Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Gesellschaft zur Verfügung von Urheberrechtsverletzungen (https://www.trojaner-board.de/161934-gesellschaft-verfuegung-urheberrechtsverletzungen.html)

user54321 17.12.2014 13:49
Gesellschaft zur Verfügung von Urheberrechtsverletzungen
 
Ich hatte im Firefox folgende Tabs

http://abload.de/img/mistnwal9.png

Diese habe ich nun geschlossen nachdem FF abgeschmiert war (Absturzmelder) aber ob das damit gelöst ist? Auch ist der FF seit dem ab und zu am Abschmieren. Könnt ihr helfen und ggf mit mir prüfen ob alles wieder ok ist?

System: Win7 x64 Prof

Warlord711 17.12.2014 15:26
Hallo user54321

:hallo:

Mein Name ist Timo und ich werde Dir bei deinem Problem behilflich sein.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Hier findest du die Anleitung für Hilfesuchende
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scans durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist immer der sicherste Weg.

Wir arbeiten hier alle freiwillig und meist auch nur in unserer Freizeit. Daher kann es bei Antworten zu Verzögerungen kommen.
Solltest du innerhalb 48 Std keine Antwort von mir erhalten, dann schreib mit eine PM
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis ich oder jemand vom Team sagt, dass Du clean bist.


Führe sämtliche Tools mit administrativen Rechten aus, Vista, Win7,Win8 User mit Rechtsklick "als Administrator starten".

