Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   AVG lässt sich nicht öffnen oder deinstallieren (Gruppenrichtlinien blockieren) , brauche Anweisung was zu tun ist (https://www.trojaner-board.de/162504-avg-laesst-oeffnen-deinstallieren-gruppenrichtlinien-blockieren-brauche-anweisung-tun.html)

Ranexex 06.01.2015 16:07
AVG lässt sich nicht öffnen oder deinstallieren (Gruppenrichtlinien blockieren) , brauche Anweisung was zu tun ist
 
Ich wollte auf dem Rechner meiner Eltern AVG Tune Up installieren.
Als ich dieses Programm dann starten wollte, kam eine Fehlermeldung in der stand das es durch Gruppenrichtlinien blockiert ist und ich mich an den Systemadministrator wenden soll.
Ich hoffe auf baldige hilfe.

schrauber 06.01.2015 16:15
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Ranexex 06.01.2015 16:54
Was soll ich genau mit dem Rautensymbol tun? Ich bin nicht so bewandert.

schrauber 06.01.2015 16:59
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Ranexex 06.01.2015 17:07

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-01-2015
Ran by Joachim (administrator) on JOACHIM-PC on 06-01-2015 17:04:20
Running from C:\Users\Joachim\Downloads
Loaded Profiles: Joachim & UpdatusUser (Available profiles: Joachim & UpdatusUser)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
() C:\Program Files\AVG Web TuneUp\vprot.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\18.2.0\ScriptHelper.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [vProt] => C:\Program Files\AVG Web TuneUp\vprot.exe [3081752 2014-12-20] ()
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguix.exe [1133584 2014-11-28] (AVG Technologies CZ, s.r.o.)
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
AppInit_DLLs: C:\PROGRA~1\Amazon\AMAZON~1\\AMAZON~1.DLL => C:\PROGRA~1\Amazon\AMAZON~1\\AMAZON~1.DLL File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1393406251&from=tugs&uid=ST9500325AS_5VEKN6RNXXXX5VEKN6RN&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1393406251&from=tugs&uid=ST9500325AS_5VEKN6RNXXXX5VEKN6RN
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393406251&from=tugs&uid=ST9500325AS_5VEKN6RNXXXX5VEKN6RN&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.de
HKU\S-1-5-21-2572798978-3448980315-2832292683-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-2572798978-3448980315-2832292683-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1393406251&from=tugs&uid=ST9500325AS_5VEKN6RNXXXX5VEKN6RN
HKU\S-1-5-21-2572798978-3448980315-2832292683-1003\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1393406251&from=tugs&uid=ST9500325AS_5VEKN6RNXXXX5VEKN6RN
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-2572798978-3448980315-2832292683-1000 -> URL hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3320133&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPC2A04036-4217-4CBB-BE1D-B3784102E42D&q={searchTerms}&SSPV=SE1CG1_sp_ie
SearchScopes: HKU\S-1-5-21-2572798978-3448980315-2832292683-1000 -> SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-2572798978-3448980315-2832292683-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2572798978-3448980315-2832292683-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={246A8EC7-8F70-4A18-98B7-BE6EF6632C4F}&mid=fb011a3bf8bb47d29917d16f6b80e646-4a2e4c1008a4c42b1435e12155578f6941a50f10&lang=de&ds=AVG&coid=avgtbavg&cmpid=1214av&pr=fr&d=2014-12-20 17:08:05&v=4.0.5.7&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.0.5.7\AVG Web TuneUp.dll (AVG)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\S-1-5-21-2572798978-3448980315-2832292683-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.2.0\\npsitesafety.dll No File
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin: @kaspersky.com/content_blocker -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com ()
FF Plugin: @kaspersky.com/virtual_keyboard -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2572798978-3448980315-2832292683-1000: @phonostar.de/1&1 Internet-Radio-Player -> C:\Program Files\1&1 Internet-Radio-Player\npphonostarDetectNP.dll ( )
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com [2015-01-06]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Bàn phím ảo - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-01-06]
FF HKLM\...\Firefox\Extensions:  - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com [2015-01-06]

Chrome:
=======
CHR DefaultSuggestURL: Default -> hxxp://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Profile: C:\Users\Joachim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Joachim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-19]
CHR Extension: (Google Docs) - C:\Users\Joachim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-19]
CHR Extension: (Google Drive) - C:\Users\Joachim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Joachim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-19]
CHR Extension: (YouTube) - C:\Users\Joachim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-19]
CHR Extension: (AVG Secure Search) - C:\Users\Joachim\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2014-12-29]
CHR Extension: (Google-Suche) - C:\Users\Joachim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-19]
CHR Extension: (Kaspersky Protection) - C:\Users\Joachim\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-01-06]
CHR Extension: (Google Tabellen) - C:\Users\Joachim\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-19]
CHR Extension: (Google Wallet) - C:\Users\Joachim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-19]
CHR Extension: (Google Mail) - C:\Users\Joachim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-19]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Joachim\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3247120 2014-11-07] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [696848 2014-11-28] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-11-07] (AVG Technologies CZ, s.r.o.)
R2 AVP15.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 vToolbarUpdater18.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe [1850392 2014-12-20] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [189720 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-10-20] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [43296 2014-12-20] (AVG Technologies)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135264 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [112136 2015-01-06] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [34400 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [644808 2015-01-06] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [24672 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145888 2014-03-26] (Kaspersky Lab ZAO)
S3 KovaPlusFltr; C:\Windows\System32\drivers\KovaPlusFltr.sys [12928 2010-01-25] (ROCCAT Development, Inc.)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-06 16:46 - 2015-01-06 16:47 - 00019692 _____ () C:\Users\Joachim\Downloads\Addition.txt
2015-01-06 16:45 - 2015-01-06 17:04 - 00015391 _____ () C:\Users\Joachim\Downloads\FRST.txt
2015-01-06 16:45 - 2015-01-06 17:04 - 00000000 ____D () C:\FRST
2015-01-06 16:43 - 2015-01-06 16:43 - 01115136 _____ (Farbar) C:\Users\Joachim\Downloads\FRST.exe
2015-01-06 16:39 - 2015-01-06 16:39 - 02123776 _____ (Farbar) C:\Users\Joachim\Downloads\FRST64.exe
2015-01-06 15:46 - 2015-01-06 15:46 - 16634384 _____ (AVG Technologies) C:\Users\Joachim\Downloads\avg_gse_stb_all_445p1_98.exe
2015-01-06 15:40 - 2015-01-06 15:40 - 00000906 _____ () C:\Users\Public\Desktop\AVG.lnk
2015-01-06 15:38 - 2015-01-06 15:40 - 00000000 ____D () C:\Users\Joachim\AppData\Local\AvgSetupLog
2015-01-06 15:38 - 2015-01-06 15:40 - 00000000 ____D () C:\ProgramData\Avg
2015-01-06 15:38 - 2015-01-06 15:38 - 16634392 _____ (AVG Technologies) C:\Users\Joachim\Downloads\avg_gse_stb_all_445p1_105.exe
2015-01-06 15:26 - 2015-01-06 15:26 - 00001117 _____ () C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2015-01-06 15:26 - 2015-01-06 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2015-01-06 15:25 - 2015-01-06 16:28 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-06 15:25 - 2015-01-06 15:31 - 00644808 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-01-06 15:25 - 2015-01-06 15:31 - 00112136 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-01-06 15:25 - 2015-01-06 15:25 - 00000000 ____D () C:\Windows\ELAMBKUP
2015-01-06 15:25 - 2015-01-06 15:25 - 00000000 ____D () C:\Program Files\Kaspersky Lab
2015-01-06 15:25 - 2014-04-10 17:25 - 00034400 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-01-06 15:17 - 2015-01-06 15:17 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2015-01-06 15:04 - 2015-01-06 15:04 - 00000690 _____ () C:\Windows\Tasks\Open Chrome.job
2015-01-05 14:08 - 2015-01-05 14:08 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-27 12:14 - 2015-01-06 16:27 - 00000280 _____ () C:\Windows\setupact.log
2014-12-27 12:14 - 2014-12-27 12:14 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-20 17:13 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-20 17:08 - 2015-01-06 16:31 - 00116104 _____ () C:\Windows\WindowsUpdate.log
2014-12-20 17:08 - 2014-12-29 20:03 - 00000000 ____D () C:\Users\Joachim\AppData\Local\AVG Web TuneUp
2014-12-20 17:08 - 2014-12-27 13:22 - 00000795 _____ () C:\Windows\system32\debug.log
2014-12-20 17:08 - 2014-12-20 17:09 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2014-12-20 17:08 - 2014-12-20 17:07 - 00043296 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
2014-12-20 17:07 - 2014-12-20 17:08 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2014-12-20 17:07 - 2014-12-20 17:08 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search
2014-12-20 17:07 - 2014-12-20 17:07 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-12-20 17:07 - 2014-12-20 17:07 - 00000000 ____D () C:\Program Files\AVG Web TuneUp
2014-12-16 16:30 - 2014-12-16 16:30 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-11 20:36 - 2014-10-18 02:32 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 20:36 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-11 20:36 - 2014-07-07 02:40 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-11 20:36 - 2014-07-07 02:40 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-11 20:36 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-11 20:05 - 2014-12-04 05:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-11 20:05 - 2014-12-04 05:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-11 20:05 - 2014-12-04 05:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-11 20:05 - 2014-12-04 05:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-11 20:05 - 2014-12-04 05:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-11 20:05 - 2014-12-04 05:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-11 20:05 - 2014-12-04 05:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-11 20:05 - 2014-12-02 00:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-11 20:05 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 20:05 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-11 20:04 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-11 20:04 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 20:04 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 20:04 - 2014-11-22 03:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-11 20:04 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 20:04 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-11 20:04 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-11 20:04 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-11 20:04 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 20:04 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 20:04 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-11 20:04 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 20:04 - 2014-11-22 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-11 20:04 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-11 20:04 - 2014-11-22 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-11 20:04 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 20:04 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 20:04 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-11 20:04 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 20:04 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 20:04 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 20:04 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 20:04 - 2014-11-22 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-11 20:04 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 20:04 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-11 20:04 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 20:04 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 20:04 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 20:04 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-11 20:02 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-11 20:02 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-11 20:02 - 2014-10-03 02:46 - 01179648 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-11 20:02 - 2014-10-03 02:46 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-11 20:02 - 2014-10-03 02:46 - 00214528 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-11 20:02 - 2014-10-03 02:46 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-11 20:02 - 2014-10-03 02:46 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-11 19:58 - 2015-01-06 15:38 - 00000000 ____D () C:\Users\Joachim\AppData\Local\Avg

