Immer wieder Rückkehr von pup.optional. Viren

kono · 09.08.2013, 22:00

Hallo bin neu hier und habe ein großes Problem mit meinem PC bzw. Mit Viren, die ca.alle 3 Tage wieder neu erscheinen. Angefangen hat es vor 4 Wochen denke ich und ich werde das Problem nicht los, deshalb Frage ich nun hier und hoffe man kann mir helfen.
Mehr Infos:
Meistens sind es nicht nur ein Virus sondern schon direkt 6 oder auch mal 11 gewesen. Und es sind immer die selben. Immer fängt der Name des Virus mit pup.optional. an und hört auf mit beispielsweise
Tarma, Babylon, defaulttab und so was halt. Ich lösche ihn immer wieder mit Malwarebytes aber keine Chance, er kommt nach paar Tagen eh wieder. Ich habe auch Ad ware cleaner benutzt auch ohne Erfolg. Was soll ich nun tun. Ich hoffe ihr könnt mir helfen. Wenn mehr Informationen benötigt werden kann diese natürlich auch Posten.

Mit freundlichen Grüßen

Kono

cosinus · 09.08.2013, 22:16

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!

Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

kono · 09.08.2013, 22:18

Okay danke das mach dann . bin momentan mit dem Handy online, auch irgendeine aahnungwas das sein konnte?

cosinus · 09.08.2013, 22:29

PUP=potentially unwanted software
Meist sind das irgendwelche nervige Werbemüll-Geschichten, aber so ohne Logs kann man nichts Genaues sagen

kono · 10.08.2013, 14:34

Also das mit FRST verstehe ich nicht ganz. habe etwas Angst im Bios rumzusielen.
Aber hier die Logdatei von Malwarebytes:

Code:

ATTFilter

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 216664
Laufzeit: 4 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Users\Christian\AppData\Local\Temp\4199FBEF-BAB0-7891-97DD-84AED973A040\MyBabylonTB.exe (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Christian\AppData\Local\Temp\60D0976F-BAB0-7891-81C3-CAC7A78897BD\Latest\MyBabylonTB.exe (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Christian\AppData\Local\Temp\nsb5FFD.tmp\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Christian\AppData\Local\Temp\nsn43B7.tmp\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Christian\AppData\Local\Temp\nsr1113.tmp\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Hier noch einer:

Code:

ATTFilter

Christian :: CHRISTIAN-HP [Administrator]

03.08.2013 10:18:24
mbam-log-2013-08-03 (10-18-24).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 216143
Laufzeit: 2 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Christian\AppData\Roaming\OpenCandy\AEDBEA47287C46969C34C93EE9F9EC95\DeltaTB.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Und noch einer:

Code:

ATTFilter

www.malwarebytes.org

Datenbank Version: v2013.08.02.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Christian :: CHRISTIAN-HP [Administrator]

02.08.2013 15:54:11
mbam-log-2013-08-02 (15-54-11).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 215778
Laufzeit: 4 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 4
C:\Users\Christian\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 7
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Christian\AppData\Local\Temp\wajam_install.exe (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Christian\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

cosinus · 10.08.2013, 14:35

Wo bitte hast du was mit BIOS gelesen?!

kono · 11.08.2013, 14:50

Dachte diese FRST muss mit bios oder so

cosinus · 11.08.2013, 16:14

Und wo ist das Log bitte jetzt?

kono · 11.08.2013, 17:45

Ich habe mir mal die Logs angeguckt und ist das nicht iwie schlecht wenn ich diese Daten hier poste? Ich meine sind da nicht wichtige registrys die sich jemand von nutzen machen könnte?

