Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Win32:Malware-gen taucht immer wieder auf (https://www.trojaner-board.de/162619-win32-malware-gen-taucht-immer.html)

SinXx 09.01.2015 19:42
Win32:Malware-gen taucht immer wieder auf
 
Moin liebe Trojaner,
ich bin bei meiner Suche Win32:Malware-gen (so die Bezeichung durch Avast) los zu werden, auf Eure Seite gestossen, da ich immer wieder Probleme mit einer Virusmeldung durch Avast habe. Avast selber benennt den Fund als Win32:Malware-gen und findet diesen nach erneuten Scans und verschieben in die Quarantäne immer wieder in anderen Ordnern. Nachdem ich mehre Male Scans auch aus dem Bootmodus heraus durchgeführt habe, kommt doch die Meldung immer wieder das ich infiziert bin, heute zudem durch Windows selbst. Die Meldung taucht auf wenn ich lange den Rechner laufen lasse oder direkt nach dem hochstarten. Zudem scheint zuweilen die Browsergeschwindigkeit sich zu reduzieren. Ich habe hier in anderen Foren gelesen das andere User ähnliche Probleme zu habne scheinen und wollte nichts weiter auf eigene Faust unternehmen.

Herzlichen Dank SinXx

schrauber 09.01.2015 19:58
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


SinXx 09.01.2015 23:41
Alles Klar. Eins noch zur Ergänzung. Die Virusmeldung taucht manchmal in den Scans mit Avast auf und manchmal auch nicht.Folgend nun die Scanergebnisse


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by oem (ATTENTION: The logged in user is not administrator) on W7P64 on 09-01-2015 23:34:29
Running from C:\Users\oem\Desktop
Loaded Profiles: oem & Access (Available profiles: oem & Access)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
() C:\Users\oem\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-04] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-22] (Synaptics Incorporated)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-03-12] (Alcor Micro Corp.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [968272 2013-11-02] (Dritek System Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-13] (AVAST Software)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2840979918-3318856535-3558480780-1000\...\Run: [] => [X]
HKU\S-1-5-21-2840979918-3318856535-3558480780-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2840979918-3318856535-3558480780-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2840979918-3318856535-3558480780-1000\...\Run: [Google Update] => C:\Users\oem\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-02-15] (Google Inc.)
HKU\S-1-5-21-2840979918-3318856535-3558480780-1000\...\Run: [Amazon Music] => C:\Users\oem\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281024 2014-10-15] ()
HKU\S-1-5-21-2840979918-3318856535-3558480780-1000\...\MountPoints2: {b5745470-42f4-11e3-a31e-9f49de13322b} - F:\Password.exe
AppInit_DLLs: C:\Users\Access\AppData\Local\Linkey\IEEXTE~1\iedll64.dll => C:\Users\Access\AppData\Local\Linkey\IEEXTE~1\iedll64.dll File Not Found
AppInit_DLLs-x32: C:\Users\Access\AppData\Local\Linkey\IEEXTE~1\iedll.dll => "C:\Users\Access\AppData\Local\Linkey\IEEXTE~1\iedll.dll" File Not Found
HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll [488464 2014-08-31] ()
HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll [662032 2014-08-31] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = This message is from the Microsoft Safety & Security Center
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = This message is from the Microsoft Safety & Security Center
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2840979918-3318856535-3558480780-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-2840979918-3318856535-3558480780-1000\Software\Microsoft\Internet Explorer\Main,Start Page = This message is from the Microsoft Safety & Security Center
HKU\S-1-5-21-2840979918-3318856535-3558480780-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland
HKU\S-1-5-21-2840979918-3318856535-3558480780-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
URLSearchHook: HKU\S-1-5-21-2840979918-3318856535-3558480780-1000 - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
URLSearchHook: [S-1-5-21-2840979918-3318856535-3558480780-1005] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=122&itype=n&ver=13892&tm=477&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=64300709-7a70-5387-bed7-ccdb237a3fa6&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=15/01/2014&type=hp1000
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=122&itype=n&ver=13892&tm=477&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2840979918-3318856535-3558480780-1000 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2840979918-3318856535-3558480780-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=64300709-7a70-5387-bed7-ccdb237a3fa6&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=15/01/2014&type=hp1000
SearchScopes: HKU\S-1-5-21-2840979918-3318856535-3558480780-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: No Name -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} ->  No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: No Name -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} ->  No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} ->  No File
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\4xssnhkg.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2840979918-3318856535-3558480780-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\oem\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2840979918-3318856535-3558480780-1000: @talk.google.com/O1DPlugin -> C:\Users\oem\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2840979918-3318856535-3558480780-1000: @tools.google.com/Google Update;version=3 -> C:\Users\oem\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2840979918-3318856535-3558480780-1000: @tools.google.com/Google Update;version=9 -> C:\Users\oem\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\oem\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\oem\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml
FF Extension: LastPass - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\4xssnhkg.default\Extensions\support@lastpass.com [2014-03-22]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\4xssnhkg.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-02-16]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\4xssnhkg.default\Extensions\elemhidehelper@adblockplus.org.xpi [2014-02-16]
FF Extension: Google™ Hangouts - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\4xssnhkg.default\Extensions\jid1-uqbSKwXpf2K6yl@jetpack.xpi [2014-11-12]
FF Extension: Google Translator for Firefox - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\4xssnhkg.default\Extensions\translator@zoli.bod.xpi [2014-02-16]
FF Extension: YouTube High Definition - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\4xssnhkg.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-07-10]
FF Extension: Adblock Plus - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\4xssnhkg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-16]
FF Extension: DownThemAll! - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\4xssnhkg.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-11-12]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-19]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=AV01
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=AV01"
CHR DefaultSearchKeyword: Default -> search.yahoo.com
CHR DefaultSearchURL: Default -> hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=64300709-7a70-5387-bed7-ccdb237a3fa6&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate={installDate}&type=hp1000
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-02]
CHR Extension: (Google Drive) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-31]
CHR Extension: (YouTube) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-02]
CHR Extension: (Adblock Plus) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-11-03]
CHR Extension: (Google-Suche) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-02]
CHR Extension: (Avast Online Security) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-12-19]
CHR Extension: (Link per Mail) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngjdhjgbagpeimgpgloofkfoipgpdgdb [2013-11-03]
CHR Extension: (Google Wallet) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-02]
CHR Extension: (Google Mail) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-02]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [76448 2011-01-20] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-01] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-01] (Avast Software)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 SmdmFService; C:\Program Files (x86)\Settings Manager\smdmf\SmdmFService.exe [3572240 2014-08-31] (Aztec Media Inc)
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband Drivers\WMCore\mini_WMCore.exe [462888 2010-03-18] (Ericsson AB)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-01] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-01] ()
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R3 e36gbus; C:\Windows\System32\DRIVERS\e36gbus.sys [328704 2009-06-30] (MCCI Corporation)
R3 e36gmdfl; C:\Windows\System32\DRIVERS\e36gmdfl.sys [19456 2009-06-30] (MCCI Corporation)
R3 e36gmdm; C:\Windows\System32\DRIVERS\e36gmdm.sys [432128 2009-06-30] (MCCI Corporation)
R3 e36gmgmt; C:\Windows\System32\DRIVERS\e36gmgmt.sys [376320 2009-06-30] (MCCI Corporation)
R3 e36wscard; C:\Windows\System32\DRIVERS\e36wscard.sys [60968 2009-10-13] (Ericsson AB)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2010-03-03] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2010-03-03] (Ericsson AB)
R1 F06DEFF2-5B9C-490D-910F-35D3A9119622; C:\Program Files (x86)\Settings Manager\smdmf\x64\smdmfmgrc2.cfg [41872 2014-08-31] (Aztec Media Inc)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-01] (Avast Software)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [269864 2010-03-09] (Ericsson AB)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 23:34 - 2015-01-09 23:34 - 00020935 _____ () C:\Users\oem\Desktop\FRST.txt
2015-01-09 23:34 - 2015-01-09 23:34 - 00000000 ____D () C:\FRST
2015-01-09 23:30 - 2015-01-09 23:31 - 02124288 _____ (Farbar) C:\Users\oem\Desktop\FRST64.exe
2015-01-09 10:54 - 2015-01-09 10:54 - 00000197 _____ () C:\Windows\system32\2015-01-09-09-54-30.070-AvastVBoxSVC.exe-2840.log
2015-01-08 17:55 - 2015-01-08 17:55 - 00000000 ____D () C:\Sun
2015-01-08 14:13 - 2015-01-08 14:13 - 00000197 _____ () C:\Windows\system32\2015-01-08-13-13-00.014-AvastVBoxSVC.exe-2580.log
2015-01-07 11:06 - 2015-01-07 11:06 - 00000197 _____ () C:\Windows\system32\2015-01-07-10-06-43.084-AvastVBoxSVC.exe-2684.log
2015-01-06 11:18 - 2015-01-06 11:19 - 00000197 _____ () C:\Windows\system32\2015-01-06-10-18-52.039-AvastVBoxSVC.exe-2564.log
2015-01-05 14:46 - 2015-01-05 14:46 - 00000197 _____ () C:\Windows\system32\2015-01-05-13-46-08.003-AvastVBoxSVC.exe-2592.log
2015-01-04 11:50 - 2015-01-04 11:50 - 00000197 _____ () C:\Windows\system32\2015-01-04-10-50-51.007-AvastVBoxSVC.exe-2600.log
2015-01-04 09:30 - 2015-01-04 09:30 - 00000197 _____ () C:\Windows\system32\2015-01-04-08-30-13.002-AvastVBoxSVC.exe-4584.log
2015-01-02 10:39 - 2015-01-02 10:39 - 00000197 _____ () C:\Windows\system32\2015-01-02-09-39-24.070-AvastVBoxSVC.exe-2496.log
2015-01-01 10:45 - 2015-01-01 10:46 - 00000197 _____ () C:\Windows\system32\2015-01-01-09-45-44.011-AvastVBoxSVC.exe-2856.log
2014-12-31 19:52 - 2014-12-31 19:52 - 00000197 _____ () C:\Windows\system32\2014-12-31-18-52-21.029-AvastVBoxSVC.exe-2604.log
2014-12-31 11:18 - 2014-12-31 11:19 - 00000197 _____ () C:\Windows\system32\2014-12-31-10-18-47.075-AvastVBoxSVC.exe-2892.log
2014-12-31 07:41 - 2014-12-31 07:41 - 00000197 _____ () C:\Windows\system32\2014-12-31-06-41-06.077-AvastVBoxSVC.exe-4960.log
2014-12-30 21:57 - 2014-12-30 21:57 - 00000197 _____ () C:\Windows\system32\2014-12-30-20-57-26.051-AvastVBoxSVC.exe-2652.log
2014-12-28 18:48 - 2014-12-28 18:49 - 00000197 _____ () C:\Windows\system32\2014-12-28-17-48-58.074-AvastVBoxSVC.exe-2592.log
2014-12-23 21:15 - 2014-12-23 21:15 - 00000197 _____ () C:\Windows\system32\2014-12-23-20-15-09.021-AvastVBoxSVC.exe-3524.log
2014-12-22 22:27 - 2014-12-22 22:28 - 00000197 _____ () C:\Windows\system32\2014-12-22-21-27-46.089-AvastVBoxSVC.exe-2792.log
2014-12-22 01:07 - 2014-12-22 01:07 - 00000247 _____ () C:\Windows\system32\2014-12-22-00-07-51.047-aswFe.exe-3892.log
2014-12-22 01:02 - 2014-12-22 01:07 - 00000247 _____ () C:\Windows\system32\2014-12-22-00-02-06.025-aswFe.exe-3036.log
2014-12-22 01:02 - 2014-12-22 01:02 - 00000197 _____ () C:\Windows\system32\2014-12-22-00-02-00.085-AvastVBoxSVC.exe-4576.log
2014-12-22 00:49 - 2014-12-22 00:49 - 00000197 _____ () C:\Windows\system32\2014-12-21-23-49-57.067-AvastVBoxSVC.exe-2692.log
2014-12-21 18:56 - 2014-12-21 18:57 - 00000197 _____ () C:\Windows\system32\2014-12-21-17-56-28.011-AvastVBoxSVC.exe-2688.log
2014-12-21 10:33 - 2014-12-21 10:33 - 00000197 _____ () C:\Windows\system32\2014-12-21-09-33-21.093-AvastVBoxSVC.exe-2600.log
2014-12-21 04:46 - 2014-12-21 04:46 - 00000197 _____ () C:\Windows\system32\2014-12-21-03-46-27.052-AvastVBoxSVC.exe-2724.log
2014-12-20 20:57 - 2014-12-20 20:57 - 00000197 _____ () C:\Windows\system32\2014-12-20-19-57-33.042-AvastVBoxSVC.exe-3044.log
2014-12-19 23:09 - 2014-12-19 23:10 - 00000197 _____ () C:\Windows\system32\2014-12-19-22-09-51.067-AvastVBoxSVC.exe-2684.log
2014-12-19 07:59 - 2014-12-19 07:59 - 00000197 _____ () C:\Windows\system32\2014-12-19-06-59-02.022-AvastVBoxSVC.exe-2512.log
2014-12-18 21:06 - 2014-12-18 21:06 - 00000197 _____ () C:\Windows\system32\2014-12-18-20-06-16.044-AvastVBoxSVC.exe-2688.log
2014-12-18 07:56 - 2014-12-18 07:56 - 00000197 _____ () C:\Windows\system32\2014-12-18-06-56-34.002-AvastVBoxSVC.exe-3428.log
2014-12-17 22:39 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 22:39 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-17 22:32 - 2014-12-17 22:33 - 00000197 _____ () C:\Windows\system32\2014-12-17-21-32-38.078-AvastVBoxSVC.exe-2560.log
2014-12-16 22:15 - 2014-12-16 22:16 - 00000197 _____ () C:\Windows\system32\2014-12-16-21-15-51.034-AvastVBoxSVC.exe-2584.log
2014-12-15 20:46 - 2014-12-15 20:47 - 00000197 _____ () C:\Windows\system32\2014-12-15-19-46-32.094-AvastVBoxSVC.exe-2512.log
2014-12-14 08:58 - 2014-12-14 08:58 - 00000197 _____ () C:\Windows\system32\2014-12-14-07-58-13.083-AvastVBoxSVC.exe-2712.log
2014-12-13 23:52 - 2014-12-13 23:52 - 00000197 _____ () C:\Windows\system32\2014-12-13-22-52-25.033-AvastVBoxSVC.exe-2668.log
2014-12-13 21:15 - 2014-12-13 21:15 - 00000197 _____ () C:\Windows\system32\2014-12-13-20-15-27.026-AvastVBoxSVC.exe-2620.log
2014-12-11 19:45 - 2014-12-11 19:46 - 00000197 _____ () C:\Windows\system32\2014-12-11-18-45-51.046-AvastVBoxSVC.exe-3068.log
2014-12-10 22:03 - 2014-12-10 22:03 - 00000197 _____ () C:\Windows\system32\2014-12-10-21-03-12.081-AvastVBoxSVC.exe-2556.log
2014-12-10 18:30 - 2014-12-10 18:30 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 18:06 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 18:06 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 17:59 - 2014-12-10 17:59 - 00000197 _____ () C:\Windows\system32\2014-12-10-16-59-31.065-AvastVBoxSVC.exe-2852.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 23:34 - 2009-07-14 05:45 - 00031680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-09 23:34 - 2009-07-14 05:45 - 00031680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-09 23:33 - 2014-09-21 06:12 - 00000000 ____D () C:\ProgramData\smdmf
2015-01-09 23:31 - 2014-02-06 20:43 - 00000000 ____D () C:\Users\oem\AppData\Local\139E8B46-3AF9-4E30-90B2-54FD4E96A290.aplzod
2015-01-09 23:18 - 2013-11-02 10:53 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-09 23:01 - 2013-11-02 10:32 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-09 22:41 - 2014-02-18 15:58 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2840979918-3318856535-3558480780-1000UA.job
2015-01-09 22:00 - 2013-11-01 13:18 - 01916695 _____ () C:\Windows\WindowsUpdate.log
2015-01-09 19:16 - 2014-09-16 19:37 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-01-09 18:18 - 2013-11-02 10:53 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-09 12:41 - 2014-02-18 15:58 - 00001060 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2840979918-3318856535-3558480780-1000Core.job
2015-01-09 10:51 - 2013-11-03 13:01 - 00127346 _____ () C:\Windows\setupact.log
2015-01-09 10:51 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-09 02:53 - 2014-02-09 18:20 - 00000000 ____D () C:\Users\oem\AppData\Roaming\Skype
2015-01-08 19:22 - 2014-02-09 18:20 - 00000000 ____D () C:\ProgramData\Skype
2015-01-08 19:21 - 2014-10-04 21:52 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-08 17:54 - 2013-11-02 10:32 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-08 17:54 - 2013-11-02 10:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-03 20:37 - 2013-12-18 00:01 - 00000000 ____D () C:\Users\oem\AppData\Local\CrashDumps
2014-12-31 16:08 - 2014-01-15 18:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-12-31 16:08 - 2014-01-15 18:42 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-12-31 16:08 - 2014-01-15 18:41 - 00000000 ____D () C:\ProgramData\DivX
2014-12-28 19:10 - 2014-04-11 22:37 - 00000000 ____D () C:\Users\Access
2014-12-14 16:47 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-14 08:55 - 2013-11-02 11:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-14 08:55 - 2013-11-02 11:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-14 01:19 - 2013-11-02 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-10 18:32 - 2014-02-16 19:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-10 18:30 - 2014-05-07 00:42 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 18:30 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 18:30 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 18:14 - 2013-11-02 16:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 18:13 - 2013-11-02 10:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 18:08 - 2013-11-02 10:34 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\oem\AppData\Local\Temp\RSPUpgradeInstaller.exe
C:\Users\oem\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by oem at 2015-01-09 23:35:16
Running from C:\Users\oem\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Acer 3G Connection Manager (HKLM-x32\...\{6B8DAC83-5C2D-4A2A-9732-310CEBC28892}) (Version: 6.1.18.5 - Ericsson)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3502 - Acer Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{BC15023B-48DB-4F71-9C25-CFE1A8BB7202}) (Version: 1.7.17.06011 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.7.17.06011 - Alcor Micro Corp.) Hidden
Amazon Music (HKU\S-1-5-21-2840979918-3318856535-3558480780-1000\...\Amazon Amazon Music) (Version: 3.0.0.564 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Biet-O-Matic v2.14.12 (HKLM-x32\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.56 - Atheros Communications)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.121.0.50 - Conexant)
Dalenryder Password Generator Version 1.8 (HKLM-x32\...\{35D1F853-4D59-4141-8417-B2EC1DA7DFE1}_is1) (Version: 1.8 - Dalenryder Media)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
DolbyFiles (x32 Version: 2.0 - Nero AG) Hidden
Foxy Secure (HKLM-x32\...\Foxy Secure) (Version: 6 - ) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.11 - Acer Inc.)
Menu Templates - Starter Kit (x32 Version: 9.6.0.0 - Nero AG) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Midnight Club II (HKLM-x32\...\{F3856E7C-AD71-48E1-9A95-6D7E7FCB164A}) (Version: 2.0 - )
Mobile Broadband Drivers (HKLM\...\{2814AB08-F88B-4D7C-83EB-B5DE276C5986}) (Version: 6.1.13.101 - Ericsson AB)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Nero 9 (HKLM-x32\...\{13ff457a-1977-479a-968a-15439a18704f}) (Version:  - Nero AG)
Nero 9 Essentials (HKLM-x32\...\{c8f9848c-24de-4c09-b061-84fcb71d5e41}) (Version:  - Nero AG)
Settings Manager (HKLM-x32\...\Settings Manager) (Version: 5.0.0.13892 - Aztec Media Inc) <==== ATTENTION
Sharepod 4.0.1.1 (HKLM-x32\...\{085BCFB8-F6FB-4600-AFAB-1F6DBC7F5F99}_is1) (Version:  - Macroplant LLC)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SopCast 3.8.3 (HKLM-x32\...\SopCast) (Version: 3.8.3 - SopCast - Free P2P internet TV | live football, NBA, cricket)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.18.0 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Zattoo4 4.0.5 (HKLM-x32\...\Zattoo4) (Version: 4.0.5 - Zattoo Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2840979918-3318856535-3558480780-1000Core.job => C:\Users\oem\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2840979918-3318856535-3558480780-1000UA.job => C:\Users\oem\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-09-21 06:12 - 2014-08-31 14:27 - 00662032 _____ () C:\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll
2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-06-14 16:25 - 2014-10-15 06:35 - 06281024 _____ () C:\Users\oem\AppData\Local\Amazon Music\Amazon Music Helper.exe
2014-01-10 06:26 - 2014-01-10 06:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

