Trojaner-Board - Ist der Virus nun gelöscht? Drigend.

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Ist der Virus nun gelöscht? Drigend. (https://www.trojaner-board.de/163434-virus-geloescht-drigend.html)

Ist der Virus nun gelöscht? Drigend.

Guten Tag,

ich bin neu hier im Forum habe mir die Regeln durchgelesen und hoffe das ich sie auf richtig anwende. Eins vorweg: Ich habe versucht die Funde aus Malewarebytes zu kopieren, bin auf Verlauf und dann auf Anwendungsprotokolle gegangen. Dort konnte ich den letzten Suchlauf-Protokoll leider nur löschen. Ein Klick auf Ansicht ist nicht möglich. Wenn mir jemand verrät wie ich das löse, hole ich das gerne nach!!!

Zu meinem Problem:
Ich habe einen Gamer-Pc und habe seit dem ersten Gebrauch das Avast drauf! Es hat nie eine infizierte Datei gefunden. Bis letzten Donnerstag war ich für einen Monat in China, mein Pc war also die ganze Zeit aus und lief nicht. Als ich ihn am Donnerstag dann anmachte kam von Avasr die Meldung 'Rootkit gefunden' (bin leider ein ganz normaler User, wusste zum verrecken nicht was das bedeutet). Habe auf bereinigen geklickt und die Meldung verschwand ersteinmal. Habe an diesem Abend ca. 5 Stunden gezockt und den PC dann ausgeschaltet. Am nächsten Morgen habe ich den Avast dann eine vollständige Prüfung machen lassen und die infizierte Datei (hxxp://www.bilder-upload.eu/show.php?file=02a4ec-1422739090.jpg) nochmals löschen lassen. Sie kam komischerweise immer wieder, egal was ich gemacht habe.
So gestern war ich auf Geschäftsreise, der PC war also wieder aus! Heute Nachmittag habe ich ihn erneut angemacht und die Meldung kam wieder. Ich hätte das bestimmt wieder ignoriert, nur ging dann zusätzlich der Browser (Mozilla und Explorer) nicht mehr, bzw. nur Google lies sich öffnen und alle andere Websiten die ich entweder über Google oder eben so öffnen wollte nicht! Ich habe in einem Frageportal (hxxp://www.gutefrage.net/frage/avast-erkennt-virus) meine Frage gestellt. Dort hat mir ein User namens 'Ninamann1' geantwortet. Der hat mir Schritte geschildert die ich dann nacheinander alle befolgt habe.
Im einzelnen: Da das löschen über Avast ja nicht ging, habe ich dann Malwarebytes installiert und suchen lassen. Der hat wahrhaftig 209 non-malware Objekte gefunden bzw. infizierte. Die habe ich alle löschen lassen. Danach habe ich nochmal AdwCleaner durchlaufen lassen. Der hat auch noch etwas gefunden (ich weiß dummerweise nicht mehr was, kann man das irgendwie noch mal anzeigen lassen?), was ich auch gelöscht habe.
Dann wollte ich nochnmal den Bitdefender Quickscan machen, dass ging allerdings nicht: Firefox sagte, dass es ein Verbindungsproblem mit Bitdefender gäbe.
Also habe ich alles was ich schonmal durchgelaufen lassen habe nochmal laufen lassen: Avast hat den Virus nicht mehr angezeigt (da war ich schonmal beruhigt) und die anderen zwei haben auch keinen mehr bemerkt.
Das Zurücksetzen auf einen alten Zeitpunkt wurde mir ebenfalls empfohlen. Dies ist aber nicht möglich, da der letzte Zeitpunkt auf den zurückgesetzt werden kann gestern war!

Ich habe nun mehrere Fragen an euch:
1. Kann ich sicher sein, dass der Virus nun ganz von meinem PC weg ist?
2. Am Donnerstag habe ich Online-Banking benutzt. Kann es sein, dass die Hacker nun auch in mein Bankkonto rein kommen? Wie kann ich das verhindern?
3. Seit dem Fall 'löst' mein PC sich andauernd vom W-Lan Netzwerk. Ich muss immer wieder die SSDD auswählen, das Passwort eingeben dann ist er zwar wieder verbunden, kurze Zeit später dann aber wieder getrennt...

Ich hoffe auf hilfreiche Antworten, habe nämlich die nächsten Monate kaum Zeit den PC zu irgendeiner Werkstatt zu bringen. Ich bin morgen noch in GER, ab Montag früh aber nicht mehr. Bitte antwortet trotzdem, ich lese mir das aufijedenfall morgen oder eben Dienstag morgen (fliege nach Asien), kann es dann halt nur nicht anwenden.
Vielen lieben DANK!!!!!

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lieben Dank für deine schnelle Antwort. Ich habe die beiden Sachen aber habe folgende Fragen:

1. Wenn ich das nun schicke, ist es ja öffentlich hier. Können sich die Infos nicht manche Hacker zu Nutzen machen und kopieren oder so? Natürlich will ich das du mir hilfst aber das macht mir jetzt ein ungutes Gefühl...

2. Wenn ich im Antwortfeld auf das # klicke steht da in etwa sowas: [code][code]. Ich kopiere also den Text vom Texteditor der beiden Sachen und füge ihn dann zwischen diesen beiden Klammer ein, richtig?

Hier die Texte:
FRST:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-01-2015 01

Ran by user (administrator) on PC on 31-01-2015 22:49:30

Running from C:\Users\user\Downloads

Loaded Profiles: user (Available profiles: user)

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

() C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe

(Spotify Ltd) C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

() C:\Program Files (x86)\TP-LINK\TP-LINK-Konfigurationstool\TWCU.exe

(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(Spotify Ltd) C:\Users\user\AppData\Roaming\Spotify\spotify.exe

() C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

() C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

() C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

() C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

() C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

() C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe

() C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe

(Microsoft Corporation) C:\Windows\System32\osk.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)

HKLM-x32\...\RunOnce: [EasyTuneVI] => C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe [40960 2012-07-09] ()

HKU\S-1-5-21-1724054557-1254175061-29667419-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1942720 2015-01-23] (Valve Corporation)

HKU\S-1-5-21-1724054557-1254175061-29667419-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)

HKU\S-1-5-21-1724054557-1254175061-29667419-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)

HKU\S-1-5-21-1724054557-1254175061-29667419-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)

HKU\S-1-5-21-1724054557-1254175061-29667419-1000\...\Run: [Spotify Web Helper] => C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-14] (Spotify Ltd)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK-Konfigurationstool.lnk

ShortcutTarget: TP-LINK-Konfigurationstool.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK-Konfigurationstool\TWCU.exe ()

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 

HKU\S-1-5-21-1724054557-1254175061-29667419-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}

HKU\S-1-5-21-1724054557-1254175061-29667419-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006

HKU\S-1-5-21-1724054557-1254175061-29667419-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006

SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}

SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-1724054557-1254175061-29667419-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}

SearchScopes: HKU\S-1-5-21-1724054557-1254175061-29667419-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v14zhxne.default

FF DefaultSearchEngine: Google (avast)

FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006

FF SearchEngineOrder.1: Google (avast)

FF SelectedSearchEngine: Google (avast)

FF Homepage: https://www.google.com/?trackid=sp-006

FF Keyword.URL: https://www.google.com/search/?trackid=sp-006

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()

FF Plugin: @java.com/DTPlugin,version=10.76.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.76.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> c:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.76.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.76.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v14zhxne.default\searchplugins\google-avast.xml

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-13]

FF HKLM-x32\...\Firefox\Extensions: [detgdp@gmail.com] - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v14zhxne.default\extensions\detgdp@gmail.com
 

Chrome: 

=======

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-08]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-08] (AVAST Software)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)

S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)

R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

S2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [X]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-08] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-08] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-08] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-08] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-08] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-08] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-08] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-08] ()

R3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2015-01-31] ()

S3 h643352; C:\Windows\System32\drivers\h643352.sys [67432 2012-07-11] (Your Corporation)

S3 hid3352; C:\Windows\SysWOW64\drivers\hid3352.sys [45672 2012-07-11] (Your Corporation)

R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2015-01-03] (Elex do Brasil Participações Ltda)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-31] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)

R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2012-10-25] (Realtek Semiconductor Corporation                           )

R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [231112 2013-01-03] (VIA Technologies, Inc.)

R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [301256 2013-01-03] (VIA Technologies, Inc.)

S1 iSafeKrnl; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [X]

S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]

S1 iSafeKrnlKit; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [X]

S1 iSafeKrnlR3; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-31 22:49 - 2015-01-31 22:49 - 00017842 _____ () C:\Users\user\Downloads\FRST.txt

2015-01-31 22:49 - 2015-01-31 22:49 - 00000000 ____D () C:\FRST

2015-01-31 22:48 - 2015-01-31 22:48 - 02130944 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe

2015-01-31 20:17 - 2015-01-31 20:18 - 00000000 ____D () C:\AdwCleaner

2015-01-31 20:16 - 2015-01-31 20:16 - 02194432 _____ () C:\Users\user\Downloads\adwcleaner_4.109.exe

2015-01-31 20:13 - 2015-01-31 20:13 - 02194432 _____ () C:\Users\user\Downloads\AdwCleaner09.exe

2015-01-31 19:59 - 2015-01-31 21:30 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-01-31 19:58 - 2015-01-31 19:58 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-01-31 19:58 - 2015-01-31 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-01-31 19:58 - 2015-01-31 19:58 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-01-31 19:58 - 2015-01-31 19:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-01-31 19:58 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-01-31 19:58 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-01-31 19:58 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-01-31 19:57 - 2015-01-31 19:58 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.0.4.1028.exe

2015-01-31 19:40 - 2015-01-31 19:40 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieBrowserModeList

2015-01-30 13:06 - 2015-01-30 13:06 - 00320424 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2015-01-30 13:06 - 2015-01-30 13:06 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2015-01-30 13:06 - 2015-01-30 13:06 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2015-01-30 13:06 - 2015-01-30 13:06 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2015-01-27 23:06 - 2015-01-27 23:06 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2015-01-27 23:06 - 2015-01-27 23:06 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2015-01-27 23:06 - 2015-01-27 23:06 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2015-01-27 23:06 - 2015-01-27 23:06 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2015-01-27 23:06 - 2015-01-27 23:06 - 00000000 ____D () C:\Program Files (x86)\Java

2015-01-26 23:10 - 2015-01-26 23:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-01-22 15:21 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

2015-01-18 23:11 - 2015-01-18 23:11 - 00017951 _____ () C:\Users\user\Documents\Literatur_Chancen_ungleich_verteilt_Antonius_Heinrichs.odt

2015-01-17 14:16 - 2015-01-18 23:23 - 00307805 _____ () C:\Users\user\Documents\Literatur_Vortrag Schüler im Schulsystem.odp

