Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Clearthink von avast entdeckt (https://www.trojaner-board.de/162435-clearthink-avast-entdeckt.html)

Famthom 04.01.2015 13:51
Clearthink von avast entdeckt
 
Hallo Zusammen,

Avast Free meldet einen Befall mit Clearthink.
Leider kann ich die Logdatei nicht finden.
Aber hier schon mal die FRST-Logs:

Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-01-2015 03
Ran by Lea (administrator) on LEA-PC on 04-01-2015 13:33:34
Running from C:\Users\Lea\Desktop
Loaded Profile: Lea (Available profiles: Lea)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVM Berlin) C:\Program Files\avmwlanstick\FRITZWLANMini.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AVMWlanClient] => C:\Program Files\avmwlanstick\FRITZWLANMini.exe [283136 2007-02-02] (AVM Berlin)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-06] (AVAST Software)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2303256 2014-05-19] (Logitech, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2560501654-756462450-3539424939-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [631816 2014-05-29] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-2560501654-756462450-3539424939-1000\...\MountPoints2: {307667ca-3599-11e4-bc8e-001fc683a71b} - G:\pushinst.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2560501654-756462450-3539424939-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2560501654-756462450-3539424939-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
HKU\S-1-5-21-2560501654-756462450-3539424939-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Lea\AppData\Roaming\Mozilla\Firefox\Profiles\7z479hb6.default
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Easy Youtube Video Downloader Express - C:\Users\Lea\AppData\Roaming\Mozilla\Firefox\Profiles\7z479hb6.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2014-10-03]
FF Extension: Adblock Plus - C:\Users\Lea\AppData\Roaming\Mozilla\Firefox\Profiles\7z479hb6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-23]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-06]
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-09-23]

Chrome:
=======
CHR Profile: C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-06]
CHR Extension: (Google Drive) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (avast! Online Security) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-06]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-06]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-06] (AVAST Software)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [134664 2014-05-29] (Sandboxie Holdings, LLC)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-09-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-09-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-09-06] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-09-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-11-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-09-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-09-06] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-09-06] ()
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2007-01-26] (AVM Berlin) [File not signed]
R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2007-01-26] (AVM GmbH)
R3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28312 2014-03-19] (Logitech, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [160264 2014-05-29] (Sandboxie Holdings, LLC)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-04 13:33 - 2015-01-04 13:34 - 00007631 _____ () C:\Users\Lea\Desktop\FRST.txt
2015-01-04 13:33 - 2015-01-04 13:33 - 00000000 ____D () C:\FRST
2015-01-04 13:32 - 2015-01-04 13:32 - 01115136 _____ (Farbar) C:\Users\Lea\Desktop\FRST.exe
2014-12-25 13:58 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-16 14:24 - 2014-12-16 14:24 - 00002702 _____ () C:\Users\Lea\Downloads\legitcheck (1).hta
2014-12-16 14:23 - 2014-12-16 14:26 - 00002702 _____ () C:\Users\Lea\Downloads\legitcheck.hta
2014-12-16 14:14 - 2014-12-16 14:14 - 00000000 __SHD () C:\Users\Lea\AppData\Local\EmieBrowserModeList
2014-12-16 14:14 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-16 14:14 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-16 14:14 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-16 14:14 - 2014-11-22 03:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-16 14:14 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-16 14:14 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-16 14:14 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-16 14:14 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-16 14:14 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-16 14:14 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-16 14:14 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-16 14:14 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-16 14:14 - 2014-11-22 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-16 14:14 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-16 14:14 - 2014-11-22 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-16 14:14 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-16 14:14 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-16 14:14 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-16 14:14 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-16 14:14 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-16 14:14 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-16 14:14 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-16 14:14 - 2014-11-22 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-16 14:14 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-16 14:14 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-16 14:14 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-16 14:14 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-16 14:14 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-16 14:14 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-16 14:12 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-16 14:02 - 2014-12-16 14:02 - 00159144 _____ (Microsoft Corporation) C:\Users\Lea\Desktop\WindowsActivationUpdate.exe
2014-12-10 14:19 - 2014-12-10 14:19 - 00506456 _____ () C:\Windows\Minidump\121014-14118-01.dmp
2014-12-07 19:00 - 2014-12-07 19:00 - 00505896 _____ () C:\Windows\Minidump\120714-13774-01.dmp
2014-12-07 17:49 - 2014-12-07 17:49 - 00521392 _____ () C:\Windows\Minidump\120714-14944-01.dmp
2014-12-06 12:38 - 2014-12-06 12:39 - 00593336 _____ () C:\Windows\Minidump\120614-19968-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-04 13:31 - 2014-09-06 08:39 - 01143763 _____ () C:\Windows\WindowsUpdate.log
2015-01-04 13:28 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-04 13:28 - 2009-07-14 05:39 - 00026611 _____ () C:\Windows\setupact.log
2015-01-04 12:57 - 2009-07-14 05:34 - 00035936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-04 12:57 - 2009-07-14 05:34 - 00035936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-04 11:23 - 2014-09-06 11:55 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-04 11:11 - 2014-10-03 13:53 - 00001598 _____ () C:\Windows\Sandboxie.ini
2014-12-25 13:51 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-12-16 14:37 - 2014-09-23 16:59 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-16 14:35 - 2014-09-23 16:59 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-16 14:01 - 2014-09-06 10:15 - 00019810 _____ () C:\Windows\avmfwlanci.log
2014-12-16 13:47 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-10 14:19 - 2014-09-07 10:30 - 192950588 _____ () C:\Windows\MEMORY.DMP
2014-12-10 14:19 - 2014-09-07 10:30 - 00000000 ____D () C:\Windows\Minidump
2014-12-06 12:22 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-12-06 12:05 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-06 12:14

