Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Clearthink von avast entdeckt (https://www.trojaner-board.de/162435-clearthink-avast-entdeckt.html)

Famthom 04.01.2015 13:51
Clearthink von avast entdeckt
 
Hallo Zusammen,

Avast Free meldet einen Befall mit Clearthink.
Leider kann ich die Logdatei nicht finden.
Aber hier schon mal die FRST-Logs:

Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-01-2015 03
Ran by Lea (administrator) on LEA-PC on 04-01-2015 13:33:34
Running from C:\Users\Lea\Desktop
Loaded Profile: Lea (Available profiles: Lea)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVM Berlin) C:\Program Files\avmwlanstick\FRITZWLANMini.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AVMWlanClient] => C:\Program Files\avmwlanstick\FRITZWLANMini.exe [283136 2007-02-02] (AVM Berlin)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-06] (AVAST Software)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2303256 2014-05-19] (Logitech, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2560501654-756462450-3539424939-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [631816 2014-05-29] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-2560501654-756462450-3539424939-1000\...\MountPoints2: {307667ca-3599-11e4-bc8e-001fc683a71b} - G:\pushinst.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2560501654-756462450-3539424939-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2560501654-756462450-3539424939-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
HKU\S-1-5-21-2560501654-756462450-3539424939-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Lea\AppData\Roaming\Mozilla\Firefox\Profiles\7z479hb6.default
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Easy Youtube Video Downloader Express - C:\Users\Lea\AppData\Roaming\Mozilla\Firefox\Profiles\7z479hb6.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2014-10-03]
FF Extension: Adblock Plus - C:\Users\Lea\AppData\Roaming\Mozilla\Firefox\Profiles\7z479hb6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-23]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-06]
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-09-23]

Chrome:
=======
CHR Profile: C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-06]
CHR Extension: (Google Drive) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (avast! Online Security) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-06]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-06]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-06] (AVAST Software)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [134664 2014-05-29] (Sandboxie Holdings, LLC)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-09-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-09-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-09-06] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-09-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-11-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-09-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-09-06] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-09-06] ()
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2007-01-26] (AVM Berlin) [File not signed]
R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2007-01-26] (AVM GmbH)
R3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28312 2014-03-19] (Logitech, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [160264 2014-05-29] (Sandboxie Holdings, LLC)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-04 13:33 - 2015-01-04 13:34 - 00007631 _____ () C:\Users\Lea\Desktop\FRST.txt
2015-01-04 13:33 - 2015-01-04 13:33 - 00000000 ____D () C:\FRST
2015-01-04 13:32 - 2015-01-04 13:32 - 01115136 _____ (Farbar) C:\Users\Lea\Desktop\FRST.exe
2014-12-25 13:58 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-16 14:24 - 2014-12-16 14:24 - 00002702 _____ () C:\Users\Lea\Downloads\legitcheck (1).hta
2014-12-16 14:23 - 2014-12-16 14:26 - 00002702 _____ () C:\Users\Lea\Downloads\legitcheck.hta
2014-12-16 14:14 - 2014-12-16 14:14 - 00000000 __SHD () C:\Users\Lea\AppData\Local\EmieBrowserModeList
2014-12-16 14:14 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-16 14:14 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-16 14:14 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-16 14:14 - 2014-11-22 03:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-16 14:14 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-16 14:14 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-16 14:14 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-16 14:14 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-16 14:14 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-16 14:14 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-16 14:14 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-16 14:14 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-16 14:14 - 2014-11-22 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-16 14:14 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-16 14:14 - 2014-11-22 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-16 14:14 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-16 14:14 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-16 14:14 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-16 14:14 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-16 14:14 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-16 14:14 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-16 14:14 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-16 14:14 - 2014-11-22 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-16 14:14 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-16 14:14 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-16 14:14 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-16 14:14 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-16 14:14 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-16 14:14 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-16 14:12 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-16 14:02 - 2014-12-16 14:02 - 00159144 _____ (Microsoft Corporation) C:\Users\Lea\Desktop\WindowsActivationUpdate.exe
2014-12-10 14:19 - 2014-12-10 14:19 - 00506456 _____ () C:\Windows\Minidump\121014-14118-01.dmp
2014-12-07 19:00 - 2014-12-07 19:00 - 00505896 _____ () C:\Windows\Minidump\120714-13774-01.dmp
2014-12-07 17:49 - 2014-12-07 17:49 - 00521392 _____ () C:\Windows\Minidump\120714-14944-01.dmp
2014-12-06 12:38 - 2014-12-06 12:39 - 00593336 _____ () C:\Windows\Minidump\120614-19968-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-04 13:31 - 2014-09-06 08:39 - 01143763 _____ () C:\Windows\WindowsUpdate.log
2015-01-04 13:28 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-04 13:28 - 2009-07-14 05:39 - 00026611 _____ () C:\Windows\setupact.log
2015-01-04 12:57 - 2009-07-14 05:34 - 00035936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-04 12:57 - 2009-07-14 05:34 - 00035936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-04 11:23 - 2014-09-06 11:55 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-04 11:11 - 2014-10-03 13:53 - 00001598 _____ () C:\Windows\Sandboxie.ini
2014-12-25 13:51 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-12-16 14:37 - 2014-09-23 16:59 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-16 14:35 - 2014-09-23 16:59 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-16 14:01 - 2014-09-06 10:15 - 00019810 _____ () C:\Windows\avmfwlanci.log
2014-12-16 13:47 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-10 14:19 - 2014-09-07 10:30 - 192950588 _____ () C:\Windows\MEMORY.DMP
2014-12-10 14:19 - 2014-09-07 10:30 - 00000000 ____D () C:\Windows\Minidump
2014-12-06 12:22 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-12-06 12:05 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-06 12:14