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-06 16:47 - 2009-07-14 05:34 - 00028704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-06 16:47 - 2009-07-14 05:34 - 00028704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-06 16:32 - 2014-11-19 11:27 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-06 16:27 - 2014-11-19 11:27 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-06 16:27 - 2014-02-07 17:43 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-06 16:27 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-06 16:26 - 2014-07-28 16:12 - 00000000 ____D () C:\ProgramData\UyfifMojuj
2015-01-06 15:40 - 2014-04-18 04:27 - 00000000 ____D () C:\Program Files\AVG
2015-01-06 15:04 - 2014-04-18 04:22 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-05 14:08 - 2014-02-14 09:17 - 00000000 ____D () C:\Users\Joachim\AppData\Local\Adobe
2014-12-29 20:52 - 2014-11-19 11:50 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-12-27 13:22 - 2014-02-15 10:45 - 00000594 _____ () C:\Users\Joachim\Desktop\1&1 Control-Center.website
2014-12-17 18:21 - 2014-02-14 09:18 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-17 17:22 - 2010-11-20 22:01 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-16 18:28 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-12-16 17:33 - 2014-11-19 11:28 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-16 16:30 - 2014-05-09 10:25 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-16 16:30 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-12-16 16:30 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2014-12-11 20:36 - 2014-02-07 17:40 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 20:33 - 2014-02-07 17:40 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-11 20:00 - 2014-04-18 04:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-12-11 19:52 - 2009-07-14 05:33 - 00287736 _____ () C:\Windows\system32\FNTCACHE.DAT

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-16 17:55

==================== End Of Log ============================
--- --- ---





Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-01-2015
Ran by Joachim at 2015-01-06 17:04:46
Running from C:\Users\Joachim\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Kaspersky Anti-Virus (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1&1 Internet-Radio-Player Version 3.02.8 (HKLM\...\1&1 Internet-Radio-Player_is1) (Version:  - )
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AVG (HKLM\...\AvgZen) (Version: 1.0.445 - AVG Technologies)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4794 - AVG Technologies)
AVG 2014 (Version: 14.0.4253 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4794 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 4.0.5.7 - AVG Technologies)
AVG Zen (Version: 1.0.445 - AVG Technologies) Hidden
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon Kurzwahlprogramm (HKLM\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
Canon MX720 series Benutzerregistrierung (HKLM\...\Canon MX720 series Benutzerregistrierung) (Version:  - *Canon Inc.)
Canon MX720 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX720_series) (Version: 1.00 - Canon Inc.)
Canon MX720 series On-screen Manual (HKLM\...\Canon MX720 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
FMW 1 (Version: 1.0.307 - AVG Technologies) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Kaspersky Anti-Virus (HKLM\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Anti-Virus (Version: 15.0.0.463 - Kaspersky Lab) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
NVIDIA 3D Vision Treiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

22-08-2014 10:16:27 Windows Update
03-11-2014 18:47:27 Windows Update
04-11-2014 12:53:32 Windows Update
18-11-2014 17:17:08 Windows Update
19-11-2014 11:33:43 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
19-11-2014 11:35:27 OpenOffice 4.1.1 wird installiert
19-11-2014 11:40:10 Windows Update
11-12-2014 20:32:40 Windows Update
20-12-2014 17:49:25 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2BA84565-236F-4147-9051-16EDE8C39675} - System32\Tasks\APSnotifierCA => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {66E4EE62-B8BD-4F26-9249-9BBB38B02884} - System32\Tasks\Open Chrome => Chrome.exe --new-window toolbar.avg.com/ch-uninstall?cid={246A8EC7-8F70-4A18-98B7-BE6EF6632C4F}&amp;mid=fb011a3bf8bb47d29917d16f6b80e646-4a2e4c1008a4c42b1435e12155578f6941a50f10&amp;lang=de&amp;ds=AVG&amp;coid=avgtbavg&amp;cmpid=1214av&amp;pr=fr&amp;d=&amp;v=4.0.5.7&amp;pid=wtu&amp;sg=
Task: {970B95C2-778A-4F05-97F1-684CE675E1ED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-19] (Google Inc.)
Task: {97434620-CA50-4CAB-9E98-A68CBEA22FC9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd)
Task: {DA1F2149-7B80-4F19-A315-253CD897D894} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-19] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\APSnotifierCA.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Open Chrome.job => c:\program files\Google\Chrome\Application\chrome.exe