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


user54321 17.12.2014 16:05
Hallo und Danke schonmal. Da die Daten

FRST.txt
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01
Ran by admin (administrator) on ADMIN-PC on 17-12-2014 16:01:21
Running from C:\Users\admin\Downloads
Loaded Profile: admin (Available profiles: admin)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(CyberGhost S.R.L.) C:\Program Files\CyberGhost 5\CyberGhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Enigma Software Group USA, LLC.) C:\Users\admin\AppData\Local\Temp\esg_uninstall.exe~
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-3211856608-2535032003-951842301-1000\...\Run: [SwvUpdtr] => C:\Users\admin\AppData\Local\27935\Updater.exe [817152 2014-12-15] ()
HKU\S-1-5-21-3211856608-2535032003-951842301-1000\...\RunOnce: [Adobe Speed Launcher] => 1418793414
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.searchmania.info/?pid=21510&r=2014/12/15&hid=4641587441130878983&lg=EN&cc=DE&unqvl=70
HKU\S-1-5-21-3211856608-2535032003-951842301-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.searchmania.info/?pid=21510&r=2014/12/15&hid=4641587441130878983&lg=EN&cc=DE&unqvl=70
HKU\S-1-5-21-3211856608-2535032003-951842301-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchmania.info/?l=1&q={searchTerms}&pid=21510&r=2014/12/15&hid=4641587441130878983&lg=EN&cc=DE&unqvl=70
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchmania.info/?l=1&q={searchTerms}&pid=21510&r=2014/12/15&hid=4641587441130878983&lg=EN&cc=DE&unqvl=70
SearchScopes: HKU\S-1-5-21-3211856608-2535032003-951842301-1000 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchmania.info/?l=1&q={searchTerms}&pid=21510&r=2014/12/15&hid=4641587441130878983&lg=EN&cc=DE&unqvl=70
SearchScopes: HKU\S-1-5-21-3211856608-2535032003-951842301-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchmania.info/?l=1&q={searchTerms}&pid=21510&r=2014/12/15&hid=4641587441130878983&lg=EN&cc=DE&unqvl=70
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{B214FDA6-B4DA-4736-81EB-322B68F570A3}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\37bvezjs.default
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.searchmania.info/?pid=21510&r=2014/12/15&hid=4641587441130878983&lg=EN&cc=DE&unqvl=70&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Homepage: hxxp://websearch.searchmania.info/?pid=21510&r=2014/12/15&hid=4641587441130878983&lg=EN&cc=DE&unqvl=70
FF Keyword.URL: hxxp://websearch.searchmania.info/?pid=21510&r=2014/12/15&hid=4641587441130878983&lg=EN&cc=DE&unqvl=70&l=1&q=
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\37bvezjs.default\searchplugins\WebSearch.xml
FF Extension: Adblock Plus - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\37bvezjs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-15]
FF Extension: Greasemonkey - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\37bvezjs.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-12-15]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-17 16:01 - 2014-12-17 16:01 - 00005823 _____ () C:\Users\admin\Downloads\FRST.txt
2014-12-17 16:01 - 2014-12-17 16:01 - 00000000 ____D () C:\FRST
2014-12-17 16:00 - 2014-12-17 16:00 - 02119168 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe
2014-12-17 13:34 - 2014-12-17 13:34 - 340465664 _____ () C:\Users\admin\Downloads\kav_rescue_10-0513.iso
2014-12-17 13:33 - 2014-12-17 13:36 - 00000000 ____D () C:\AdwCleaner
2014-12-17 11:07 - 2014-12-17 11:07 - 00000000 _____ () C:\autoexec.bat
2014-12-17 11:06 - 2014-12-17 11:59 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Enigma Software Group
2014-12-17 09:04 - 2014-12-17 09:04 - 00000000 ____D () C:\ProgramData\3872871776
2014-12-15 20:41 - 2014-12-15 22:01 - 01055936 _____ (Adobe) C:\Users\admin\Downloads\install_flashplayer16x32_mssd_aaa_aih.exe
2014-12-15 19:08 - 2014-12-15 19:08 - 00000000 ____D () C:\ProgramData\4954111920111331822
2014-12-15 19:08 - 2014-12-15 19:08 - 00000000 ____D () C:\Program Files (x86)\BuyNsAve
2014-12-15 19:05 - 2014-12-15 19:05 - 01238528 _____ () C:\Users\admin\Downloads\Windows Loader v2.2.2 - Makes Windows 7 Genuine.exe
2014-12-15 19:01 - 2014-12-15 19:01 - 00000000 ____D () C:\Users\admin\AppData\Local\27935
2014-12-15 18:38 - 2014-12-15 18:38 - 00618176 _____ () C:\Users\admin\Downloads\Windows 7 Loader eXtreme Edition v3.503__7821_il1740.exe
2014-12-15 18:34 - 2014-12-15 18:34 - 00244264 _____ () C:\Users\admin\Downloads\Firefox Setup Stub 34.0.5.exe
2014-12-15 18:34 - 2014-12-15 18:34 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-15 18:34 - 2014-12-15 18:34 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-15 18:34 - 2014-12-15 18:34 - 00000000 ____D () C:\ProgramData\Mozilla
2014-12-15 18:34 - 2014-12-15 18:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-15 18:34 - 2014-12-15 18:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-15 18:26 - 2014-12-15 18:26 - 00001193 _____ () C:\Users\admin\Desktop\uConvert.lnk
2014-12-15 18:25 - 2014-12-15 18:25 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Adobe
2014-12-15 18:22 - 2014-12-15 18:23 - 00618176 _____ () C:\Users\admin\Downloads\Windows Loader 2.2.2__8173_il88.exe
2014-12-15 18:22 - 2014-12-15 18:22 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-15 18:21 - 2014-12-15 18:21 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-12-15 18:20 - 2014-12-15 18:55 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-15 18:16 - 2014-12-15 18:25 - 00000000 ____D () C:\Users\admin\AppData\Local\Adobe
2014-12-15 13:42 - 2014-12-15 13:42 - 00001186 _____ () C:\Users\admin\Desktop\CrystalDiskInfo.lnk
2014-12-15 13:42 - 2014-12-15 13:42 - 00000000 ____D () C:\Program Files (x86)\CrystalDiskInfo
2014-12-15 13:41 - 2014-12-15 13:41 - 02997112 _____ (Crystal Dew World ) C:\Users\admin\Downloads\CrystalDiskInfo6_2_2.exe
2014-12-15 10:13 - 2014-12-15 10:13 - 00000000 ____D () C:\Users\admin\AppData\Local\Geckofx
2014-12-15 10:12 - 2014-12-17 08:59 - 00000000 ____D () C:\Users\admin\AppData\Local\CyberGhost
2014-12-15 10:12 - 2014-12-15 10:12 - 00057560 _____ () C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-15 10:12 - 2014-12-15 10:12 - 00000000 ____D () C:\Program Files\TAP-Windows
2014-12-15 10:11 - 2014-12-16 11:59 - 00001881 _____ () C:\Users\admin\Desktop\CyberGhost 5.lnk
2014-12-15 10:11 - 2014-12-15 10:12 - 00000000 ____D () C:\Program Files\CyberGhost 5
2014-12-15 10:11 - 2014-12-15 10:11 - 09629976 _____ (CyberGhost S.R.L. ) C:\Users\admin\Downloads\CG_5.0.14.7.exe
2014-12-15 10:11 - 2014-12-15 10:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
2014-12-15 09:54 - 2014-12-15 09:59 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Mozilla
2014-12-15 09:54 - 2014-12-15 09:59 - 00000000 ____D () C:\Users\admin\AppData\Local\Mozilla
2014-12-12 02:10 - 2014-12-12 02:10 - 00003174 _____ () C:\Windows\System32\Tasks\{DC51DD64-587F-4150-ADC8-FFEEB113A483}
2014-12-12 02:01 - 2014-12-12 02:01 - 00003218 _____ () C:\Windows\System32\Tasks\{8CCC6E1D-2A62-48B9-8F29-B72E1C448F45}
2014-12-12 02:00 - 2014-12-12 02:00 - 00003214 _____ () C:\Windows\System32\Tasks\{08C056F2-A343-423B-9D55-3AFE464EED6A}
2014-12-07 23:14 - 2014-12-17 08:59 - 00000000 ____D () C:\Users\admin\AppData\Local\VirtualStore
2014-12-07 23:14 - 2014-12-07 23:14 - 00001443 _____ () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-07 23:14 - 2014-12-07 23:14 - 00001409 _____ () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-12-07 23:13 - 2014-12-07 23:14 - 00000000 ____D () C:\Users\admin
2014-12-07 23:13 - 2014-12-07 23:13 - 00000020 ___SH () C:\Users\admin\ntuser.ini
2014-12-07 23:13 - 2014-12-07 23:13 - 00000000 __SHD () C:\Recovery
2014-12-07 23:13 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-07 23:13 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-07 23:09 - 2014-12-07 23:09 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2014-12-07 23:09 - 2014-12-07 23:09 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2014-12-07 23:08 - 2014-12-07 23:08 - 00001355 _____ () C:\Windows\TSSysprep.log
2014-12-07 23:07 - 2014-12-17 15:47 - 00061566 _____ () C:\Windows\WindowsUpdate.log
2014-12-07 23:07 - 2014-12-07 23:07 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-12-07 23:07 - 2014-12-07 23:07 - 00000000 _____ () C:\Windows\system32\atiicdxx.dat
2014-12-07 23:07 - 2014-12-07 23:07 - 00000000 _____ () C:\Windows\ativpsrm.bin
2014-12-07 23:03 - 2014-12-07 23:13 - 00000000 ____D () C:\Windows\Panther
2014-12-07 23:02 - 2014-12-07 23:02 - 00000000 ____D () C:\Hotfix
2014-12-07 23:02 - 2011-02-16 03:16 - 00000029 ___RH () C:\Windows\version
2014-12-07 23:02 - 2011-02-16 03:16 - 00000013 ____R () C:\Windows\csup.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-17 15:49 - 2009-07-14 05:45 - 00020656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-17 15:49 - 2009-07-14 05:45 - 00020656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-17 06:16 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-17 06:16 - 2009-07-14 05:51 - 00030449 _____ () C:\Windows\setupact.log
2014-12-16 18:10 - 2009-07-14 06:13 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-15 18:32 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-12-15 10:08 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\restore
2014-12-07 23:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-07 23:11 - 2009-07-14 05:45 - 00274320 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-07 23:09 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-07 23:08 - 2009-07-14 05:46 - 00002790 _____ () C:\Windows\DtcInstall.log
2014-12-07 23:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-12-07 23:05 - 2010-11-21 08:17 - 00000000 ____D () C:\Windows\CSC
2014-12-07 23:03 - 2009-07-14 06:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2014-12-07 23:03 - 2009-07-14 06:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2014-12-07 23:02 - 2009-07-14 05:45 - 00000000 ____D () C:\Windows\Setup
2014-12-07 23:02 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Recovery
2014-12-07 23:02 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\oobe
2014-11-24 14:04 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\admin\AppData\Local\Temp\5434628bAd116.exe
C:\Users\admin\AppData\Local\Temp\dEADA786953.exe
C:\Users\admin\AppData\Local\Temp\EsgInstallerx64Stub.exe
C:\Users\admin\AppData\Local\Temp\Quarantine.exe
C:\Users\admin\AppData\Local\Temp\revs.exe
C:\Users\admin\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-16 17:08