==================== End Of Log ============================


Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-01-2015 03
Ran by Lea at 2015-01-04 13:34:20
Running from C:\Users\Lea\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
Firefox Packages (HKU\S-1-5-21-2560501654-756462450-3539424939-1000\...\Firefox Packages) (Version:  - ) <==== ATTENTION
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
LibreOffice 4.3.1.2 (HKLM\...\{303C2B0D-03AF-4C25-A443-E62DE8AA36A8}) (Version: 4.3.1.2 - The Document Foundation)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0.2 (x86 de) (HKLM\...\Mozilla Firefox 32.0.2 (x86 de)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
Sandboxie 4.12 (32-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

29-09-2014 15:25:32 Windows Update
29-09-2014 15:27:45 Windows Update
03-10-2014 13:09:12 Windows Update
04-11-2014 20:19:14 Windows Update
30-11-2014 19:55:54 Windows Update
16-12-2014 14:03:20 Windows Update
16-12-2014 14:34:58 Windows Update
25-12-2014 14:01:22 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {232D50C5-9CC3-4FDE-A3D2-4FB9FDF570E1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-06] (AVAST Software)
Task: {51A98424-A4BF-4E66-B865-7A14C29C887A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-06] (Google Inc.)
Task: {5A966F94-3644-410E-8FA6-F95A69ACEE2F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-06] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-09-06 11:54 - 2014-09-06 11:54 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2015-01-04 11:11 - 2015-01-04 11:11 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010400\algo.dll
2014-09-06 11:54 - 2014-09-06 11:54 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-09-23 17:09 - 2014-09-23 17:09 - 03734640 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2560501654-756462450-3539424939-500 - Administrator - Disabled)
Gast (S-1-5-21-2560501654-756462450-3539424939-501 - Limited - Disabled)
Lea (S-1-5-21-2560501654-756462450-3539424939-1000 - Administrator - Enabled) => C:\Users\Lea

==================== Faulty Device Manager Devices =============

Name: Coprozessor
Description: Coprozessor
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/04/2015 01:28:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/04/2015 00:44:35 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Fehler beim Erwerb der Endbenutzerlizenz. hr=0xC004C008
SKU-ID=da22eadd-46dc-4056-a287-f5041c852470

Error: (01/04/2015 00:44:35 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: Lizenzerwerb-Fehlerdetails.
hr=0xC004C008

Error: (01/04/2015 00:43:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/04/2015 11:11:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/25/2014 01:53:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/16/2014 02:34:13 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Fehler beim Erwerb der Endbenutzerlizenz. hr=0xC004C008
SKU-ID=da22eadd-46dc-4056-a287-f5041c852470

Error: (12/16/2014 02:34:13 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: Lizenzerwerb-Fehlerdetails.
hr=0xC004C008

Error: (12/16/2014 02:30:16 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Fehler beim Erwerb der Endbenutzerlizenz. hr=0xC004C008
SKU-ID=da22eadd-46dc-4056-a287-f5041c852470

Error: (12/16/2014 02:30:16 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: Lizenzerwerb-Fehlerdetails.
hr=0xC004C008


System errors:
=============
Error: (01/04/2015 00:57:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Sandboxie Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/04/2015 00:44:00 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {DD522ACC-F821-461A-A407-50B198B896DC}

Error: (12/16/2014 01:53:49 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (12/16/2014 01:40:57 PM) (Source: Microsoft-Windows-Application-Experience) (EventID: 205) (User: NT-AUTORITÄT)
Description: Der Dienst "Programmkompatibilitäts-Assistent" konnte Phase 2 nicht initialisieren.