==================== Loaded Modules (whitelisted) =============

2014-02-07 17:43 - 2013-08-30 00:08 - 00088864 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-12-20 17:07 - 2014-12-20 17:07 - 03081752 _____ () C:\Program Files\AVG Web TuneUp\vprot.exe
2014-12-20 17:07 - 2014-12-20 17:07 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\log4cplusU.dll
2014-03-06 15:00 - 2014-03-06 15:00 - 01269952 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\kpcengine.2.3.dll
2014-11-19 11:51 - 2012-03-28 13:49 - 00140456 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2014-12-20 17:07 - 2014-12-20 17:07 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\loggingserver.exe
2014-12-16 17:33 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-16 17:33 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-16 17:33 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-16 17:33 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: 1&1 Internet-Radio-PlayerTimer => C:\Program Files\1&1 Internet-Radio-Player\phonostarTimer.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Speed Launcher => 1419091614
MSCONFIG\startupreg: AVG_UI => "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: RunCanonMsetUp => C:\Program Files\Canon\IJ_MSetup4\MCDCHK2.EXE
MSCONFIG\startupreg: UyfifMojuj => regsvr32.exe "C:\ProgramData\UyfifMojuj\UyfifMojuj.dat"

========================= Accounts: ==========================

Administrator (S-1-5-21-2572798978-3448980315-2832292683-500 - Administrator - Disabled)
Gast (S-1-5-21-2572798978-3448980315-2832292683-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2572798978-3448980315-2832292683-1002 - Limited - Enabled)
Joachim (S-1-5-21-2572798978-3448980315-2832292683-1000 - Administrator - Enabled) => C:\Users\Joachim
UpdatusUser (S-1-5-21-2572798978-3448980315-2832292683-1003 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/06/2015 04:28:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/06/2015 03:00:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2015 02:01:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/29/2014 08:02:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/27/2014 00:15:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/20/2014 05:07:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/17/2014 05:16:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/16/2014 04:33:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/11/2014 07:53:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2014 11:23:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/22/2014 10:07:18 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "AVGIDSAgent" wurde mit folgendem dienstspezifischem Fehler beendet: %%-536753635.

Error: (08/22/2014 10:07:17 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "AVGIDSAgent" wurde mit folgendem dienstspezifischem Fehler beendet: %%-536753635.

Error: (08/22/2014 10:07:16 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "AVGIDSAgent" wurde mit folgendem dienstspezifischem Fehler beendet: %%-536753635.

Error: (08/22/2014 10:07:15 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "AVGIDSAgent" wurde mit folgendem dienstspezifischem Fehler beendet: %%-536753635.

Error: (08/22/2014 10:07:14 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "AVGIDSAgent" wurde mit folgendem dienstspezifischem Fehler beendet: %%-536753635.

Error: (08/22/2014 10:07:13 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "AVGIDSAgent" wurde mit folgendem dienstspezifischem Fehler beendet: %%-536753635.

Error: (08/22/2014 10:07:12 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "AVGIDSAgent" wurde mit folgendem dienstspezifischem Fehler beendet: %%-536753635.

Error: (08/22/2014 10:07:11 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "AVGIDSAgent" wurde mit folgendem dienstspezifischem Fehler beendet: %%-536753635.

Error: (08/22/2014 10:07:10 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "AVGIDSAgent" wurde mit folgendem dienstspezifischem Fehler beendet: %%-536753635.

Error: (08/22/2014 10:07:09 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "AVGIDSAgent" wurde mit folgendem dienstspezifischem Fehler beendet: %%-536753635.


Microsoft Office Sessions:
=========================
Error: (01/06/2015 04:28:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/06/2015 03:00:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2015 02:01:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/29/2014 08:02:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/27/2014 00:15:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/20/2014 05:07:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/17/2014 05:16:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/16/2014 04:33:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/11/2014 07:53:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2014 11:23:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 40%
Total physical RAM: 3066.93 MB
Available physical RAM: 1835.18 MB
Total Pagefile: 6132.16 MB
Available Pagefile: 4483.04 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.1 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:225.8 GB) (Free:192.02 GB) NTFS
Drive d: (DATA) (Fixed) (Total:226.19 GB) (Free:221.89 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 6D608AD1)
Partition 1: (Not Active) - (Size=13.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=225.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=226.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber 06.01.2015 19:36
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Ranexex 08.01.2015 19:18
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-01-2015
Ran by Joachim at 2015-01-08 18:17:33 Run:1
Running from C:\Users\Joachim\Downloads
Loaded Profiles: Joachim & UpdatusUser (Available profiles: Joachim & UpdatusUser)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.

==== End of Fixlog 18:17:33 ====
Combofix, sagt das ich AVG Scanner deaktivieren muss. Wenn ich es über den Taskmanager deaktivieren will kommt die Meldung: Zugriff verweigert.

Ok jetzt hat es geklappt hier die txt.


