:39:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Avira.OE.ServiceHost.exe1.1.13.24161537360b2ntdll.dll6.1.7601.175144ce7ba58c000000500038da97b001cf908b7e90b5acC:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exeC:\Windows\SysWOW64\ntdll.dlld5e977db-fc7e-11e3-aa91-d02788012f18

Error: (06/25/2014 05:39:01 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
Stack:
  at Avira.OE.AvConnector.AvConnectorNativeMethods.CreateInstance(System.Guid, System.String)
  at Avira.OE.AvConnector.AvConnectorNativeFactory`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].CreateInstance(System.String)
  at Avira.OE.AvConnector.AvStatusReporter..ctor(System.String)
  at Avira.OE.AvConnector.AvConnector.<get_AvStatusReporterFactory>b__0()
  at Avira.OE.AvConnector.AvConnector.GetAvStatusData()
  at Avira.OE.AvConnector.AvConnector.RefreshDeviceState()
  at Avira.OE.AvConnector.AvConnector.OnEventDatabaseFileChanged(System.Object, System.EventArgs)
  at Avira.OE.AvConnector.AvFileMonitor.FileWatcher_Changed(System.Object, System.IO.FileSystemEventArgs)
  at System.IO.FileSystemWatcher.OnChanged(System.IO.FileSystemEventArgs)
  at System.IO.FileSystemWatcher.NotifyFileSystemEventArgs(Int32, System.String)
  at System.IO.FileSystemWatcher.CompletionStatusChanged(UInt32, UInt32, System.Threading.NativeOverlapped*)
  at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)

Error: (06/25/2014 05:16:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141b499001cf90886c9e9f47C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllabc074d0-fc7b-11e3-8cf4-d02788012f18

Error: (06/25/2014 05:03:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.0.532133001cf8ef5eb2cdcc50C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exed403999c-fc79-11e3-8cf4-d02788012f18

Error: (06/23/2014 08:08:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141bca401cf8f0e13f9cef0C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll52cf39fe-fb01-11e3-8cf4-d02788012f18

Error: (06/22/2014 06:46:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141b89c01cf8e39834aedddC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllc2534fcf-fa2c-11e3-8cf4-d02788012f18

Error: (06/22/2014 06:46:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141b12b801cf8e397500430fC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllb5a1a43f-fa2c-11e3-8cf4-d02788012f18

Error: (06/22/2014 06:44:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Re-markitaj174.exe1.174.0.053a17e72unknown0.0.0.000000000c000000500000000b2001cf8e3938c6e5f7C:\Program Files (x86)\-Re-markit-soft\Re-markitaj174.exeunknown7c05491b-fa2c-11e3-8cf4-d02788012f18

Error: (06/22/2014 06:44:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Percentage of memory in use: 30%
Total physical RAM: 4095.18 MB
Available physical RAM: 2840.35 MB
Total Pagefile: 8188.56 MB
Available Pagefile: 6516.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.56 GB) (Free:73.74 GB) NTFS
Drive d: () (Fixed) (Total:126.44 GB) (Free:72.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: E4FA1FFE)
Partition 1: (Not Active) - (Size=9 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=126 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber 26.06.2014 15:05
Adware & Co. deinstallieren

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:01 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131