==================== End Of Log ============================


Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-01-2015 03
Ran by Lea at 2015-01-04 13:34:20
Running from C:\Users\Lea\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
Firefox Packages (HKU\S-1-5-21-2560501654-756462450-3539424939-1000\...\Firefox Packages) (Version:  - ) <==== ATTENTION
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
LibreOffice 4.3.1.2 (HKLM\...\{303C2B0D-03AF-4C25-A443-E62DE8AA36A8}) (Version: 4.3.1.2 - The Document Foundation)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0.2 (x86 de) (HKLM\...\Mozilla Firefox 32.0.2 (x86 de)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
Sandboxie 4.12 (32-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

29-09-2014 15:25:32 Windows Update
29-09-2014 15:27:45 Windows Update
03-10-2014 13:09:12 Windows Update
04-11-2014 20:19:14 Windows Update
30-11-2014 19:55:54 Windows Update
16-12-2014 14:03:20 Windows Update
16-12-2014 14:34:58 Windows Update
25-12-2014 14:01:22 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {232D50C5-9CC3-4FDE-A3D2-4FB9FDF570E1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-06] (AVAST Software)
Task: {51A98424-A4BF-4E66-B865-7A14C29C887A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-06] (Google Inc.)
Task: {5A966F94-3644-410E-8FA6-F95A69ACEE2F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-06] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-09-06 11:54 - 2014-09-06 11:54 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2015-01-04 11:11 - 2015-01-04 11:11 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010400\algo.dll
2014-09-06 11:54 - 2014-09-06 11:54 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-09-23 17:09 - 2014-09-23 17:09 - 03734640 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2560501654-756462450-3539424939-500 - Administrator - Disabled)
Gast (S-1-5-21-2560501654-756462450-3539424939-501 - Limited - Disabled)
Lea (S-1-5-21-2560501654-756462450-3539424939-1000 - Administrator - Enabled) => C:\Users\Lea

==================== Faulty Device Manager Devices =============

Name: Coprozessor
Description: Coprozessor
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/04/2015 01:28:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/04/2015 00:44:35 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Fehler beim Erwerb der Endbenutzerlizenz. hr=0xC004C008
SKU-ID=da22eadd-46dc-4056-a287-f5041c852470

Error: (01/04/2015 00:44:35 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: Lizenzerwerb-Fehlerdetails.
hr=0xC004C008

Error: (01/04/2015 00:43:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/04/2015 11:11:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/25/2014 01:53:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/16/2014 02:34:13 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Fehler beim Erwerb der Endbenutzerlizenz. hr=0xC004C008
SKU-ID=da22eadd-46dc-4056-a287-f5041c852470

Error: (12/16/2014 02:34:13 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: Lizenzerwerb-Fehlerdetails.
hr=0xC004C008

Error: (12/16/2014 02:30:16 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Fehler beim Erwerb der Endbenutzerlizenz. hr=0xC004C008
SKU-ID=da22eadd-46dc-4056-a287-f5041c852470

Error: (12/16/2014 02:30:16 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: Lizenzerwerb-Fehlerdetails.
hr=0xC004C008


System errors:
=============
Error: (01/04/2015 00:57:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Sandboxie Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/04/2015 00:44:00 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {DD522ACC-F821-461A-A407-50B198B896DC}

Error: (12/16/2014 01:53:49 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (12/16/2014 01:40:57 PM) (Source: Microsoft-Windows-Application-Experience) (EventID: 205) (User: NT-AUTORITÄT)
Description: Der Dienst "Programmkompatibilitäts-Assistent" konnte Phase 2 nicht initialisieren.