Code:
ComboFix 15-01-08.01 - Joachim 08.01.2015  19:04:23.1.2 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3067.1895 [GMT 1:00]
ausgeführt von:: c:\users\Joachim\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\windows\system32\DEBUG.log
.
Infizierte Kopie von c:\windows\system32\Drivers\atapi.sys wurde gefunden und desinfiziert
Kopie von - c:\windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_7280eb2974aeb536\atapi.sys wurde wiederhergestellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-12-08 bis 2015-01-08  ))))))))))))))))))))))))))))))
.
.
2015-01-08 18:09 . 2015-01-08 18:09        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2015-01-08 18:09 . 2015-01-08 18:09        --------        d-----w-        c:\users\Joachim\AppData\Local\temp
2015-01-08 18:09 . 2015-01-08 18:09        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-01-08 18:08 . 2015-01-08 18:08        62576        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{E664084B-488F-4B74-B831-41ED0722DAB2}\offreg.dll
2015-01-06 15:45 . 2015-01-08 17:17        --------        d-----w-        C:\FRST
2015-01-06 14:38 . 2015-01-06 14:40        --------        d-----w-        c:\programdata\Avg
2015-01-06 14:25 . 2015-01-06 14:25        --------        d-----w-        c:\windows\ELAMBKUP
2015-01-06 14:25 . 2015-01-08 17:58        --------        d-----w-        c:\programdata\Kaspersky Lab
2015-01-06 14:25 . 2015-01-06 14:25        --------        d-----w-        c:\program files\Kaspersky Lab
2015-01-06 14:25 . 2015-01-06 14:31        112136        ----a-w-        c:\windows\system32\drivers\klflt.sys
2015-01-06 14:25 . 2014-04-10 16:25        34400        ----a-w-        c:\windows\system32\drivers\klhk.sys
2015-01-06 14:17 . 2015-01-06 14:17        --------        d-----w-        c:\programdata\Kaspersky Lab Setup Files
2015-01-05 13:08 . 2015-01-05 13:08        --------        d-----w-        c:\programdata\McAfee
2014-12-20 16:13 . 2014-12-13 03:33        115712        ----a-w-        c:\windows\system32\ieUnatt.exe
2014-12-20 16:08 . 2014-12-20 16:09        --------        d-----w-        c:\programdata\AVG Security Toolbar
2014-12-16 15:30 . 2014-12-16 15:30        --------        d-----w-        c:\windows\system32\appraiser
2014-12-11 19:36 . 2014-07-07 01:40        103424        ----a-w-        c:\windows\system32\mfps.dll
2014-12-11 19:36 . 2014-07-07 01:40        23040        ----a-w-        c:\windows\system32\mfpmp.exe
2014-12-11 19:36 . 2014-07-07 01:37        2048        ----a-w-        c:\windows\system32\mferror.dll
2014-12-11 19:36 . 2014-10-18 01:32        3209728        ----a-w-        c:\windows\system32\mf.dll
2014-12-11 19:36 . 2014-07-07 01:40        50176        ----a-w-        c:\windows\system32\rrinstaller.exe
2014-12-11 19:05 . 2014-11-11 01:32        74752        ----a-w-        c:\windows\system32\drivers\tdx.sys
2014-12-11 19:05 . 2014-11-11 02:44        1230336        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2014-12-11 19:05 . 2014-12-04 04:38        159744        ----a-w-        c:\windows\system32\aepic.dll
2014-12-11 19:05 . 2014-12-01 23:28        1160872        ----a-w-        c:\windows\system32\aitstatic.exe
2014-12-11 19:05 . 2014-12-04 04:38        337920        ----a-w-        c:\windows\system32\generaltel.dll
2014-12-11 19:05 . 2014-12-04 04:38        610304        ----a-w-        c:\windows\system32\invagent.dll
2014-12-11 19:05 . 2014-12-04 04:38        315392        ----a-w-        c:\windows\system32\devinv.dll
2014-12-11 19:05 . 2014-12-04 04:34        873984        ----a-w-        c:\windows\system32\aeinv.dll
2014-12-11 19:05 . 2014-12-04 04:38        202752        ----a-w-        c:\windows\system32\aepdu.dll
2014-12-11 19:02 . 2014-11-08 02:45        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-12-11 19:02 . 2014-10-30 01:45        155136        ----a-w-        c:\windows\system32\charmap.exe
2014-12-11 19:02 . 2014-10-03 01:46        249344        ----a-w-        c:\windows\system32\WSManMigrationPlugin.dll
2014-12-11 19:02 . 2014-10-03 01:46        214528        ----a-w-        c:\windows\system32\WsmWmiPl.dll
2014-12-11 19:02 . 2014-10-03 01:46        146944        ----a-w-        c:\windows\system32\WsmAuto.dll
2014-12-11 19:02 . 2014-10-03 01:46        1179648        ----a-w-        c:\windows\system32\WsmSvc.dll
2014-12-11 19:02 . 2014-10-03 01:46        199168        ----a-w-        c:\windows\system32\WSManHTTPConfig.exe
2014-12-11 18:58 . 2015-01-06 14:38        --------        d-----w-        c:\users\Joachim\AppData\Local\Avg
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-08 17:27 . 2014-01-23 13:37        163504        ----a-w-        c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-11-11 03:21 . 2014-11-19 10:31        551424        ----a-w-        c:\windows\system32\kerberos.dll
2014-11-11 03:13 . 2014-11-19 10:31        690688        ----a-w-        c:\windows\system32\adtschema.dll
2014-11-11 02:44 . 2014-11-19 10:31        186880        ----a-w-        c:\windows\system32\pku2u.dll
2014-10-25 02:08 . 2014-11-18 14:34        67584        ----a-w-        c:\windows\system32\packager.dll
2014-10-18 01:33 . 2014-11-18 14:35        571904        ----a-w-        c:\windows\system32\oleaut32.dll
2014-10-14 01:53 . 2014-11-18 14:34        136632        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 01:50 . 2014-11-18 14:34        526848        ----a-w-        c:\windows\system32\termsrv.dll
2014-10-14 01:50 . 2014-11-18 14:34        248832        ----a-w-        c:\windows\system32\schannel.dll
2014-10-14 01:49 . 2014-11-18 14:34        221184        ----a-w-        c:\windows\system32\ncrypt.dll
2014-10-14 01:49 . 2014-11-18 14:35        2364416        ----a-w-        c:\windows\system32\msi.dll
2014-10-14 01:49 . 2014-11-18 14:34        1062400        ----a-w-        c:\windows\system32\lsasrv.dll
2014-10-14 01:46 . 2014-11-18 14:34        146432        ----a-w-        c:\windows\system32\msaudite.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvgUi"="c:\program files\AVG\Framework\Common\avguix.exe" [2014-11-28 1133584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Speed Launcher]
1419091614 [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1&1 Internet-Radio-PlayerTimer]
2012-10-13 14:05        42496        ----a-w-        c:\program files\1&1 Internet-Radio-Player\phonostarTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-11-20 18:13        1021128        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonQuickMenu]
2012-09-27 15:02        1279120        ----a-w-        c:\program files\Canon\Quick Menu\CNQMMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2014-10-23 15:21        4825880        ----a-w-        c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScannerSelectorEX]
2012-08-31 09:32        452272        ----a-w-        c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-22 102912]
R3 KovaPlusFltr;ROCCAT Kova[+] Mouse;c:\windows\system32\drivers\KovaPlusFltr.sys [2010-01-25 11:23 12928]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-23 14848]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-11-23 24064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-11-23 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-11-23 27136]
S1 klhk;klhk;c:\windows\system32\DRIVERS\klhk.sys [2014-04-10 34400]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2014-02-25 25696]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys [2013-04-12 14432]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2014-03-25 45024]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2014-03-26 145888]
S2 avgsvc;AVG Service;c:\program files\AVG\Framework\Common\avgsvcx.exe [2014-11-28 696848]
S2 AVP15.0.0;Kaspersky Anti-Virus Service 15.0.0;c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe [2014-04-20 233552]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-08-29 414496]
S3 k57nd60x;Broadcom NetLink (TM)-Gigabit-Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys [2015-01-06 112136]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2014-03-28 24672]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2013-08-08 25696]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-16 16:33        1087816        ----a-w-        c:\program files\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-11-19 10:27]
.
2015-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-11-19 10:27]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
MSConfigStartUp-AVG_UI - c:\program files\AVG\AVG2014\avgui.exe
MSConfigStartUp-RunCanonMsetUp - c:\program files\Canon\IJ_MSetup4\MCDCHK2.EXE
MSConfigStartUp-UyfifMojuj - c:\programdata\UyfifMojuj\UyfifMojuj.dat
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\conhost.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-01-08  19:14:21 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-01-08 18:14
.
Vor Suchlauf: 8 Verzeichnis(se), 208.175.501.312 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 207.953.088.512 Bytes frei
.
- - End Of File - - E4D3137C15C9A677D938A177C34F50F6
A36C5E4F47E84449FF07ED3517B43A31

schrauber 08.01.2015 20:06
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Ranexex 08.01.2015 20:45
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 08.01.2015
Suchlauf-Zeit: 20:23:19
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.08.13
Rootkit Datenbank: v2015.01.07.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Joachim