========================= Accounts: ==========================

Access (S-1-5-21-2840979918-3318856535-3558480780-1005 - Administrator - Enabled) => C:\Users\Access
Administrator (S-1-5-21-2840979918-3318856535-3558480780-500 - Administrator - Disabled)
Gast (S-1-5-21-2840979918-3318856535-3558480780-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2840979918-3318856535-3558480780-1004 - Limited - Enabled)
oem (S-1-5-21-2840979918-3318856535-3558480780-1000 - Limited - Enabled) => C:\Users\oem

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/09/2015 11:31:48 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/09/2015 11:07:19 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {c824beb1-06a7-4cd9-9d08-40c31308dab5}

Error: (01/09/2015 10:52:10 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (01/08/2015 05:55:17 PM) (Source: MsiInstaller) (EventID: 11719) (User: )
Description: Produkt: Java 7 Update 67 -- Fehler 1719.Auf den Windows Installer-Dienst konnte nicht zugegriffen werden. Dies kann auftreten, wenn der Windows Installer nicht richtig installiert wurde. Wenden Sie sich an den Support, um weitere Unterstützung zu erhalten.

Error: (01/08/2015 02:13:10 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (01/07/2015 11:06:32 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (01/06/2015 11:18:39 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (01/05/2015 05:22:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3042

Error: (01/05/2015 05:22:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3042

Error: (01/05/2015 05:22:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (01/07/2015 11:06:19 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053AvastVBoxSvc{F319F1B8-7587-4146-AF9C-0D6D77819BF1}

Error: (01/07/2015 11:06:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AvastVBox COM Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (01/07/2015 11:06:18 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst AvastVBox COM Service erreicht.

Error: (01/07/2015 02:58:11 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (01/05/2015 08:40:57 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (01/05/2015 08:40:25 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst UMVPFSrv erreicht.

Error: (01/04/2015 09:29:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AvastVBox COM Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (01/04/2015 09:29:48 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst AvastVBox COM Service erreicht.

Error: (01/04/2015 09:29:49 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053AvastVBoxSvc{F319F1B8-7587-4146-AF9C-0D6D77819BF1}

Error: (01/04/2015 00:48:55 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}


Microsoft Office Sessions:
=========================
Error: (04/13/2014 09:37:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 35 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz
Percentage of memory in use: 31%
Total physical RAM: 3764.48 MB
Available physical RAM: 2564.45 MB
Total Pagefile: 7527.15 MB
Available Pagefile: 5978.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Cystem) (Fixed) (Total:99.75 GB) (Free:36.77 GB) NTFS
Drive d: (Daten) (Fixed) (Total:198.24 GB) (Free:197.84 GB) NTFS
Drive e: (BAND_OF_BROTHERS_DISC1) (CDROM) (Total:5.38 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

==================== End Of Log ============================
--- --- ---

schrauber 10.01.2015 11:46
unsere Tools brauchen immer Adminrechte!


Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Foxy Secure

    Settings Manager


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 






Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

SinXx 10.01.2015 16:04
Combofix Logfile:
Code:
ComboFix 15-01-08.01 - Access 10.01.2015  13:50:53.1.4 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.3764.1821 [GMT 1:00]
ausgeführt von:: c:\users\oem\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-12-10 bis 2015-01-10  ))))))))))))))))))))))))))))))
.
.
2015-01-10 12:56 . 2015-01-10 12:56        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-01-10 12:23 . 2015-01-10 12:23        --------        d-----w-        c:\program files (x86)\VS Revo Group
2015-01-10 12:16 . 2015-01-10 12:16        --------        d-----w-        c:\users\Access\AppData\Local\Skype
2015-01-10 12:16 . 2015-01-10 12:40        --------        d-----w-        c:\users\Access\AppData\Roaming\Skype
2015-01-09 22:34 . 2015-01-09 22:35        --------        d-----w-        C:\FRST
2015-01-09 09:58 . 2014-12-02 10:26        11870360        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{A543ADB9-5032-45DC-BFA6-DBE3B1D05AF9}\mpengine.dll
2015-01-08 16:55 . 2015-01-08 16:55        --------        d-----w-        C:\Sun
2014-12-17 21:39 . 2014-12-13 05:09        144384        ----a-w-        c:\windows\system32\ieUnatt.exe
2014-12-17 21:39 . 2014-12-13 03:33        115712        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-08 16:54 . 2013-11-02 09:32        701616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-08 16:54 . 2013-11-02 09:32        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-06 03:36 . 2010-11-21 03:27        298120        ------w-        c:\windows\system32\MpSigStub.exe
2014-12-10 17:08 . 2013-11-02 09:34        112710672        ----a-w-        c:\windows\system32\MRT.exe
2014-12-04 02:50 . 2014-12-09 20:29        413184        ----a-w-        c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-09 20:29        741376        ----a-w-        c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-09 20:29        396800        ----a-w-        c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-09 20:29        830976        ----a-w-        c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-09 20:29        192000        ----a-w-        c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2014-12-09 20:29        227328        ----a-w-        c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-09 20:29        1083392        ----a-w-        c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-09 20:29        1232040        ----a-w-        c:\windows\system32\aitstatic.exe
2014-12-01 18:49 . 2013-12-19 19:34        1050432        ----a-w-        c:\windows\system32\drivers\aswsnx.sys
2014-12-01 18:49 . 2014-05-10 07:39        29208        ----a-w-        c:\windows\system32\drivers\aswHwid.sys
2014-12-01 18:49 . 2013-12-19 19:35        116728        ----a-w-        c:\windows\system32\drivers\aswstm.sys
2014-12-01 18:49 . 2013-12-19 19:34        65776        ----a-w-        c:\windows\system32\drivers\aswRvrt.sys
2014-12-01 18:49 . 2013-12-19 19:34        267632        ----a-w-        c:\windows\system32\drivers\aswVmm.sys
2014-12-01 18:49 . 2013-12-19 19:34        436624        ----a-w-        c:\windows\system32\drivers\aswsp.sys
2014-12-01 18:49 . 2013-12-19 19:34        83280        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2014-12-01 18:49 . 2014-12-01 18:49        364512        ----a-w-        c:\windows\system32\aswBoot.exe
2014-12-01 18:49 . 2013-12-19 19:34        93568        ----a-w-        c:\windows\system32\drivers\aswRdr2.sys
2014-12-01 18:49 . 2014-12-01 18:49        43152        ----a-w-        c:\windows\avastSS.scr
2014-11-27 01:43 . 2014-12-09 20:28        389296        ----a-w-        c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2014-12-09 20:28        25059840        ----a-w-        c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-09 20:28        2724864        ----a-w-        c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-09 20:28        4096        ----a-w-        c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-09 20:28        66560        ----a-w-        c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-09 20:28        580096        ----a-w-        c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-09 20:28        48640        ----a-w-        c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-09 20:28        2885120        ----a-w-        c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-09 20:28        88064        ----a-w-        c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-09 20:28        54784        ----a-w-        c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-09 20:28        34304        ----a-w-        c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-09 20:28        633856        ----a-w-        c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-09 20:28        114688        ----a-w-        c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-09 20:28        814080        ----a-w-        c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-09 20:28        6039552        ----a-w-        c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-09 20:28        968704        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-09 20:28        490496        ----a-w-        c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-09 20:28        2724864        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-09 20:28        77824        ----a-w-        c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-09 20:28        199680        ----a-w-        c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-09 20:28        92160        ----a-w-        c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-09 20:28        501248        ----a-w-        c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-09 20:28        62464        ----a-w-        c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-09 20:28        47616        ----a-w-        c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-09 20:28        64000        ----a-w-        c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-09 20:28        316928        ----a-w-        c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-09 20:28        620032        ----a-w-        c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-09 20:28        718848        ----a-w-        c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-09 20:28        800768        ----a-w-        c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-09 20:28        1359360        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-09 20:28        2125312        ----a-w-        c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-09 20:28        14412800        ----a-w-        c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-09 20:28        60416        ----a-w-        c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-09 20:28        4299264        ----a-w-        c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-09 20:28        2358272        ----a-w-        c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-09 20:28        2052096        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-09 20:28        1155072        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-09 20:28        1548288        ----a-w-        c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-09 20:28        800768        ----a-w-        c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-09 20:28        1888256        ----a-w-        c:\windows\SysWow64\wininet.dll
2014-11-18 13:56 . 2014-11-18 13:56        1202848        ----a-w-        c:\windows\SysWow64\FM20.DLL
2014-11-11 03:09 . 2014-12-09 20:29        1424384        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-18 18:53        241152        ----a-w-        c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-18 18:53        728064        ----a-w-        c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-09 20:29        1230336        ----a-w-        c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-18 18:53        186880        ----a-w-        c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-18 18:53        550912        ----a-w-        c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-09 20:29        119296        ----a-w-        c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2014-12-09 20:26        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-09 20:26        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2014-11-06 05:42 . 2014-11-06 05:42        341848        ----a-w-        c:\windows\SysWow64\DivXControlPanelApplet.cpl
2014-10-30 02:03 . 2014-12-09 20:26        165888        ----a-w-        c:\windows\system32\charmap.exe
2014-10-30 01:45 . 2014-12-09 20:26        155136        ----a-w-        c:\windows\SysWow64\charmap.exe
2014-10-25 01:57 . 2014-11-13 17:09        77824        ----a-w-        c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-13 17:09        67584        ----a-w-        c:\windows\SysWow64\packager.dll
2014-10-18 02:05 . 2014-11-13 17:09        861696        ----a-w-        c:\windows\system32\oleaut32.dll
2014-10-18 02:05 . 2014-12-10 17:06        4121600        ----a-w-        c:\windows\system32\mf.dll
2014-10-18 01:33 . 2014-11-13 17:09        571904        ----a-w-        c:\windows\SysWow64\oleaut32.dll
2014-10-18 01:33 . 2014-12-10 17:06        3209728        ----a-w-        c:\windows\SysWow64\mf.dll
2014-10-14 02:16 . 2014-11-13 17:10        155064        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 02:13 . 2014-11-13 17:10        683520        ----a-w-        c:\windows\system32\termsrv.dll
2014-10-14 02:13 . 2014-11-13 17:09        3241984        ----a-w-        c:\windows\system32\msi.dll
2014-10-14 02:12 . 2014-11-13 17:10        1460736        ----a-w-        c:\windows\system32\lsasrv.dll
2014-10-14 02:09 . 2014-11-13 17:10        146432        ----a-w-        c:\windows\system32\msaudite.dll
2014-10-14 02:07 . 2014-11-13 17:10        681984        ----a-w-        c:\windows\system32\adtschema.dll
2014-10-14 01:50 . 2014-11-13 17:10        22016        ----a-w-        c:\windows\SysWow64\secur32.dll
2014-10-14 01:50 . 2014-11-13 17:09        2363904        ----a-w-        c:\windows\SysWow64\msi.dll
2014-10-14 01:49 . 2014-11-13 17:10        96768        ----a-w-        c:\windows\SysWow64\sspicli.dll
2014-10-14 01:47 . 2014-11-13 17:10        146432        ----a-w-        c:\windows\SysWow64\msaudite.dll
2014-10-14 01:46 . 2014-11-13 17:10        681984        ----a-w-        c:\windows\SysWow64\adtschema.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-12-11 30877280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2013-11-02 968272]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-09 5227112]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2014-11-17 448856]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"removeSettingsManagerdatamngr"="RD" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys;c:\windows\SYSNATIVE\Drivers\FPSensor.sys [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S2 WMCoreService;Mobile Broadband Core Service;c:\program files (x86)\Mobile Broadband Drivers\WMCore\mini_WMCore.exe servicemode;c:\program files (x86)\Mobile Broadband Drivers\WMCore\mini_WMCore.exe servicemode [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 e36gbus;F3607gw Mobile Broadband Device driver (Win7);c:\windows\system32\DRIVERS\e36gbus.sys;c:\windows\SYSNATIVE\DRIVERS\e36gbus.sys [x]
S3 e36gmdfl;F3607gw Mobile Broadband Data Modem Filter (Win7);c:\windows\system32\DRIVERS\e36gmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\e36gmdfl.sys [x]
S3 e36gmdm;F3607gw Mobile Broadband Data Modem Driver (Win7);c:\windows\system32\DRIVERS\e36gmdm.sys;c:\windows\SYSNATIVE\DRIVERS\e36gmdm.sys [x]
S3 e36gmgmt;F3607gw Mobile Broadband Device Management Drivers (Win7);c:\windows\system32\DRIVERS\e36gmgmt.sys;c:\windows\SYSNATIVE\DRIVERS\e36gmgmt.sys [x]
S3 e36wscard;F3607gw Mobile Broadband USIM Port;c:\windows\system32\DRIVERS\e36wscard.sys;c:\windows\SYSNATIVE\DRIVERS\e36wscard.sys [x]
S3 ecnssndis;Service for enabling selective suspend to NDIS device;c:\windows\system32\Drivers\wwuss64.sys;c:\windows\SYSNATIVE\Drivers\wwuss64.sys [x]
S3 ecnssndisfltr;SSNDIS filter service;c:\windows\system32\Drivers\wwussf64.sys;c:\windows\SYSNATIVE\Drivers\wwussf64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
S3 WwanUsbServ;Ericsson WWAN Wireless Module Device Driver;c:\windows\system32\DRIVERS\WwanUsbMp64.sys;c:\windows\SYSNATIVE\DRIVERS\WwanUsbMp64.sys [x]
S4 F06DEFF2-5B9C-490D-910F-35D3A9119622;F06DEFF2-5B9C-490D-910F-35D3A9119622;c:\program files (x86)\Settings Manager\smdmf\x64\smdmfmgrc2.cfg;c:\program files (x86)\Settings Manager\smdmf\x64\smdmfmgrc2.cfg [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-13 20:19        1087816        ----a-w-        c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-02 16:54]
.
2015-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-02 09:53]
.
2015-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-02 09:53]
.
2015-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2840979918-3318856535-3558480780-1000Core.job
- c:\users\oem\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-18 19:34]
.
2015-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2840979918-3318856535-3558480780-1000UA.job
- c:\users\oem\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-18 19:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-12-01 18:49        860984        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-02-22 168944]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-02-22 394224]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-02-22 418800]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-04 520760]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-03-12 324608]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
mSearch Bar = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Access\AppData\Roaming\Mozilla\Firefox\Profiles\wuz9ez9r.default\
FF - prefs.js: browser.search.defaulturl - hxxps://startpage.com/do/metasearch.pl
FF - prefs.js: browser.search.selectedEngine - Startpage
FF - prefs.js: browser.startup.homepage - hxxps://startpage.com
FF - prefs.js: keyword.URL - hxxps://startpage.com/do/metasearch.pl
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - (no file)
BHO-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-Sidebar - c:\program files (x86)\Windows Sidebar\Sidebar.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-10 - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\F06DEFF2-5B9C-490D-910F-35D3A9119622]
"ImagePath"="\??\c:\program files (x86)\Settings Manager\smdmf\x64\smdmfmgrc2.cfg"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2840979918-3318856535-3558480780-1000_Classes\CLSID]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-2840979918-3318856535-3558480780-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}]
@Class="REG_SZ"
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_USERS\S-1-5-21-2840979918-3318856535-3558480780-1000_Classes\CLSID\{0F9285DF-3511-4FE6-A587-CD8F61A121CA}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-2840979918-3318856535-3558480780-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}]
@Class="REG_SZ"
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_USERS\S-1-5-21-2840979918-3318856535-3558480780-1000_Classes\CLSID\{699A646B-C61E-4C36-A253-620E4EBD294C}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-2840979918-3318856535-3558480780-1000_Classes\CLSID\{71FDCAEA-B6F2-4B6C-A18C-6C85F0E4662F}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-2840979918-3318856535-3558480780-1000_Classes\CLSID\{7E024D23-24D9-425B-B2E3-1BF397408365}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-2840979918-3318856535-3558480780-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}]
@Class="REG_SZ"
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_USERS\S-1-5-21-2840979918-3318856535-3558480780-1000_Classes\CLSID\{C9E37353-EC76-4A58-B575-BBA8B4BD06D1}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-2840979918-3318856535-3558480780-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}]
@Class="REG_SZ"
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_USERS\S-1-5-21-2840979918-3318856535-3558480780-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-2840979918-3318856535-3558480780-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}]
@Class="REG_SZ"
@DACL=(02 0000)
@="PSFactoryBuffer"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-01-10  13:58:09
ComboFix-quarantined-files.txt  2015-01-10 12:58
.
Vor Suchlauf: 11 Verzeichnis(se), 37.446.094.848 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 37.631.987.712 Bytes frei
.
- - End Of File - - FB7825A4DBFA5E9034B85B123BC97460
--- --- ---
A36C5E4F47E84449FF07ED3517B43A31

schrauber 10.01.2015 17:48
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

SinXx 10.01.2015 19:13
Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Suchlauf Datum: 10.01.2015
Suchlauf-Zeit: 18:03:29
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.10.14
Rootkit Datenbank: v2015.01.07.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Access