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---


Addition.txtFRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2014 01
Ran by admin at 2014-12-17 16:02:21
Running from C:\Users\admin\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
CrystalDiskInfo 6.2.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.2.2 - Crystal Dew World)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Software Version Updater (HKU\S-1-5-21-3211856608-2535032003-951842301-1000\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.4.2 - ) <==== ATTENTION
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.18.9.4384 - Enigma Software Group, LLC)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

15-12-2014 09:08:49 Windows Update
15-12-2014 09:12:09 Device Driver Package Install: TAP-Windows Provider V9 Network adapters

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {35CE036B-941D-420D-85E4-D5B24921D8F8} - System32\Tasks\{DC51DD64-587F-4150-ADC8-FFEEB113A483} => pcalua.exe -a D:\945G7MA-8EKRS2\AUDIO\audio\HDA\5122\Setup.exe -d D:\945G7MA-8EKRS2\AUDIO\audio\HDA\5122
Task: {AE29DBEF-D729-4726-B7B9-E60B7E99825F} - System32\Tasks\{8CCC6E1D-2A62-48B9-8F29-B72E1C448F45} => pcalua.exe -a "D:\945G7MA-8EKRS2\945M01_RAID\945M01 RAID\IMSM\iata_cd.exe" -d "D:\945G7MA-8EKRS2\945M01_RAID\945M01 RAID\IMSM"
Task: {E353692C-69D7-4626-B9B6-B6B0FD0B83C5} - System32\Tasks\{08C056F2-A343-423B-9D55-3AFE464EED6A} => pcalua.exe -a D:\945G7MA-8EKRS2\AUDIO\audio\RealTek\A370_PG506\Setup.exe -d D:\945G7MA-8EKRS2\AUDIO\audio\RealTek\A370_PG506

==================== Loaded Modules (whitelisted) =============

2014-12-15 10:11 - 2014-10-15 20:11 - 00032768 _____ () C:\Program Files\CyberGhost 5\de\CyberGhost.resources.dll
2014-12-15 10:11 - 2014-11-03 17:32 - 01428584 _____ () C:\Program Files\CyberGhost 5\Geckofx-Core.dll
2014-12-15 10:13 - 2014-04-18 03:20 - 03378688 _____ () C:\Program Files\CyberGhost 5\data\xulrunner\mozjs.dll
2014-12-15 18:34 - 2014-11-26 17:40 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\admin\Downloads\Windows 7 Loader eXtreme Edition v3.503__7821_il1740.exe:typelib
AlternateDataStreams: C:\Users\admin\Downloads\Windows Loader 2.2.2__8173_il88.exe:typelib

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

admin (S-1-5-21-3211856608-2535032003-951842301-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-3211856608-2535032003-951842301-500 - Administrator - Disabled)
Guest (S-1-5-21-3211856608-2535032003-951842301-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3211856608-2535032003-951842301-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/17/2014 11:57:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7601.17514, time stamp: 0x4ce79912
Faulting module name: mshtml.dll, version: 8.0.7601.17514, time stamp: 0x4ce7b8f3
Exception code: 0xc0000005
Fault offset: 0x000d9e08
Faulting process id: 0x70
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (12/17/2014 10:14:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: sysmain.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9db
Exception code: 0xc0000005
Fault offset: 0x000000000002d562
Faulting process id: 0xae8
Faulting application start time: 0xsvchost.exe_SysMain0
Faulting application path: svchost.exe_SysMain1
Faulting module path: svchost.exe_SysMain2
Report Id: svchost.exe_SysMain3