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 342028
Verstrichene Zeit: 14 Min, 14 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 16
PUP.Optional.AdPeak.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{10AD2C61-0898-4348-8600-14A342F22AC3}, In Quarantäne, [e21baf45f891d95d9c2309dd9e64d22e],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [4cb19262c3c6bb7b5f0557916f937090],
PUP.Optional.Awesomehp.A, HKLM\SOFTWARE\awesomehpSoftware, In Quarantäne, [f5089460ccbd41f5b6933c6db152db25],
PUP.Optional.AdPeak.A, HKLM\SOFTWARE\LevelQualityWatcher, In Quarantäne, [c7365e961376bd79df60abde4cb7eb15],
PUP.Optional.SavingsBull.A, HKLM\SOFTWARE\SavingsbullFilter, In Quarantäne, [8a7321d37a0f55e186c29e0ae0239070],
PUP.Optional.QuickStart.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pelmeidfhdlhlbjimpabfcbnnojbboma, In Quarantäne, [6994cf250782290dad1a5e421fe48779],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPTAB, In Quarantäne, [9b62559f0881e84e72b65726f50e16ea],
PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginService, In Quarantäne, [966750a47d0c41f57a679ed0e1224bb5],
PUP.Optional.Feven.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Feven Pro, In Quarantäne, [5aa343b1e4a567cf1ebdc7df61a2649c],
PUP.Optional.MediaPlayerEnhance.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayerEnhance, In Quarantäne, [da23df1591f85ed8c1bf0c9bd62dcf31],
PUP.Optional.PlusHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-7.7, In Quarantäne, [57a6668e32572c0a8e4b6738b3508b75],
PUP.Optional.ReMarkit.A, HKU\S-1-5-21-2572798978-3448980315-2832292683-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Re_markit, In Quarantäne, [28d50ee6cabf2d099478661112f16d93],
PUP.Optional.SavingsBull.A, HKU\S-1-5-21-2572798978-3448980315-2832292683-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Savings Bull, In Quarantäne, [10ed4ba94e3b51e599ac9711887b7789],
PUP.Optional.Melondrea.A, HKU\S-1-5-21-2572798978-3448980315-2832292683-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\melondrea, In Quarantäne, [08f5579dc0c9e15500df95110bf8e719],
PUP.Optional.PlusHD.A, HKU\S-1-5-21-2572798978-3448980315-2832292683-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-7.7, In Quarantäne, [fa035f95acdd54e2dffaccd36f9440c0],
PUP.Optional.Wajam.A, HKU\S-1-5-21-2572798978-3448980315-2832292683-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WAJAM, In Quarantäne, [6d90f202cebbad89f9ba9f260df7966a],

Registrierungswerte: 2
PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPTAB|ptid, tugs, In Quarantäne, [9b62559f0881e84e72b65726f50e16ea]
PUP.Optional.Wajam.A, HKU\S-1-5-21-2572798978-3448980315-2832292683-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WAJAM|affiliate_id, 6447, In Quarantäne, [6d90f202cebbad89f9ba9f260df7966a]

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 7
PUP.Optional.AdPeak.A, C:\temp, In Quarantäne, [d429d222fa8f2f070b73d3bb5ea534cc],
PUP.Optional.NextLive.A, C:\Users\Joachim\AppData\Roaming\newnext.me, In Quarantäne, [5aa323d190f9d95d8054a88a8e7535cb],
PUP.Optional.NextLive.A, C:\Users\Joachim\AppData\Roaming\newnext.me\cache, In Quarantäne, [5aa323d190f9d95d8054a88a8e7535cb],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService, In Quarantäne, [d02d41b3b0d93bfb9541a1929172857b],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update, In Quarantäne, [d02d41b3b0d93bfb9541a1929172857b],
PUP.Optional.SupTab.A, C:\Program Files\SupTab, In Quarantäne, [52aba1539eeb4ee8729de46b2bd817e9],
PUP.Optional.SupTab.A, C:\Users\Joachim\AppData\Roaming\SupTab, In Quarantäne, [4fae777d7a0f61d5838dfc53ce35ce32],

Dateien: 7
PUP.Optional.SupTab.A, C:\Users\Joachim\AppData\Roaming\SupTab\SupTab.dll, In Quarantäne, [b548d91b0d7c73c3bff636ffee1206fa],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\SupTab.dll, In Quarantäne, [e31a757f50390b2bd3e285b052ae619f],
PUP.Optional.AdPeak.A, C:\temp\lsp2.log, In Quarantäne, [d429d222fa8f2f070b73d3bb5ea534cc],
PUP.Optional.AdPeak.A, C:\temp\InstallFilter32.msi, In Quarantäne, [d429d222fa8f2f070b73d3bb5ea534cc],
PUP.Optional.AdPeak.A, C:\temp\t.txt, In Quarantäne, [d429d222fa8f2f070b73d3bb5ea534cc],
PUP.Optional.NextLive.A, C:\Users\Joachim\AppData\Roaming\newnext.me\nengine.cookie, In Quarantäne, [5aa323d190f9d95d8054a88a8e7535cb],
PUP.Optional.NextLive.A, C:\Users\Joachim\AppData\Roaming\newnext.me\cache\spark.bin, In Quarantäne, [5aa323d190f9d95d8054a88a8e7535cb],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

schrauber 08.01.2015 20:47
bitte alle Logs auf einmal posten wenn Du sie hast :)

Ranexex 08.01.2015 21:17
Muss ich alle AWDcleaner logs posten? Oder nur der der sich nach dem neustart öffnet

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 08.01.2015
Suchlauf-Zeit: 20:23:19
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.08.13
Rootkit Datenbank: v2015.01.07.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Joachim

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 342028
Verstrichene Zeit: 14 Min, 14 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 16
PUP.Optional.AdPeak.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{10AD2C61-0898-4348-8600-14A342F22AC3}, In Quarantäne, [e21baf45f891d95d9c2309dd9e64d22e],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [4cb19262c3c6bb7b5f0557916f937090],
PUP.Optional.Awesomehp.A, HKLM\SOFTWARE\awesomehpSoftware, In Quarantäne, [f5089460ccbd41f5b6933c6db152db25],
PUP.Optional.AdPeak.A, HKLM\SOFTWARE\LevelQualityWatcher, In Quarantäne, [c7365e961376bd79df60abde4cb7eb15],
PUP.Optional.SavingsBull.A, HKLM\SOFTWARE\SavingsbullFilter, In Quarantäne, [8a7321d37a0f55e186c29e0ae0239070],
PUP.Optional.QuickStart.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pelmeidfhdlhlbjimpabfcbnnojbboma, In Quarantäne, [6994cf250782290dad1a5e421fe48779],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPTAB, In Quarantäne, [9b62559f0881e84e72b65726f50e16ea],
PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginService, In Quarantäne, [966750a47d0c41f57a679ed0e1224bb5],
PUP.Optional.Feven.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Feven Pro, In Quarantäne, [5aa343b1e4a567cf1ebdc7df61a2649c],
PUP.Optional.MediaPlayerEnhance.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayerEnhance, In Quarantäne, [da23df1591f85ed8c1bf0c9bd62dcf31],
PUP.Optional.PlusHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-7.7, In Quarantäne, [57a6668e32572c0a8e4b6738b3508b75],
PUP.Optional.ReMarkit.A, HKU\S-1-5-21-2572798978-3448980315-2832292683-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Re_markit, In Quarantäne, [28d50ee6cabf2d099478661112f16d93],
PUP.Optional.SavingsBull.A, HKU\S-1-5-21-2572798978-3448980315-2832292683-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Savings Bull, In Quarantäne, [10ed4ba94e3b51e599ac9711887b7789],
PUP.Optional.Melondrea.A, HKU\S-1-5-21-2572798978-3448980315-2832292683-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\melondrea, In Quarantäne, [08f5579dc0c9e15500df95110bf8e719],
PUP.Optional.PlusHD.A, HKU\S-1-5-21-2572798978-3448980315-2832292683-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-7.7, In Quarantäne, [fa035f95acdd54e2dffaccd36f9440c0],
PUP.Optional.Wajam.A, HKU\S-1-5-21-2572798978-3448980315-2832292683-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WAJAM, In Quarantäne, [6d90f202cebbad89f9ba9f260df7966a],