2015-01-17 13:47 - 2015-01-31 20:18 - 00000000 ____D () C:\Windows\system32\log

2015-01-17 13:47 - 2015-01-17 13:47 - 00000000 ____D () C:\Program Files (x86)\Elex-tech

2015-01-17 13:47 - 2015-01-03 09:57 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys

2015-01-16 22:36 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll

2015-01-16 22:36 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2015-01-16 22:36 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-01-16 22:36 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-01-16 22:36 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-01-16 22:36 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-01-16 22:36 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-01-16 22:36 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-01-16 22:36 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-01-16 22:36 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

2015-01-16 22:36 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll

2015-01-16 22:36 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

2015-01-05 14:12 - 2015-01-05 14:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

2015-01-04 19:38 - 2015-01-04 19:38 - 00000000 ____D () C:\Users\user\AppData\Local\GVSE

2015-01-03 13:30 - 2015-01-03 13:30 - 00000000 ____D () C:\Users\user\AppData\Roaming\TaiG

2015-01-03 12:41 - 2015-01-03 12:41 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task

2015-01-03 12:41 - 2015-01-03 12:41 - 00001964 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk

2015-01-03 12:41 - 2014-12-08 15:57 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-31 22:46 - 2014-06-29 22:46 - 00000000 ____D () C:\Users\user\AppData\Roaming\Spotify

2015-01-31 22:30 - 2014-11-11 19:48 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-01-31 22:29 - 2014-06-24 16:55 - 01734480 _____ () C:\Windows\WindowsUpdate.log

2015-01-31 21:31 - 2009-07-14 05:45 - 00035088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-31 21:31 - 2009-07-14 05:45 - 00035088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-31 21:30 - 2014-11-11 14:55 - 00000000 ___RD () C:\Users\user\iCloudDrive

2015-01-31 21:30 - 2014-06-26 17:50 - 00000000 ____D () C:\Program Files (x86)\Steam

2015-01-31 21:30 - 2014-06-25 08:15 - 00699416 _____ () C:\Windows\system32\perfh007.dat

2015-01-31 21:30 - 2014-06-25 08:15 - 00149556 _____ () C:\Windows\system32\perfc007.dat

2015-01-31 21:30 - 2014-06-24 17:41 - 00030528 _____ () C:\Windows\GVTDrv64.sys

2015-01-31 21:30 - 2014-06-24 17:41 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys

2015-01-31 21:30 - 2014-06-24 17:41 - 00000004 _____ () C:\Windows\SysWOW64\GVTunner.ref

2015-01-31 21:30 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-01-31 21:24 - 2009-07-14 05:51 - 00071295 _____ () C:\Windows\setupact.log

2015-01-31 21:23 - 2014-06-24 19:10 - 00000000 ____D () C:\ProgramData\NVIDIA

2015-01-31 21:23 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-31 20:51 - 2014-06-24 17:26 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2015-01-31 20:20 - 2010-11-21 04:47 - 00102500 _____ () C:\Windows\PFRO.log

2015-01-31 20:18 - 2014-06-24 16:55 - 00000993 _____ () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2015-01-31 18:29 - 2014-09-13 13:00 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2015-01-27 12:58 - 2014-06-25 09:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-01-26 22:53 - 2014-06-29 22:46 - 00000000 ____D () C:\Users\user\AppData\Local\Spotify

2015-01-25 12:30 - 2014-11-11 19:48 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-01-25 12:30 - 2014-11-11 19:47 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-01-25 12:30 - 2014-11-11 19:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-01-17 00:10 - 2014-06-24 19:11 - 00000000 ____D () C:\Windows\system32\MRT

2015-01-17 00:08 - 2014-06-24 19:11 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-01-03 13:39 - 2014-11-06 10:37 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe

2015-01-03 12:41 - 2014-12-08 15:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
 

Some content of TEMP:

====================

C:\Users\user\AppData\Local\Temp\Quarantine.exe

C:\Users\user\AppData\Local\Temp\sqlite3.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-01-03 12:38
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition:

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-01-2015 01

Ran by user at 2015-01-31 22:49:55

Running from C:\Users\user\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.30 - GIGABYTE)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

Aerosoft's - Aerosoft Launcher (HKLM-x32\...\{EE11CFFC-898C-4875-8A63-8B732A9AD43B}) (Version: 1.2.0.0 - Aerosoft)

Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

AutoGreen B12.1220.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)

AutoGreen B12.1220.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden

Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Bus-Simulator 2012 (HKLM-x32\...\Bus-Simulator 2012_is1) (Version:  - astragon)

CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4852 - CDBurnerXP)

Citybus Simulator Munich (HKLM-x32\...\{7ABA5F78-0EFE-4144-A918-1ACBC7552EC0}) (Version: 1.24 - aerosoft)

DRIFT O.Z. (HKLM-x32\...\{A3F4E5E5-A302-48E9-948B-2773FEAB2869}) (Version: V4.40a - SPEEDLINK)

Driver: Parallel Lines (HKLM-x32\...\{31CB0D80-1866-462A-9455-88614410971F}) (Version: 1.00.0000 - Ubisoft)

Easy Tune 6 B13.0323.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)

Easy Tune 6 B13.0323.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden

Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)

IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)

iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)

Java 7 Update 76 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417076FF}) (Version: 7.0.760 - Oracle)

Java 7 Update 76 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217076FF}) (Version: 7.0.760 - Oracle)

Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{6F29F195-B11C-3EAD-B883-997BB29DFA17}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

ModifyRegistry version 0.1 (HKLM-x32\...\{1D5BE6B5-7FD4-4A78-90F2-AF6B53BC8C1C}_is1) (Version: 0.1 - VIA Technologies, Inc.)

Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)

NVIDIA 3D Vision Controller-Treiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.75 - NVIDIA Corporation)

NVIDIA 3D Vision Treiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.75 - NVIDIA Corporation)

NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA Corporation)

NVIDIA Grafiktreiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)

NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)

NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)

OMSI 2 (HKLM-x32\...\Steam App 252530) (Version:  - MR-Software GbR)

ON_OFF Charge B12.1025.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)

Open Office 2014 Packages (HKU\S-1-5-21-1724054557-1254175061-29667419-1000\...\Open Office 2014 Packages) (Version:  - ) <==== ATTENTION

OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)

Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden

ProTrain Perfect 2 (HKLM-x32\...\AuranTS2009_ptp2_is1) (Version:  - Auran)

QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)

SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) Hidden

Snowcat Simulator (HKLM-x32\...\Snowcat Simulator) (Version:  - )

Sonderfahrzeug-Simulator 2012 Version 1.0 (HKLM-x32\...\{ED704A92-B0BB-4969-AE50-727B0A856DEB}_is1) (Version: 1.0 - Astragon)

Spotify (HKU\S-1-5-21-1724054557-1254175061-29667419-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)

Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

TP-LINK 300Mbps Wireless USB Adapter Treiber (HKLM-x32\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.3.1 - TP-LINK)

TP-LINK-Konfigurationstool (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)

VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)

YAC(Yet Another Cleaner!) (HKLM-x32\...\iSafe) (Version:  - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ATTENTION
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 

==================== Restore Points  =========================
 

17-01-2015 00:08:17 Windows Update

22-01-2015 15:28:51 Windows Update

22-01-2015 16:55:53 Windows Update

26-01-2015 22:57:52 Windows Update

30-01-2015 13:02:53 Windows Update

31-01-2015 20:49:13 Windows Update

31-01-2015 20:55:09 Windows Update
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {09CE36F4-04F8-4BE5-A1C3-E7D655E4FCAB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

Task: {23C38154-62A0-4E24-AD31-AD36A24A83AD} - System32\Tasks\{9F0B054D-DEA7-4984-955F-6776C618864B} => pcalua.exe -a C:\Users\user\Downloads\vcredist_IA64.exe -d C:\Users\user\Downloads

Task: {4787D925-086B-42D7-9D96-DCA6814EDB81} - System32\Tasks\{F72B03BE-E15F-4E48-8862-2DA80B40A92B} => pcalua.exe -a C:\Users\user\Downloads\vcredist_x64(3).exe -d C:\Users\user\Downloads

Task: {540651C1-9547-48CC-8B67-C397D95837E8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {57283184-23F0-40A1-BDDA-3E1B8BEBB3CC} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)

Task: {82292530-0793-4FFB-B0AF-6049A910E243} - System32\Tasks\{87C886E8-BBF0-4479-911D-42EB1C849DD5} => pcalua.exe -a C:\Users\user\AppData\Roaming\sweet-page\UninstallManager.exe -c  -ptid=cor

Task: {99D99F10-F0C6-4EE7-A925-7EC2D6CC8165} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)

Task: {AA868807-D31A-436E-89C8-62B61BCA8F40} - System32\Tasks\{24635F8E-8EBE-4760-B876-C7734CD5783B} => pcalua.exe -a C:\Users\user\Downloads\vcredist_IA64(2).exe -d C:\Users\user\Downloads

Task: {B6757BB1-BE0B-4D74-87CE-2ABA38BDBD2E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-08] (AVAST Software)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 

==================== Loaded Modules (whitelisted) =============
 

2014-06-24 19:10 - 2014-11-12 22:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2012-01-13 13:04 - 2012-01-13 13:04 - 00219760 _____ () C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe

2014-06-26 17:37 - 2012-10-25 15:19 - 00846848 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK-Konfigurationstool\TWCU.exe

2014-06-24 17:27 - 2012-08-09 11:55 - 00078480 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll

2014-06-24 17:27 - 2012-08-09 11:55 - 00386192 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll

2014-06-29 22:46 - 2014-12-14 13:16 - 00374840 _____ () C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

2015-01-31 20:16 - 2015-01-31 20:16 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15013101\algo.dll

2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2013-03-23 09:19 - 2013-03-23 09:19 - 02883651 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Normal.dll

2013-01-25 16:43 - 2013-01-25 16:43 - 00651331 _____ () C:\Program Files (x86)\GIGABYTE\ET6\work.dll

2013-02-01 12:26 - 2013-02-01 12:26 - 01331266 _____ () C:\Program Files (x86)\GIGABYTE\ET6\SF.dll

2008-05-07 14:22 - 2008-05-07 14:22 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\CIAMIB.dll

2012-05-08 14:01 - 2012-05-08 14:01 - 00069632 _____ () C:\Program Files (x86)\GIGABYTE\ET6\GPTT.dll

2012-11-27 14:03 - 2012-11-27 14:03 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\ycc.dll

2010-06-24 14:50 - 2010-06-24 14:50 - 00094208 _____ () C:\Program Files (x86)\GIGABYTE\ET6\IccLibDll.dll

2011-03-01 18:00 - 2011-03-01 18:00 - 00126976 _____ () C:\Program Files (x86)\GIGABYTE\ET6\StabilityLib.dll