Error: (12/17/2014 09:51:00 AM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (332) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 19767296 (0x00000000012da000) (database page Catalog Database0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The expected checksum was [05fb7a04c7b5b686] and the actual checksum was [657b1a84c7b5b686].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (12/17/2014 09:45:47 AM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (332) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 19767296 (0x00000000012da000) (database page Catalog Database0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The expected checksum was [05fb7a04c7b5b686] and the actual checksum was [657b1a84c7b5b686].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (12/17/2014 09:43:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: sysmain.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9db
Exception code: 0xc0000005
Fault offset: 0x000000000002d562
Faulting process id: 0x94
Faulting application start time: 0xsvchost.exe_SysMain0
Faulting application path: svchost.exe_SysMain1
Faulting module path: svchost.exe_SysMain2
Report Id: svchost.exe_SysMain3

Error: (12/17/2014 06:17:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: sysmain.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9db
Exception code: 0xc0000005
Fault offset: 0x000000000002d562
Faulting process id: 0x724
Faulting application start time: 0xsvchost.exe_SysMain0
Faulting application path: svchost.exe_SysMain1
Faulting module path: svchost.exe_SysMain2
Report Id: svchost.exe_SysMain3

Error: (12/17/2014 06:17:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/16/2014 08:22:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: sysmain.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9db
Exception code: 0xc0000005
Fault offset: 0x000000000002d562
Faulting process id: 0x5e4
Faulting application start time: 0xsvchost.exe_SysMain0
Faulting application path: svchost.exe_SysMain1
Faulting module path: svchost.exe_SysMain2
Report Id: svchost.exe_SysMain3

Error: (12/16/2014 08:21:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/16/2014 08:20:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: sysmain.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9db
Exception code: 0xc0000005
Fault offset: 0x000000000002d562
Faulting process id: 0x56c
Faulting application start time: 0xsvchost.exe_SysMain0
Faulting application path: svchost.exe_SysMain1
Faulting module path: svchost.exe_SysMain2
Report Id: svchost.exe_SysMain3


System errors:
=============
Error: (12/17/2014 10:14:14 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Superfetch service terminated unexpectedly.  It has done this 3 time(s).

Error: (12/17/2014 09:43:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Superfetch service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (12/17/2014 06:17:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Superfetch service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (12/16/2014 08:22:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Superfetch service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (12/16/2014 08:20:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Superfetch service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (12/16/2014 05:18:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Superfetch service terminated unexpectedly.  It has done this 3 time(s).

Error: (12/16/2014 05:13:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Superfetch service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (12/16/2014 04:27:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Superfetch service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (12/16/2014 04:23:07 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (12/16/2014 04:23:07 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (12/17/2014 11:57:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.7601.175144ce79912mshtml.dll8.0.7601.175144ce7b8f3c0000005000d9e087001d019e80d1518e2C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\mshtml.dll87035358-85db-11e4-a90d-00155865553b

Error: (12/17/2014 10:14:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc3c1sysmain.dll6.1.7601.175144ce7c9dbc0000005000000000002d562ae801d019d59e9aa6cbC:\Windows\system32\svchost.exec:\windows\system32\sysmain.dll11451ffa-85cd-11e4-a90d-00155865553b

Error: (12/17/2014 09:51:00 AM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database332Catalog Database: C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb19767296 (0x00000000012da000)4096 (0x00001000)-1018 (0xfffffc06)[05fb7a04c7b5b686][657b1a84c7b5b686]4825 (0x12D9)

Error: (12/17/2014 09:45:47 AM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database332Catalog Database: C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb19767296 (0x00000000012da000)4096 (0x00001000)-1018 (0xfffffc06)[05fb7a04c7b5b686][657b1a84c7b5b686]4825 (0x12D9)

Error: (12/17/2014 09:43:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc3c1sysmain.dll6.1.7601.175144ce7c9dbc0000005000000000002d5629401d019b8f21b8ab4C:\Windows\system32\svchost.exec:\windows\system32\sysmain.dllb86c1521-85c8-11e4-a90d-00155865553b

Error: (12/17/2014 06:17:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc3c1sysmain.dll6.1.7601.175144ce7c9dbc0000005000000000002d56272401d019b8a97946deC:\Windows\system32\svchost.exec:\windows\system32\sysmain.dll0bf1bdbe-85ac-11e4-a90d-00155865553b

Error: (12/17/2014 06:17:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/16/2014 08:22:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc3c1sysmain.dll6.1.7601.175144ce7c9dbc0000005000000000002d5625e401d019658d115e10C:\Windows\system32\svchost.exec:\windows\system32\sysmain.dlle94a312f-8558-11e4-9dce-00155865553b

Error: (12/16/2014 08:21:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/16/2014 08:20:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc3c1sysmain.dll6.1.7601.175144ce7c9dbc0000005000000000002d56256c01d01965428cc07aC:\Windows\system32\svchost.exec:\windows\system32\sysmain.dlla6c99d8f-8558-11e4-9dce-00155865553b


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) D CPU 2.80GHz
Percentage of memory in use: 64%
Total physical RAM: 2046.49 MB
Available physical RAM: 736.32 MB
Total Pagefile: 4092.98 MB
Available Pagefile: 2613.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.43 GB) (Free:60.63 GB) NTFS
Drive d: () (Fixed) (Total:74.53 GB) (Free:74.22 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 9CE89CE8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: A9D1C9DF)
Partition 1: (Not Active) - (Size=74.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---

Warlord711 17.12.2014 16:27
Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:
    Software Version Updater
  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 



Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

user54321 18.12.2014 06:56
Muss nochmal fix 3 Tage ins KH, melde mich dann umgehend zurück ;)

user54321 23.12.2014 16:53
So nun zurück

Uninstaller: Check

AdwcleanerAdwCleaner Logfile:
Code:
# AdwCleaner v4.106 - Report created 23/12/2014 at 15:07:19
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Local]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : admin - ADMIN-PC
# Running from : C:\Users\admin\Downloads\AdwCleaner_4.106.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\4954111920111331822
Folder Deleted : C:\Program Files (x86)\BuyNsave
File Deleted : C:\Users\admin\Favorites\Startfenster.lnk
File Deleted : C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Startfenster.lnk
File Deleted : C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Startfenster.lnk
File Deleted : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\BuyNsave.BuyNsave
Key Deleted : HKLM\SOFTWARE\Classes\BuyNsave.BuyNsave.9
Key Deleted : HKLM\SOFTWARE\Classes\.
Key Deleted : HKLM\SOFTWARE\Classes\..9
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7ad70611-4dfd-4c40-b208-0e318a9d77fb}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{eacb15cd-78c6-4462-b4ad-af93c1fb2d93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7ad70611-4dfd-4c40-b208-0e318a9d77fb}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{eacb15cd-78c6-4462-b4ad-af93c1fb2d93}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{7ad70611-4dfd-4c40-b208-0e318a9d77fb}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{eacb15cd-78c6-4462-b4ad-af93c1fb2d93}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{48CBDCBD-B020-4D3F-B745-6567E34A0709}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{48CBDCBD-B020-4D3F-B745-6567E34A0709}
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{842C4394-47F7-60DE-480B-C09116B63559}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7601.17514

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v34.0.5 (x86 de)

[37bvezjs.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
[37bvezjs.default\prefs.js] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.searchmania.info/?pid=21510&r=2014/12/15&hid=4641587441130878983&lg=EN&cc=DE&unqvl=70&l=1&q=");
[37bvezjs.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "WebSearch");
[37bvezjs.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
[37bvezjs.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "WebSearch");
[37bvezjs.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
[37bvezjs.default\prefs.js] - Line Deleted : user_pref("extensions.2Ujo3Ov1WmXFXqob.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[37bvezjs.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://websearch.searchmania.info/?pid=21510&r=2014/12/15&hid=4641587441130878983&lg=EN&cc=DE&unqvl=70&l=1&q=");

*************************

AdwCleaner[R0].txt - [5265 octets] - [17/12/2014 13:34:49]
AdwCleaner[R1].txt - [5231 octets] - [23/12/2014 14:59:01]
AdwCleaner[S0].txt - [4759 octets] - [23/12/2014 15:07:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4819 octets] ##########
--- --- ---


JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Professional x64
Ran by admin on 23.12.2014 at 15:13:41,31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Users\admin\favorites\links\startfenster.lnk"



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\37bvezjs.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.12.2014 at 15:17:47,87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

MBAM

Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 23.12.2014
Suchlauf-Zeit: 15:23:10
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2014.12.23.03
Rootkit Datenbank: v2014.12.14.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: admin

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 308948
Verstrichene Zeit: 17 Min, 5 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 1
Rogue.Multiple, C:\ProgramData\3872871776, In Quarantäne, [a7987de9502c0630dcf9e92aca3954ac],

Dateien: 5
PUP.Optional.OutBrowse, C:\Users\admin\AppData\Local\Temp\revs.exe, In Quarantäne, [ce71ce98a4d8fb3be071808004fe718f],
PUP.Optional.MultiPlug.A, C:\Users\admin\AppData\Local\Temp\1F3ce\temp\hpds_setup.exe, In Quarantäne, [cc732e383d3fe65062d618f48d75817f],
PUP.Optional.Amonetize, C:\Users\admin\Downloads\Windows 7 Loader eXtreme Edition v3.503__7821_il1740.exe, In Quarantäne, [53ecdf87bdbf5ed8982f56a323deda26],
PUP.Optional.Amonetize, C:\Users\admin\Downloads\Windows Loader 2.2.2__8173_il88.exe, In Quarantäne, [41feec7a2a5202349b2ce613fc050df3],
Rogue.Multiple, C:\ProgramData\3872871776\BIT480C.tmp, In Quarantäne, [a7987de9502c0630dcf9e92aca3954ac],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