Registrierungswerte: 2
PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPTAB|ptid, tugs, In Quarantäne, [9b62559f0881e84e72b65726f50e16ea]
PUP.Optional.Wajam.A, HKU\S-1-5-21-2572798978-3448980315-2832292683-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WAJAM|affiliate_id, 6447, In Quarantäne, [6d90f202cebbad89f9ba9f260df7966a]

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 7
PUP.Optional.AdPeak.A, C:\temp, In Quarantäne, [d429d222fa8f2f070b73d3bb5ea534cc],
PUP.Optional.NextLive.A, C:\Users\Joachim\AppData\Roaming\newnext.me, In Quarantäne, [5aa323d190f9d95d8054a88a8e7535cb],
PUP.Optional.NextLive.A, C:\Users\Joachim\AppData\Roaming\newnext.me\cache, In Quarantäne, [5aa323d190f9d95d8054a88a8e7535cb],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService, In Quarantäne, [d02d41b3b0d93bfb9541a1929172857b],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update, In Quarantäne, [d02d41b3b0d93bfb9541a1929172857b],
PUP.Optional.SupTab.A, C:\Program Files\SupTab, In Quarantäne, [52aba1539eeb4ee8729de46b2bd817e9],
PUP.Optional.SupTab.A, C:\Users\Joachim\AppData\Roaming\SupTab, In Quarantäne, [4fae777d7a0f61d5838dfc53ce35ce32],

Dateien: 7
PUP.Optional.SupTab.A, C:\Users\Joachim\AppData\Roaming\SupTab\SupTab.dll, In Quarantäne, [b548d91b0d7c73c3bff636ffee1206fa],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\SupTab.dll, In Quarantäne, [e31a757f50390b2bd3e285b052ae619f],
PUP.Optional.AdPeak.A, C:\temp\lsp2.log, In Quarantäne, [d429d222fa8f2f070b73d3bb5ea534cc],
PUP.Optional.AdPeak.A, C:\temp\InstallFilter32.msi, In Quarantäne, [d429d222fa8f2f070b73d3bb5ea534cc],
PUP.Optional.AdPeak.A, C:\temp\t.txt, In Quarantäne, [d429d222fa8f2f070b73d3bb5ea534cc],
PUP.Optional.NextLive.A, C:\Users\Joachim\AppData\Roaming\newnext.me\nengine.cookie, In Quarantäne, [5aa323d190f9d95d8054a88a8e7535cb],
PUP.Optional.NextLive.A, C:\Users\Joachim\AppData\Roaming\newnext.me\cache\spark.bin, In Quarantäne, [5aa323d190f9d95d8054a88a8e7535cb],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015
Ran by Joachim (administrator) on JOACHIM-PC on 08-01-2015 21:02:21
Running from C:\Users\Joachim\Downloads
Loaded Profiles: Joachim & UpdatusUser (Available profiles: Joachim & UpdatusUser)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguix.exe [1133584 2014-11-28] (AVG Technologies CZ, s.r.o.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2572798978-3448980315-2832292683-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2572798978-3448980315-2832292683-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-2572798978-3448980315-2832292683-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2572798978-3448980315-2832292683-1003\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.de
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2572798978-3448980315-2832292683-1000 -> URL hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3320133&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPC2A04036-4217-4CBB-BE1D-B3784102E42D&q={searchTerms}&SSPV=SE1CG1_sp_ie
SearchScopes: HKU\S-1-5-21-2572798978-3448980315-2832292683-1000 -> SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-2572798978-3448980315-2832292683-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\S-1-5-21-2572798978-3448980315-2832292683-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin: @kaspersky.com/content_blocker -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com ()
FF Plugin: @kaspersky.com/virtual_keyboard -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2572798978-3448980315-2832292683-1000: @phonostar.de/1&1 Internet-Radio-Player -> C:\Program Files\1&1 Internet-Radio-Player\npphonostarDetectNP.dll ( )
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com [2015-01-06]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Bàn phím ảo - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-01-06]
FF HKLM\...\Firefox\Extensions:  - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com [2015-01-06]