2011-10-18 08:26 - 2011-10-18 08:26 - 00024576 _____ () C:\Program Files (x86)\GIGABYTE\ET6\STT.dll

2013-02-01 12:23 - 2013-02-01 12:23 - 01499204 _____ () C:\Program Files (x86)\GIGABYTE\ET6\OCK.dll

2013-03-05 17:45 - 2013-03-05 17:45 - 01335362 _____ () C:\Program Files (x86)\GIGABYTE\ET6\HM.dll

2013-03-23 09:59 - 2013-03-23 09:59 - 01433674 _____ () C:\Program Files (x86)\GIGABYTE\ET6\GVTunner.dll

2003-02-14 13:11 - 2003-02-14 13:11 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Sound.dll

2012-12-25 14:14 - 2012-12-25 14:14 - 01318988 _____ () C:\Program Files (x86)\GIGABYTE\ET6\AMD8.dll

2012-09-24 00:49 - 2012-09-24 00:49 - 03854336 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Platform.dll

2012-09-24 00:49 - 2012-09-24 00:49 - 00573440 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Device.dll

2013-01-09 16:26 - 2013-01-09 16:26 - 00307200 _____ () C:\Program Files (x86)\GIGABYTE\ET6\MFCCPU.DLL

2014-08-29 16:33 - 2014-12-01 22:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll

2014-08-29 16:33 - 2014-12-01 22:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll

2014-08-29 16:33 - 2014-12-01 22:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll

2014-08-29 16:33 - 2014-12-01 22:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll

2014-05-16 16:36 - 2014-11-11 19:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll

2015-01-22 15:21 - 2014-12-02 01:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll

2015-01-22 15:21 - 2014-12-02 01:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll

2015-01-22 15:21 - 2014-12-02 01:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll

2014-05-29 08:37 - 2015-01-23 23:34 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll

2014-08-29 16:33 - 2014-12-01 22:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll

2014-05-29 08:36 - 2015-01-23 23:33 - 00696512 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL

2014-06-26 17:37 - 2012-10-25 15:19 - 01401344 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK-Konfigurationstool\nicLan.dll

2014-06-26 17:37 - 2012-12-04 15:22 - 00193024 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK-Konfigurationstool\DC_WFF.dll

2014-06-26 17:37 - 2012-10-25 15:19 - 00293376 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK-Konfigurationstool\WJRtl.dll

2014-12-08 15:57 - 2014-12-08 15:57 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2014-05-01 14:35 - 2015-01-16 00:42 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

2014-06-29 22:46 - 2014-12-14 13:16 - 36966968 _____ () C:\Users\user\AppData\Roaming\Spotify\Data\libcef.dll

2014-07-01 14:01 - 2014-12-14 13:16 - 00867896 _____ () C:\Users\user\AppData\Roaming\Spotify\Data\ffmpegsumo.dll

2014-06-29 22:46 - 2014-12-14 13:16 - 00886840 _____ () C:\Users\user\AppData\Roaming\Spotify\Data\libglesv2.dll

2014-06-29 22:46 - 2014-12-14 13:16 - 00108600 _____ () C:\Users\user\AppData\Roaming\Spotify\Data\libegl.dll

2015-01-26 23:10 - 2015-01-26 23:10 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

2015-01-25 12:30 - 2015-01-25 12:30 - 16844976 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (whitelisted) =============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

(Currently there is no automatic fix for this section.)
 

MSCONFIG\startupreg: Spotify => "C:\Users\user\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart

MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
 

========================= Accounts: ==========================
 

Administrator (S-1-5-21-1724054557-1254175061-29667419-500 - Administrator - Disabled)

Gast (S-1-5-21-1724054557-1254175061-29667419-501 - Limited - Disabled)

user (S-1-5-21-1724054557-1254175061-29667419-1000 - Administrator - Enabled) => C:\Users\user
 

==================== Faulty Device Manager Devices =============
 

Name: Teredo Tunneling Pseudo-Interface

Description: Microsoft-Teredo-Tunneling-Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 

Name: YAC Kit Driver

Description: YAC Kit Driver

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer: 

Service: iSafeKrnlKit

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 

Name: YAC Ring3 Driver

Description: YAC Ring3 Driver

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer: 

Service: iSafeKrnlR3

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (01/31/2015 09:30:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   12 A.7.A.3.C.B.7.6.6.3.4.6.1.8.8.2.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR PC-2.local.
 

Error: (01/31/2015 09:30:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Received from 192.168.178.51:5353   10 A.7.A.3.C.B.7.6.6.3.4.6.1.8.8.2.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR PC.local.
 

Error: (01/31/2015 09:30:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   12 51.178.168.192.in-addr.arpa. PTR PC-2.local.
 

Error: (01/31/2015 09:30:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Received from 192.168.178.51:5353   10 51.178.168.192.in-addr.arpa. PTR PC.local.
 

Error: (01/31/2015 09:30:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Local Hostname PC.local already in use; will try PC-2.local instead
 

Error: (01/31/2015 09:30:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: ProbeCount 0; will deregister   16 PC.local. AAAA FE80:0000:0000:0000:2881:6436:67BC:3A7A
 

Error: (01/31/2015 09:30:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Received from 192.168.178.51:5353   16 PC.local. AAAA 2A02:0908:EB32:CD80:2881:6436:67BC:3A7A
 

Error: (01/31/2015 09:30:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing:    4 PC.local. Addr 192.168.178.51
 

Error: (01/31/2015 09:30:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: ResolveSimultaneousProbe: 0000000000E167B0 Our Record 1 won:  836C3FCE   16 PC.local. AAAA FE80:0000:0000:0000:2881:6436:67BC:3A7A
 

Error: (01/31/2015 09:30:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: ResolveSimultaneousProbe: 0000000000E167B0 Pkt Record:        433CFDCF   16 PC.local. AAAA 2A02:0908:EB32:CD80:C955:08FB:291B:6E1C
 
 

System errors:

=============

Error: (01/31/2015 09:24:03 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 

iSafeKrnl

iSafeKrnlKit

iSafeKrnlR3
 

Error: (01/31/2015 09:23:58 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)

Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
 

Modulpfad: C:\Windows\system32\Rtlihvs.dll

Fehlercode: 126
 

Error: (01/31/2015 09:23:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "YAC Service" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Error: (01/31/2015 08:20:11 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 

iSafeKrnl

iSafeKrnlKit

iSafeKrnlR3
 

Error: (01/31/2015 08:20:07 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)

Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
 

Modulpfad: C:\Windows\system32\Rtlihvs.dll

Fehlercode: 126
 

Error: (01/31/2015 08:20:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "YAC Service" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Error: (01/31/2015 08:18:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 

Error: (01/31/2015 08:18:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 

Error: (01/31/2015 08:18:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
 

Error: (01/31/2015 08:18:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 
 

Microsoft Office Sessions:

=========================

Error: (01/31/2015 09:30:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   12 A.7.A.3.C.B.7.6.6.3.4.6.1.8.8.2.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR PC-2.local.
 

Error: (01/31/2015 09:30:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Received from 192.168.178.51:5353   10 A.7.A.3.C.B.7.6.6.3.4.6.1.8.8.2.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR PC.local.
 

Error: (01/31/2015 09:30:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   12 51.178.168.192.in-addr.arpa. PTR PC-2.local.
 

Error: (01/31/2015 09:30:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Received from 192.168.178.51:5353   10 51.178.168.192.in-addr.arpa. PTR PC.local.
 

Error: (01/31/2015 09:30:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Local Hostname PC.local already in use; will try PC-2.local instead
 

Error: (01/31/2015 09:30:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: ProbeCount 0; will deregister   16 PC.local. AAAA FE80:0000:0000:0000:2881:6436:67BC:3A7A
 

Error: (01/31/2015 09:30:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Received from 192.168.178.51:5353   16 PC.local. AAAA 2A02:0908:EB32:CD80:2881:6436:67BC:3A7A
 

Error: (01/31/2015 09:30:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing:    4 PC.local. Addr 192.168.178.51
 

Error: (01/31/2015 09:30:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: ResolveSimultaneousProbe: 0000000000E167B0 Our Record 1 won:  836C3FCE   16 PC.local. AAAA FE80:0000:0000:0000:2881:6436:67BC:3A7A
 

Error: (01/31/2015 09:30:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: ResolveSimultaneousProbe: 0000000000E167B0 Pkt Record:        433CFDCF   16 PC.local. AAAA 2A02:0908:EB32:CD80:C955:08FB:291B:6E1C
 
 

==================== Memory info =========================== 
 

Processor: AMD FX(tm)-8350 Eight-Core Processor 

Percentage of memory in use: 37%

Total physical RAM: 8173.55 MB

Available physical RAM: 5097.43 MB

Total Pagefile: 16345.29 MB

Available Pagefile: 12720.6 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:223.47 GB) (Free:119.57 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: DFE81423)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=223.5 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

DANKE!

Lade Dir bitte von hier

Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den Programmen:

Open Office 2014 Packages

YAC
Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Hi!
Also erst einmal habe ich die Datein die du nanntest mit Revo Uninstaller gelöscht.

Dann habe ich das ComboFix laufen lassen und er hat auch nach deaktivieren von Avast und Malwarebytes (von anderen wüsste ich nicht die aktiv sind) immmer noch gemeckert:
ComboFix hat festgestellt das folgende Real-Time-Scanner aktiv sind:
antivirus: Microsoft Security Essentials
antispyware: Microsoft Security Essentials

Antivirus und Eindringling Schutzprogramme sind dafür bekannt.......

Hier die Log-Datei von ComboFix:

Code:

ComboFix 15-01-29.01 - user 01.02.2015  12:18:41.1.8 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8174.5966 [GMT 1:00]

ausgeführt von:: c:\users\user\Downloads\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2015-01-01 bis 2015-02-01  ))))))))))))))))))))))))))))))

.

.