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 387629
Verstrichene Zeit: 17 Min, 27 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 27
PUP.Optional.Linkey.A, HKLM\SOFTWARE\CLASSES\APPID\{6A7CD9EC-D8BD-4340-BCD0-77C09A282921}, In Quarantäne, [06c0fdf8543588aef9ac40a831d1a957],
PUP.Optional.Linkey.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{6A7CD9EC-D8BD-4340-BCD0-77C09A282921}, In Quarantäne, [06c0fdf8543588aef9ac40a831d1a957],
PUP.Optional.IEBho.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C32F5BF7-6918-4F78-A97A-53CDF7D07C8C}, In Quarantäne, [6c5a17de028760d627b9e9f7c73b41bf],
PUP.Optional.IEBho.A, HKU\S-1-5-21-2840979918-3318856535-3558480780-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C32F5BF7-6918-4F78-A97A-53CDF7D07C8C}, In Quarantäne, [6c5a17de028760d627b9e9f7c73b41bf],
PUP.Optional.IEBho.A, HKU\S-1-5-21-2840979918-3318856535-3558480780-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C32F5BF7-6918-4F78-A97A-53CDF7D07C8C}, In Quarantäne, [6c5a17de028760d627b9e9f7c73b41bf],
PUP.Optional.IEBho.A, HKU\S-1-5-21-2840979918-3318856535-3558480780-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C32F5BF7-6918-4F78-A97A-53CDF7D07C8C}, In Quarantäne, [6c5a17de028760d627b9e9f7c73b41bf],
PUP.Optional.IEBho.A, HKU\S-1-5-21-2840979918-3318856535-3558480780-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C32F5BF7-6918-4F78-A97A-53CDF7D07C8C}, In Quarantäne, [6c5a17de028760d627b9e9f7c73b41bf],
PUP.Optional.Snapdo.T, HKU\S-1-5-21-2840979918-3318856535-3558480780-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [e7df7d783a4ff0463706f9292cd7b14f],
PUP.Optional.Snapdo.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, In Quarantäne, [e7df7d783a4ff0463706f9292cd7b14f],
PUP.Optional.Linkey.A, HKU\S-1-5-21-2840979918-3318856535-3558480780-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, In Quarantäne, [b80e9b5a10790a2cb8f5ecfc1ae804fc],
PUP.Optional.Linkey.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, In Quarantäne, [b80e9b5a10790a2cb8f5ecfc1ae804fc],
PUP.Optional.Linkey.A, HKLM\SOFTWARE\CLASSES\Linkey.Linkey, In Quarantäne, [b80e9b5a10790a2cb8f5ecfc1ae804fc],
PUP.Optional.Linkey.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Linkey.Linkey, In Quarantäne, [b80e9b5a10790a2cb8f5ecfc1ae804fc],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, In Quarantäne, [cbfbc62ff29777bff00cb16d699a4ab6],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, In Quarantäne, [4a7cf00555342e088974fa246c976a96],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, In Quarantäne, [477f13e29eeb9e9893fe4bd30ef59d63],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent, In Quarantäne, [bb0be21324658aace6185286cd37da26],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, In Quarantäne, [07bfcc29c1c8c5718f6b2a84a2616799],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\SmdmF, In Quarantäne, [dbebd81d2960df57593b0779c142a957],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent, In Quarantäne, [daec797ca7e2da5c16e84b8da85c9c64],
PUP.Optional.FreeHDSportTV.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\FreeHD-Sport TV V9.0, In Quarantäne, [6a5c15e093f696a05362ecbcbd4655ab],
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-2840979918-3318856535-3558480780-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, In Quarantäne, [80462acb098039fd581724a126dead53],
PUP.Optional.SettingsManager.A, HKU\S-1-5-21-2840979918-3318856535-3558480780-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SmdmF, In Quarantäne, [b6109a5be7a2e6503261e69a679c9d63],
PUP.Optional.Softonic.A, HKU\S-1-5-21-2840979918-3318856535-3558480780-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, In Quarantäne, [f4d2f5000782db5b651b3c3134cf18e8],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2840979918-3318856535-3558480780-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [c204fef7d2b7c4725cf01dbb1ee65aa6],
PUP.Optional.Linkury.A, HKU\S-1-5-21-2840979918-3318856535-3558480780-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR, In Quarantäne, [5d69c03593f683b3dcc079075ba86f91],
PUP.Optional.Softonic.A, HKU\S-1-5-21-2840979918-3318856535-3558480780-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, In Quarantäne, [a026aa4bddacb97d4c340f5e71927090],

Registrierungswerte: 5
PUP.Optional.Iminent.A, HKU\S-1-5-21-2840979918-3318856535-3558480780-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, In Quarantäne, [477f13e29eeb9e9893fe4bd30ef59d63],
PUP.Optional.Iminent.A, HKU\S-1-5-21-2840979918-3318856535-3558480780-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, In Quarantäne, [b11511e4cabfef479af7b9652dd639c7],
PUP.Optional.SmartBar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, In Quarantäne, [4a7c0ce980096ccaf98c90edef143fc1]
PUP.Optional.SmartBar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, In Quarantäne, [d8eee60fbbce8bab3c496e0f49ba32ce]
PUP.Optional.Linkury.A, HKU\S-1-5-21-2840979918-3318856535-3558480780-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR|publisher, YahooOC, In Quarantäne, [5d69c03593f683b3dcc079075ba86f91]

Registrierungsdaten: 3
PUP.Optional.HelperBar.A, HKU\S-1-5-21-2840979918-3318856535-3558480780-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=64300709-7a70-5387-bed7-ccdb237a3fa6&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=15/01/2014&type=hp1000, Gut: (Google), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=64300709-7a70-5387-bed7-ccdb237a3fa6&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=15/01/2014&type=hp1000),Ersetzt,[d8eee213a5e4cb6b07a68ef74eb7837d]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-2840979918-3318856535-3558480780-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=64300709-7a70-5387-bed7-ccdb237a3fa6&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=15/01/2014&type=hp1000, Gut: (Google), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=64300709-7a70-5387-bed7-ccdb237a3fa6&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=15/01/2014&type=hp1000),Ersetzt,[f5d12bca2f5aa591f2bc2d581fe6d32d]
PUP.Optional.DefaultSearch.A, HKU\S-1-5-21-2840979918-3318856535-3558480780-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, This message is from the Microsoft Safety & Security Center, Gut: (Google), Schlecht: (This message is from the Microsoft Safety & Security Center,[4a7c995c3455cb6bd91ee3a1e1248c74]

Ordner: 12
PUP.Optional.Iminent.A, C:\Program Files (x86)\IminentToolbar, In Quarantäne, [bc0ac72ea5e40e28584331010102c23e],
PUP.Optional.OpenCandy, C:\Users\oem\AppData\Roaming\OpenCandy, In Quarantäne, [7f4751a4503968ceb9e9d959cf34c040],
PUP.Optional.OpenCandy, C:\Users\oem\AppData\Roaming\OpenCandy\86A1FB3BD60B4CBFAB08193A7C9027E7, In Quarantäne, [7f4751a4503968ceb9e9d959cf34c040],
PUP.Optional.Iminent.A, C:\Users\oem\AppData\Roaming\IminentToolbar, In Quarantäne, [9f2784719aef15214d075dd7de257987],
PUP.Optional.Datamngr.A, C:\Users\Access\AppData\LocalLow\DataMngr, In Quarantäne, [24a2c530a8e177bfa33b6ccc57ac8d73],
PUP.Optional.Datamngr.A, C:\Users\oem\AppData\LocalLow\DataMngr, In Quarantäne, [a62064911f6a62d46f6fdf59a85b3ac6],
PUP.Optional.SettingsManager.A, C:\Users\Access\AppData\Roaming\FirefoxToolbar\Settings Manager, In Quarantäne, [62649f5620691d19c6fb1c370bf8d828],
PUP.Optional.Linkey, C:\Users\Access\AppData\Roaming\Mozilla\Firefox\extensions\extension@linkeyproject.com, In Quarantäne, [b70f7b7ae6a3d462c53d91c7f3109b65],
PUP.Optional.Linkey, C:\Users\Access\AppData\Roaming\Mozilla\Firefox\extensions\extension@linkeyproject.com\content, In Quarantäne, [b70f7b7ae6a3d462c53d91c7f3109b65],
PUP.Optional.Linkey, C:\Users\Access\AppData\Roaming\Mozilla\Firefox\extensions\extension@linkeyproject.com\content\js, In Quarantäne, [b70f7b7ae6a3d462c53d91c7f3109b65],
PUP.Optional.Linkey, C:\Users\Access\AppData\Roaming\Mozilla\Firefox\extensions\extension@linkeyproject.com\skin, In Quarantäne, [b70f7b7ae6a3d462c53d91c7f3109b65],
PUP.Optional.IEBho.A, C:\Users\Access\AppData\LocalLow\IE-BHO, In Quarantäne, [5670f4019ced02348417a6c10df62ad6],

Dateien: 23
PUP.Optional.OpenCandy, C:\Users\oem\Downloads\ac3filter_2_6_0b.exe, In Quarantäne, [7a4c22d37613fd399b4bbd5b0ff30af6],
PUP.Optional.Softonic, C:\Users\oem\Downloads\SoftonicDownloader_for_webcam-and-screen-recorder.exe, In Quarantäne, [c4024aab5831b0864793cbfd4ab77e82],
PUP.Optional.DownloadSponsor, C:\Users\oem\Downloads\Zattoo - CHIP-Downloader.exe, In Quarantäne, [fbcbbb3a8afff93d30e21e27bf4646ba],
PUP.Optional.Iminent.A, C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage, In Quarantäne, [a2248b6a1f6a6acc40c7f3a5c043f010],
PUP.Optional.DefaultSearch.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\default-search.xml, In Quarantäne, [4482698c6e1bc571b855623fce35c43c],
PUP.Optional.Iminent.A, C:\Users\oem\AppData\Roaming\IminentToolbar\sqlite3.dll, In Quarantäne, [9f2784719aef15214d075dd7de257987],
PUP.Optional.Datamngr.A, C:\Users\Access\AppData\LocalLow\DataMngr\{99BB1406-1CFB-488C-90D1-2D978E04F707}64, In Quarantäne, [24a2c530a8e177bfa33b6ccc57ac8d73],
PUP.Optional.Datamngr.A, C:\Users\oem\AppData\LocalLow\DataMngr\{99BB1406-1CFB-488C-90D1-2D978E04F707}64, In Quarantäne, [a62064911f6a62d46f6fdf59a85b3ac6],
PUP.Optional.Linkey, C:\Users\Access\AppData\Roaming\Mozilla\Firefox\extensions\extension@linkeyproject.com\chrome.manifest, In Quarantäne, [b70f7b7ae6a3d462c53d91c7f3109b65],
PUP.Optional.Linkey, C:\Users\Access\AppData\Roaming\Mozilla\Firefox\extensions\extension@linkeyproject.com\install.rdf, In Quarantäne, [b70f7b7ae6a3d462c53d91c7f3109b65],
PUP.Optional.Linkey, C:\Users\Access\AppData\Roaming\Mozilla\Firefox\extensions\extension@linkeyproject.com\content\button.css, In Quarantäne, [b70f7b7ae6a3d462c53d91c7f3109b65],
PUP.Optional.Linkey, C:\Users\Access\AppData\Roaming\Mozilla\Firefox\extensions\extension@linkeyproject.com\content\overlay.xul, In Quarantäne, [b70f7b7ae6a3d462c53d91c7f3109b65],
PUP.Optional.Linkey, C:\Users\Access\AppData\Roaming\Mozilla\Firefox\extensions\extension@linkeyproject.com\content\js\common.js, In Quarantäne, [b70f7b7ae6a3d462c53d91c7f3109b65],
PUP.Optional.Linkey, C:\Users\Access\AppData\Roaming\Mozilla\Firefox\extensions\extension@linkeyproject.com\content\js\LinkeyManager.js, In Quarantäne, [b70f7b7ae6a3d462c53d91c7f3109b65],
PUP.Optional.Linkey, C:\Users\Access\AppData\Roaming\Mozilla\Firefox\extensions\extension@linkeyproject.com\skin\bright_green_19_19.png, In Quarantäne, [b70f7b7ae6a3d462c53d91c7f3109b65],
PUP.Optional.Linkey, C:\Users\Access\AppData\Roaming\Mozilla\Firefox\extensions\extension@linkeyproject.com\skin\default_19_19.png, In Quarantäne, [b70f7b7ae6a3d462c53d91c7f3109b65],
PUP.Optional.Linkey, C:\Users\Access\AppData\Roaming\Mozilla\Firefox\extensions\extension@linkeyproject.com\skin\hard_green_19_19.png, In Quarantäne, [b70f7b7ae6a3d462c53d91c7f3109b65],
PUP.Optional.Linkey, C:\Users\Access\AppData\Roaming\Mozilla\Firefox\extensions\extension@linkeyproject.com\skin\icon.png, In Quarantäne, [b70f7b7ae6a3d462c53d91c7f3109b65],
PUP.Optional.Linkey, C:\Users\Access\AppData\Roaming\Mozilla\Firefox\extensions\extension@linkeyproject.com\skin\icon64.png, In Quarantäne, [b70f7b7ae6a3d462c53d91c7f3109b65],
PUP.Optional.Linkey, C:\Users\Access\AppData\Roaming\Mozilla\Firefox\extensions\extension@linkeyproject.com\skin\orange_19_19.png, In Quarantäne, [b70f7b7ae6a3d462c53d91c7f3109b65],
PUP.Optional.Linkey, C:\Users\Access\AppData\Roaming\Mozilla\Firefox\extensions\extension@linkeyproject.com\skin\red_19_19.png, In Quarantäne, [b70f7b7ae6a3d462c53d91c7f3109b65],
PUP.Optional.Linkey, C:\Users\Access\AppData\Roaming\Mozilla\Firefox\extensions\extension@linkeyproject.com\skin\yellow_19_19.png, In Quarantäne, [b70f7b7ae6a3d462c53d91c7f3109b65],
PUP.Optional.IEBho.A, C:\Users\Access\AppData\LocalLow\IE-BHO\ie.ini, In Quarantäne, [5670f4019ced02348417a6c10df62ad6],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