Chrome:
=======
CHR Profile: C:\Users\Joachim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Joachim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-19]
CHR Extension: (Google Docs) - C:\Users\Joachim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-19]
CHR Extension: (Google Drive) - C:\Users\Joachim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Joachim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-19]
CHR Extension: (YouTube) - C:\Users\Joachim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-19]
CHR Extension: (Google-Suche) - C:\Users\Joachim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-19]
CHR Extension: (Kaspersky Protection) - C:\Users\Joachim\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-01-06]
CHR Extension: (Google Tabellen) - C:\Users\Joachim\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-19]
CHR Extension: (Google Wallet) - C:\Users\Joachim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-19]
CHR Extension: (Google Mail) - C:\Users\Joachim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-19]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [696848 2014-11-28] (AVG Technologies CZ, s.r.o.)
S2 AVP15.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135264 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [112136 2015-01-06] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [34400 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [644808 2015-01-06] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [24672 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145888 2014-03-26] (Kaspersky Lab ZAO)
S3 KovaPlusFltr; C:\Windows\System32\drivers\KovaPlusFltr.sys [12928 2010-01-25] (ROCCAT Development, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2012-11-23] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Joachim\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-08 21:01 - 2015-01-08 21:01 - 00000711 _____ () C:\Users\Joachim\Desktop\JRT.txt
2015-01-08 20:59 - 2015-01-08 20:59 - 00000000 ____D () C:\Windows\ERUNT
2015-01-08 20:58 - 2015-01-08 20:59 - 01707939 _____ (Thisisu) C:\Users\Joachim\Downloads\JRT.exe
2015-01-08 20:57 - 2015-01-08 20:57 - 00002174 _____ () C:\Users\Joachim\Desktop\AdwCleaner[S1].txt
2015-01-08 20:47 - 2015-01-08 20:47 - 02191360 _____ () C:\Users\Joachim\Downloads\AdwCleaner_4.107.exe
2015-01-08 20:45 - 2015-01-08 20:45 - 00005675 _____ () C:\Users\Joachim\Desktop\mbam.txt
2015-01-08 20:22 - 2015-01-08 20:41 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-08 20:21 - 2015-01-08 20:21 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-08 20:21 - 2015-01-08 20:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-08 20:21 - 2015-01-08 20:21 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-08 20:21 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-08 20:21 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-08 20:21 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-08 20:16 - 2015-01-08 20:19 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Joachim\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-08 19:14 - 2015-01-08 19:14 - 00012720 _____ () C:\ComboFix.txt
2015-01-08 18:57 - 2015-01-08 20:53 - 00015366 _____ () C:\Windows\PFRO.log
2015-01-08 18:56 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-08 18:56 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-08 18:56 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-08 18:56 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-08 18:56 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-08 18:56 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-08 18:56 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-08 18:56 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-08 18:32 - 2015-01-08 19:14 - 00000000 ____D () C:\Qoobox
2015-01-08 18:31 - 2015-01-08 19:12 - 00000000 ____D () C:\Windows\erdnt
2015-01-08 18:28 - 2015-01-08 18:22 - 05609736 ____R (Swearware) C:\Users\Joachim\Desktop\ComboFix.exe
2015-01-08 18:21 - 2015-01-08 18:22 - 05609736 _____ (Swearware) C:\Users\Joachim\Downloads\ComboFix.exe
2015-01-08 18:15 - 2015-01-08 18:15 - 00000000 ____D () C:\Users\Joachim\Downloads\FRST-OlderVersion
2015-01-06 16:46 - 2015-01-06 17:05 - 00019692 _____ () C:\Users\Joachim\Downloads\Addition.txt
2015-01-06 16:45 - 2015-01-08 21:02 - 00011165 _____ () C:\Users\Joachim\Downloads\FRST.txt
2015-01-06 16:45 - 2015-01-08 21:02 - 00000000 ____D () C:\FRST
2015-01-06 16:43 - 2015-01-08 18:15 - 01115648 _____ (Farbar) C:\Users\Joachim\Downloads\FRST.exe
2015-01-06 15:46 - 2015-01-06 15:46 - 16634384 _____ (AVG Technologies) C:\Users\Joachim\Downloads\avg_gse_stb_all_445p1_98.exe
2015-01-06 15:38 - 2015-01-06 15:40 - 00000000 ____D () C:\Users\Joachim\AppData\Local\AvgSetupLog
2015-01-06 15:38 - 2015-01-06 15:40 - 00000000 ____D () C:\ProgramData\Avg
2015-01-06 15:38 - 2015-01-06 15:38 - 16634392 _____ (AVG Technologies) C:\Users\Joachim\Downloads\avg_gse_stb_all_445p1_105.exe
2015-01-06 15:26 - 2015-01-06 15:26 - 00001117 _____ () C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2015-01-06 15:26 - 2015-01-06 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2015-01-06 15:25 - 2015-01-08 20:54 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-06 15:25 - 2015-01-06 15:31 - 00644808 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-01-06 15:25 - 2015-01-06 15:31 - 00112136 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-01-06 15:25 - 2015-01-06 15:25 - 00000000 ____D () C:\Windows\ELAMBKUP
2015-01-06 15:25 - 2015-01-06 15:25 - 00000000 ____D () C:\Program Files\Kaspersky Lab
2015-01-06 15:25 - 2014-04-10 17:25 - 00034400 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-01-06 15:17 - 2015-01-06 15:17 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2015-01-05 14:08 - 2015-01-05 14:08 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-27 12:14 - 2015-01-08 20:54 - 00000560 _____ () C:\Windows\setupact.log
2014-12-27 12:14 - 2014-12-27 12:14 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-20 17:13 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-20 17:08 - 2015-01-08 20:53 - 00162693 _____ () C:\Windows\WindowsUpdate.log
2014-12-16 16:30 - 2014-12-16 16:30 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-11 20:36 - 2014-10-18 02:32 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 20:36 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-11 20:36 - 2014-07-07 02:40 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-11 20:36 - 2014-07-07 02:40 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-11 20:36 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-11 20:05 - 2014-12-04 05:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-11 20:05 - 2014-12-04 05:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-11 20:05 - 2014-12-04 05:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-11 20:05 - 2014-12-04 05:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-11 20:05 - 2014-12-04 05:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-11 20:05 - 2014-12-04 05:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-11 20:05 - 2014-12-04 05:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-11 20:05 - 2014-12-02 00:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-11 20:05 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 20:05 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-11 20:04 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-11 20:04 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 20:04 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 20:04 - 2014-11-22 03:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-11 20:04 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 20:04 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-11 20:04 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-11 20:04 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-11 20:04 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 20:04 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 20:04 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-11 20:04 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 20:04 - 2014-11-22 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-11 20:04 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-11 20:04 - 2014-11-22 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-11 20:04 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 20:04 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 20:04 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-11 20:04 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 20:04 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 20:04 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 20:04 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 20:04 - 2014-11-22 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-11 20:04 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 20:04 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-11 20:04 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 20:04 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 20:04 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 20:04 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-11 20:02 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-11 20:02 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-11 20:02 - 2014-10-03 02:46 - 01179648 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-11 20:02 - 2014-10-03 02:46 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-11 20:02 - 2014-10-03 02:46 - 00214528 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-11 20:02 - 2014-10-03 02:46 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-11 20:02 - 2014-10-03 02:46 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-11 19:58 - 2015-01-06 15:38 - 00000000 ____D () C:\Users\Joachim\AppData\Local\Avg

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-08 21:01 - 2009-07-14 05:34 - 00028704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-08 21:01 - 2009-07-14 05:34 - 00028704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-08 20:54 - 2014-11-19 11:27 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-08 20:54 - 2014-02-07 17:43 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-08 20:54 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-08 20:53 - 2014-04-18 03:52 - 00000000 ____D () C:\AdwCleaner
2015-01-08 20:53 - 2014-01-22 03:19 - 00000000 ____D () C:\Users\Joachim
2015-01-08 20:32 - 2014-11-19 11:27 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-08 20:21 - 2014-04-18 03:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-08 19:14 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2015-01-08 19:14 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-01-08 19:10 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-01-08 18:57 - 2014-04-18 04:27 - 00000000 ____D () C:\Program Files\AVG
2015-01-08 18:57 - 2014-04-18 04:22 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-06 16:26 - 2014-07-28 16:12 - 00000000 ____D () C:\ProgramData\UyfifMojuj
2015-01-05 14:08 - 2014-02-14 09:17 - 00000000 ____D () C:\Users\Joachim\AppData\Local\Adobe
2014-12-29 20:52 - 2014-11-19 11:50 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-12-27 13:22 - 2014-02-15 10:45 - 00000594 _____ () C:\Users\Joachim\Desktop\1&1 Control-Center.website
2014-12-17 18:21 - 2014-02-14 09:18 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-17 17:22 - 2010-11-20 22:01 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-16 18:28 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-12-16 17:33 - 2014-11-19 11:28 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-16 16:30 - 2014-05-09 10:25 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-16 16:30 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-12-16 16:30 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2014-12-11 20:36 - 2014-02-07 17:40 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 20:33 - 2014-02-07 17:40 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-11 19:52 - 2009-07-14 05:33 - 00287736 _____ () C:\Windows\system32\FNTCACHE.DAT

Some content of TEMP:
====================
C:\Users\Joachim\AppData\Local\temp\Quarantine.exe
C:\Users\Joachim\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-16 17:55

==================== End Of Log ============================
--- --- ---

--- --- ---



Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x86
Ran by Joachim on 08.01.2015 at 20:59:35,92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\prefetch\DRIVERINSTALLER.EXE-F98D64B1.pf



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.01.2015 at 21:01:31,38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Code:
# AdwCleaner v4.107 - Bericht erstellt am 08/01/2015 um 20:53:08
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-03.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Joachim - JOACHIM-PC
# Gestartet von : C:\Users\Joachim\Downloads\AdwCleaner_4.107.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\AVG Security Toolbar
Ordner Gelöscht : C:\ProgramData\Allmyapps
Ordner Gelöscht : C:\Program Files\System Speedup
Ordner Gelöscht : C:\Users\Joachim\AppData\Local\genienext
Ordner Gelöscht : C:\Users\Joachim\AppData\Local\CrashRpt
Ordner Gelöscht : C:\Users\Joachim\AppData\Roaming\awesomehp
Ordner Gelöscht : C:\Users\Joachim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop
Datei Gelöscht : C:\Windows\system32\drivers\netfilter.sys
Datei Gelöscht : C:\Users\Joachim\daemonprocess.txt