Error: (12/10/2014 02:19:26 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000009f (0x00000003, 0x85f7a030, 0x82b46ae0, 0x84918e20)C:\Windows\MEMORY.DMP121014-14118-01

Error: (12/10/2014 01:59:00 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (12/07/2014 07:00:19 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000009f (0x00000003, 0x85f81030, 0x82b2fae0, 0x86a732a8)C:\Windows\MEMORY.DMP120714-13774-01

Error: (12/07/2014 05:49:55 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000009f (0x00000003, 0x86591030, 0x82b64ae0, 0x85587680)C:\Windows\MEMORY.DMP120714-14944-01

Error: (12/07/2014 01:09:04 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.

Error: (12/06/2014 00:39:01 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000009f (0x00000003, 0x86012030, 0x82b30ae0, 0x84d9d008)C:\Windows\MEMORY.DMP120614-19968-01


Microsoft Office Sessions:
=========================
Error: (01/04/2015 01:28:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/04/2015 00:44:35 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: hr=0xC004C008da22eadd-46dc-4056-a287-f5041c852470

Error: (01/04/2015 00:44:35 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: hr=0xC004C00800010001(0x00000000, 12:44:34:634 - hxxp://go.microsoft.com/fwlink/?LinkID=88341)
00020001(0x00000000, 12:44:34:634)
00030001(0x00000000, 12:44:34:634 - hxxp://go.microsoft.com)
00030002(0x00000000, 12:44:34:634 - 1)
00020005(0x00000000, 12:44:34:634 - 0)
0002000C(0x00000000, 12:44:34:899 - 302)
0002000E(0x00000000, 12:44:34:899 - https://activation.sls.microsoft.com/sllicensing/SLLicense.asmx)
00020001(0x00000000, 12:44:34:899)
00030001(0x00000000, 12:44:34:899 - https://activation.sls.microsoft.com)
00030002(0x00000000, 12:44:34:899 - 1)
00020005(0x00000000, 12:44:34:899 - 0)
0002000C(0x00000000, 12:44:35:242 - 500)
00010002(0x8004FC01, 12:44:35:242 - <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="hxxp://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="hxxp://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="hxxp://www.w3.org/2001/XMLSchema"><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>SoapException</faultstring><detail><HRESULT>0xC004C008</HRESULT><Messages><Message>113 (Activation) - [PA Maximum unlock exceeded.  ---&gt; Maximum unlock exceeded]</Message></Messages></detail></soap:Fault></soap:Body></soap:Envelope>)
00010003(0x8004FC01, 12:44:35:273)

Error: (01/04/2015 00:43:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/04/2015 11:11:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/25/2014 01:53:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/16/2014 02:34:13 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: hr=0xC004C008da22eadd-46dc-4056-a287-f5041c852470

Error: (12/16/2014 02:34:13 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: hr=0xC004C00800010001(0x00000000, 14:34:13:349 - hxxp://go.microsoft.com/fwlink/?LinkID=88341)
00020001(0x00000000, 14:34:13:349)
00030001(0x00000000, 14:34:13:349 - hxxp://go.microsoft.com)
00030002(0x00000000, 14:34:13:349 - 1)
00020005(0x00000000, 14:34:13:349 - 0)
0002000C(0x00000000, 14:34:13:536 - 302)
0002000E(0x00000000, 14:34:13:536 - https://activation.sls.microsoft.com/sllicensing/SLLicense.asmx)
00020001(0x00000000, 14:34:13:536)
00030001(0x00000000, 14:34:13:536 - https://activation.sls.microsoft.com)
00030002(0x00000000, 14:34:13:536 - 1)
00020005(0x00000000, 14:34:13:536 - 0)
0002000C(0x00000000, 14:34:13:863 - 500)
00010002(0x8004FC01, 14:34:13:863 - <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="hxxp://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="hxxp://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="hxxp://www.w3.org/2001/XMLSchema"><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>SoapException</faultstring><detail><HRESULT>0xC004C008</HRESULT><Messages><Message>113 (Activation) - [PA Maximum unlock exceeded.  ---&gt; Maximum unlock exceeded]</Message></Messages></detail></soap:Fault></soap:Body></soap:Envelope>)
00010003(0x8004FC01, 14:34:13:863)