AdwCleaner Logfile:
Code:
# AdwCleaner v4.107 - Bericht erstellt am 10/01/2015 um 18:46:57
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-03.1 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Access - W7P64
# Gestartet von : C:\Users\oem\Desktop\AdwCleaner_4.107.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\GrabRez
Ordner Gelöscht : C:\Program Files (x86)\Settings Manager
Ordner Gelöscht : C:\Users\Access\AppData\Roaming\FirefoxToolbar
Ordner Gelöscht : C:\Users\oem\AppData\Local\BeamriseUninstall
Datei Gelöscht : \END
Datei Gelöscht : C:\Users\Access\AppData\Roaming\Mozilla\Firefox\Profiles\wuz9ez9r.default\invalidprefs.js

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\iedll.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4613B1C1-FBC0-43C3-A4B9-B1D6CD360BB3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{726E90BE-DC22-4965-B215-E0784DC26F47}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4613B1C1-FBC0-43C3-A4B9-B1D6CD360BB3}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Schlüssel Gelöscht : HKCU\Software\Linkey
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v34.0.5 (x86 de)


-\\ Google Chrome v39.0.2171.95

[C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=64300709-7a70-5387-bed7-ccdb237a3fa6&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate={installDate}&type=hp1000
[C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=64300709-7a70-5387-bed7-ccdb237a3fa6&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate={installDate}&type=hp1000
[C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=64300709-7a70-5387-bed7-ccdb237a3fa6&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate={installDate}&type=hp1000
[C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=64300709-7a70-5387-bed7-ccdb237a3fa6&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate={installDate}&type=hp1000
[C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=64300709-7a70-5387-bed7-ccdb237a3fa6&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate={installDate}&type=hp1000
[C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=64300709-7a70-5387-bed7-ccdb237a3fa6&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate={installDate}&type=hp1000

*************************

AdwCleaner[R0].txt - [5243 octets] - [10/01/2015 18:35:28]
AdwCleaner[S0].txt - [4829 octets] - [10/01/2015 18:46:57]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [4889 octets] ##########
--- --- ---JRT Logfile:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Professional x64
Ran by Access on 10.01.2015 at 18:59:36,28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.01.2015 at 19:03:37,50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- --- ---

schrauber 10.01.2015 20:33

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

SinXx 11.01.2015 00:22
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=773bd2f5ff299a448aca4e3ebc2abf84
# engine=21905
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-10 10:24:12
# local_time=2015-01-10 11:24:12 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 97 40164 33450562 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 20175 172558502 0 0
# scanned=126104
# found=3
# cleaned=0
# scan_time=3892
sh=8D24D0C12AEF351053E97C4CC8FB3491675FF23C ft=1 fh=7363678355a87549 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\oem\Downloads\SharePod - CHIP-Installer.exe"
sh=FF1F354EED3C7C8910D0B63D92570EC8BB400D9A ft=1 fh=7dcb11e9bb35006a vn="Variante von Win32/InstallCore.QW evtl. unerwünschte Anwendung" ac=I fn="C:\Users\oem\Downloads\SharePod_3.99_CB-DL-Manager.exe"
sh=E1733AB68A35BDEC95C454DF5234117EFAB4F256 ft=1 fh=a4ff5ac03bcada12 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\oem\Downloads\Simple Webcam Recorder - CHIP-Installer.exe"

Results of screen317's Security Check version 0.99.93
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 51
Java version 32-bit out of Date!
Adobe Flash Player 16.0.0.235
Adobe Reader XI
Mozilla Firefox (34.0.5)
Google Chrome (39.0.2171.71)
Google Chrome (39.0.2171.95)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast ng vbox\AvastVBoxSVC.exe
AVAST Software Avast ng ngservice.exe
AVAST Software Avast avastui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