Ok hier:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-08-2013
Ran by Christian at 2013-08-11 12:00:14
Running from C:\Users\Christian\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
Absolute Reminder (x32 Version: 2.0.0.17)
adcom 802.11 Wireless LAN Adapter (Version: )
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.3.633)
AMD APP SDK Runtime (Version: 10.0.851.6)
AMD Catalyst Install Manager (Version: 3.0.859.0)
Arma 2 (x32)
Arma 2: Operation Arrowhead (x32)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.87)
Avira Free Antivirus (x32 Version: 13.0.0.3885)
BattlEye for OA Uninstall (x32)
Bejeweled 3 (x32 Version: 2.2.0.97)
Broadcom Bluetooth Software (Version: 6.5.1.2300)
Cake Mania (x32 Version: 2.2.0.98)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.0301.448.8391)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0301.448.8391)
Catalyst Control Center InstallProxy (x32 Version: 2012.0301.448.8391)
Catalyst Control Center Localization All (x32 Version: 2012.0301.448.8391)
Catalyst Control Center Profiles Mobile (x32 Version: 2012.0301.448.8391)
CCC Help Chinese Standard (x32 Version: 2012.0301.0447.8391)
CCC Help Chinese Traditional (x32 Version: 2012.0301.0447.8391)
CCC Help Czech (x32 Version: 2012.0301.0447.8391)
CCC Help Danish (x32 Version: 2012.0301.0447.8391)
CCC Help Dutch (x32 Version: 2012.0301.0447.8391)
CCC Help English (x32 Version: 2012.0301.0447.8391)
CCC Help Finnish (x32 Version: 2012.0301.0447.8391)
CCC Help French (x32 Version: 2012.0301.0447.8391)
CCC Help German (x32 Version: 2012.0301.0447.8391)
CCC Help Greek (x32 Version: 2012.0301.0447.8391)
CCC Help Hungarian (x32 Version: 2012.0301.0447.8391)
CCC Help Italian (x32 Version: 2012.0301.0447.8391)
CCC Help Japanese (x32 Version: 2012.0301.0447.8391)
CCC Help Korean (x32 Version: 2012.0301.0447.8391)
CCC Help Norwegian (x32 Version: 2012.0301.0447.8391)
CCC Help Polish (x32 Version: 2012.0301.0447.8391)
CCC Help Portuguese (x32 Version: 2012.0301.0447.8391)
CCC Help Russian (x32 Version: 2012.0301.0447.8391)
CCC Help Spanish (x32 Version: 2012.0301.0447.8391)
CCC Help Swedish (x32 Version: 2012.0301.0447.8391)
CCC Help Thai (x32 Version: 2012.0301.0447.8391)
CCC Help Turkish (x32 Version: 2012.0301.0447.8391)
ccc-utility64 (Version: 2012.0301.448.8391)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
Cradle of Rome 2 (x32 Version: 2.2.0.98)
CyberLink YouCam (x32 Version: 3.5.3.5010)
D3DX10 (x32 Version: 15.4.2368.0902)
DayZ Commander (x32 Version: 0.92.85)
Definition update for Microsoft Office 2010 (KB982726) (x32)
ESU for Microsoft Windows 7 SP1 (x32 Version: 5.1.3)
Evernote v. 4.5.2 (x32 Version: 4.5.2.5904)
Farm Frenzy (x32 Version: 2.2.0.98)
Farmscapes (x32 Version: 2.2.0.98)
Final Drive Fury (x32 Version: 2.2.0.95)
Fishdom (TM) 2 (x32 Version: 2.2.0.98)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HP 3D DriveGuard (Version: 4.2.9.1)
HP Auto (Version: 1.0.12935.3667)
HP CoolSense (x32 Version: 2.10.51)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8)
HP Documentation (x32 Version: 1.1.0.0)
HP Games (x32 Version: 1.0.2.5)
HP Launch Box (Version: 1.1.5)
HP On Screen Display (x32 Version: 1.3.5)
HP Power Manager (x32 Version: 1.4.8)
HP Product Detection (x32 Version: 11.15.0004)
HP Quick Launch (x32 Version: 2.7.2)
HP Recovery Manager (x32 Version: 2.0.0)
HP Security Assistant (Version: 3.0.3)
HP Setup (x32 Version: 9.1.15430.4033)
HP SimplePass (x32 Version: 6.0.100.272)
HP Software Framework (x32 Version: 4.6.10.1)
HP Support Assistant (x32 Version: 7.0.39.15)
HTC Driver Installer (x32 Version: 3.0.0.007)
IDT Audio (x32 Version: 1.0.6395.0)
Insaniquarium Deluxe (x32 Version: 2.2.0.97)
Intel(R) Display Audio Driver (x32 Version: 6.14.00.3090)
Intel(R) Management Engine Components (x32 Version: 8.0.2.1410)
Intel(R) Rapid Start Technology (x32 Version: 1.0.0.1021)
Intel(R) Rapid Storage Technology (x32 Version: 11.1.0.1006)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.3.214)
Intel® Trusted Connect Service Client (Version: 1.23.605.1)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Jewel Match 3 (x32 Version: 2.2.0.98)
Jewel Quest II (x32 Version: 2.2.0.97)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Magic Desktop (x32 Version: 3.0)
Mahjongg Artifacts (x32 Version: 2.2.0.95)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (x32 Version: 4.0.50401.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98)
opensource (x32 Version: 1.0.14960.3876)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98)
Polar Bowler (x32 Version: 2.2.0.97)
PX Profile Update (x32 Version: 1.00.1.)
Realtek Ethernet Controller Driver (x32 Version: 7.49.927.2011)
Realtek PCIE Card Reader (x32 Version: 6.1.7601.27012)
Steam (x32 Version: 1.0.0.0)
swMSM (x32 Version: 12.0.0.1)
Synaptics ClickPad Driver (Version: 16.0.5.1)
System Requirements Lab CYRI (x32 Version: 6.0.3.0)
Torchlight (x32 Version: 2.2.0.98)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
VIP Access SDK (1.1.0.4)  (x32 Version: 1.1.0.4)
Virtual Families (x32 Version: 2.2.0.98)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98)
Wedding Dash (x32 Version: 2.2.0.95)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.15)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Zuma's Revenge (x32 Version: 2.2.0.98)