Error: (12/10/2014 02:19:26 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000009f (0x00000003, 0x85f7a030, 0x82b46ae0, 0x84918e20)C:\Windows\MEMORY.DMP121014-14118-01

Error: (12/10/2014 01:59:00 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (12/07/2014 07:00:19 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000009f (0x00000003, 0x85f81030, 0x82b2fae0, 0x86a732a8)C:\Windows\MEMORY.DMP120714-13774-01

Error: (12/07/2014 05:49:55 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000009f (0x00000003, 0x86591030, 0x82b64ae0, 0x85587680)C:\Windows\MEMORY.DMP120714-14944-01

Error: (12/07/2014 01:09:04 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.

Error: (12/06/2014 00:39:01 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000009f (0x00000003, 0x86012030, 0x82b30ae0, 0x84d9d008)C:\Windows\MEMORY.DMP120614-19968-01


Microsoft Office Sessions:
=========================
Error: (01/04/2015 01:28:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/04/2015 00:44:35 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: hr=0xC004C008da22eadd-46dc-4056-a287-f5041c852470

Error: (01/04/2015 00:44:35 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: hr=0xC004C00800010001(0x00000000, 12:44:34:634 - hxxp://go.microsoft.com/fwlink/?LinkID=88341)
00020001(0x00000000, 12:44:34:634)
00030001(0x00000000, 12:44:34:634 - hxxp://go.microsoft.com)
00030002(0x00000000, 12:44:34:634 - 1)
00020005(0x00000000, 12:44:34:634 - 0)
0002000C(0x00000000, 12:44:34:899 - 302)
0002000E(0x00000000, 12:44:34:899 - https://activation.sls.microsoft.com/sllicensing/SLLicense.asmx)
00020001(0x00000000, 12:44:34:899)
00030001(0x00000000, 12:44:34:899 - https://activation.sls.microsoft.com)
00030002(0x00000000, 12:44:34:899 - 1)
00020005(0x00000000, 12:44:34:899 - 0)
0002000C(0x00000000, 12:44:35:242 - 500)
00010002(0x8004FC01, 12:44:35:242 - <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="hxxp://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="hxxp://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="hxxp://www.w3.org/2001/XMLSchema"><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>SoapException</faultstring><detail><HRESULT>0xC004C008</HRESULT><Messages><Message>113 (Activation) - [PA Maximum unlock exceeded.  ---&gt; Maximum unlock exceeded]</Message></Messages></detail></soap:Fault></soap:Body></soap:Envelope>)
00010003(0x8004FC01, 12:44:35:273)

Error: (01/04/2015 00:43:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/04/2015 11:11:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/25/2014 01:53:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/16/2014 02:34:13 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: hr=0xC004C008da22eadd-46dc-4056-a287-f5041c852470

Error: (12/16/2014 02:34:13 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: hr=0xC004C00800010001(0x00000000, 14:34:13:349 - hxxp://go.microsoft.com/fwlink/?LinkID=88341)
00020001(0x00000000, 14:34:13:349)
00030001(0x00000000, 14:34:13:349 - hxxp://go.microsoft.com)
00030002(0x00000000, 14:34:13:349 - 1)
00020005(0x00000000, 14:34:13:349 - 0)
0002000C(0x00000000, 14:34:13:536 - 302)
0002000E(0x00000000, 14:34:13:536 - https://activation.sls.microsoft.com/sllicensing/SLLicense.asmx)
00020001(0x00000000, 14:34:13:536)
00030001(0x00000000, 14:34:13:536 - https://activation.sls.microsoft.com)
00030002(0x00000000, 14:34:13:536 - 1)
00020005(0x00000000, 14:34:13:536 - 0)
0002000C(0x00000000, 14:34:13:863 - 500)
00010002(0x8004FC01, 14:34:13:863 - <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="hxxp://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="hxxp://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="hxxp://www.w3.org/2001/XMLSchema"><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>SoapException</faultstring><detail><HRESULT>0xC004C008</HRESULT><Messages><Message>113 (Activation) - [PA Maximum unlock exceeded.  ---&gt; Maximum unlock exceeded]</Message></Messages></detail></soap:Fault></soap:Body></soap:Envelope>)
00010003(0x8004FC01, 14:34:13:863)