Java habe ich upgedated. Hier noch das FRST log:
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by oem (ATTENTION: The logged in user is not administrator) on W7P64 on 11-01-2015 00:20:13
Running from C:\Users\oem\Desktop
Loaded Profiles: oem & Access (Available profiles: oem & Access)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
() C:\Users\oem\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-04] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-22] (Synaptics Incorporated)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-03-12] (Alcor Micro Corp.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [968272 2013-11-02] (Dritek System Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\RunOnce: [removeSettingsManagerdatamngr] => cmd.exe /c RD /S /Q "C:\Program Files (x86)\Settings Manager"
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2840979918-3318856535-3558480780-1000\...\Run: [] => [X]
HKU\S-1-5-21-2840979918-3318856535-3558480780-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2840979918-3318856535-3558480780-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2840979918-3318856535-3558480780-1000\...\Run: [Google Update] => C:\Users\oem\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-02-15] (Google Inc.)
HKU\S-1-5-21-2840979918-3318856535-3558480780-1000\...\Run: [Amazon Music] => C:\Users\oem\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281024 2014-10-15] ()
HKU\S-1-5-21-2840979918-3318856535-3558480780-1000\...\MountPoints2: {b5745470-42f4-11e3-a31e-9f49de13322b} - F:\Password.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = This message is from the Microsoft Safety & Security Center
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = This message is from the Microsoft Safety & Security Center
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2840979918-3318856535-3558480780-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-2840979918-3318856535-3558480780-1000\Software\Microsoft\Internet Explorer\Main,Start Page = This message is from the Microsoft Safety & Security Center
HKU\S-1-5-21-2840979918-3318856535-3558480780-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland
HKU\S-1-5-21-2840979918-3318856535-3558480780-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-2840979918-3318856535-3558480780-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: [S-1-5-21-2840979918-3318856535-3558480780-1005] ATTENTION ==> Default URLSearchHook is missing.
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2840979918-3318856535-3558480780-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2840979918-3318856535-3558480780-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\4xssnhkg.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2840979918-3318856535-3558480780-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\oem\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2840979918-3318856535-3558480780-1000: @talk.google.com/O1DPlugin -> C:\Users\oem\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2840979918-3318856535-3558480780-1000: @tools.google.com/Google Update;version=3 -> C:\Users\oem\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2840979918-3318856535-3558480780-1000: @tools.google.com/Google Update;version=9 -> C:\Users\oem\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\oem\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\oem\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: LastPass - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\4xssnhkg.default\Extensions\support@lastpass.com [2014-03-22]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\4xssnhkg.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-02-16]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\4xssnhkg.default\Extensions\elemhidehelper@adblockplus.org.xpi [2014-02-16]
FF Extension: Google™ Hangouts - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\4xssnhkg.default\Extensions\jid1-uqbSKwXpf2K6yl@jetpack.xpi [2014-11-12]
FF Extension: Google Translator for Firefox - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\4xssnhkg.default\Extensions\translator@zoli.bod.xpi [2014-02-16]
FF Extension: YouTube High Definition - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\4xssnhkg.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-07-10]
FF Extension: Adblock Plus - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\4xssnhkg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-16]
FF Extension: DownThemAll! - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\4xssnhkg.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-11-12]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-19]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=AV01
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=AV01"
CHR DefaultSearchKeyword: Default -> search.yahoo.com
CHR DefaultSearchURL: Default -> hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=64300709-7a70-5387-bed7-ccdb237a3fa6&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate={installDate}&type=hp1000
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-02]
CHR Extension: (Google Drive) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-31]
CHR Extension: (YouTube) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-02]
CHR Extension: (Adblock Plus) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-11-03]
CHR Extension: (Google-Suche) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-02]
CHR Extension: (Avast Online Security) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-12-19]
CHR Extension: (Link per Mail) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngjdhjgbagpeimgpgloofkfoipgpdgdb [2013-11-03]
CHR Extension: (Google Wallet) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-02]
CHR Extension: (Google Mail) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-02]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [76448 2011-01-20] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-01] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-01] (Avast Software)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband Drivers\WMCore\mini_WMCore.exe [462888 2010-03-18] (Ericsson AB)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-01] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-01] ()
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R3 e36gbus; C:\Windows\System32\DRIVERS\e36gbus.sys [328704 2009-06-30] (MCCI Corporation)
R3 e36gmdfl; C:\Windows\System32\DRIVERS\e36gmdfl.sys [19456 2009-06-30] (MCCI Corporation)
R3 e36gmdm; C:\Windows\System32\DRIVERS\e36gmdm.sys [432128 2009-06-30] (MCCI Corporation)
R3 e36gmgmt; C:\Windows\System32\DRIVERS\e36gmgmt.sys [376320 2009-06-30] (MCCI Corporation)
R3 e36wscard; C:\Windows\System32\DRIVERS\e36wscard.sys [60968 2009-10-13] (Ericsson AB)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2010-03-03] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2010-03-03] (Ericsson AB)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-01] (Avast Software)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [269864 2010-03-09] (Ericsson AB)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-11 00:20 - 2015-01-11 00:20 - 00019950 _____ () C:\Users\oem\Desktop\FRST.txt
2015-01-11 00:11 - 2015-01-11 00:12 - 00638888 _____ (Oracle Corporation) C:\Users\oem\Downloads\jxpiinstall.exe
2015-01-10 23:43 - 2015-01-10 23:43 - 00000373 _____ () C:\Users\Access\Desktop\Eset.txt
2015-01-10 21:42 - 2015-01-10 21:42 - 02347384 _____ (ESET) C:\Users\oem\Desktop\esetsmartinstaller_deu.exe
2015-01-10 21:38 - 2015-01-10 21:38 - 00852505 _____ () C:\Users\oem\Desktop\SecurityCheck.exe
2015-01-10 19:03 - 2015-01-10 19:03 - 00000760 _____ () C:\Users\Access\Desktop\JRT.txt
2015-01-10 18:59 - 2015-01-10 18:59 - 00000000 ____D () C:\Windows\ERUNT
2015-01-10 18:51 - 2015-01-10 18:51 - 00000197 _____ () C:\Windows\system32\2015-01-10-17-51-51.048-AvastVBoxSVC.exe-4088.log
2015-01-10 18:46 - 2015-01-10 18:46 - 00000247 _____ () C:\Windows\system32\2015-01-10-17-46-30.020-aswFe.exe-3520.log
2015-01-10 18:41 - 2015-01-10 18:46 - 00000247 _____ () C:\Windows\system32\2015-01-10-17-41-17.042-aswFe.exe-5480.log
2015-01-10 18:41 - 2015-01-10 18:41 - 00000197 _____ () C:\Windows\system32\2015-01-10-17-41-13.079-AvastVBoxSVC.exe-5724.log
2015-01-10 18:35 - 2015-01-10 18:47 - 00000000 ____D () C:\AdwCleaner
2015-01-10 18:32 - 2015-01-10 18:32 - 00014570 _____ () C:\Users\oem\Desktop\mbam.txt
2015-01-10 18:02 - 2015-01-10 18:02 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-10 18:01 - 2015-01-10 18:01 - 00001112 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-10 18:01 - 2015-01-10 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-10 18:01 - 2015-01-10 18:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-10 18:01 - 2015-01-10 18:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-10 18:01 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-10 18:01 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-10 18:01 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-10 18:00 - 2015-01-10 18:00 - 01707939 _____ (Thisisu) C:\Users\oem\Desktop\JRT.exe
2015-01-10 17:58 - 2015-01-10 17:58 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\oem\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-10 17:58 - 2015-01-10 17:58 - 02191360 _____ () C:\Users\oem\Desktop\AdwCleaner_4.107.exe
2015-01-10 16:10 - 2015-01-10 16:10 - 00000197 _____ () C:\Windows\system32\2015-01-10-15-10-01.050-AvastVBoxSVC.exe-2760.log
2015-01-10 14:03 - 2015-01-10 14:03 - 00027882 _____ () C:\Users\Access\Desktop\combo.txt
2015-01-10 13:58 - 2015-01-10 13:58 - 00027882 _____ () C:\ComboFix.txt
2015-01-10 13:48 - 2015-01-10 13:58 - 00000000 ____D () C:\Qoobox
2015-01-10 13:48 - 2015-01-10 13:56 - 00000000 ____D () C:\Windows\erdnt
2015-01-10 13:48 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-10 13:48 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-10 13:48 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-10 13:48 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-10 13:48 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-10 13:48 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-10 13:48 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-10 13:48 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-10 13:38 - 2015-01-10 13:38 - 05609736 ____R (Swearware) C:\Users\oem\Desktop\ComboFix.exe
2015-01-10 13:23 - 2015-01-10 13:23 - 00001274 _____ () C:\Users\Access\Desktop\Revo Uninstaller.lnk
2015-01-10 13:23 - 2015-01-10 13:23 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-10 13:21 - 2015-01-10 13:21 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\oem\Desktop\revosetup95.exe
2015-01-10 13:16 - 2015-01-10 13:40 - 00000000 ____D () C:\Users\Access\AppData\Roaming\Skype
2015-01-10 13:15 - 2015-01-10 13:16 - 00000197 _____ () C:\Windows\system32\2015-01-10-12-15-54.034-AvastVBoxSVC.exe-2588.log
2015-01-09 23:34 - 2015-01-11 00:20 - 00000000 ____D () C:\FRST
2015-01-09 23:30 - 2015-01-09 23:31 - 02124288 _____ (Farbar) C:\Users\oem\Desktop\FRST64.exe
2015-01-09 10:54 - 2015-01-09 10:54 - 00000197 _____ () C:\Windows\system32\2015-01-09-09-54-30.070-AvastVBoxSVC.exe-2840.log
2015-01-08 17:55 - 2015-01-08 17:55 - 00000000 ____D () C:\Sun
2015-01-08 14:13 - 2015-01-08 14:13 - 00000197 _____ () C:\Windows\system32\2015-01-08-13-13-00.014-AvastVBoxSVC.exe-2580.log
2015-01-07 11:06 - 2015-01-07 11:06 - 00000197 _____ () C:\Windows\system32\2015-01-07-10-06-43.084-AvastVBoxSVC.exe-2684.log
2015-01-06 11:18 - 2015-01-06 11:19 - 00000197 _____ () C:\Windows\system32\2015-01-06-10-18-52.039-AvastVBoxSVC.exe-2564.log
2015-01-05 14:46 - 2015-01-05 14:46 - 00000197 _____ () C:\Windows\system32\2015-01-05-13-46-08.003-AvastVBoxSVC.exe-2592.log
2015-01-04 11:50 - 2015-01-04 11:50 - 00000197 _____ () C:\Windows\system32\2015-01-04-10-50-51.007-AvastVBoxSVC.exe-2600.log
2015-01-04 09:30 - 2015-01-04 09:30 - 00000197 _____ () C:\Windows\system32\2015-01-04-08-30-13.002-AvastVBoxSVC.exe-4584.log
2015-01-02 10:39 - 2015-01-02 10:39 - 00000197 _____ () C:\Windows\system32\2015-01-02-09-39-24.070-AvastVBoxSVC.exe-2496.log
2015-01-01 10:45 - 2015-01-01 10:46 - 00000197 _____ () C:\Windows\system32\2015-01-01-09-45-44.011-AvastVBoxSVC.exe-2856.log
2014-12-31 19:52 - 2014-12-31 19:52 - 00000197 _____ () C:\Windows\system32\2014-12-31-18-52-21.029-AvastVBoxSVC.exe-2604.log
2014-12-31 11:18 - 2014-12-31 11:19 - 00000197 _____ () C:\Windows\system32\2014-12-31-10-18-47.075-AvastVBoxSVC.exe-2892.log
2014-12-31 07:41 - 2014-12-31 07:41 - 00000197 _____ () C:\Windows\system32\2014-12-31-06-41-06.077-AvastVBoxSVC.exe-4960.log
2014-12-30 21:57 - 2014-12-30 21:57 - 00000197 _____ () C:\Windows\system32\2014-12-30-20-57-26.051-AvastVBoxSVC.exe-2652.log
2014-12-28 18:48 - 2014-12-28 18:49 - 00000197 _____ () C:\Windows\system32\2014-12-28-17-48-58.074-AvastVBoxSVC.exe-2592.log
2014-12-23 21:15 - 2014-12-23 21:15 - 00000197 _____ () C:\Windows\system32\2014-12-23-20-15-09.021-AvastVBoxSVC.exe-3524.log
2014-12-22 22:27 - 2014-12-22 22:28 - 00000197 _____ () C:\Windows\system32\2014-12-22-21-27-46.089-AvastVBoxSVC.exe-2792.log
2014-12-22 01:07 - 2014-12-22 01:07 - 00000247 _____ () C:\Windows\system32\2014-12-22-00-07-51.047-aswFe.exe-3892.log
2014-12-22 01:02 - 2014-12-22 01:07 - 00000247 _____ () C:\Windows\system32\2014-12-22-00-02-06.025-aswFe.exe-3036.log
2014-12-22 01:02 - 2014-12-22 01:02 - 00000197 _____ () C:\Windows\system32\2014-12-22-00-02-00.085-AvastVBoxSVC.exe-4576.log
2014-12-22 00:49 - 2014-12-22 00:49 - 00000197 _____ () C:\Windows\system32\2014-12-21-23-49-57.067-AvastVBoxSVC.exe-2692.log
2014-12-21 18:56 - 2014-12-21 18:57 - 00000197 _____ () C:\Windows\system32\2014-12-21-17-56-28.011-AvastVBoxSVC.exe-2688.log
2014-12-21 10:33 - 2014-12-21 10:33 - 00000197 _____ () C:\Windows\system32\2014-12-21-09-33-21.093-AvastVBoxSVC.exe-2600.log
2014-12-21 04:46 - 2014-12-21 04:46 - 00000197 _____ () C:\Windows\system32\2014-12-21-03-46-27.052-AvastVBoxSVC.exe-2724.log
2014-12-20 20:57 - 2014-12-20 20:57 - 00000197 _____ () C:\Windows\system32\2014-12-20-19-57-33.042-AvastVBoxSVC.exe-3044.log
2014-12-19 23:09 - 2014-12-19 23:10 - 00000197 _____ () C:\Windows\system32\2014-12-19-22-09-51.067-AvastVBoxSVC.exe-2684.log
2014-12-19 07:59 - 2014-12-19 07:59 - 00000197 _____ () C:\Windows\system32\2014-12-19-06-59-02.022-AvastVBoxSVC.exe-2512.log
2014-12-18 21:06 - 2014-12-18 21:06 - 00000197 _____ () C:\Windows\system32\2014-12-18-20-06-16.044-AvastVBoxSVC.exe-2688.log
2014-12-18 07:56 - 2014-12-18 07:56 - 00000197 _____ () C:\Windows\system32\2014-12-18-06-56-34.002-AvastVBoxSVC.exe-3428.log
2014-12-17 22:39 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 22:39 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-17 22:32 - 2014-12-17 22:33 - 00000197 _____ () C:\Windows\system32\2014-12-17-21-32-38.078-AvastVBoxSVC.exe-2560.log
2014-12-16 22:15 - 2014-12-16 22:16 - 00000197 _____ () C:\Windows\system32\2014-12-16-21-15-51.034-AvastVBoxSVC.exe-2584.log
2014-12-15 20:46 - 2014-12-15 20:47 - 00000197 _____ () C:\Windows\system32\2014-12-15-19-46-32.094-AvastVBoxSVC.exe-2512.log
2014-12-14 08:58 - 2014-12-14 08:58 - 00000197 _____ () C:\Windows\system32\2014-12-14-07-58-13.083-AvastVBoxSVC.exe-2712.log
2014-12-13 23:52 - 2014-12-13 23:52 - 00000197 _____ () C:\Windows\system32\2014-12-13-22-52-25.033-AvastVBoxSVC.exe-2668.log
2014-12-13 21:15 - 2014-12-13 21:15 - 00000197 _____ () C:\Windows\system32\2014-12-13-20-15-27.026-AvastVBoxSVC.exe-2620.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-11 00:19 - 2014-02-06 20:43 - 00000000 ____D () C:\Users\oem\AppData\Local\139E8B46-3AF9-4E30-90B2-54FD4E96A290.aplzod
2015-01-11 00:18 - 2013-11-02 10:53 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-11 00:16 - 2013-11-02 10:32 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-11 00:16 - 2013-11-02 10:32 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-11 00:14 - 2014-01-15 20:04 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-11 00:14 - 2014-01-15 20:04 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-11 00:14 - 2014-01-15 20:04 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-11 00:14 - 2014-01-15 20:04 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-11 00:14 - 2014-01-15 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-11 00:01 - 2013-11-02 10:32 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-10 23:41 - 2014-02-18 15:58 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2840979918-3318856535-3558480780-1000UA.job
2015-01-10 22:00 - 2013-11-01 13:18 - 01959002 _____ () C:\Windows\WindowsUpdate.log
2015-01-10 21:38 - 2011-04-12 08:43 - 00702890 _____ () C:\Windows\system32\perfh007.dat
2015-01-10 21:38 - 2011-04-12 08:43 - 00150498 _____ () C:\Windows\system32\perfc007.dat
2015-01-10 21:38 - 2009-07-14 06:13 - 01628044 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-10 21:35 - 2013-11-03 13:01 - 00129037 _____ () C:\Windows\setupact.log
2015-01-10 19:06 - 2013-11-02 10:53 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-10 18:56 - 2009-07-14 05:45 - 00031680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-10 18:56 - 2009-07-14 05:45 - 00031680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-10 18:48 - 2013-11-05 09:20 - 00144988 _____ () C:\Windows\PFRO.log
2015-01-10 18:48 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-10 18:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\IME
2015-01-10 14:02 - 2013-11-01 14:10 - 01648454 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-10 13:58 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-01-10 13:56 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-09 19:16 - 2014-09-16 19:37 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-01-09 12:41 - 2014-02-18 15:58 - 00001060 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2840979918-3318856535-3558480780-1000Core.job
2015-01-09 02:53 - 2014-02-09 18:20 - 00000000 ____D () C:\Users\oem\AppData\Roaming\Skype
2015-01-08 19:22 - 2014-02-09 18:20 - 00000000 ____D () C:\ProgramData\Skype
2015-01-08 19:21 - 2014-10-04 21:52 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-08 17:54 - 2013-11-02 10:32 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-08 17:54 - 2013-11-02 10:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-03 20:37 - 2013-12-18 00:01 - 00000000 ____D () C:\Users\oem\AppData\Local\CrashDumps
2014-12-31 16:08 - 2014-01-15 18:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-12-31 16:08 - 2014-01-15 18:42 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-12-31 16:08 - 2014-01-15 18:41 - 00000000 ____D () C:\ProgramData\DivX
2014-12-28 19:10 - 2014-04-11 22:37 - 00000000 ____D () C:\Users\Access
2014-12-14 16:47 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-14 08:55 - 2013-11-02 11:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-14 08:55 - 2013-11-02 11:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-14 01:19 - 2013-11-02 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by oem at 2015-01-11 00:20:57
Running from C:\Users\oem\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Acer 3G Connection Manager (HKLM-x32\...\{6B8DAC83-5C2D-4A2A-9732-310CEBC28892}) (Version: 6.1.18.5 - Ericsson)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{BC15023B-48DB-4F71-9C25-CFE1A8BB7202}) (Version: 1.7.17.06011 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.7.17.06011 - Alcor Micro Corp.) Hidden
Amazon Music (HKU\S-1-5-21-2840979918-3318856535-3558480780-1000\...\Amazon Amazon Music) (Version: 3.0.0.564 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Biet-O-Matic v2.14.12 (HKLM-x32\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.56 - Atheros Communications)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.121.0.50 - Conexant)
Dalenryder Password Generator Version 1.8 (HKLM-x32\...\{35D1F853-4D59-4141-8417-B2EC1DA7DFE1}_is1) (Version: 1.8 - Dalenryder Media)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
DolbyFiles (x32 Version: 2.0 - Nero AG) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.11 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Menu Templates - Starter Kit (x32 Version: 9.6.0.0 - Nero AG) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Midnight Club II (HKLM-x32\...\{F3856E7C-AD71-48E1-9A95-6D7E7FCB164A}) (Version: 2.0 - )
Mobile Broadband Drivers (HKLM\...\{2814AB08-F88B-4D7C-83EB-B5DE276C5986}) (Version: 6.1.13.101 - Ericsson AB)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Nero 9 (HKLM-x32\...\{13ff457a-1977-479a-968a-15439a18704f}) (Version:  - Nero AG)
Nero 9 Essentials (HKLM-x32\...\{c8f9848c-24de-4c09-b061-84fcb71d5e41}) (Version:  - Nero AG)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Sharepod 4.0.1.1 (HKLM-x32\...\{085BCFB8-F6FB-4600-AFAB-1F6DBC7F5F99}_is1) (Version:  - Macroplant LLC)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SopCast 3.8.3 (HKLM-x32\...\SopCast) (Version: 3.8.3 - SopCast - Free P2P internet TV | live football, NBA, cricket)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.18.0 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Zattoo4 4.0.5 (HKLM-x32\...\Zattoo4) (Version: 4.0.5 - Zattoo Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2840979918-3318856535-3558480780-1000Core.job => C:\Users\oem\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2840979918-3318856535-3558480780-1000UA.job => C:\Users\oem\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-06-14 16:25 - 2014-10-15 06:35 - 06281024 _____ () C:\Users\oem\AppData\Local\Amazon Music\Amazon Music Helper.exe
2014-01-10 06:26 - 2014-01-10 06:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