==================== Restore Points  =========================

17-07-2013 14:06:43 Windows Update
30-07-2013 06:58:34 Windows Update
02-08-2013 12:32:22 Windows Update
07-08-2013 07:46:24 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {25337664-1197-40B8-9442-976E1E16D993} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-12] (Adobe Systems Incorporated)
Task: {28DF6E91-6FC8-4E3C-B851-DF8EBD8B6EB1} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {52920436-2AEC-40EF-B47C-3773A305D9CA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-07-05] (Hewlett-Packard)
Task: {5B3B81C3-D5B5-42FC-BBC0-A6B81EBF7FF4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {60EB7971-9DDA-458A-8DE1-E9694BE7C084} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-02-10] (CyberLink)
Task: {6F5AB681-2CE5-4F48-A5E1-AFD21A565978} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {7B9C0913-EBCA-41D6-A670-B9F6D38F2A0F} - System32\Tasks\Absolute Reminder => C:\Program Files (x86)\Absolute Software\Absolute Reminder\AbsoluteReminder.exe [2011-07-12] (Absolute Software)
Task: {94457A8D-9830-454F-A4D1-4615AFC4EB0D} - System32\Tasks\User_Feed_Synchronization-{667C5600-EB5D-4095-A11C-90919C4887C7} => C:\Windows\system32\msfeedssync.exe [2013-06-24] (Microsoft Corporation)
Task: {9CC43B7A-537D-4D78-ADDE-12B2133991D2} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {BBB832BB-1043-450B-944A-90DE94DAA7F3} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-21] (Microsoft Corporation)
Task: {F572660A-056A-4772-B34E-3D5719019839} - System32\Tasks\HPCeeScheduleForChristian => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {F63CC6E0-CB7E-47F9-B89A-D118B419C987} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForChristian.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Faulty Device Manager Devices =============

Name: Broadcom 20702 Bluetooth 4.0 Adapter
Description: Broadcom 20702 Bluetooth 4.0 Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/11/2013 11:48:39 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/10/2013 09:53:45 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/10/2013 03:59:24 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: arma2oa.exe, Version: 1.62.103.718, Zeitstempel: 0x5168264d
Name des fehlerhaften Moduls: arma2oa.exe, Version: 1.62.103.718, Zeitstempel: 0x5168264d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043ef4
ID des fehlerhaften Prozesses: 0x444
Startzeit der fehlerhaften Anwendung: 0xarma2oa.exe0
Pfad der fehlerhaften Anwendung: arma2oa.exe1
Pfad des fehlerhaften Moduls: arma2oa.exe2
Berichtskennung: arma2oa.exe3