***** [ Tasks ] *****

Task Gelöscht : MySearchDial

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\OCS

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Google Chrome v39.0.2171.95


*************************

AdwCleaner[R0].txt - [5470 octets] - [18/04/2014 03:52:29]
AdwCleaner[R1].txt - [2113 octets] - [08/01/2015 20:49:03]
AdwCleaner[S0].txt - [5207 octets] - [18/04/2014 03:53:17]
AdwCleaner[S1].txt - [2034 octets] - [08/01/2015 20:53:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2094 octets] ##########

Code:
# AdwCleaner v3.016 - Bericht erstellt am 18/04/2014 um 04:53:17
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Joachim - JOACHIM-PC
# Gestartet von : C:\Users\Joachim\Desktop\adwcleaner_3.016.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : Level Quality Watcher

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Program Files\IminentToolbar
Ordner Gelöscht : C:\Program Files\Level Quality Watcher
Ordner Gelöscht : C:\Users\Joachim\AppData\Local\lollipop
Ordner Gelöscht : C:\Users\Joachim\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Joachim\AppData\Local\Temp\Iminent
Ordner Gelöscht : C:\Users\Joachim\AppData\LocalLow\IminentToolbar
Ordner Gelöscht : C:\Users\Joachim\AppData\LocalLow\Mysearchdial
Ordner Gelöscht : C:\Users\Joachim\AppData\Roaming\IminentToolbar
Ordner Gelöscht : C:\Users\Joachim\AppData\Roaming\Mysearchdial
Ordner Gelöscht : C:\Users\Joachim\AppData\Roaming\Systweak
Datei Gelöscht : C:\Windows\system32\roboot.exe
Datei Gelöscht : C:\Users\Joachim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Datei Gelöscht : C:\Windows\Tasks\MySearchDial.job
Datei Gelöscht : C:\Windows\System32\Tasks\MySearchDial

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A304CFF1-7F8B-4F7D-BCD4-FEE5DEEF97B0}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A304CFF1-7F8B-4F7D-BCD4-FEE5DEEF97B0}
Schlüssel Gelöscht : HKCU\Software\Classes\Applications\lollipop.exe
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [IminentMessenger]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Schlüssel Gelöscht : HKCU\Software\distromatic
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\lollipop
Schlüssel Gelöscht : HKCU\Software\mysearchdial
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\mysearchdial
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\systweak

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Google Chrome v33.0.1750.154

[ Datei : C:\Users\Joachim\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : suggest_url
Gelöscht : keyword
Gelöscht : search_url

*************************

AdwCleaner[R0].txt - [5470 octets] - [18/04/2014 04:52:29]
AdwCleaner[S0].txt - [5067 octets] - [18/04/2014 04:53:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5127 octets] ##########


Code:
# AdwCleaner v4.107 - Bericht erstellt am 08/01/2015 um 20:49:03
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-03.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Joachim - JOACHIM-PC
# Gestartet von : C:\Users\Joachim\Downloads\AdwCleaner_4.107.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Users\Joachim\daemonprocess.txt
Datei Gefunden : C:\Windows\system32\drivers\netfilter.sys
Ordner Gefunden : C:\Program Files\System Speedup
Ordner Gefunden : C:\ProgramData\Allmyapps
Ordner Gefunden : C:\ProgramData\AVG Security Toolbar
Ordner Gefunden : C:\Users\Joachim\AppData\Local\CrashRpt
Ordner Gefunden : C:\Users\Joachim\AppData\Local\genienext
Ordner Gefunden : C:\Users\Joachim\AppData\Roaming\awesomehp
Ordner Gefunden : C:\Users\Joachim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop

***** [ Tasks ] *****

Task Gefunden : MySearchDial

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\AnyProtect
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Google Chrome v39.0.2171.95


*************************

AdwCleaner[R0].txt - [5470 octets] - [18/04/2014 03:52:29]
AdwCleaner[R1].txt - [1913 octets] - [08/01/2015 20:49:03]
AdwCleaner[S0].txt - [5207 octets] - [18/04/2014 03:53:17]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2033 octets] ##########


Code:
# AdwCleaner v3.016 - Bericht erstellt am 18/04/2014 um 04:52:29
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Joachim - JOACHIM-PC
# Gestartet von : C:\Users\Joachim\Desktop\adwcleaner_3.016.exe
# Option : Suchen

***** [ Dienste ] *****

Dienst Gefunden : Level Quality Watcher

***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Users\Joachim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Datei Gefunden : C:\Windows\system32\roboot.exe
Datei Gefunden : C:\Windows\System32\Tasks\MySearchDial
Datei Gefunden : C:\Windows\Tasks\MySearchDial.job
Ordner Gefunden C:\Program Files\IminentToolbar
Ordner Gefunden C:\Program Files\Level Quality Watcher
Ordner Gefunden C:\ProgramData\WPM
Ordner Gefunden C:\Users\Joachim\AppData\Local\lollipop
Ordner Gefunden C:\Users\Joachim\AppData\Local\Mobogenie
Ordner Gefunden C:\Users\Joachim\AppData\Local\Temp\Iminent
Ordner Gefunden C:\Users\Joachim\AppData\LocalLow\IminentToolbar
Ordner Gefunden C:\Users\Joachim\AppData\LocalLow\Mysearchdial
Ordner Gefunden C:\Users\Joachim\AppData\Roaming\IminentToolbar
Ordner Gefunden C:\Users\Joachim\AppData\Roaming\Mysearchdial
Ordner Gefunden C:\Users\Joachim\AppData\Roaming\Systweak

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gefunden : HKCU\Software\Classes\Applications\lollipop.exe
Schlüssel Gefunden : HKCU\Software\distromatic
Schlüssel Gefunden : HKCU\Software\InstallCore
Schlüssel Gefunden : HKCU\Software\lollipop
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gefunden : HKCU\Software\mysearchdial
Schlüssel Gefunden : HKCU\Software\systweak
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Iminent
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gefunden : HKLM\Software\Iminent
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\MySearchDial
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A304CFF1-7F8B-4F7D-BCD4-FEE5DEEF97B0}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Schlüssel Gefunden : HKLM\Software\mysearchdial
Schlüssel Gefunden : HKLM\Software\supWPM
Schlüssel Gefunden : HKLM\Software\systweak
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [IminentMessenger]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521

Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://start.mysearchdial.com/?f=1&a=irmsd0202ie&cd=2XzuyEtN2Y1L1QzutDtDtByC0CyCtC0FtB0E0EtDzztCtByEtN0D0Tzu0SyBzzyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=2113193762&ir=
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://start.mysearchdial.com/?f=2&a=irmsd0202ie&cd=2XzuyEtN2Y1L1QzutDtDtByC0CyCtC0FtB0E0EtDzztCtByEtN0D0Tzu0SyBzzyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=2113193762&ir=

-\\ Google Chrome v33.0.1750.154

[ Datei : C:\Users\Joachim\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gefunden : suggest_url
Gefunden : keyword
Gefunden : search_url
Gefunden : suggest_url

*************************

AdwCleaner[R0].txt - [5330 octets] - [18/04/2014 04:52:29]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5390 octets] ##########

schrauber 08.01.2015 22:52

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Ranexex 09.01.2015 14:39
Melde mich morgen und gebe bescheid wie es jetzt aussieht :)

schrauber 09.01.2015 14:45
ok :)

Ranexex 10.01.2015 20:00
Hat heute nicht mehr geklappt, morgen habe ich mehr zeit. Sorry :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:10 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55