Error: (12/16/2014 02:30:16 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: hr=0xC004C008da22eadd-46dc-4056-a287-f5041c852470

Error: (12/16/2014 02:30:16 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: hr=0xC004C00800010001(0x00000000, 14:30:15:993 - hxxp://go.microsoft.com/fwlink/?LinkID=88341)
00020001(0x00000000, 14:30:15:993)
00030001(0x00000000, 14:30:15:993 - hxxp://go.microsoft.com)
00030002(0x00000000, 14:30:15:993 - 1)
00020005(0x00000000, 14:30:15:993 - 0)
0002000C(0x00000000, 14:30:16:180 - 302)
0002000E(0x00000000, 14:30:16:180 - https://activation.sls.microsoft.com/sllicensing/SLLicense.asmx)
00020001(0x00000000, 14:30:16:180)
00030001(0x00000000, 14:30:16:180 - https://activation.sls.microsoft.com)
00030002(0x00000000, 14:30:16:180 - 1)
00020005(0x00000000, 14:30:16:180 - 0)
0002000C(0x00000000, 14:30:16:539 - 500)
00010002(0x8004FC01, 14:30:16:539 - <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="hxxp://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="hxxp://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="hxxp://www.w3.org/2001/XMLSchema"><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>SoapException</faultstring><detail><HRESULT>0xC004C008</HRESULT><Messages><Message>113 (Activation) - [PA Maximum unlock exceeded.  ---&gt; Maximum unlock exceeded]</Message></Messages></detail></soap:Fault></soap:Body></soap:Envelope>)
00010003(0x8004FC01, 14:30:16:539)


==================== Memory info ===========================

Processor: AMD Athlon(tm) Dual Core Processor 4450e
Percentage of memory in use: 48%
Total physical RAM: 1919.24 MB
Available physical RAM: 981.36 MB
Total Pagefile: 3838.48 MB
Available Pagefile: 2716.6 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:117.46 GB) (Free:89.34 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Leas Krempel) (Fixed) (Total:31.58 GB) (Free:30.63 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 3B5D576D)
Partition 1: (Active) - (Size=117.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=31.6 GB) - (Type=OF Extended)

==================== End Of Log ============================

Ich hoffe, es ist noch was zu retten.
Gruß
Famthom

schrauber 04.01.2015 13:53
hi,

Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Firefox Packages


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Famthom 21.01.2015 16:52
Hallo,
lange hats gedauert.

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 21.01.2015
Suchlauf-Zeit: 16:18:53
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.21.06
Rootkit Datenbank: v2015.01.14.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Lea

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 294709
Verstrichene Zeit: 6 Min, 19 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
Code:
# AdwCleaner v4.108 - Bericht erstellt am 21/01/2015 um 16:29:38
# Aktualisiert 17/01/2015 von Xplode
# Database : 2015-01-18.1 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : Lea - LEA-PC
# Gestartet von : C:\Users\Lea\Desktop\AdwCleaner_4.108.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Lea\AppData\Local\DownloadGuide

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\ClearThink

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v32.0.2 (x86 de)


-\\ Google Chrome v39.0.2171.99


*************************

AdwCleaner[R0].txt - [2912 octets] - [03/10/2014 13:31:07]
AdwCleaner[R1].txt - [1228 octets] - [21/01/2015 16:27:01]
AdwCleaner[S0].txt - [2973 octets] - [03/10/2014 13:33:00]
AdwCleaner[S1].txt - [1149 octets] - [21/01/2015 16:29:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1209 octets] ##########