Error: (08/10/2013 11:32:07 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/09/2013 09:15:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/08/2013 02:08:22 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/08/2013 09:33:16 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/07/2013 08:11:38 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/06/2013 11:06:55 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/06/2013 09:55:19 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/10/2013 10:39:10 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (08/10/2013 09:53:13 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (08/09/2013 10:37:00 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (08/09/2013 09:15:20 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (08/08/2013 11:36:34 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (08/07/2013 08:47:01 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (08/07/2013 06:17:17 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (08/06/2013 11:06:45 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎06.‎08.‎2013 um 11:05:45 unerwartet heruntergefahren.

Error: (08/05/2013 10:11:02 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (08/05/2013 03:12:54 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}


Microsoft Office Sessions:
=========================
Error: (08/11/2013 11:48:39 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/10/2013 09:53:45 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/10/2013 03:59:24 PM) (Source: Application Error)(User: )
Description: arma2oa.exe1.62.103.7185168264darma2oa.exe1.62.103.7185168264dc000000500043ef444401ce95cf7f91adb3C:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\expansion\beta\arma2oa.exeC:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\expansion\beta\arma2oa.exe0febbfb8-01c5-11e3-9b4b-28924a1fb479

Error: (08/10/2013 11:32:07 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/09/2013 09:15:55 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/08/2013 02:08:22 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/08/2013 09:33:16 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/07/2013 08:11:38 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/06/2013 11:06:55 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/06/2013 09:55:19 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 26%
Total physical RAM: 8094.31 MB
Available physical RAM: 5927.88 MB
Total Pagefile: 16186.81 MB
Available Pagefile: 13919.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:445.63 GB) (Free:372.56 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:19.83 GB) (Free:2.12 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: B8BF4AF5)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=446 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=108 MB) - (Type=0C)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 8 GB) (Disk ID: 7E0223EF)
Partition 1: (Not Active) - (Size=8 GB) - (Type=84)

==================== End Of Log ============================

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-08-2013
Ran by Christian (administrator) on 11-08-2013 11:59:44
Running from C:\Users\Christian\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Dotjosh Studios, LLC) C:\Program Files (x86)\Dotjosh Studios\DayZ Commander\Current\DayZCommander.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2899216 2013-05-25] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] - C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-03-23] (IDT, Inc.)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1672616 2013-07-10] (Valve Corporation)
HKCU\...\Run: [packe] - "C:\Users\Christian\AppData\Roaming\packe.exe" -autorun [x]
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-03-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-28] (Intel Corporation)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2012-01-30] (EasyBits Software AS)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [] -  [x]
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {4340BE58-4958-470C-B324-1205749D5B8A} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.chatzum.com/?orig=DS&affid=62&cztbid=595294047&q={searchTerms}
SearchScopes: HKLM-x32 - {4340BE58-4958-470C-B324-1205749D5B8A} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.chatzum.com/?orig=DS&affid=62&cztbid=595294047&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.chatzum.com/?orig=DS&affid=62&cztbid=595294047&q={searchTerms}
SearchScopes: HKCU - {4340BE58-4958-470C-B324-1205749D5B8A} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKCU - {5EAA57D6-E0B5-4A27-B42E-F4C3593A540F} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=b0d8d795-73ce-4ebd-9aa4-f63ee5f54ea4&apn_sauid=6ACE5275-4C1D-4A3E-8BEA-7D2579F79F06
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL [52920 2012-08-24] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-01] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-07-07] ()
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-07] (HP)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193536 2012-02-07] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] ()
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)