2015-02-01 11:23 . 2015-02-01 11:23        --------        d-----w-        c:\users\Default\AppData\Local\temp

2015-02-01 11:06 . 2015-02-01 11:06        --------        d-----w-        c:\program files (x86)\VS Revo Group

2015-01-31 21:49 . 2015-01-31 21:50        --------        d-----w-        C:\FRST

2015-01-31 19:17 . 2015-01-31 19:18        --------        d-----w-        C:\AdwCleaner

2015-01-31 18:59 . 2015-02-01 11:07        129752        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys

2015-01-31 18:58 . 2015-01-31 18:58        --------        d-----w-        c:\program files (x86)\Malwarebytes Anti-Malware

2015-01-31 18:58 . 2015-01-31 18:58        --------        d-----w-        c:\programdata\Malwarebytes

2015-01-31 18:58 . 2014-11-21 05:14        63704        ----a-w-        c:\windows\system32\drivers\mwac.sys

2015-01-31 18:58 . 2014-11-21 05:14        93400        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys

2015-01-31 18:58 . 2014-11-21 05:14        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys

2015-01-31 18:40 . 2015-01-31 18:40        --------        d-sh--w-        c:\users\user\AppData\Local\EmieBrowserModeList

2015-01-31 17:39 . 2014-12-02 10:26        11870360        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DF24F2A6-1242-46F9-BD41-8A0794E34BFA}\mpengine.dll

2015-01-30 12:06 . 2015-01-30 12:06        320424        ----a-w-        c:\windows\system32\javaws.exe

2015-01-30 12:06 . 2015-01-30 12:06        111016        ----a-w-        c:\windows\system32\WindowsAccessBridge-64.dll

2015-01-30 12:06 . 2015-01-30 12:06        189352        ----a-w-        c:\windows\system32\javaw.exe

2015-01-30 12:06 . 2015-01-30 12:06        189352        ----a-w-        c:\windows\system32\java.exe

2015-01-30 12:03 . 2014-12-02 10:26        11870360        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2015-01-27 22:06 . 2015-01-27 22:06        --------        d-----w-        c:\program files (x86)\Common Files\Java

2015-01-27 22:06 . 2015-01-27 22:06        98216        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll

2015-01-27 22:06 . 2015-01-27 22:06        --------        d-----w-        c:\program files (x86)\Java

2015-01-22 14:29 . 2014-09-18 16:09        1188440        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7510CF72-78FB-4578-8E3A-9515091402C1}\gapaengine.dll

2015-01-22 14:21 . 2014-12-11 17:47        87040        ----a-w-        c:\windows\system32\TSWbPrxy.exe

2015-01-17 12:47 . 2015-01-31 19:18        --------        d-----w-        c:\windows\system32\log

2015-01-17 12:47 . 2015-01-03 08:57        52392        ----a-w-        c:\windows\system32\drivers\iSafeNetFilter.sys

2015-01-17 12:47 . 2015-02-01 11:09        --------        d-----w-        c:\program files (x86)\Elex-tech

2015-01-16 21:36 . 2014-12-19 03:06        210432        ----a-w-        c:\windows\system32\profsvc.dll

2015-01-16 21:36 . 2014-12-06 04:17        303616        ----a-w-        c:\windows\system32\nlasvc.dll

2015-01-16 21:36 . 2014-12-06 03:50        52224        ----a-w-        c:\windows\SysWow64\nlaapi.dll

2015-01-16 21:36 . 2014-12-06 03:50        156672        ----a-w-        c:\windows\SysWow64\ncsi.dll

2015-01-16 21:36 . 2014-12-19 01:46        141312        ----a-w-        c:\windows\system32\drivers\mrxdav.sys

2015-01-16 21:36 . 2014-12-12 05:35        5553592        ----a-w-        c:\windows\system32\ntoskrnl.exe

2015-01-16 21:36 . 2014-12-12 05:11        3971512        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe

2015-01-16 21:36 . 2014-12-12 05:31        503808        ----a-w-        c:\windows\system32\srcore.dll

2015-01-16 21:36 . 2014-12-12 05:31        50176        ----a-w-        c:\windows\system32\srclient.dll

2015-01-16 21:36 . 2014-12-12 05:31        296960        ----a-w-        c:\windows\system32\rstrui.exe

2015-01-16 21:36 . 2014-12-12 05:11        3916728        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe

2015-01-16 21:36 . 2014-12-12 05:07        43008        ----a-w-        c:\windows\SysWow64\srclient.dll

2015-01-04 18:38 . 2015-01-04 18:38        --------        d-----w-        c:\users\user\AppData\Local\GVSE

2015-01-03 12:30 . 2015-01-03 12:30        --------        d-----w-        c:\users\user\AppData\Roaming\TaiG

2015-01-03 11:41 . 2014-12-08 14:57        364512        ----a-w-        c:\windows\system32\aswBoot.exe

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2015-02-01 11:03 . 2014-06-24 16:41        30528        ----a-w-        c:\windows\GVTDrv64.sys

2015-02-01 11:03 . 2014-06-24 16:41        25640        ----a-w-        c:\windows\gdrv.sys

2015-01-25 11:30 . 2014-11-11 18:47        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2015-01-25 11:30 . 2014-11-11 18:47        701616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2015-01-16 23:08 . 2014-06-24 18:11        113365784        ----a-w-        c:\windows\system32\MRT.exe

2014-12-31 11:14 . 2010-11-21 03:27        298120        ------w-        c:\windows\system32\MpSigStub.exe

2014-12-13 05:09 . 2014-12-19 18:46        144384        ----a-w-        c:\windows\system32\ieUnatt.exe

2014-12-13 03:33 . 2014-12-19 18:46        115712        ----a-w-        c:\windows\SysWow64\ieUnatt.exe

2014-12-08 14:58 . 2014-09-13 12:00        1050432        ----a-w-        c:\windows\system32\drivers\aswsnx.sys

2014-12-08 14:57 . 2014-09-13 12:00        436624        ----a-w-        c:\windows\system32\drivers\aswsp.sys

2014-12-08 14:57 . 2014-09-13 12:00        267632        ----a-w-        c:\windows\system32\drivers\aswVmm.sys

2014-12-08 14:57 . 2014-09-13 12:00        116728        ----a-w-        c:\windows\system32\drivers\aswStm.sys

2014-12-08 14:57 . 2014-12-08 14:57        43152        ----a-w-        c:\windows\avastSS.scr

2014-12-08 14:57 . 2014-09-13 12:00        93568        ----a-w-        c:\windows\system32\drivers\aswRdr2.sys

2014-12-08 14:57 . 2014-09-13 12:00        83280        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys

2014-12-08 14:57 . 2014-09-13 12:00        65776        ----a-w-        c:\windows\system32\drivers\aswRvrt.sys

2014-12-08 14:57 . 2014-09-13 12:00        29208        ----a-w-        c:\windows\system32\drivers\aswHwid.sys

2014-12-04 02:50 . 2014-12-10 09:36        413184        ----a-w-        c:\windows\system32\generaltel.dll

2014-12-04 02:50 . 2014-12-10 09:36        741376        ----a-w-        c:\windows\system32\invagent.dll

2014-12-04 02:50 . 2014-12-10 09:36        396800        ----a-w-        c:\windows\system32\devinv.dll

2014-12-04 02:50 . 2014-12-10 09:36        830976        ----a-w-        c:\windows\system32\appraiser.dll

2014-12-04 02:50 . 2014-12-10 09:36        192000        ----a-w-        c:\windows\system32\aepic.dll

2014-12-04 02:50 . 2014-12-10 09:36        227328        ----a-w-        c:\windows\system32\aepdu.dll

2014-12-04 02:44 . 2014-12-10 09:36        1083392        ----a-w-        c:\windows\system32\aeinv.dll

2014-12-01 23:28 . 2014-12-10 09:36        1232040        ----a-w-        c:\windows\system32\aitstatic.exe

2014-11-27 01:43 . 2014-12-10 09:36        389296        ----a-w-        c:\windows\system32\iedkcs32.dll

2014-11-22 03:13 . 2014-12-10 09:36        25059840        ----a-w-        c:\windows\system32\mshtml.dll

2014-11-22 03:06 . 2014-12-10 09:36        2724864        ----a-w-        c:\windows\system32\mshtml.tlb

2014-11-22 03:06 . 2014-12-10 09:36        4096        ----a-w-        c:\windows\system32\ieetwcollectorres.dll

2014-11-22 02:50 . 2014-12-10 09:36        66560        ----a-w-        c:\windows\system32\iesetup.dll

2014-11-22 02:50 . 2014-12-10 09:36        580096        ----a-w-        c:\windows\system32\vbscript.dll

2014-11-22 02:49 . 2014-12-10 09:36        48640        ----a-w-        c:\windows\system32\ieetwproxystub.dll

2014-11-22 02:49 . 2014-12-10 09:36        2885120        ----a-w-        c:\windows\system32\iertutil.dll

2014-11-22 02:48 . 2014-12-10 09:36        88064        ----a-w-        c:\windows\system32\MshtmlDac.dll

2014-11-22 02:41 . 2014-12-10 09:36        54784        ----a-w-        c:\windows\system32\jsproxy.dll

2014-11-22 02:40 . 2014-12-10 09:36        34304        ----a-w-        c:\windows\system32\iernonce.dll

2014-11-22 02:37 . 2014-12-10 09:36        633856        ----a-w-        c:\windows\system32\ieui.dll

2014-11-22 02:35 . 2014-12-10 09:36        114688        ----a-w-        c:\windows\system32\ieetwcollector.exe

2014-11-22 02:34 . 2014-12-10 09:36        814080        ----a-w-        c:\windows\system32\jscript9diag.dll

2014-11-22 02:34 . 2014-12-10 09:36        6039552        ----a-w-        c:\windows\system32\jscript9.dll

2014-11-22 02:26 . 2014-12-10 09:36        968704        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe

2014-11-22 02:22 . 2014-12-10 09:36        490496        ----a-w-        c:\windows\system32\dxtmsft.dll

2014-11-22 02:20 . 2014-12-10 09:36        2724864        ----a-w-        c:\windows\SysWow64\mshtml.tlb

2014-11-22 02:14 . 2014-12-10 09:36        77824        ----a-w-        c:\windows\system32\JavaScriptCollectionAgent.dll

2014-11-22 02:09 . 2014-12-10 09:36        199680        ----a-w-        c:\windows\system32\msrating.dll

2014-11-22 02:08 . 2014-12-10 09:36        92160        ----a-w-        c:\windows\system32\mshtmled.dll

2014-11-22 02:07 . 2014-12-10 09:36        501248        ----a-w-        c:\windows\SysWow64\vbscript.dll

2014-11-22 02:07 . 2014-12-10 09:36        62464        ----a-w-        c:\windows\SysWow64\iesetup.dll

2014-11-22 02:06 . 2014-12-10 09:36        47616        ----a-w-        c:\windows\SysWow64\ieetwproxystub.dll

2014-11-22 02:05 . 2014-12-10 09:36        64000        ----a-w-        c:\windows\SysWow64\MshtmlDac.dll

2014-11-22 02:05 . 2014-12-10 09:36        316928        ----a-w-        c:\windows\system32\dxtrans.dll

2014-11-22 01:54 . 2014-12-10 09:36        620032        ----a-w-        c:\windows\SysWow64\jscript9diag.dll

2014-11-22 01:49 . 2014-12-10 09:36        718848        ----a-w-        c:\windows\system32\ie4uinit.exe

2014-11-22 01:49 . 2014-12-10 09:36        800768        ----a-w-        c:\windows\system32\msfeeds.dll