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Professional x86
Ran by Lea on 21.01.2015 at 16:33:16,20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.01.2015 at 16:38:56,98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2015
Ran by Lea (administrator) on LEA-PC on 21-01-2015 16:40:09
Running from C:\Users\Lea\Desktop
Loaded Profiles: Lea (Available profiles: Lea)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(AVM Berlin) C:\Program Files\avmwlanstick\FRITZWLANMini.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AVMWlanClient] => C:\Program Files\avmwlanstick\FRITZWLANMini.exe [283136 2007-02-02] (AVM Berlin)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-06] (AVAST Software)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2303256 2014-05-19] (Logitech, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2560501654-756462450-3539424939-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [631816 2014-05-29] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-2560501654-756462450-3539424939-1000\...\MountPoints2: {307667ca-3599-11e4-bc8e-001fc683a71b} - G:\pushinst.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2560501654-756462450-3539424939-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2560501654-756462450-3539424939-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
HKU\S-1-5-21-2560501654-756462450-3539424939-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Lea\AppData\Roaming\Mozilla\Firefox\Profiles\7z479hb6.default
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Easy Youtube Video Downloader Express - C:\Users\Lea\AppData\Roaming\Mozilla\Firefox\Profiles\7z479hb6.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2014-10-03]
FF Extension: Adblock Plus - C:\Users\Lea\AppData\Roaming\Mozilla\Firefox\Profiles\7z479hb6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-23]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-06]
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-09-23]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=AV01
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=AV01"
CHR Profile: C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-06]
CHR Extension: (Google Drive) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (Avast Online Security) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-06]
CHR Extension: (Google Wallet) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-13]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-06]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-06] (AVAST Software)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [134664 2014-05-29] (Sandboxie Holdings, LLC)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-09-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-09-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-09-06] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-09-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-11-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-09-06] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-09-06] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-09-06] ()
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2007-01-26] (AVM Berlin) [File not signed]
R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2007-01-26] (AVM GmbH)
R3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28312 2014-03-19] (Logitech, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [160264 2014-05-29] (Sandboxie Holdings, LLC)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-21 16:40 - 2015-01-21 16:40 - 00009033 _____ () C:\Users\Lea\Desktop\FRST.txt
2015-01-21 16:40 - 2015-01-21 16:40 - 00000000 ____D () C:\Users\Lea\Desktop\FRST-OlderVersion
2015-01-21 16:38 - 2015-01-21 16:39 - 00000623 _____ () C:\Users\Lea\Desktop\JRT.txt
2015-01-21 16:32 - 2015-01-21 16:32 - 00001289 _____ () C:\Users\Lea\Desktop\AdwCleaner[S1].txt
2015-01-21 16:25 - 2015-01-21 16:25 - 00001198 _____ () C:\Users\Lea\Desktop\mbam.txt
2015-01-21 16:16 - 2015-01-21 16:16 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-21 16:13 - 2015-01-21 16:13 - 01707939 _____ (Thisisu) C:\Users\Lea\Desktop\JRT.exe
2015-01-21 16:12 - 2015-01-21 16:13 - 02186752 _____ () C:\Users\Lea\Desktop\AdwCleaner_4.108.exe
2015-01-21 16:06 - 2015-01-21 16:06 - 00000000 ____D () C:\Users\Lea\AppData\Roaming\TeamViewer
2015-01-21 16:05 - 2015-01-21 16:06 - 05337800 _____ (TeamViewer) C:\Users\Lea\Desktop\TeamViewerQS_de.exe
2015-01-20 14:21 - 2015-01-20 14:21 - 00502896 _____ () C:\Windows\Minidump\012015-16068-01.dmp
2015-01-20 13:45 - 2015-01-20 13:46 - 05337800 _____ (TeamViewer) C:\Users\Lea\TeamViewerQS_de.exe
2015-01-17 13:36 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-17 13:36 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-17 13:36 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-17 13:36 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-17 13:36 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-17 13:36 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 13:46 - 2015-01-13 13:46 - 00498248 _____ () C:\Windows\Minidump\011315-14320-01.dmp
2015-01-06 19:12 - 2015-01-06 19:12 - 00507280 _____ () C:\Windows\Minidump\010615-15116-01.dmp
2015-01-06 18:39 - 2015-01-06 18:39 - 00001222 _____ () C:\Users\Lea\Desktop\Revo Uninstaller.lnk
2015-01-06 18:39 - 2015-01-06 18:39 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-01-04 13:33 - 2015-01-21 16:40 - 00000000 ____D () C:\FRST
2015-01-04 13:32 - 2015-01-21 16:40 - 01118208 _____ (Farbar) C:\Users\Lea\Desktop\FRST.exe
2014-12-25 13:58 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-21 16:38 - 2014-10-03 13:15 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-21 16:38 - 2009-07-14 05:34 - 00035936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-21 16:38 - 2009-07-14 05:34 - 00035936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-21 16:34 - 2014-09-06 08:39 - 01542640 _____ () C:\Windows\WindowsUpdate.log
2015-01-21 16:31 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-21 16:31 - 2009-07-14 05:39 - 00027283 _____ () C:\Windows\setupact.log
2015-01-21 16:30 - 2010-11-20 22:48 - 00033338 _____ () C:\Windows\PFRO.log
2015-01-21 16:29 - 2014-10-03 13:31 - 00000000 ____D () C:\AdwCleaner
2015-01-21 16:27 - 2014-09-06 11:55 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-21 16:16 - 2014-10-03 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-21 16:16 - 2014-10-03 13:14 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-20 14:21 - 2014-09-07 10:30 - 00000000 ____D () C:\Windows\Minidump
2015-01-20 14:20 - 2014-09-07 10:30 - 211849564 _____ () C:\Windows\MEMORY.DMP
2015-01-20 13:46 - 2014-09-06 09:40 - 00000000 ____D () C:\Users\Lea
2015-01-17 14:04 - 2014-09-23 16:59 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-17 14:01 - 2014-09-23 16:59 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-17 13:29 - 2014-10-03 13:53 - 00001598 _____ () C:\Windows\Sandboxie.ini
2015-01-08 09:55 - 2014-09-06 11:34 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-25 13:51 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE

==================== Files in the root of some directories =======
2014-09-06 11:20 - 2014-10-03 13:20 - 0000065 _____ () C:\Users\Lea\AppData\Roaming\WB.CFG

Files to move or delete:
====================
C:\Users\Lea\TeamViewerQS_de.exe


Some content of TEMP:
====================
C:\Users\Lea\AppData\Local\Temp\Quarantine.exe
C:\Users\Lea\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-06 12:14

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---



Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2015
Ran by Lea at 2015-01-21 16:40:56
Running from C:\Users\Lea\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
LibreOffice 4.3.1.2 (HKLM\...\{303C2B0D-03AF-4C25-A443-E62DE8AA36A8}) (Version: 4.3.1.2 - The Document Foundation)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0.2 (x86 de) (HKLM\...\Mozilla Firefox 32.0.2 (x86 de)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Sandboxie 4.12 (32-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

03-10-2014 13:09:12 Windows Update
04-11-2014 20:19:14 Windows Update
30-11-2014 19:55:54 Windows Update
16-12-2014 14:03:20 Windows Update
16-12-2014 14:34:58 Windows Update
25-12-2014 14:01:22 Windows Update
06-01-2015 18:41:33 Revo Uninstaller's restore point - Firefox Packages
13-01-2015 13:53:56 Windows Update
17-01-2015 13:35:44 Windows Update
17-01-2015 13:59:51 Windows Update
21-01-2015 16:05:21 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {232D50C5-9CC3-4FDE-A3D2-4FB9FDF570E1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-06] (AVAST Software)
Task: {51A98424-A4BF-4E66-B865-7A14C29C887A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-06] (Google Inc.)
Task: {5A966F94-3644-410E-8FA6-F95A69ACEE2F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-06] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-09-06 11:54 - 2014-09-06 11:54 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2015-01-21 16:01 - 2015-01-21 16:01 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15012100\algo.dll
2014-09-06 11:54 - 2014-09-06 11:54 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2560501654-756462450-3539424939-500 - Administrator - Disabled)
Gast (S-1-5-21-2560501654-756462450-3539424939-501 - Limited - Disabled)
Lea (S-1-5-21-2560501654-756462450-3539424939-1000 - Administrator - Enabled) => C:\Users\Lea

==================== Faulty Device Manager Devices =============

Name: Coprozessor
Description: Coprozessor
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: AMD Athlon(tm) Dual Core Processor 4450e
Percentage of memory in use: 53%
Total physical RAM: 1919.24 MB
Available physical RAM: 888.94 MB
Total Pagefile: 3838.48 MB
Available Pagefile: 2542.35 MB
Total Virtual: 2047.88 MB
Available Virtual: 1926.23 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:117.46 GB) (Free:88.17 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Leas Krempel) (Fixed) (Total:31.58 GB) (Free:30.63 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 3B5D576D)
Partition 1: (Active) - (Size=117.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=31.6 GB) - (Type=OF Extended)

==================== End Of Log ============================

So, hoffentlich erstmal alles was Du benötigst,
und vielen Dank für die Ausdauer.

Ach so, mit Revo alles wie angegeben deinstalliert.

schrauber 21.01.2015 21:55

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:27 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131