==================== Drivers (Whitelisted) ====================

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-29] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-29] (Avira Operations GmbH & Co. KG)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-02] (Broadcom Corporation.)
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2012-02-02] (Broadcom Corporation.)
R3 irstrtdv; C:\Windows\system32\drivers\irstrtdv.sys [26504 2012-02-07] (Intel Corporation)
R3 KovaPlusFltr; C:\Windows\System32\drivers\KovaPlusFltr.sys [15104 2010-01-25] (ROCCAT Development, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 RAMDiskVE; C:\Windows\System32\Drivers\RAMDiskVE.sys [75016 2013-02-19] (Dataram, Inc.)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [21264 2012-03-02] (Synaptics Incorporated)
R3 SmbDrvIntel; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27408 2013-05-25] (Synaptics Incorporated)
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-11 11:50 - 2013-08-11 11:50 - 01790633 _____ (Farbar) C:\Users\Christian\Desktop\FRST64.exe
2013-08-11 11:50 - 2013-08-11 11:50 - 00000000 ____D C:\FRST
2013-08-09 21:16 - 2013-08-09 21:16 - 00001798 _____ C:\AdwCleaner[R17].txt
2013-08-09 11:01 - 2013-08-09 11:01 - 00001736 _____ C:\AdwCleaner[R16].txt
2013-08-08 14:08 - 2013-08-08 14:08 - 00001675 _____ C:\AdwCleaner[R15].txt
2013-08-07 09:51 - 2013-08-07 09:51 - 00001614 _____ C:\AdwCleaner[R14].txt
2013-08-06 14:58 - 2013-08-06 14:58 - 00001553 _____ C:\AdwCleaner[R13].txt
2013-08-06 14:57 - 2013-08-06 14:58 - 00001492 _____ C:\AdwCleaner[R12].txt
2013-08-06 14:56 - 2013-08-06 14:56 - 00001592 _____ C:\AdwCleaner[R11].txt
2013-08-06 10:00 - 2013-08-06 10:00 - 00001531 _____ C:\AdwCleaner[R10].txt
2013-08-05 15:09 - 2013-08-05 15:09 - 00001470 _____ C:\AdwCleaner[R9].txt
2013-08-03 15:48 - 2013-08-03 15:48 - 00001248 _____ C:\AdwCleaner[R8].txt
2013-08-03 13:55 - 2013-08-03 13:55 - 00001188 _____ C:\AdwCleaner[R7].txt
2013-08-03 10:39 - 2013-08-03 10:39 - 00001128 _____ C:\AdwCleaner[R6].txt
2013-08-03 10:31 - 2013-08-03 10:31 - 00001067 _____ C:\AdwCleaner[R5].txt
2013-08-03 10:30 - 2013-08-03 10:30 - 00001007 _____ C:\AdwCleaner[R4].txt
2013-08-03 10:28 - 2013-08-03 10:29 - 00001111 _____ C:\AdwCleaner[S2].txt
2013-08-03 10:28 - 2013-08-03 10:28 - 00001048 _____ C:\AdwCleaner[R3].txt
2013-08-03 10:27 - 2013-08-03 10:27 - 00000989 _____ C:\AdwCleaner[R2].txt
2013-08-03 10:25 - 2013-08-03 10:25 - 00026889 _____ C:\AdwCleaner[R1].txt
2013-08-03 10:25 - 2013-08-03 10:25 - 00026419 _____ C:\AdwCleaner[S1].txt
2013-08-03 10:24 - 2013-08-03 10:24 - 00666633 _____ C:\Users\Christian\Desktop\adwcleaner06.exe
2013-07-13 12:30 - 2013-07-13 12:30 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\Razer
2013-07-12 14:17 - 2013-07-12 14:18 - 00000000 ____D C:\Windows\system32\MRT
2013-07-12 11:16 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-12 11:16 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-12 11:16 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-12 11:16 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-12 11:16 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-12 11:16 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-12 11:16 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-12 11:16 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-12 11:16 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-12 11:16 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-12 11:16 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-12 11:16 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-12 11:16 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-12 11:16 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-12 11:16 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-12 11:16 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-12 11:16 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-12 11:16 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-12 11:16 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-12 11:16 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-12 11:16 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-12 11:16 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-12 11:16 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-12 11:16 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-12 11:16 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-12 11:16 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-12 11:16 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-12 11:16 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-12 11:16 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-12 11:16 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-12 11:16 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