2014-11-22 01:47 . 2014-12-10 09:36        1359360        ----a-w-        c:\windows\system32\mshtmlmedia.dll

2014-11-22 01:46 . 2014-12-10 09:36        2125312        ----a-w-        c:\windows\system32\inetcpl.cpl

2014-11-22 01:43 . 2014-12-10 09:36        14412800        ----a-w-        c:\windows\system32\ieframe.dll

2014-11-22 01:40 . 2014-12-10 09:36        60416        ----a-w-        c:\windows\SysWow64\JavaScriptCollectionAgent.dll

2014-11-22 01:29 . 2014-12-10 09:36        4299264        ----a-w-        c:\windows\SysWow64\jscript9.dll

2014-11-22 01:28 . 2014-12-10 09:36        2358272        ----a-w-        c:\windows\system32\wininet.dll

2014-11-22 01:22 . 2014-12-10 09:36        2052096        ----a-w-        c:\windows\SysWow64\inetcpl.cpl

2014-11-22 01:21 . 2014-12-10 09:36        1155072        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll

2014-11-22 01:15 . 2014-12-10 09:36        1548288        ----a-w-        c:\windows\system32\urlmon.dll

2014-11-22 01:03 . 2014-12-10 09:36        800768        ----a-w-        c:\windows\system32\ieapfltr.dll

2014-11-22 01:00 . 2014-12-10 09:36        1888256        ----a-w-        c:\windows\SysWow64\wininet.dll

2014-11-17 22:18 . 2014-11-22 20:28        31520        ----a-w-        c:\windows\system32\nvhdap64.dll

2014-11-17 22:18 . 2014-11-22 20:28        197408        ----a-w-        c:\windows\system32\drivers\nvhda64v.sys

2014-11-17 22:18 . 2014-03-20 21:02        1538880        ----a-w-        c:\windows\system32\nvhdagenco6420103.dll

2014-11-13 00:20 . 2014-11-22 20:28        964928        ----a-w-        c:\windows\system32\NvIFR64.dll

2014-11-13 00:20 . 2014-11-22 20:28        935240        ----a-w-        c:\windows\system32\NvFBC64.dll

2014-11-13 00:20 . 2014-11-22 20:28        923792        ----a-w-        c:\windows\SysWow64\NvIFR.dll

2014-11-13 00:20 . 2014-11-22 20:28        900928        ----a-w-        c:\windows\SysWow64\NvFBC.dll

2014-11-13 00:20 . 2014-11-22 20:28        871648        ----a-w-        c:\windows\SysWow64\nvumdshim.dll

2014-11-13 00:20 . 2014-11-22 20:28        500880        ----a-w-        c:\windows\system32\nvEncodeAPI64.dll

2014-11-13 00:20 . 2014-11-22 20:28        4292416        ----a-w-        c:\windows\system32\nvcuvid.dll

2014-11-13 00:20 . 2014-11-22 20:28        418112        ----a-w-        c:\windows\SysWow64\nvEncodeAPI.dll

2014-11-13 00:20 . 2014-11-22 20:28        4011208        ----a-w-        c:\windows\SysWow64\nvcuvid.dll

2014-11-13 00:20 . 2014-11-22 20:28        393024        ----a-w-        c:\windows\system32\NvIFROpenGL.dll

2014-11-13 00:20 . 2014-11-22 20:28        352016        ----a-w-        c:\windows\system32\nvoglshim64.dll

2014-11-13 00:20 . 2014-11-22 20:28        348304        ----a-w-        c:\windows\SysWow64\NvIFROpenGL.dll

2014-11-13 00:20 . 2014-11-22 20:28        31893136        ----a-w-        c:\windows\system32\nvoglv64.dll

2014-11-13 00:20 . 2014-11-22 20:28        303600        ----a-w-        c:\windows\SysWow64\nvoglshim32.dll

2014-11-13 00:20 . 2014-11-22 20:28        24557712        ----a-w-        c:\windows\SysWow64\nvoglv32.dll

2014-11-13 00:20 . 2014-11-22 20:28        19966344        ----a-w-        c:\windows\system32\nvd3dumx.dll

2014-11-13 00:20 . 2014-11-22 20:28        1876296        ----a-w-        c:\windows\system32\nvdispco6434475.dll

2014-11-13 00:20 . 2014-11-22 20:28        18514616        ----a-w-        c:\windows\SysWow64\nvwgf2um.dll

2014-11-13 00:20 . 2014-11-22 20:28        174856        ----a-w-        c:\windows\system32\nvinitx.dll

2014-11-13 00:20 . 2014-11-22 20:28        156840        ----a-w-        c:\windows\SysWow64\nvinit.dll

2014-11-13 00:20 . 2014-11-22 20:28        1540424        ----a-w-        c:\windows\system32\nvdispgenco6434475.dll

2014-11-13 00:20 . 2014-11-22 20:28        14032984        ----a-w-        c:\windows\system32\nvopencl.dll

2014-11-13 00:20 . 2014-11-22 20:28        13944952        ----a-w-        c:\windows\system32\nvcuda.dll

2014-11-13 00:20 . 2014-11-22 20:28        13213512        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys

2014-11-13 00:20 . 2014-11-22 20:28        11397744        ----a-w-        c:\windows\SysWow64\nvopencl.dll

2014-11-13 00:20 . 2014-11-22 20:28        11336432        ----a-w-        c:\windows\SysWow64\nvcuda.dll

2014-11-13 00:20 . 2014-11-22 20:28        20922512        ----a-w-        c:\windows\system32\nvcompiler.dll

2014-11-13 00:20 . 2014-11-22 20:28        17259664        ----a-w-        c:\windows\SysWow64\nvcompiler.dll

2014-11-13 00:20 . 2014-06-25 08:03        20986592        ----a-w-        c:\windows\system32\nvwgf2umx.dll

2014-11-13 00:20 . 2014-06-25 08:03        16884632        ----a-w-        c:\windows\SysWow64\nvd3dum.dll

2014-11-13 00:20 . 2014-06-24 18:10        74056        ----a-w-        c:\windows\system32\OpenCL.dll

2014-11-13 00:20 . 2014-06-24 18:10        59592        ----a-w-        c:\windows\SysWow64\OpenCL.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2015-01-23 1942720]

"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-10-17 43816]

"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2014-11-21 43816]

"iCloudDrive"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe" [2014-10-20 43816]

"Spotify Web Helper"="c:\users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-12-14 1676344]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-08-09 5263504]

"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-26 5227112]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETCall.exe" [2012-07-09 40960]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

TP-LINK-Konfigurationstool.lnk - c:\program files (x86)\TP-LINK\TP-LINK-Konfigurationstool\TWCU.exe -nogui [2014-6-26 846848]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"SoftwareSASGeneration"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R1 iSafeKrnl;YAC Mini-Filter Driver;c:\program files (x86)\Elex-tech\YAC\iSafeKrnl.sys;c:\program files (x86)\Elex-tech\YAC\iSafeKrnl.sys [x]

R1 iSafeKrnlKit;YAC Kit Driver;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [x]

R1 iSafeKrnlR3;YAC Ring3 Driver;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [x]

R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]

R2 iSafeService;YAC Service;c:\program files (x86)\Elex-tech\YAC\iSafeSvc.exe;c:\program files (x86)\Elex-tech\YAC\iSafeSvc.exe [x]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]

R3 h643352;DragonRise HID3331 AMD64 Driver;c:\windows\system32\drivers\h643352.sys;c:\windows\SYSNATIVE\drivers\h643352.sys [x]

R3 hid3352;DragonRise HID3331 x86 Driver;c:\windows\system32\drivers\hid3352.sys;c:\windows\SYSNATIVE\drivers\hid3352.sys [x]

R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 iSafeKrnlBoot;YAC Boot Driver;c:\windows\system32\DRIVERS\iSafeKrnlBoot.sys;c:\windows\SYSNATIVE\DRIVERS\iSafeKrnlBoot.sys [x]

R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

S0 aswRvrt;avast! Revert; [x]

S0 aswVmm;avast! VM Monitor; [x]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]

S1 iSafeNetFilter;YAC NDIS Driver;c:\windows\system32\DRIVERS\iSafeNetFilter.sys;c:\windows\SYSNATIVE\DRIVERS\iSafeNetFilter.sys [x]

S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]

S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]

S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]

S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]

S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 RTL8192cu;300Mbps Wireless USB Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192cu.sys [x]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]

S3 VUSB3HUB;VIA USB 3 Root Hub Service;c:\windows\system32\DRIVERS\ViaHub3.sys;c:\windows\SYSNATIVE\DRIVERS\ViaHub3.sys [x]

S3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\DRIVERS\xhcdrv.sys;c:\windows\SYSNATIVE\DRIVERS\xhcdrv.sys [x]

S4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - MBAMSWISSARMY

.

Inhalt des "geplante Tasks" Ordners

.

2015-01-31 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-11 11:30]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2014-12-08 14:57        860984        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-11-06 2464072]

"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-11-06 2800296]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = https://www.google.com/?trackid=sp-006

mStart Page = https://www.google.com/?trackid=sp-006

mLocal Page = c:\windows\SysWOW64\blank.htm

mSearch Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}

mSearch Bar = https://www.google.com/?trackid=sp-006

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v14zhxne.default\

FF - prefs.js: browser.search.defaulturl - hxxps://www.google.com/search/?trackid=sp-006

FF - prefs.js: browser.search.selectedEngine - Google (avast)

FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/?trackid=sp-006

FF - prefs.js: keyword.URL - hxxps://www.google.com/search/?trackid=sp-006

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2015-02-01  12:25:18

ComboFix-quarantined-files.txt  2015-02-01 11:25

.

Vor Suchlauf: 17 Verzeichnis(se), 128.748.269.568 Bytes frei

Nach Suchlauf: 20 Verzeichnis(se), 128.919.105.536 Bytes frei

.

- - End Of File - - ED6789E7352A2DA3C19CE6D5F8457EB3

A36C5E4F47E84449FF07ED3517B43A31

Hoffe alles ist in Ordnung!!! Danke!!!

Ach ja: Ich wurde nicht aufgefordert den PC neuzustarten.