Error: (12/16/2014 02:30:16 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: hr=0xC004C008da22eadd-46dc-4056-a287-f5041c852470

Error: (12/16/2014 02:30:16 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: hr=0xC004C00800010001(0x00000000, 14:30:15:993 - hxxp://go.microsoft.com/fwlink/?LinkID=88341)
00020001(0x00000000, 14:30:15:993)
00030001(0x00000000, 14:30:15:993 - hxxp://go.microsoft.com)
00030002(0x00000000, 14:30:15:993 - 1)
00020005(0x00000000, 14:30:15:993 - 0)
0002000C(0x00000000, 14:30:16:180 - 302)
0002000E(0x00000000, 14:30:16:180 - https://activation.sls.microsoft.com/sllicensing/SLLicense.asmx)
00020001(0x00000000, 14:30:16:180)
00030001(0x00000000, 14:30:16:180 - https://activation.sls.microsoft.com)
00030002(0x00000000, 14:30:16:180 - 1)
00020005(0x00000000, 14:30:16:180 - 0)
0002000C(0x00000000, 14:30:16:539 - 500)
00010002(0x8004FC01, 14:30:16:539 - <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="hxxp://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="hxxp://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="hxxp://www.w3.org/2001/XMLSchema"><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>SoapException</faultstring><detail><HRESULT>0xC004C008</HRESULT><Messages><Message>113 (Activation) - [PA Maximum unlock exceeded.  ---&gt; Maximum unlock exceeded]</Message></Messages></detail></soap:Fault></soap:Body></soap:Envelope>)
00010003(0x8004FC01, 14:30:16:539)


==================== Memory info ===========================

Processor: AMD Athlon(tm) Dual Core Processor 4450e
Percentage of memory in use: 48%
Total physical RAM: 1919.24 MB
Available physical RAM: 981.36 MB
Total Pagefile: 3838.48 MB
Available Pagefile: 2716.6 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:117.46 GB) (Free:89.34 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Leas Krempel) (Fixed) (Total:31.58 GB) (Free:30.63 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 3B5D576D)
Partition 1: (Active) - (Size=117.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=31.6 GB) - (Type=OF Extended)

==================== End Of Log ============================

Ich hoffe, es ist noch was zu retten.
Gruß
Famthom

schrauber 04.01.2015 13:53
hi,

Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Firefox Packages


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Famthom 21.01.2015 16:52
Hallo,
lange hats gedauert.

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 21.01.2015
Suchlauf-Zeit: 16:18:53
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.21.06
Rootkit Datenbank: v2015.01.14.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Lea

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 294709
Verstrichene Zeit: 6 Min, 19 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
Code:
# AdwCleaner v4.108 - Bericht erstellt am 21/01/2015 um 16:29:38
# Aktualisiert 17/01/2015 von Xplode
# Database : 2015-01-18.1 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : Lea - LEA-PC
# Gestartet von : C:\Users\Lea\Desktop\AdwCleaner_4.108.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Lea\AppData\Local\DownloadGuide

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\ClearThink

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v32.0.2 (x86 de)


-\\ Google Chrome v39.0.2171.99


*************************

AdwCleaner[R0].txt - [2912 octets] - [03/10/2014 13:31:07]
AdwCleaner[R1].txt - [1228 octets] - [21/01/2015 16:27:01]
AdwCleaner[S0].txt - [2973 octets] - [03/10/2014 13:33:00]
AdwCleaner[S1].txt - [1149 octets] - [21/01/2015 16:29:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1209 octets] ##########