FRST
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01
Ran by admin (administrator) on ADMIN-PC on 23-12-2014 16:51:19
Running from C:\Users\admin\Downloads
Loaded Profile: admin (Available profiles: admin)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-3211856608-2535032003-951842301-1000\...\RunOnce: [Adobe Speed Launcher] => 1419349334
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-3211856608-2535032003-951842301-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3211856608-2535032003-951842301-1000] => http=127.0.0.1:8887;https=127.0.0.1:8887;
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\S-1-5-21-3211856608-2535032003-951842301-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{B214FDA6-B4DA-4736-81EB-322B68F570A3}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\37bvezjs.default
FF DefaultSearchEngine: SuchMaschine
FF Homepage: google.de
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\37bvezjs.default\searchplugins\suchmaschine.xml
FF Extension: Adblock Plus - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\37bvezjs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-15]
FF Extension: Greasemonkey - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\37bvezjs.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-12-15]
FF Extension: search - C:\Users\admin\AppData\Local\Temp\VLC\search.xpi [2014-12-16]
FF Extension: No Name - {ba2c82b0-7fa8-11e4-b4a9-0800200c9a66} [Not Found]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-23 16:50 - 2014-12-23 16:50 - 00001892 _____ () C:\Users\admin\Desktop\mbam.txt
2014-12-23 15:22 - 2014-12-23 16:47 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-23 15:22 - 2014-12-23 15:22 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-23 15:22 - 2014-12-23 15:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-23 15:22 - 2014-12-23 15:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-23 15:22 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-23 15:22 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-23 15:22 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-23 15:17 - 2014-12-23 15:17 - 00000838 _____ () C:\Users\admin\Desktop\JRT.txt
2014-12-23 14:58 - 2014-12-23 14:58 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\admin\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-23 14:58 - 2014-12-23 14:58 - 00000000 ____D () C:\Windows\ERUNT
2014-12-23 14:57 - 2014-12-23 14:57 - 01707646 _____ (Thisisu) C:\Users\admin\Downloads\JRT.exe
2014-12-23 14:53 - 2014-12-23 14:54 - 02173952 _____ () C:\Users\admin\Downloads\AdwCleaner_4.106.exe
2014-12-23 08:32 - 2014-05-14 17:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-12-23 08:32 - 2014-05-14 17:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-12-23 08:32 - 2014-05-14 17:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-12-23 08:32 - 2014-05-14 17:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-12-23 08:31 - 2014-05-14 17:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-12-23 08:31 - 2014-05-14 17:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-12-23 08:31 - 2014-05-14 17:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-12-23 08:31 - 2014-05-14 17:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-12-23 08:31 - 2014-05-14 17:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-12-23 08:31 - 2014-05-14 17:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-12-23 08:31 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-12-23 08:31 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-12-23 08:31 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-12-23 08:31 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-12-22 23:15 - 2014-12-22 23:15 - 00000612 _____ () C:\Windows\KB888111.log
2014-12-22 23:15 - 2005-03-24 01:08 - 02547008 ____N (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\Drivers\RtkHDAud.Sys
2014-12-22 23:15 - 2005-02-24 23:20 - 02311680 ____N (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\Drivers\alcxwdm.sys
2014-12-22 23:15 - 2005-02-24 03:12 - 09298432 ____N (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RTLCPL.exe
2014-12-22 23:14 - 2014-12-22 23:33 - 00000000 ____D () C:\Users\admin\AppData\Roaming\vlc
2014-12-22 23:07 - 2014-12-22 23:07 - 00000740 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-12-22 23:07 - 2014-12-22 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-12-22 23:07 - 2014-12-22 23:07 - 00000000 ____D () C:\Program Files\VLC
2014-12-22 22:03 - 2014-12-22 23:19 - 00000000 ____D () C:\Program Files (x86)\Startfenster
2014-12-22 22:02 - 2014-12-22 22:02 - 25816568 _____ () C:\Users\admin\Downloads\vlc-2.1.5-win64.exe
2014-12-22 21:45 - 2014-12-22 21:45 - 00002212 _____ () C:\Users\Public\Desktop\Google Earth.lnk
2014-12-22 21:45 - 2014-12-22 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2014-12-22 21:43 - 2014-12-23 16:48 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-22 21:43 - 2014-12-23 16:42 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-22 21:43 - 2014-12-22 21:53 - 00000000 ____D () C:\Users\admin\AppData\Local\Google
2014-12-22 21:43 - 2014-12-22 21:53 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-22 21:43 - 2014-12-22 21:43 - 00880784 _____ (Google Inc.) C:\Users\admin\Downloads\googleupdatesetup.exe
2014-12-22 21:43 - 2014-12-22 21:43 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-22 21:43 - 2014-12-22 21:43 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-17 18:59 - 2014-12-17 18:59 - 236320311 _____ () C:\Windows\MEMORY.DMP
2014-12-17 18:59 - 2014-12-17 18:59 - 00262144 _____ () C:\Windows\Minidump\121714-28843-01.dmp
2014-12-17 18:59 - 2014-12-17 18:59 - 00000000 ____D () C:\Windows\Minidump
2014-12-17 18:31 - 2014-12-17 18:31 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Macromedia
2014-12-17 18:31 - 2014-12-17 18:31 - 00000000 ____D () C:\Users\admin\AppData\Local\Macromedia
2014-12-17 17:40 - 2014-12-17 17:40 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-17 17:40 - 2014-12-17 17:40 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-17 17:40 - 2014-12-17 17:40 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-12-17 17:40 - 2014-12-17 17:40 - 00000000 ____D () C:\Windows\system32\Macromed
2014-12-17 17:05 - 2014-12-17 17:05 - 00001264 _____ () C:\Users\admin\Desktop\Revo Uninstaller.lnk
2014-12-17 17:05 - 2014-12-17 17:05 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-17 17:04 - 2014-12-17 17:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\admin\Downloads\revosetup95.exe
2014-12-17 16:02 - 2014-12-17 16:02 - 00017365 _____ () C:\Users\admin\Downloads\Addition.txt
2014-12-17 16:01 - 2014-12-23 16:51 - 00005221 _____ () C:\Users\admin\Downloads\FRST.txt