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Zunächt eine Frage: Wenn ich die AdwCleaner[S1] unter Datenträger C:// abspeichern will, meldet der das ich diese berechtigung nicht habe da ich kein Administrator bin. Dabei bin ich als dieser angemeldet. Kann man das ignorieren?

mbam:

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 01.02.2015

Suchlauf-Zeit: 18:10:30

Logdatei: mbam.txt

Administrator: Ja
 

Version: 2.00.4.1028

Malware Datenbank: v2015.02.01.05

Rootkit Datenbank: v2015.01.14.01

Lizenz: Testversion

Malware Schutz: Aktiviert

Bösartiger Webseiten Schutz: Aktiviert

Selbstschutz: Deaktiviert
 

Betriebssystem: Windows 7 Service Pack 1

CPU: x64

Dateisystem: NTFS

Benutzer: user
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 355308

Verstrichene Zeit: 6 Min, 42 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Deaktiviert

Heuristik: Aktiviert

PUP: Aktiviert

PUM: Aktiviert
 

Prozesse: 0

(Keine schädliche Elemente erkannt)
 

Module: 0

(Keine schädliche Elemente erkannt)
 

Registrierungsschlüssel: 0

(Keine schädliche Elemente erkannt)
 

Registrierungswerte: 0

(Keine schädliche Elemente erkannt)
 

Registrierungsdaten: 0

(Keine schädliche Elemente erkannt)
 

Ordner: 0

(Keine schädliche Elemente erkannt)
 

Dateien: 0

(Keine schädliche Elemente erkannt)
 

Physische Sektoren: 0

(Keine schädliche Elemente erkannt)
 
 

(end)

AdwCleaner:

Code:

# AdwCleaner v4.109 - Bericht erstellt am 01/02/2015 um 18:23:55

# Aktualisiert 24/01/2015 von Xplode

# Database : 2015-01-26.1 [Live]

# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)

# Benutzername : user - PC

# Gestartet von : C:\Users\user\Downloads\AdwCleaner_4.109(1).exe

# Option : Löschen
 

***** [ Dienste ] *****
 

[#] Dienst Gelöscht : iSafeKrnl

[#] Dienst Gelöscht : iSafeKrnlBoot

[#] Dienst Gelöscht : iSafeKrnlKit

[#] Dienst Gelöscht : iSafeKrnlR3

Dienst Gelöscht : iSafeNetFilter

[#] Dienst Gelöscht : iSafeService
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\Program Files (x86)\Elex-tech
 

***** [ Tasks ] *****
 
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 
 

***** [ Browser ] *****
 

-\\ Internet Explorer v11.0.9600.17496
 
 

-\\ Mozilla Firefox v35.0.1 (x86 de)
 

[v14zhxne.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.enable_search1", false);

[v14zhxne.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
 

*************************
 

AdwCleaner[R0].txt - [3820 octets] - [31/01/2015 20:17:08]

AdwCleaner[R1].txt - [1359 octets] - [01/02/2015 18:22:48]

AdwCleaner[S0].txt - [3978 octets] - [31/01/2015 20:18:35]

AdwCleaner[S1].txt - [1318 octets] - [01/02/2015 18:23:55]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1378 octets] ##########

JRT:

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.1 (12.28.2014:1)

OS: Windows 7 Professional x64

Ran by user on 01.02.2015 at 18:30:23,98

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ FireFox
 

Emptied folder: C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\v14zhxne.default\minidumps [28 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 01.02.2015 at 18:33:25,10

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST log:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015

Ran by user (administrator) on PC on 01-02-2015 18:35:00

Running from C:\Users\user\Downloads

Loaded Profiles: user (Available profiles: user)

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

() C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe

(Spotify Ltd) C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)

HKLM-x32\...\RunOnce: [EasyTuneVI] => C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe [40960 2012-07-09] ()

HKU\S-1-5-21-1724054557-1254175061-29667419-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1942720 2015-01-23] (Valve Corporation)

HKU\S-1-5-21-1724054557-1254175061-29667419-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)

HKU\S-1-5-21-1724054557-1254175061-29667419-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)

HKU\S-1-5-21-1724054557-1254175061-29667419-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)

HKU\S-1-5-21-1724054557-1254175061-29667419-1000\...\Run: [Spotify Web Helper] => C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-14] (Spotify Ltd)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK-Konfigurationstool.lnk

ShortcutTarget: TP-LINK-Konfigurationstool.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK-Konfigurationstool\TWCU.exe ()

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-1724054557-1254175061-29667419-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-1724054557-1254175061-29667419-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-1724054557-1254175061-29667419-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006

SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-1724054557-1254175061-29667419-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v14zhxne.default

FF DefaultSearchEngine: Google (avast)

FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006

FF SearchEngineOrder.1: Google (avast)

FF SelectedSearchEngine: Google (avast)

FF Homepage: https://www.google.com/?trackid=sp-006

FF Keyword.URL: https://www.google.com/search/?trackid=sp-006

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()

FF Plugin: @java.com/DTPlugin,version=10.76.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.76.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> c:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.76.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.76.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v14zhxne.default\searchplugins\google-avast.xml

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-13]

FF HKLM-x32\...\Firefox\Extensions: [detgdp@gmail.com] - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v14zhxne.default\extensions\detgdp@gmail.com
 

Chrome: 

=======

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-08]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-08] (AVAST Software)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)

S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)

R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-08] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-08] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-08] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-08] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-08] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-08] (AVAST Software)

S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-08] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-08] ()

R3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2015-02-01] ()

S3 h643352; C:\Windows\System32\drivers\h643352.sys [67432 2012-07-11] (Your Corporation)

S3 hid3352; C:\Windows\SysWOW64\drivers\hid3352.sys [45672 2012-07-11] (Your Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-01] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)

R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2012-10-25] (Realtek Semiconductor Corporation                           )

R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [231112 2013-01-03] (VIA Technologies, Inc.)

R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [301256 2013-01-03] (VIA Technologies, Inc.)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-02-01 18:34 - 2015-02-01 18:34 - 00000000 ____D () C:\Users\user\Downloads\FRST-OlderVersion

2015-02-01 18:33 - 2015-02-01 18:33 - 00000889 _____ () C:\Users\user\Desktop\JRT.txt

2015-02-01 18:30 - 2015-02-01 18:30 - 00000000 ____D () C:\Windows\ERUNT

2015-02-01 18:29 - 2015-02-01 18:30 - 01707939 _____ (Thisisu) C:\Users\user\Downloads\JRT.exe

2015-02-01 18:28 - 2015-02-01 18:28 - 00001458 _____ () C:\Users\user\Documents\AdwCleaner[S1].txt

2015-02-01 18:21 - 2015-02-01 18:21 - 02194432 _____ () C:\Users\user\Downloads\AdwCleaner_4.109(1).exe

2015-02-01 18:20 - 2015-02-01 18:20 - 00001199 _____ () C:\mbam.txt

2015-02-01 18:19 - 2015-02-01 18:19 - 00001207 _____ () C:\Malwarebytes.txt

2015-02-01 18:08 - 2015-02-01 18:25 - 00000004 _____ () C:\Windows\SysWOW64\GVTunner.ref

2015-02-01 12:25 - 2015-02-01 12:25 - 00024207 _____ () C:\ComboFix.txt

2015-02-01 12:17 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe

2015-02-01 12:17 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe

2015-02-01 12:17 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2015-02-01 12:17 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2015-02-01 12:17 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2015-02-01 12:17 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe

2015-02-01 12:17 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe

2015-02-01 12:17 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe

2015-02-01 12:11 - 2015-02-01 12:25 - 00000000 ____D () C:\Qoobox

2015-02-01 12:11 - 2015-02-01 12:24 - 00000000 ____D () C:\Windows\erdnt

2015-02-01 12:09 - 2015-02-01 12:16 - 05611408 ____R (Swearware) C:\Users\user\Downloads\ComboFix.exe

2015-02-01 12:06 - 2015-02-01 12:06 - 00001264 _____ () C:\Users\user\Desktop\Revo Uninstaller.lnk

2015-02-01 12:06 - 2015-02-01 12:06 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2015-02-01 12:05 - 2015-02-01 12:05 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\user\Downloads\revosetup95.exe

2015-01-31 22:49 - 2015-02-01 18:35 - 00016486 _____ () C:\Users\user\Downloads\FRST.txt

2015-01-31 22:49 - 2015-02-01 18:35 - 00000000 ____D () C:\FRST

2015-01-31 22:49 - 2015-01-31 22:50 - 00028048 _____ () C:\Users\user\Downloads\Addition.txt

2015-01-31 22:48 - 2015-02-01 18:34 - 02131456 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe

2015-01-31 20:17 - 2015-02-01 18:24 - 00000000 ____D () C:\AdwCleaner

2015-01-31 20:16 - 2015-01-31 20:16 - 02194432 _____ () C:\Users\user\Downloads\adwcleaner_4.109.exe

2015-01-31 20:13 - 2015-01-31 20:13 - 02194432 _____ () C:\Users\user\Downloads\AdwCleaner09.exe

2015-01-31 19:59 - 2015-02-01 18:29 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-01-31 19:58 - 2015-01-31 19:58 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-01-31 19:58 - 2015-01-31 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-01-31 19:58 - 2015-01-31 19:58 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-01-31 19:58 - 2015-01-31 19:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-01-31 19:58 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-01-31 19:58 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-01-31 19:58 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-01-31 19:57 - 2015-01-31 19:58 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.0.4.1028.exe

2015-01-31 19:40 - 2015-01-31 19:40 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieBrowserModeList

2015-01-30 13:06 - 2015-01-30 13:06 - 00320424 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2015-01-30 13:06 - 2015-01-30 13:06 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2015-01-30 13:06 - 2015-01-30 13:06 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2015-01-30 13:06 - 2015-01-30 13:06 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2015-01-27 23:06 - 2015-01-27 23:06 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2015-01-27 23:06 - 2015-01-27 23:06 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2015-01-27 23:06 - 2015-01-27 23:06 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2015-01-27 23:06 - 2015-01-27 23:06 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2015-01-27 23:06 - 2015-01-27 23:06 - 00000000 ____D () C:\Program Files (x86)\Java

2015-01-26 23:10 - 2015-01-26 23:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-01-22 15:21 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

2015-01-18 23:11 - 2015-01-18 23:11 - 00017951 _____ () C:\Users\user\Documents\Literatur_Chancen_ungleich_verteilt_Antonius_Heinrichs.odt

2015-01-17 14:16 - 2015-01-18 23:23 - 00307805 _____ () C:\Users\user\Documents\Literatur_Vortrag Schüler im Schulsystem.odp

2015-01-17 13:47 - 2015-01-31 20:18 - 00000000 ____D () C:\Windows\system32\log

2015-01-17 13:47 - 2015-01-03 09:57 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys

2015-01-16 22:36 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll

2015-01-16 22:36 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2015-01-16 22:36 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-01-16 22:36 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-01-16 22:36 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-01-16 22:36 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-01-16 22:36 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-01-16 22:36 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-01-16 22:36 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-01-16 22:36 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

2015-01-16 22:36 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll

2015-01-16 22:36 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

2015-01-05 14:12 - 2015-01-05 14:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

2015-01-04 19:38 - 2015-01-04 19:38 - 00000000 ____D () C:\Users\user\AppData\Local\GVSE

2015-01-03 13:30 - 2015-01-03 13:30 - 00000000 ____D () C:\Users\user\AppData\Roaming\TaiG