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Professional x86
Ran by Lea on 21.01.2015 at 16:33:16,20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.01.2015 at 16:38:56,98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2015
Ran by Lea (administrator) on LEA-PC on 21-01-2015 16:40:09
Running from C:\Users\Lea\Desktop
Loaded Profiles: Lea (Available profiles: Lea)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(AVM Berlin) C:\Program Files\avmwlanstick\FRITZWLANMini.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AVMWlanClient] => C:\Program Files\avmwlanstick\FRITZWLANMini.exe [283136 2007-02-02] (AVM Berlin)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-06] (AVAST Software)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2303256 2014-05-19] (Logitech, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2560501654-756462450-3539424939-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [631816 2014-05-29] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-2560501654-756462450-3539424939-1000\...\MountPoints2: {307667ca-3599-11e4-bc8e-001fc683a71b} - G:\pushinst.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2560501654-756462450-3539424939-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2560501654-756462450-3539424939-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
HKU\S-1-5-21-2560501654-756462450-3539424939-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Lea\AppData\Roaming\Mozilla\Firefox\Profiles\7z479hb6.default
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Easy Youtube Video Downloader Express - C:\Users\Lea\AppData\Roaming\Mozilla\Firefox\Profiles\7z479hb6.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2014-10-03]
FF Extension: Adblock Plus - C:\Users\Lea\AppData\Roaming\Mozilla\Firefox\Profiles\7z479hb6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-23]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-06]
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-09-23]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=AV01
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=AV01"
CHR Profile: C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-06]
CHR Extension: (Google Drive) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (Avast Online Security) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-06]
CHR Extension: (Google Wallet) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-13]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-06]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-06] (AVAST Software)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [134664 2014-05-29] (Sandboxie Holdings, LLC)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-09-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-09-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-09-06] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-09-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-11-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-09-06] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-09-06] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-09-06] ()
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2007-01-26] (AVM Berlin) [File not signed]
R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2007-01-26] (AVM GmbH)
R3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28312 2014-03-19] (Logitech, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [160264 2014-05-29] (Sandboxie Holdings, LLC)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-21 16:40 - 2015-01-21 16:40 - 00009033 _____ () C:\Users\Lea\Desktop\FRST.txt
2015-01-21 16:40 - 2015-01-21 16:40 - 00000000 ____D () C:\Users\Lea\Desktop\FRST-OlderVersion
2015-01-21 16:38 - 2015-01-21 16:39 - 00000623 _____ () C:\Users\Lea\Desktop\JRT.txt
2015-01-21 16:32 - 2015-01-21 16:32 - 00001289 _____ () C:\Users\Lea\Desktop\AdwCleaner[S1].txt
2015-01-21 16:25 - 2015-01-21 16:25 - 00001198 _____ () C:\Users\Lea\Desktop\mbam.txt
2015-01-21 16:16 - 2015-01-21 16:16 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-21 16:13 - 2015-01-21 16:13 - 01707939 _____ (Thisisu) C:\Users\Lea\Desktop\JRT.exe
2015-01-21 16:12 - 2015-01-21 16:13 - 02186752 _____ () C:\Users\Lea\Desktop\AdwCleaner_4.108.exe
2015-01-21 16:06 - 2015-01-21 16:06 - 00000000 ____D () C:\Users\Lea\AppData\Roaming\TeamViewer
2015-01-21 16:05 - 2015-01-21 16:06 - 05337800 _____ (TeamViewer) C:\Users\Lea\Desktop\TeamViewerQS_de.exe
2015-01-20 14:21 - 2015-01-20 14:21 - 00502896 _____ () C:\Windows\Minidump\012015-16068-01.dmp
2015-01-20 13:45 - 2015-01-20 13:46 - 05337800 _____ (TeamViewer) C:\Users\Lea\TeamViewerQS_de.exe
2015-01-17 13:36 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-17 13:36 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-17 13:36 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-17 13:36 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-17 13:36 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-17 13:36 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 13:46 - 2015-01-13 13:46 - 00498248 _____ () C:\Windows\Minidump\011315-14320-01.dmp
2015-01-06 19:12 - 2015-01-06 19:12 - 00507280 _____ () C:\Windows\Minidump\010615-15116-01.dmp
2015-01-06 18:39 - 2015-01-06 18:39 - 00001222 _____ () C:\Users\Lea\Desktop\Revo Uninstaller.lnk
2015-01-06 18:39 - 2015-01-06 18:39 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-01-04 13:33 - 2015-01-21 16:40 - 00000000 ____D () C:\FRST
2015-01-04 13:32 - 2015-01-21 16:40 - 01118208 _____ (Farbar) C:\Users\Lea\Desktop\FRST.exe
2014-12-25 13:58 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-21 16:38 - 2014-10-03 13:15 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-21 16:38 - 2009-07-14 05:34 - 00035936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-21 16:38 - 2009-07-14 05:34 - 00035936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-21 16:34 - 2014-09-06 08:39 - 01542640 _____ () C:\Windows\WindowsUpdate.log
2015-01-21 16:31 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-21 16:31 - 2009-07-14 05:39 - 00027283 _____ () C:\Windows\setupact.log
2015-01-21 16:30 - 2010-11-20 22:48 - 00033338 _____ () C:\Windows\PFRO.log
2015-01-21 16:29 - 2014-10-03 13:31 - 00000000 ____D () C:\AdwCleaner
2015-01-21 16:27 - 2014-09-06 11:55 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-21 16:16 - 2014-10-03 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-21 16:16 - 2014-10-03 13:14 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-20 14:21 - 2014-09-07 10:30 - 00000000 ____D () C:\Windows\Minidump
2015-01-20 14:20 - 2014-09-07 10:30 - 211849564 _____ () C:\Windows\MEMORY.DMP
2015-01-20 13:46 - 2014-09-06 09:40 - 00000000 ____D () C:\Users\Lea
2015-01-17 14:04 - 2014-09-23 16:59 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-17 14:01 - 2014-09-23 16:59 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-17 13:29 - 2014-10-03 13:53 - 00001598 _____ () C:\Windows\Sandboxie.ini
2015-01-08 09:55 - 2014-09-06 11:34 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-25 13:51 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE

==================== Files in the root of some directories =======
2014-09-06 11:20 - 2014-10-03 13:20 - 0000065 _____ () C:\Users\Lea\AppData\Roaming\WB.CFG

Files to move or delete:
====================
C:\Users\Lea\TeamViewerQS_de.exe


Some content of TEMP:
====================
C:\Users\Lea\AppData\Local\Temp\Quarantine.exe
C:\Users\Lea\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-06 12:14

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---



Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2015
Ran by Lea at 2015-01-21 16:40:56
Running from C:\Users\Lea\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
LibreOffice 4.3.1.2 (HKLM\...\{303C2B0D-03AF-4C25-A443-E62DE8AA36A8}) (Version: 4.3.1.2 - The Document Foundation)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0.2 (x86 de) (HKLM\...\Mozilla Firefox 32.0.2 (x86 de)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Sandboxie 4.12 (32-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

03-10-2014 13:09:12 Windows Update
04-11-2014 20:19:14 Windows Update
30-11-2014 19:55:54 Windows Update
16-12-2014 14:03:20 Windows Update
16-12-2014 14:34:58 Windows Update
25-12-2014 14:01:22 Windows Update
06-01-2015 18:41:33 Revo Uninstaller's restore point - Firefox Packages
13-01-2015 13:53:56 Windows Update
17-01-2015 13:35:44 Windows Update
17-01-2015 13:59:51 Windows Update
21-01-2015 16:05:21 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {232D50C5-9CC3-4FDE-A3D2-4FB9FDF570E1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-06] (AVAST Software)
Task: {51A98424-A4BF-4E66-B865-7A14C29C887A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-06] (Google Inc.)
Task: {5A966F94-3644-410E-8FA6-F95A69ACEE2F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-06] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-09-06 11:54 - 2014-09-06 11:54 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2015-01-21 16:01 - 2015-01-21 16:01 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15012100\algo.dll
2014-09-06 11:54 - 2014-09-06 11:54 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2560501654-756462450-3539424939-500 - Administrator - Disabled)
Gast (S-1-5-21-2560501654-756462450-3539424939-501 - Limited - Disabled)
Lea (S-1-5-21-2560501654-756462450-3539424939-1000 - Administrator - Enabled) => C:\Users\Lea

==================== Faulty Device Manager Devices =============

Name: Coprozessor
Description: Coprozessor
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: AMD Athlon(tm) Dual Core Processor 4450e
Percentage of memory in use: 53%
Total physical RAM: 1919.24 MB
Available physical RAM: 888.94 MB
Total Pagefile: 3838.48 MB
Available Pagefile: 2542.35 MB
Total Virtual: 2047.88 MB
Available Virtual: 1926.23 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:117.46 GB) (Free:88.17 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Leas Krempel) (Fixed) (Total:31.58 GB) (Free:30.63 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 3B5D576D)
Partition 1: (Active) - (Size=117.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=31.6 GB) - (Type=OF Extended)

==================== End Of Log ============================

So, hoffentlich erstmal alles was Du benötigst,
und vielen Dank für die Ausdauer.

Ach so, mit Revo alles wie angegeben deinstalliert.

schrauber 21.01.2015 21:55

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:24 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55