2014-12-17 16:01 - 2014-12-23 16:51 - 00000000 ____D () C:\FRST
2014-12-17 16:00 - 2014-12-17 16:00 - 02119168 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe
2014-12-17 13:34 - 2014-12-17 13:34 - 340465664 _____ () C:\Users\admin\Downloads\kav_rescue_10-0513.iso
2014-12-17 13:33 - 2014-12-23 15:07 - 00000000 ____D () C:\AdwCleaner
2014-12-17 11:07 - 2014-12-17 11:07 - 00000000 _____ () C:\autoexec.bat
2014-12-15 20:41 - 2014-12-15 22:01 - 01055936 _____ (Adobe) C:\Users\admin\Downloads\install_flashplayer16x32_mssd_aaa_aih.exe
2014-12-15 19:05 - 2014-12-15 19:05 - 01238528 _____ () C:\Users\admin\Downloads\Windows Loader v2.2.2 - Makes Windows 7 Genuine.exe
2014-12-15 18:34 - 2014-12-22 23:19 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-15 18:34 - 2014-12-22 23:19 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-15 18:34 - 2014-12-15 18:34 - 00244264 _____ () C:\Users\admin\Downloads\Firefox Setup Stub 34.0.5.exe
2014-12-15 18:34 - 2014-12-15 18:34 - 00000000 ____D () C:\ProgramData\Mozilla
2014-12-15 18:34 - 2014-12-15 18:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-15 18:34 - 2014-12-15 18:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-15 18:25 - 2014-12-17 18:31 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Adobe
2014-12-15 18:22 - 2014-12-15 18:22 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-15 18:21 - 2014-12-15 18:21 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-12-15 18:20 - 2014-12-15 18:55 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-15 18:16 - 2014-12-17 17:39 - 00000000 ____D () C:\Users\admin\AppData\Local\Adobe
2014-12-15 13:42 - 2014-12-15 13:42 - 00001186 _____ () C:\Users\admin\Desktop\CrystalDiskInfo.lnk
2014-12-15 13:42 - 2014-12-15 13:42 - 00000000 ____D () C:\Program Files (x86)\CrystalDiskInfo
2014-12-15 13:41 - 2014-12-15 13:41 - 02997112 _____ (Crystal Dew World ) C:\Users\admin\Downloads\CrystalDiskInfo6_2_2.exe
2014-12-15 10:13 - 2014-12-15 10:13 - 00000000 ____D () C:\Users\admin\AppData\Local\Geckofx
2014-12-15 10:12 - 2014-12-17 17:10 - 00000000 ____D () C:\Users\admin\AppData\Local\CyberGhost
2014-12-15 10:12 - 2014-12-15 10:12 - 00057560 _____ () C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-15 10:12 - 2014-12-15 10:12 - 00000000 ____D () C:\Program Files\TAP-Windows
2014-12-15 10:11 - 2014-12-16 11:59 - 00001881 _____ () C:\Users\admin\Desktop\CyberGhost 5.lnk
2014-12-15 10:11 - 2014-12-15 10:12 - 00000000 ____D () C:\Program Files\CyberGhost 5
2014-12-15 10:11 - 2014-12-15 10:11 - 09629976 _____ (CyberGhost S.R.L. ) C:\Users\admin\Downloads\CG_5.0.14.7.exe
2014-12-15 10:11 - 2014-12-15 10:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
2014-12-15 09:54 - 2014-12-15 09:59 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Mozilla
2014-12-15 09:54 - 2014-12-15 09:59 - 00000000 ____D () C:\Users\admin\AppData\Local\Mozilla
2014-12-12 02:10 - 2014-12-12 02:10 - 00003174 _____ () C:\Windows\System32\Tasks\{DC51DD64-587F-4150-ADC8-FFEEB113A483}
2014-12-12 02:01 - 2014-12-12 02:01 - 00003218 _____ () C:\Windows\System32\Tasks\{8CCC6E1D-2A62-48B9-8F29-B72E1C448F45}
2014-12-12 02:00 - 2014-12-12 02:00 - 00003214 _____ () C:\Windows\System32\Tasks\{08C056F2-A343-423B-9D55-3AFE464EED6A}
2014-12-07 23:14 - 2014-12-22 23:19 - 00001443 _____ () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-07 23:14 - 2014-12-17 08:59 - 00000000 ____D () C:\Users\admin\AppData\Local\VirtualStore
2014-12-07 23:14 - 2014-12-07 23:14 - 00001409 _____ () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-12-07 23:13 - 2014-12-07 23:14 - 00000000 ____D () C:\Users\admin
2014-12-07 23:13 - 2014-12-07 23:13 - 00000020 ___SH () C:\Users\admin\ntuser.ini
2014-12-07 23:13 - 2014-12-07 23:13 - 00000000 __SHD () C:\Recovery
2014-12-07 23:13 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-07 23:13 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-07 23:09 - 2014-12-07 23:09 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2014-12-07 23:09 - 2014-12-07 23:09 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2014-12-07 23:08 - 2014-12-07 23:08 - 00001355 _____ () C:\Windows\TSSysprep.log
2014-12-07 23:07 - 2014-12-23 16:39 - 00388263 _____ () C:\Windows\WindowsUpdate.log
2014-12-07 23:07 - 2014-12-07 23:07 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-12-07 23:07 - 2014-12-07 23:07 - 00000000 _____ () C:\Windows\system32\atiicdxx.dat
2014-12-07 23:07 - 2014-12-07 23:07 - 00000000 _____ () C:\Windows\ativpsrm.bin
2014-12-07 23:03 - 2014-12-07 23:13 - 00000000 ____D () C:\Windows\Panther
2014-12-07 23:02 - 2014-12-07 23:02 - 00000000 ____D () C:\Hotfix
2014-12-07 23:02 - 2011-02-16 03:16 - 00000029 ___RH () C:\Windows\version
2014-12-07 23:02 - 2011-02-16 03:16 - 00000013 ____R () C:\Windows\csup.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-23 16:48 - 2009-07-14 05:45 - 00023712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-23 16:48 - 2009-07-14 05:45 - 00023712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-23 16:41 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-23 16:41 - 2009-07-14 05:51 - 00034503 _____ () C:\Windows\setupact.log
2014-12-23 16:40 - 2010-11-21 04:47 - 00007058 _____ () C:\Windows\PFRO.log
2014-12-23 16:39 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Globalization
2014-12-23 15:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-22 23:31 - 2009-07-14 06:08 - 00007676 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-22 21:54 - 2009-07-14 06:13 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-15 18:32 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-12-15 10:08 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\restore
2014-12-07 23:11 - 2009-07-14 05:45 - 00274320 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-07 23:09 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-07 23:08 - 2009-07-14 05:46 - 00002790 _____ () C:\Windows\DtcInstall.log
2014-12-07 23:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-12-07 23:05 - 2010-11-21 08:17 - 00000000 ____D () C:\Windows\CSC
2014-12-07 23:03 - 2009-07-14 06:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2014-12-07 23:03 - 2009-07-14 06:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2014-12-07 23:02 - 2009-07-14 05:45 - 00000000 ____D () C:\Windows\Setup
2014-12-07 23:02 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Recovery
2014-12-07 23:02 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\oobe
2014-11-24 14:04 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\admin\AppData\Local\Temp\5434628bAd116.exe
C:\Users\admin\AppData\Local\Temp\dEADA786953.exe
C:\Users\admin\AppData\Local\Temp\Quarantine.exe
C:\Users\admin\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-16 17:08