========================= Accounts: ==========================

Access (S-1-5-21-2840979918-3318856535-3558480780-1005 - Administrator - Enabled) => C:\Users\Access
Administrator (S-1-5-21-2840979918-3318856535-3558480780-500 - Administrator - Disabled)
Gast (S-1-5-21-2840979918-3318856535-3558480780-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2840979918-3318856535-3558480780-1004 - Limited - Enabled)
oem (S-1-5-21-2840979918-3318856535-3558480780-1000 - Limited - Enabled) => C:\Users\oem

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/10/2015 11:44:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/10/2015 09:42:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/10/2015 09:42:26 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/10/2015 09:42:26 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/10/2015 09:42:18 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/10/2015 09:42:12 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (01/10/2015 09:35:37 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (01/10/2015 09:35:36 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (01/10/2015 07:05:32 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (04/13/2014 09:37:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 35 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz
Percentage of memory in use: 52%
Total physical RAM: 3764.48 MB
Available physical RAM: 1790.38 MB
Total Pagefile: 7527.15 MB
Available Pagefile: 4941.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Cystem) (Fixed) (Total:99.75 GB) (Free:32.95 GB) NTFS
Drive d: (Daten) (Fixed) (Total:198.24 GB) (Free:197.84 GB) NTFS
Drive e: (BAND_OF_BROTHERS_DISC1) (CDROM) (Total:5.38 GB) (Free:0 GB) UDF
Drive f: () (Removable) (Total:7.62 GB) (Free:5.83 GB) FAT32
Drive g: () (Removable) (Total:7.4 GB) (Free:3.55 GB) FAT32

==================== MBR & Partition Table ==================

==================== End Of Log ============================
--- --- ---

schrauber 11.01.2015 08:29
Java updaten, Download Ordner leeren.

FRST bitte nochmal , ist schon wieder ohne Adminrechte gescannt worden :)

SinXx 11.01.2015 11:59
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Access (administrator) on W7P64 on 11-01-2015 11:51:59
Running from C:\
Loaded Profiles: oem & Access (Available profiles: oem & Access)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Ericsson AB) C:\Program Files (x86)\Mobile Broadband Drivers\WMCore\mini_WMCore.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
() C:\Users\oem\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-04] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-22] (Synaptics Incorporated)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-03-12] (Alcor Micro Corp.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [968272 2013-11-02] (Dritek System Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2840979918-3318856535-3558480780-1000\...\Run: [] => [X]
HKU\S-1-5-21-2840979918-3318856535-3558480780-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2840979918-3318856535-3558480780-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2840979918-3318856535-3558480780-1000\...\Run: [Google Update] => C:\Users\oem\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-02-15] (Google Inc.)
HKU\S-1-5-21-2840979918-3318856535-3558480780-1000\...\Run: [Amazon Music] => C:\Users\oem\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281024 2014-10-15] ()
HKU\S-1-5-21-2840979918-3318856535-3558480780-1000\...\MountPoints2: {b5745470-42f4-11e3-a31e-9f49de13322b} - F:\Password.exe
HKU\S-1-5-21-2840979918-3318856535-3558480780-1005\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2840979918-3318856535-3558480780-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = This message is from the Microsoft Safety & Security Center
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = This message is from the Microsoft Safety & Security Center
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2840979918-3318856535-3558480780-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-2840979918-3318856535-3558480780-1000\Software\Microsoft\Internet Explorer\Main,Start Page = This message is from the Microsoft Safety & Security Center
HKU\S-1-5-21-2840979918-3318856535-3558480780-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland
HKU\S-1-5-21-2840979918-3318856535-3558480780-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-2840979918-3318856535-3558480780-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2840979918-3318856535-3558480780-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2840979918-3318856535-3558480780-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Access\AppData\Roaming\Mozilla\Firefox\Profiles\wuz9ez9r.default
FF DefaultSearchEngine: Startpage
FF DefaultSearchUrl: https://startpage.com/do/metasearch.pl
FF SearchEngineOrder.1: Startpage
FF SelectedSearchEngine: Startpage
FF Homepage: https://startpage.com
FF Keyword.URL: https://startpage.com/do/metasearch.pl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2840979918-3318856535-3558480780-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\oem\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2840979918-3318856535-3558480780-1000: @talk.google.com/O1DPlugin -> C:\Users\oem\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2840979918-3318856535-3558480780-1000: @tools.google.com/Google Update;version=3 -> C:\Users\oem\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2840979918-3318856535-3558480780-1000: @tools.google.com/Google Update;version=9 -> C:\Users\oem\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Access\AppData\Roaming\Mozilla\Firefox\Profiles\wuz9ez9r.default\searchplugins\startpage-avast.xml
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-19]