==================== One Month Modified Files and Folders =======

2013-08-11 11:55 - 2009-07-14 06:45 - 00031248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-11 11:55 - 2009-07-14 06:45 - 00031248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-11 11:54 - 2012-03-25 06:06 - 00696870 _____ C:\Windows\system32\perfh007.dat
2013-08-11 11:54 - 2012-03-25 06:06 - 00148134 _____ C:\Windows\system32\perfc007.dat
2013-08-11 11:54 - 2009-07-14 07:13 - 00873456 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-11 11:51 - 2013-04-03 17:24 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\ArmA 2 OA
2013-08-11 11:50 - 2013-08-11 11:50 - 01790633 _____ (Farbar) C:\Users\Christian\Desktop\FRST64.exe
2013-08-11 11:50 - 2013-08-11 11:50 - 00000000 ____D C:\FRST
2013-08-11 11:48 - 2013-06-24 17:27 - 00000000 ____D C:\Program Files (x86)\Steam
2013-08-11 11:48 - 2009-07-14 06:51 - 00079978 _____ C:\Windows\setupact.log
2013-08-10 22:39 - 2012-12-28 20:46 - 01686329 _____ C:\Windows\WindowsUpdate.log
2013-08-10 16:00 - 2013-02-24 00:09 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\CrashDumps
2013-08-09 21:16 - 2013-08-09 21:16 - 00001798 _____ C:\AdwCleaner[R17].txt
2013-08-09 21:15 - 2010-11-21 05:47 - 00740944 _____ C:\Windows\PFRO.log
2013-08-09 11:01 - 2013-08-09 11:01 - 00001736 _____ C:\AdwCleaner[R16].txt
2013-08-08 14:08 - 2013-08-08 14:08 - 00001675 _____ C:\AdwCleaner[R15].txt
2013-08-07 09:51 - 2013-08-07 09:51 - 00001614 _____ C:\AdwCleaner[R14].txt
2013-08-06 14:58 - 2013-08-06 14:58 - 00001553 _____ C:\AdwCleaner[R13].txt
2013-08-06 14:58 - 2013-08-06 14:57 - 00001492 _____ C:\AdwCleaner[R12].txt
2013-08-06 14:57 - 2012-12-28 21:25 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Mozilla
2013-08-06 14:56 - 2013-08-06 14:56 - 00001592 _____ C:\AdwCleaner[R11].txt
2013-08-06 10:00 - 2013-08-06 10:00 - 00001531 _____ C:\AdwCleaner[R10].txt
2013-08-05 15:09 - 2013-08-05 15:09 - 00001470 _____ C:\AdwCleaner[R9].txt
2013-08-03 15:48 - 2013-08-03 15:48 - 00001248 _____ C:\AdwCleaner[R8].txt
2013-08-03 13:55 - 2013-08-03 13:55 - 00001188 _____ C:\AdwCleaner[R7].txt
2013-08-03 10:39 - 2013-08-03 10:39 - 00001128 _____ C:\AdwCleaner[R6].txt
2013-08-03 10:36 - 2013-03-24 22:05 - 00000000 ____D C:\Users\Christian\AppData\Roaming\WildTangent
2013-08-03 10:31 - 2013-08-03 10:31 - 00001067 _____ C:\AdwCleaner[R5].txt
2013-08-03 10:30 - 2013-08-03 10:30 - 00001007 _____ C:\AdwCleaner[R4].txt
2013-08-03 10:29 - 2013-08-03 10:28 - 00001111 _____ C:\AdwCleaner[S2].txt
2013-08-03 10:28 - 2013-08-03 10:28 - 00001048 _____ C:\AdwCleaner[R3].txt
2013-08-03 10:27 - 2013-08-03 10:27 - 00000989 _____ C:\AdwCleaner[R2].txt
2013-08-03 10:25 - 2013-08-03 10:25 - 00026889 _____ C:\AdwCleaner[R1].txt
2013-08-03 10:25 - 2013-08-03 10:25 - 00026419 _____ C:\AdwCleaner[S1].txt
2013-08-03 10:24 - 2013-08-03 10:24 - 00666633 _____ C:\Users\Christian\Desktop\adwcleaner06.exe
2013-08-02 16:49 - 2013-04-27 11:40 - 00000000 ____D C:\Program Files (x86)\VstPlugins
2013-08-01 10:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-14 09:59 - 2013-04-13 11:19 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-07-14 09:59 - 2012-12-30 14:19 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-07-13 13:26 - 2012-12-30 22:46 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Skype
2013-07-13 13:26 - 2012-03-24 21:56 - 00000000 ____D C:\ProgramData\Skype
2013-07-13 12:30 - 2013-07-13 12:30 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\Razer
2013-07-12 14:18 - 2013-07-12 14:17 - 00000000 ____D C:\Windows\system32\MRT
2013-07-12 13:33 - 2013-01-22 19:16 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\Adobe
2013-07-12 13:33 - 2013-01-20 21:13 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-12 13:33 - 2012-03-24 21:46 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-12 13:33 - 2012-03-24 21:46 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-12 13:31 - 2009-07-14 06:45 - 00416360 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-12 13:30 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 13:30 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-08 18:49