==================== End Of Log ============================
--- --- ---

--- --- ---


Mir ist aufgefallen das mein Windows Update nun aus ist?!:wtf:

Warlord711 24.12.2014 14:15
Zitat:
ProxyEnable: [S-1-5-21-3211856608-2535032003-951842301-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3211856608-2535032003-951842301-1000] => http=127.0.0.1:8887;https=127.0.0.1:8887;
Ist der lokale Proxy gewollt ?

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\S-1-5-21-3211856608-2535032003-951842301-1000\...\RunOnce: [Adobe Speed Launcher] => 1419349334
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


user54321 24.12.2014 14:38
Heute und nur heute hatte ich mal via Cyberghost gesurft aber ich musste vor paar Tagen beim Firefox von Proxy des Systems verwenden auf keinen Proxy umstellen um ins Internet zu kommen. IE stellt gar keine Internetverbindung mehr aktuell her - grad extra getestet da sonst nie bnutzt :( Sommit bin ich überfragt?! :crazy: :confused:






Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-12-2014
Ran by admin at 2014-12-24 14:30:50 Run:1
Running from C:\Users\admin\Downloads
Loaded Profile: admin (Available profiles: admin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-3211856608-2535032003-951842301-1000\...\RunOnce: [Adobe Speed Launcher] => 1419349334
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
emptytemp:
*****************

HKU\S-1-5-21-3211856608-2535032003-951842301-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Adobe Speed Launcher => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
EmptyTemp: => Removed 663.2 MB temporary data.


The system needed a reboot.

==== End of Fixlog 14:31:31 ====

Warlord711 30.12.2014 13:32
Zitat:
Heute und nur heute hatte ich mal via Cyberghost gesurft aber ich musste vor paar Tagen beim Firefox von Proxy des Systems verwenden auf keinen Proxy umstellen um ins Internet zu kommen. IE stellt gar keine Internetverbindung mehr aktuell her - grad extra getestet da sonst nie bnutzt Sommit bin ich überfragt?!
Also surfst du i.d.R. per eingetragenem Proxy im Firefox ?
Oder stand der schon auf Proxy vom System (Internet Explorer Proxy = System Proxy) ?

Falls ja, welche Proxy Software läuft denn da lokal ?

user54321 30.12.2014 13:41
Da mal im Anhang

http://abload.de/img/dddd45u5r.png


Obwohl seit deinem letzten Schritt scheint es wieder zu gehen?!
Nutze ab und an Cyberghost


Danke erstmal soweit :daumenhoc

Warlord711 30.12.2014 13:47
Nein, nur weil das IE Proxy steht, heisst das nicht das der ausschliesslich vom IE genutzt wird.

Der Proxy ist der System Proxy. Das die Firefox Proxy Einstellung auf System Proxy steht ist richtig, wenn dieser System Proxy aber von Malware/Adware geändert wird, ist das halt nicht mehr so gut.

Cyberghost nutzt VPN und kein Proxy.

Mach bitte noch den Fix um den Systemproxy zu löschen:

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ProxyEnable: [S-1-5-21-3211856608-2535032003-951842301-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3211856608-2535032003-951842301-1000] => http=127.0.0.1:8887;https=127.0.0.1:8887;

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


user54321 30.12.2014 17:53
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014
Ran by admin at 2014-12-30 17:52:10 Run:2
Running from C:\Users\admin\Downloads
Loaded Profile: admin (Available profiles: admin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ProxyEnable: [S-1-5-21-3211856608-2535032003-951842301-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3211856608-2535032003-951842301-1000] => http=127.0.0.1:8887;https=127.0.0.1:8887;
*****************

HKU\S-1-5-21-3211856608-2535032003-951842301-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\S-1-5-21-3211856608-2535032003-951842301-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.

==== End of Fixlog 17:52:10 ====

Warlord711 02.01.2015 14:19
Ok.

Löschen wir noch die temporären Dateien und dann einmal Komplettscan mit ESET.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


user54321 05.01.2015 07:54
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-01-2015
Ran by admin at 2015-01-05 07:46:13 Run:3
Running from C:\Users\admin\Downloads
Loaded Profile: admin (Available profiles: admin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
emptytemp:
*****************

EmptyTemp: => Removed 137.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog 07:46:33 ====

Warlord711 05.01.2015 08:59
Der ESET wird etwas an Zeit brauchen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:21 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131