2015-01-03 12:41 - 2015-01-03 12:41 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task

2015-01-03 12:41 - 2015-01-03 12:41 - 00001964 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk

2015-01-03 12:41 - 2014-12-08 15:57 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-02-01 18:32 - 2009-07-14 05:45 - 00035088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-02-01 18:32 - 2009-07-14 05:45 - 00035088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-02-01 18:31 - 2014-06-25 08:15 - 00699416 _____ () C:\Windows\system32\perfh007.dat

2015-02-01 18:31 - 2014-06-25 08:15 - 00149556 _____ () C:\Windows\system32\perfc007.dat

2015-02-01 18:31 - 2014-06-24 16:55 - 01780756 _____ () C:\Windows\WindowsUpdate.log

2015-02-01 18:31 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-02-01 18:30 - 2014-11-11 19:48 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-02-01 18:25 - 2014-11-11 14:55 - 00000000 ___RD () C:\Users\user\iCloudDrive

2015-02-01 18:25 - 2014-09-13 13:00 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2015-02-01 18:25 - 2014-06-26 17:50 - 00000000 ____D () C:\Program Files (x86)\Steam

2015-02-01 18:25 - 2014-06-24 19:10 - 00000000 ____D () C:\ProgramData\NVIDIA

2015-02-01 18:25 - 2014-06-24 17:41 - 00030528 _____ () C:\Windows\GVTDrv64.sys

2015-02-01 18:25 - 2014-06-24 17:41 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys

2015-02-01 18:25 - 2010-11-21 04:47 - 00103346 _____ () C:\Windows\PFRO.log

2015-02-01 18:25 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-02-01 18:25 - 2009-07-14 05:51 - 00071799 _____ () C:\Windows\setupact.log

2015-02-01 12:23 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini

2015-02-01 12:08 - 2014-09-08 22:40 - 00000000 ____D () C:\Users\user\AppData\Roaming\0C1I1L1R1J0C1F1G1G1P1R2Z

2015-02-01 00:33 - 2014-06-29 22:46 - 00000000 ____D () C:\Users\user\AppData\Roaming\Spotify

2015-01-31 23:44 - 2014-06-29 22:46 - 00000000 ____D () C:\Users\user\AppData\Local\Spotify

2015-01-31 20:51 - 2014-06-24 17:26 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2015-01-31 20:18 - 2014-06-24 16:55 - 00000993 _____ () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2015-01-27 12:58 - 2014-06-25 09:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-01-25 12:30 - 2014-11-11 19:48 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-01-25 12:30 - 2014-11-11 19:47 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-01-25 12:30 - 2014-11-11 19:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-01-17 00:10 - 2014-06-24 19:11 - 00000000 ____D () C:\Windows\system32\MRT

2015-01-17 00:08 - 2014-06-24 19:11 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-01-03 13:39 - 2014-11-06 10:37 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe

2015-01-03 12:41 - 2014-12-08 15:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
 

Some content of TEMP:

====================

C:\Users\user\AppData\Local\Temp\Quarantine.exe

C:\Users\user\AppData\Local\Temp\sqlite3.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-01-03 12:38
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Noch eine Frage: Den Awd-Cleaner habe ich gestern schon mal laufen lassen und da hatte er was gefunden, was ich dann ebenfalls gelöscht haben lasse.

Warum findet der jetzt eben doch wieder was? Das hatte ich doch gestern gelöscht...

Wurde auch genau das Gleiche gefunden?

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Also nach etwas mehr als 10 Stunden ist er dann fertig gewesen. Kannst du mir verraten warum der solange braucht?
UND er hat 4 infizierte Dateien gefunden, muss ich da noch was machen? LG!

Code:

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=2c8f448081726f4f8926310760cba129

# engine=22254

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2015-02-01 08:02:47

# local_time=2015-02-01 09:02:47 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1031

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1='avast! Antivirus'

# compatibility_mode=783 16777213 71 95 461044 12211370 0 0

# compatibility_mode_1='Microsoft Security Essentials'

# compatibility_mode=5895 16777213 100 100 12285997 45804961 0 0

# scanned=6413

# found=2

# cleaned=0

# scan_time=420

sh=66AE7020991466E365531E01821D1721FF10F7A9 ft=1 fh=2b6131bebc979372 vn="Win32/ELEX.BF evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZipper\TrayDownloader.exe.vir"

sh=0147937D9077F226E60DF191DA2175A4AC9EE45E ft=1 fh=88de78e712e5bb20 vn="Variante von Win32/ELEX.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZipper\winzipersvc.exe.vir"

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=2c8f448081726f4f8926310760cba129

# engine=22254

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2015-02-02 06:38:28

# local_time=2015-02-02 07:38:28 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1031

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1='avast! Antivirus'

# compatibility_mode=783 16777213 71 95 502785 12249511 0 0

# compatibility_mode_1='Microsoft Security Essentials'

# compatibility_mode=5895 16777213 100 100 12324138 45843102 0 0

# scanned=201971

# found=4

# cleaned=0

# scan_time=38094

sh=66AE7020991466E365531E01821D1721FF10F7A9 ft=1 fh=2b6131bebc979372 vn="Win32/ELEX.BF evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZipper\TrayDownloader.exe.vir"

sh=0147937D9077F226E60DF191DA2175A4AC9EE45E ft=1 fh=88de78e712e5bb20 vn="Variante von Win32/ELEX.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZipper\winzipersvc.exe.vir"

sh=180457CFF90B3B3D4A6014840F31FCDE7FE775A3 ft=1 fh=493cb69fed001189 vn="Variante von Win32/InstallCore.UQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\user\Downloads\OpenOffice_Setup.exe"

sh=5DD348A0B0872E4C79EB768531CD4E6C9CA6DDC1 ft=1 fh=fa9beb55989a8b40 vn="Variante von Win32/InstallCore.PO evtl. unerwünschte Anwendung" ac=I fn="C:\Users\user\Downloads\winzip175-mediafire_v1.exe"

Hier das Andere:

Code:

 Results of screen317's Security Check version 0.99.95  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  
 ``````````````Antivirus/Firewall Check:`````````````` 

Microsoft Security Essentials   

avast! Antivirus                

 Antivirus out of date!  
 `````````Anti-malware/Other Utilities Check:````````` 

 Java 7 Update 76  

 Java version 32-bit out of Date! 