Chrome:
=======
CHR StartupUrls: Default -> "https://de.yahoo.com/?fr=hp-avast&type=avastbcl"
CHR Profile: C:\Users\Access\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Access\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Access\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-15]
CHR Extension: (Avast Online Security) - C:\Users\Access\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-15]
CHR Extension: (Google Wallet) - C:\Users\Access\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-12]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [76448 2011-01-20] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-01] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-01] (Avast Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband Drivers\WMCore\mini_WMCore.exe [462888 2010-03-18] (Ericsson AB)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-01] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-01] ()
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R3 e36gbus; C:\Windows\System32\DRIVERS\e36gbus.sys [328704 2009-06-30] (MCCI Corporation)
R3 e36gmdfl; C:\Windows\System32\DRIVERS\e36gmdfl.sys [19456 2009-06-30] (MCCI Corporation)
R3 e36gmdm; C:\Windows\System32\DRIVERS\e36gmdm.sys [432128 2009-06-30] (MCCI Corporation)
R3 e36gmgmt; C:\Windows\System32\DRIVERS\e36gmgmt.sys [376320 2009-06-30] (MCCI Corporation)
R3 e36wscard; C:\Windows\System32\DRIVERS\e36wscard.sys [60968 2009-10-13] (Ericsson AB)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2010-03-03] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2010-03-03] (Ericsson AB)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-01] (Avast Software)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [269864 2010-03-09] (Ericsson AB)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-11 11:51 - 2015-01-11 11:52 - 00019083 _____ () C:\FRST.txt
2015-01-11 11:43 - 2015-01-11 11:43 - 00000197 _____ () C:\Windows\system32\2015-01-11-10-43-35.090-AvastVBoxSVC.exe-3804.log
2015-01-11 00:20 - 2015-01-11 00:21 - 00034580 _____ () C:\Users\oem\Desktop\FRST.txt
2015-01-11 00:20 - 2015-01-11 00:21 - 00019379 _____ () C:\Users\oem\Desktop\Addition.txt
2015-01-11 00:11 - 2015-01-11 00:12 - 00638888 _____ (Oracle Corporation) C:\Users\oem\Downloads\jxpiinstall.exe
2015-01-10 23:43 - 2015-01-10 23:43 - 00000373 _____ () C:\Users\Access\Desktop\Eset.txt
2015-01-10 21:42 - 2015-01-10 21:42 - 02347384 _____ (ESET) C:\Users\oem\Desktop\esetsmartinstaller_deu.exe
2015-01-10 21:38 - 2015-01-10 21:38 - 00852505 _____ () C:\Users\oem\Desktop\SecurityCheck.exe
2015-01-10 19:03 - 2015-01-10 19:03 - 00000760 _____ () C:\Users\Access\Desktop\JRT.txt
2015-01-10 18:59 - 2015-01-10 18:59 - 00000000 ____D () C:\Windows\ERUNT
2015-01-10 18:51 - 2015-01-10 18:51 - 00000197 _____ () C:\Windows\system32\2015-01-10-17-51-51.048-AvastVBoxSVC.exe-4088.log
2015-01-10 18:46 - 2015-01-10 18:46 - 00000247 _____ () C:\Windows\system32\2015-01-10-17-46-30.020-aswFe.exe-3520.log
2015-01-10 18:41 - 2015-01-10 18:46 - 00000247 _____ () C:\Windows\system32\2015-01-10-17-41-17.042-aswFe.exe-5480.log
2015-01-10 18:41 - 2015-01-10 18:41 - 00000197 _____ () C:\Windows\system32\2015-01-10-17-41-13.079-AvastVBoxSVC.exe-5724.log
2015-01-10 18:35 - 2015-01-10 18:47 - 00000000 ____D () C:\AdwCleaner
2015-01-10 18:32 - 2015-01-10 18:32 - 00014570 _____ () C:\Users\oem\Desktop\mbam.txt
2015-01-10 18:02 - 2015-01-11 11:51 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-10 18:01 - 2015-01-10 18:01 - 00001112 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-10 18:01 - 2015-01-10 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-10 18:01 - 2015-01-10 18:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-10 18:01 - 2015-01-10 18:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-10 18:01 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-10 18:01 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-10 18:01 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-10 18:00 - 2015-01-10 18:00 - 01707939 _____ (Thisisu) C:\Users\oem\Desktop\JRT.exe
2015-01-10 17:58 - 2015-01-10 17:58 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\oem\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-10 17:58 - 2015-01-10 17:58 - 02191360 _____ () C:\Users\oem\Desktop\AdwCleaner_4.107.exe
2015-01-10 16:10 - 2015-01-10 16:10 - 00000197 _____ () C:\Windows\system32\2015-01-10-15-10-01.050-AvastVBoxSVC.exe-2760.log
2015-01-10 14:03 - 2015-01-10 14:03 - 00027882 _____ () C:\Users\Access\Desktop\combo.txt
2015-01-10 13:58 - 2015-01-10 13:58 - 00027882 _____ () C:\ComboFix.txt
2015-01-10 13:48 - 2015-01-10 13:58 - 00000000 ____D () C:\Qoobox
2015-01-10 13:48 - 2015-01-10 13:56 - 00000000 ____D () C:\Windows\erdnt
2015-01-10 13:48 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-10 13:48 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-10 13:48 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-10 13:48 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-10 13:48 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-10 13:48 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-10 13:48 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-10 13:48 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-10 13:38 - 2015-01-10 13:38 - 05609736 ____R (Swearware) C:\Users\oem\Desktop\ComboFix.exe
2015-01-10 13:23 - 2015-01-10 13:23 - 00001274 _____ () C:\Users\Access\Desktop\Revo Uninstaller.lnk
2015-01-10 13:23 - 2015-01-10 13:23 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-10 13:21 - 2015-01-10 13:21 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\oem\Desktop\revosetup95.exe
2015-01-10 13:16 - 2015-01-10 13:40 - 00000000 ____D () C:\Users\Access\AppData\Roaming\Skype
2015-01-10 13:16 - 2015-01-10 13:16 - 00000000 ____D () C:\Users\Access\AppData\Local\Skype
2015-01-10 13:15 - 2015-01-10 13:16 - 00000197 _____ () C:\Windows\system32\2015-01-10-12-15-54.034-AvastVBoxSVC.exe-2588.log
2015-01-09 23:34 - 2015-01-11 11:52 - 00000000 ____D () C:\FRST
2015-01-09 23:30 - 2015-01-09 23:31 - 02124288 _____ (Farbar) C:\FRST64.exe
2015-01-09 10:54 - 2015-01-09 10:54 - 00000197 _____ () C:\Windows\system32\2015-01-09-09-54-30.070-AvastVBoxSVC.exe-2840.log
2015-01-08 17:55 - 2015-01-08 17:55 - 00000000 ____D () C:\Sun
2015-01-08 14:13 - 2015-01-08 14:13 - 00000197 _____ () C:\Windows\system32\2015-01-08-13-13-00.014-AvastVBoxSVC.exe-2580.log
2015-01-07 11:06 - 2015-01-07 11:06 - 00000197 _____ () C:\Windows\system32\2015-01-07-10-06-43.084-AvastVBoxSVC.exe-2684.log
2015-01-06 11:18 - 2015-01-06 11:19 - 00000197 _____ () C:\Windows\system32\2015-01-06-10-18-52.039-AvastVBoxSVC.exe-2564.log
2015-01-05 14:46 - 2015-01-05 14:46 - 00000197 _____ () C:\Windows\system32\2015-01-05-13-46-08.003-AvastVBoxSVC.exe-2592.log
2015-01-04 11:50 - 2015-01-04 11:50 - 00000197 _____ () C:\Windows\system32\2015-01-04-10-50-51.007-AvastVBoxSVC.exe-2600.log
2015-01-04 09:30 - 2015-01-04 09:30 - 00000197 _____ () C:\Windows\system32\2015-01-04-08-30-13.002-AvastVBoxSVC.exe-4584.log
2015-01-02 10:39 - 2015-01-02 10:39 - 00000197 _____ () C:\Windows\system32\2015-01-02-09-39-24.070-AvastVBoxSVC.exe-2496.log
2015-01-01 10:45 - 2015-01-01 10:46 - 00000197 _____ () C:\Windows\system32\2015-01-01-09-45-44.011-AvastVBoxSVC.exe-2856.log
2014-12-31 19:52 - 2014-12-31 19:52 - 00000197 _____ () C:\Windows\system32\2014-12-31-18-52-21.029-AvastVBoxSVC.exe-2604.log
2014-12-31 11:18 - 2014-12-31 11:19 - 00000197 _____ () C:\Windows\system32\2014-12-31-10-18-47.075-AvastVBoxSVC.exe-2892.log
2014-12-31 07:41 - 2014-12-31 07:41 - 00000197 _____ () C:\Windows\system32\2014-12-31-06-41-06.077-AvastVBoxSVC.exe-4960.log
2014-12-30 21:57 - 2014-12-30 21:57 - 00000197 _____ () C:\Windows\system32\2014-12-30-20-57-26.051-AvastVBoxSVC.exe-2652.log
2014-12-28 18:48 - 2014-12-28 18:49 - 00000197 _____ () C:\Windows\system32\2014-12-28-17-48-58.074-AvastVBoxSVC.exe-2592.log
2014-12-23 21:16 - 2014-12-23 21:16 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-23 21:15 - 2014-12-23 21:15 - 00000197 _____ () C:\Windows\system32\2014-12-23-20-15-09.021-AvastVBoxSVC.exe-3524.log
2014-12-22 22:27 - 2014-12-22 22:28 - 00000197 _____ () C:\Windows\system32\2014-12-22-21-27-46.089-AvastVBoxSVC.exe-2792.log
2014-12-22 01:07 - 2014-12-22 01:07 - 00000247 _____ () C:\Windows\system32\2014-12-22-00-07-51.047-aswFe.exe-3892.log
2014-12-22 01:02 - 2014-12-22 01:07 - 00000247 _____ () C:\Windows\system32\2014-12-22-00-02-06.025-aswFe.exe-3036.log
2014-12-22 01:02 - 2014-12-22 01:02 - 00000197 _____ () C:\Windows\system32\2014-12-22-00-02-00.085-AvastVBoxSVC.exe-4576.log
2014-12-22 00:49 - 2014-12-22 00:49 - 00000197 _____ () C:\Windows\system32\2014-12-21-23-49-57.067-AvastVBoxSVC.exe-2692.log
2014-12-21 18:56 - 2014-12-21 18:57 - 00000197 _____ () C:\Windows\system32\2014-12-21-17-56-28.011-AvastVBoxSVC.exe-2688.log
2014-12-21 10:33 - 2014-12-21 10:33 - 00000197 _____ () C:\Windows\system32\2014-12-21-09-33-21.093-AvastVBoxSVC.exe-2600.log
2014-12-21 04:46 - 2014-12-21 04:46 - 00000197 _____ () C:\Windows\system32\2014-12-21-03-46-27.052-AvastVBoxSVC.exe-2724.log
2014-12-20 20:57 - 2014-12-20 20:57 - 00000197 _____ () C:\Windows\system32\2014-12-20-19-57-33.042-AvastVBoxSVC.exe-3044.log
2014-12-19 23:09 - 2014-12-19 23:10 - 00000197 _____ () C:\Windows\system32\2014-12-19-22-09-51.067-AvastVBoxSVC.exe-2684.log
2014-12-19 07:59 - 2014-12-19 07:59 - 00000197 _____ () C:\Windows\system32\2014-12-19-06-59-02.022-AvastVBoxSVC.exe-2512.log
2014-12-18 21:06 - 2014-12-18 21:06 - 00000197 _____ () C:\Windows\system32\2014-12-18-20-06-16.044-AvastVBoxSVC.exe-2688.log
2014-12-18 07:56 - 2014-12-18 07:56 - 00000197 _____ () C:\Windows\system32\2014-12-18-06-56-34.002-AvastVBoxSVC.exe-3428.log
2014-12-17 22:39 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 22:39 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-17 22:32 - 2014-12-17 22:33 - 00000197 _____ () C:\Windows\system32\2014-12-17-21-32-38.078-AvastVBoxSVC.exe-2560.log
2014-12-16 22:15 - 2014-12-16 22:16 - 00000197 _____ () C:\Windows\system32\2014-12-16-21-15-51.034-AvastVBoxSVC.exe-2584.log
2014-12-15 20:46 - 2014-12-15 20:47 - 00000197 _____ () C:\Windows\system32\2014-12-15-19-46-32.094-AvastVBoxSVC.exe-2512.log
2014-12-14 08:58 - 2014-12-14 08:58 - 00000197 _____ () C:\Windows\system32\2014-12-14-07-58-13.083-AvastVBoxSVC.exe-2712.log
2014-12-13 23:52 - 2014-12-13 23:52 - 00000197 _____ () C:\Windows\system32\2014-12-13-22-52-25.033-AvastVBoxSVC.exe-2668.log
2014-12-13 21:15 - 2014-12-13 21:15 - 00000197 _____ () C:\Windows\system32\2014-12-13-20-15-27.026-AvastVBoxSVC.exe-2620.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-11 11:51 - 2013-11-02 10:53 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-11 11:50 - 2009-07-14 05:45 - 00031680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-11 11:50 - 2009-07-14 05:45 - 00031680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-11 11:48 - 2014-02-06 20:43 - 00000000 ____D () C:\Users\oem\AppData\Local\139E8B46-3AF9-4E30-90B2-54FD4E96A290.aplzod
2015-01-11 11:47 - 2013-11-01 13:18 - 01980950 _____ () C:\Windows\WindowsUpdate.log
2015-01-11 11:43 - 2013-12-19 20:35 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-11 11:42 - 2013-11-03 13:01 - 00129093 _____ () C:\Windows\setupact.log
2015-01-11 11:42 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-11 11:41 - 2013-11-05 09:20 - 00146550 _____ () C:\Windows\PFRO.log
2015-01-11 02:18 - 2013-11-02 10:53 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-11 02:01 - 2013-11-02 10:32 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-11 01:41 - 2014-02-18 15:58 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2840979918-3318856535-3558480780-1000UA.job
2015-01-11 00:16 - 2013-11-02 10:32 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-11 00:16 - 2013-11-02 10:32 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-11 00:14 - 2014-01-15 20:04 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-11 00:14 - 2014-01-15 20:04 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-11 00:14 - 2014-01-15 20:04 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-11 00:14 - 2014-01-15 20:04 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-11 00:14 - 2014-01-15 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-10 21:38 - 2011-04-12 08:43 - 00702890 _____ () C:\Windows\system32\perfh007.dat
2015-01-10 21:38 - 2011-04-12 08:43 - 00150498 _____ () C:\Windows\system32\perfc007.dat
2015-01-10 21:38 - 2009-07-14 06:13 - 01628044 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-10 18:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\IME
2015-01-10 14:02 - 2013-11-01 14:10 - 01648454 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-10 13:58 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-01-10 13:56 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-09 19:16 - 2014-09-16 19:37 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-01-09 12:41 - 2014-02-18 15:58 - 00001060 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2840979918-3318856535-3558480780-1000Core.job
2015-01-09 02:53 - 2014-02-09 18:20 - 00000000 ____D () C:\Users\oem\AppData\Roaming\Skype
2015-01-08 19:22 - 2014-02-09 18:20 - 00000000 ____D () C:\ProgramData\Skype
2015-01-08 19:21 - 2014-10-04 21:52 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-08 17:54 - 2013-11-02 10:32 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-08 17:54 - 2013-11-02 10:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-08 17:54 - 2013-11-02 10:32 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-03 20:37 - 2013-12-18 00:01 - 00000000 ____D () C:\Users\oem\AppData\Local\CrashDumps
2014-12-31 16:08 - 2014-01-15 18:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-12-31 16:08 - 2014-01-15 18:42 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-12-31 16:08 - 2014-01-15 18:41 - 00000000 ____D () C:\ProgramData\DivX
2014-12-28 19:10 - 2014-04-11 22:37 - 00000000 ____D () C:\Users\Access
2014-12-16 22:23 - 2014-10-27 19:56 - 00000000 ____D () C:\Users\Access\AppData\Local\Adobe
2014-12-14 16:47 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-14 08:55 - 2013-11-02 11:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-14 08:55 - 2013-11-02 11:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-14 01:19 - 2013-11-02 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 12:48

==================== End Of Log ============================
--- --- ---

--- --- ---


-----------------------------
So nu aber mit Adminrechten

grüße sinXx

schrauber 11.01.2015 13:59
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
FF DefaultSearchEngine: Startpage
FF DefaultSearchUrl: https://startpage.com/do/metasearch.pl
FF SearchEngineOrder.1: Startpage
FF SelectedSearchEngine: Startpage
FF Homepage: https://startpage.com
FF Keyword.URL: https://startpage.com/do/metasearch.pl

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

SinXx 11.01.2015 14:24
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by oem at 2015-01-11 14:23:02 Run:1
Running from C:\Users\oem\Desktop
Loaded Profile: oem (Available profiles: oem & Access)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
FF DefaultSearchEngine: Startpage
FF DefaultSearchUrl: https://startpage.com/do/metasearch.pl
FF SearchEngineOrder.1: Startpage
FF SelectedSearchEngine: Startpage
FF Homepage: https://startpage.com
FF Keyword.URL: https://startpage.com/do/metasearch.pl

*****************

Firefox DefaultSearchEngine deleted successfully.
Firefox DefaultSearchUrl deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
Firefox Keyword.URL deleted successfully.

==== End of Fixlog 14:23:02 ====

schrauber 11.01.2015 15:38
fertig :)

SinXx 11.01.2015 16:46
Merci monsieur. Dann sind wir jetzt durch. Sehr aufmerksam von dir. Mach´s jut!


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:21 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131