  Java 64-bit 8 Update 31  

 Adobe Flash Player 16.0.0.296  

 Adobe Reader XI  

 Mozilla Firefox (35.0.1) 
 ````````Process Check: objlist.exe by Laurent````````  

 Microsoft Security Essentials MSMpEng.exe 

 Microsoft Security Essentials msseces.exe 

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbam.exe  

 Malwarebytes Anti-Malware mbamscheduler.exe   

 AVAST Software Avast AvastSvc.exe  

 AVAST Software Avast avastui.exe  
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

Frisches FRST log:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015

Ran by user (administrator) on PC on 02-02-2015 07:46:26

Running from C:\Users\user\Downloads

Loaded Profiles: user (Available profiles: user)

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

() C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe

(Spotify Ltd) C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

() C:\Users\user\Downloads\SecurityCheck.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)

HKLM-x32\...\RunOnce: [EasyTuneVI] => C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe [40960 2012-07-09] ()

HKU\S-1-5-21-1724054557-1254175061-29667419-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1942720 2015-01-23] (Valve Corporation)

HKU\S-1-5-21-1724054557-1254175061-29667419-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)

HKU\S-1-5-21-1724054557-1254175061-29667419-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)

HKU\S-1-5-21-1724054557-1254175061-29667419-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)

HKU\S-1-5-21-1724054557-1254175061-29667419-1000\...\Run: [Spotify Web Helper] => C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-14] (Spotify Ltd)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK-Konfigurationstool.lnk

ShortcutTarget: TP-LINK-Konfigurationstool.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK-Konfigurationstool\TWCU.exe ()

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-1724054557-1254175061-29667419-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-1724054557-1254175061-29667419-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-1724054557-1254175061-29667419-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006

SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-1724054557-1254175061-29667419-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v14zhxne.default

FF DefaultSearchEngine: Google (avast)

FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006

FF SearchEngineOrder.1: Google (avast)

FF SelectedSearchEngine: Google (avast)

FF Homepage: https://www.google.com/?trackid=sp-006

FF Keyword.URL: https://www.google.com/search/?trackid=sp-006

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()

FF Plugin: @java.com/DTPlugin,version=10.76.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.76.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> c:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.76.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.76.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v14zhxne.default\searchplugins\google-avast.xml

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-13]

FF HKLM-x32\...\Firefox\Extensions: [detgdp@gmail.com] - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v14zhxne.default\extensions\detgdp@gmail.com
 

Chrome: 

=======

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-08]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-08] (AVAST Software)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)

S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)

R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-08] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-08] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-08] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-08] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-08] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-08] (AVAST Software)

S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-08] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-08] ()

R3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2015-02-01] ()

S3 h643352; C:\Windows\System32\drivers\h643352.sys [67432 2012-07-11] (Your Corporation)

S3 hid3352; C:\Windows\SysWOW64\drivers\hid3352.sys [45672 2012-07-11] (Your Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-02] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)

R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2012-10-25] (Realtek Semiconductor Corporation                           )

R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [231112 2013-01-03] (VIA Technologies, Inc.)

R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [301256 2013-01-03] (VIA Technologies, Inc.)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-02-02 07:43 - 2015-02-02 07:43 - 00852573 _____ () C:\Users\user\Downloads\SecurityCheck.exe

2015-02-01 20:47 - 2015-02-01 20:47 - 02347384 _____ (ESET) C:\Users\user\Downloads\esetsmartinstaller_deu.exe

2015-02-01 20:47 - 2015-02-01 20:47 - 00000000 ____D () C:\Program Files (x86)\ESET

2015-02-01 18:34 - 2015-02-01 18:34 - 00000000 ____D () C:\Users\user\Downloads\FRST-OlderVersion

2015-02-01 18:33 - 2015-02-01 18:33 - 00000889 _____ () C:\Users\user\Desktop\JRT.txt

2015-02-01 18:30 - 2015-02-01 18:30 - 00000000 ____D () C:\Windows\ERUNT

2015-02-01 18:29 - 2015-02-01 18:30 - 01707939 _____ (Thisisu) C:\Users\user\Downloads\JRT.exe

2015-02-01 18:28 - 2015-02-01 18:28 - 00001458 _____ () C:\Users\user\Documents\AdwCleaner[S1].txt

2015-02-01 18:21 - 2015-02-01 18:21 - 02194432 _____ () C:\Users\user\Downloads\AdwCleaner_4.109(1).exe

2015-02-01 18:20 - 2015-02-01 18:20 - 00001199 _____ () C:\mbam.txt

2015-02-01 18:19 - 2015-02-01 18:19 - 00001207 _____ () C:\Malwarebytes.txt

2015-02-01 18:08 - 2015-02-01 20:39 - 00000004 _____ () C:\Windows\SysWOW64\GVTunner.ref

2015-02-01 12:25 - 2015-02-01 12:25 - 00024207 _____ () C:\ComboFix.txt

2015-02-01 12:17 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe

2015-02-01 12:17 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe

2015-02-01 12:17 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2015-02-01 12:17 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2015-02-01 12:17 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2015-02-01 12:17 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe

2015-02-01 12:17 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe

2015-02-01 12:17 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe

2015-02-01 12:11 - 2015-02-01 12:25 - 00000000 ____D () C:\Qoobox

2015-02-01 12:11 - 2015-02-01 12:24 - 00000000 ____D () C:\Windows\erdnt

2015-02-01 12:09 - 2015-02-01 12:16 - 05611408 ____R (Swearware) C:\Users\user\Downloads\ComboFix.exe

2015-02-01 12:06 - 2015-02-01 12:06 - 00001264 _____ () C:\Users\user\Desktop\Revo Uninstaller.lnk

2015-02-01 12:06 - 2015-02-01 12:06 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2015-02-01 12:05 - 2015-02-01 12:05 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\user\Downloads\revosetup95.exe

2015-01-31 22:49 - 2015-02-02 07:46 - 00016766 _____ () C:\Users\user\Downloads\FRST.txt

2015-01-31 22:49 - 2015-02-02 07:46 - 00000000 ____D () C:\FRST

2015-01-31 22:49 - 2015-01-31 22:50 - 00028048 _____ () C:\Users\user\Downloads\Addition.txt

2015-01-31 22:48 - 2015-02-01 18:34 - 02131456 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe

2015-01-31 20:17 - 2015-02-01 18:48 - 00000000 ____D () C:\AdwCleaner

2015-01-31 20:16 - 2015-01-31 20:16 - 02194432 _____ () C:\Users\user\Downloads\adwcleaner_4.109.exe

2015-01-31 20:13 - 2015-01-31 20:13 - 02194432 _____ () C:\Users\user\Downloads\AdwCleaner09.exe

2015-01-31 19:59 - 2015-02-02 00:02 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-01-31 19:58 - 2015-01-31 19:58 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-01-31 19:58 - 2015-01-31 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-01-31 19:58 - 2015-01-31 19:58 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-01-31 19:58 - 2015-01-31 19:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-01-31 19:58 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-01-31 19:58 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-01-31 19:58 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-01-31 19:57 - 2015-01-31 19:58 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.0.4.1028.exe

2015-01-31 19:40 - 2015-01-31 19:40 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieBrowserModeList

2015-01-30 13:06 - 2015-01-30 13:06 - 00320424 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2015-01-30 13:06 - 2015-01-30 13:06 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2015-01-30 13:06 - 2015-01-30 13:06 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2015-01-30 13:06 - 2015-01-30 13:06 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2015-01-27 23:06 - 2015-01-27 23:06 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2015-01-27 23:06 - 2015-01-27 23:06 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2015-01-27 23:06 - 2015-01-27 23:06 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2015-01-27 23:06 - 2015-01-27 23:06 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2015-01-27 23:06 - 2015-01-27 23:06 - 00000000 ____D () C:\Program Files (x86)\Java

2015-01-26 23:10 - 2015-01-26 23:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-01-22 15:21 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

2015-01-18 23:11 - 2015-01-18 23:11 - 00017951 _____ () C:\Users\user\Documents\Literatur_Chancen_ungleich_verteilt_Antonius_Heinrichs.odt

2015-01-17 14:16 - 2015-01-18 23:23 - 00307805 _____ () C:\Users\user\Documents\Literatur_Vortrag Schüler im Schulsystem.odp

2015-01-17 13:47 - 2015-01-31 20:18 - 00000000 ____D () C:\Windows\system32\log

2015-01-17 13:47 - 2015-01-03 09:57 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys

2015-01-16 22:36 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll

2015-01-16 22:36 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2015-01-16 22:36 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-01-16 22:36 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-01-16 22:36 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-01-16 22:36 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-01-16 22:36 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-01-16 22:36 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-01-16 22:36 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-01-16 22:36 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

2015-01-16 22:36 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll

2015-01-16 22:36 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

2015-01-05 14:12 - 2015-01-05 14:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

2015-01-04 19:38 - 2015-01-04 19:38 - 00000000 ____D () C:\Users\user\AppData\Local\GVSE

2015-01-03 13:30 - 2015-01-03 13:30 - 00000000 ____D () C:\Users\user\AppData\Roaming\TaiG

2015-01-03 12:41 - 2015-01-03 12:41 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task

2015-01-03 12:41 - 2015-01-03 12:41 - 00001964 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk

2015-01-03 12:41 - 2014-12-08 15:57 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-02-02 07:30 - 2014-11-11 19:48 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-02-02 06:02 - 2014-06-24 16:55 - 01841398 _____ () C:\Windows\WindowsUpdate.log

2015-02-01 21:03 - 2014-06-29 22:46 - 00000000 ____D () C:\Users\user\AppData\Roaming\Spotify

2015-02-01 20:46 - 2014-06-25 08:15 - 00699416 _____ () C:\Windows\system32\perfh007.dat

2015-02-01 20:46 - 2014-06-25 08:15 - 00149556 _____ () C:\Windows\system32\perfc007.dat

2015-02-01 20:46 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-02-01 20:46 - 2009-07-14 05:45 - 00035088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-02-01 20:46 - 2009-07-14 05:45 - 00035088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-02-01 20:39 - 2014-11-11 14:55 - 00000000 ___RD () C:\Users\user\iCloudDrive

2015-02-01 20:39 - 2014-09-13 13:00 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2015-02-01 20:39 - 2014-06-26 17:50 - 00000000 ____D () C:\Program Files (x86)\Steam

2015-02-01 20:39 - 2014-06-24 19:10 - 00000000 ____D () C:\ProgramData\NVIDIA

2015-02-01 20:39 - 2014-06-24 17:41 - 00030528 _____ () C:\Windows\GVTDrv64.sys

2015-02-01 20:39 - 2014-06-24 17:41 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys

2015-02-01 20:39 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-02-01 20:39 - 2009-07-14 05:51 - 00072135 _____ () C:\Windows\setupact.log

2015-02-01 18:49 - 2010-11-21 04:47 - 00103656 _____ () C:\Windows\PFRO.log

2015-02-01 12:23 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini

2015-02-01 12:08 - 2014-09-08 22:40 - 00000000 ____D () C:\Users\user\AppData\Roaming\0C1I1L1R1J0C1F1G1G1P1R2Z

2015-01-31 23:44 - 2014-06-29 22:46 - 00000000 ____D () C:\Users\user\AppData\Local\Spotify

2015-01-31 20:51 - 2014-06-24 17:26 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2015-01-31 20:18 - 2014-06-24 16:55 - 00000993 _____ () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2015-01-27 12:58 - 2014-06-25 09:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-01-25 12:30 - 2014-11-11 19:48 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-01-25 12:30 - 2014-11-11 19:47 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-01-25 12:30 - 2014-11-11 19:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-01-17 00:10 - 2014-06-24 19:11 - 00000000 ____D () C:\Windows\system32\MRT

2015-01-17 00:08 - 2014-06-24 19:11 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-01-03 13:39 - 2014-11-06 10:37 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe

2015-01-03 12:41 - 2014-12-08 15:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
 

Some content of TEMP:

====================

C:\Users\user\AppData\Local\Temp\Quarantine.exe

C:\Users\user\AppData\Local\Temp\sqlite3.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-01-03 12:38
 

==================== End Of Log ============================

--- --- ---

Java updaten. Funde sind schon in Quarantäne. Download Ordner leeren.
Der braucht halt bissl zeit :)

Fertig :)

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Hey schrauber!

Habe alles getan und ich finde es super und bedanke mich rechtherlich bei Dir dafür, das du mir geholfen hast.

Ein paar Fragen habe ich aber noch:
Auf meinem PC ist noch der Revo Uninstaller drauf -> löschen?
Blockieren sich Avast und Malwarebytes nicht gegenseitig?

UND wenn ich dieses WOT laden will, erscheint diese Meldung: Bilder-Upload - Kostenlos Fotos hochladen und ins Netz stellen . Es funktioniert also nicht.
Ein paar Minuten später erschein dann diese Warnung von Avast: Bilder-Upload - Kostenlos Fotos hochladen und ins Netz stellen .
WAS muss ich da jetzt tun?

Vielen Dank richtig nett von Dir!!!

Hey schrauber!

Habe alles getan und ich finde es super und bedanke mich rechtherlich bei Dir dafür, das du mir geholfen hast.

Ein paar Fragen habe ich aber noch:
Auf meinem PC ist noch der Revo Uninstaller drauf -> löschen?
Blockieren sich Avast und Malwarebytes nicht gegenseitig?

UND wenn ich dieses WOT laden will, erscheint diese Meldung: Bilder-Upload - Kostenlos Fotos hochladen und ins Netz stellen . Es funktioniert also nicht.
Ein paar Minuten später erschein dann diese Warnung von Avast: Bilder-Upload - Kostenlos Fotos hochladen und ins Netz stellen .
WAS muss ich da jetzt tun?

Vielen Dank richtig nett von Dir!!!

1. Bilder-Upload - Kostenlos Fotos hochladen und ins Netz stellen
2. Bilder-Upload - Kostenlos Fotos hochladen und ins Netz stellen

1. http://www.bilder-upload.eu/show.php...1422919009.png
2. http://www.bilder-upload.eu/show.php...1422919043.png

1. Bilder-Upload - Kostenlos Fotos hochladen und ins Netz stellen

2. Bilder-Upload - Kostenlos Fotos hochladen und ins Netz stellen

Zitat:

Auf meinem PC ist noch der Revo Uninstaller drauf -> löschen?

Kannste behalten um Programme zu deinstallieren, kannste aber auch entfernen.

Zitat:

Blockieren sich Avast und Malwarebytes nicht gegenseitig?

nö :)

Kannste die Bilder bitte direkt im Thema anhängen? Ich kann die so nicht sehen, Uploadseiten sind bei mir gesperrt.

Also, erst kam die Meldung das WOT nicht heruntergeladen werden konnte.

Dann kam diese hübsche Meldung von Avast.
Habe Malwarebytes und auch den AwdCleaner nochmal scannen lassen, haben beide nichts gefunden.
Was muss ich da tun?

Danke!

Die erste und zweite Meldung hängen zusammen. Avast blockt den Download.
Lass den Download weg, einfach in Firefox > Extras > Addons nach WOT suchen und direkt in FIrefox installieren :)