==================== End Of Log ============================

--- --- ---

--- --- ---

cosinus · 11.08.2013, 23:22

Adware/Junkware/Toolbars entfernen

(Beide Tools bitte neu runterladen)

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

kono · 12.08.2013, 15:10

Adware Cleaner

Code:

ATTFilter

# AdwCleaner v2.306 - Datei am 12/08/2013 um 12:23:16 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Christian - CHRISTIAN-HP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Christian\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[R10].txt - [1531 octets] - [06/08/2013 10:00:10]
AdwCleaner[R11].txt - [1592 octets] - [06/08/2013 14:56:45]
AdwCleaner[R12].txt - [1492 octets] - [06/08/2013 14:57:57]
AdwCleaner[R13].txt - [1553 octets] - [06/08/2013 14:58:19]
AdwCleaner[R14].txt - [1614 octets] - [07/08/2013 09:51:31]
AdwCleaner[R15].txt - [1675 octets] - [08/08/2013 14:08:52]
AdwCleaner[R16].txt - [1736 octets] - [09/08/2013 11:01:30]
AdwCleaner[R17].txt - [1798 octets] - [09/08/2013 21:16:25]
AdwCleaner[R18].txt - [1859 octets] - [12/08/2013 10:25:23]
AdwCleaner[R19].txt - [1977 octets] - [12/08/2013 12:23:07]
AdwCleaner[R1].txt - [26889 octets] - [03/08/2013 10:25:02]
AdwCleaner[R2].txt - [989 octets] - [03/08/2013 10:27:53]
AdwCleaner[R3].txt - [1048 octets] - [03/08/2013 10:28:29]
AdwCleaner[R4].txt - [1007 octets] - [03/08/2013 10:30:50]
AdwCleaner[R5].txt - [1067 octets] - [03/08/2013 10:31:12]
AdwCleaner[R6].txt - [1128 octets] - [03/08/2013 10:39:34]
AdwCleaner[R7].txt - [1188 octets] - [03/08/2013 13:55:45]
AdwCleaner[R8].txt - [1248 octets] - [03/08/2013 15:48:40]
AdwCleaner[R9].txt - [1470 octets] - [05/08/2013 15:09:47]
AdwCleaner[S1].txt - [26419 octets] - [03/08/2013 10:25:34]
AdwCleaner[S2].txt - [1111 octets] - [03/08/2013 10:28:58]
AdwCleaner[S3].txt - [347 octets] - [12/08/2013 10:25:35]
AdwCleaner[S4].txt - [1909 octets] - [12/08/2013 12:23:16]

########## EOF - C:\AdwCleaner[S4].txt - [1969 octets] ##########

JRT:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.3 (08.11.2013:2)
OS: Windows 7 Home Premium x64
Ran by Christian on 12.08.2013 at 12:25:28,49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4340BE58-4958-470C-B324-1205749D5B8A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5EAA57D6-E0B5-4A27-B42E-F4C3593A540F}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{4340BE58-4958-470C-B324-1205749D5B8A}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.08.2013 at 12:29:57,82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST
FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-08-2013
Ran by Christian (administrator) on 12-08-2013 16:04:00
Running from C:\Users\Christian\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2899216 2013-05-25] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] - C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-03-23] (IDT, Inc.)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1672616 2013-07-10] (Valve Corporation)
HKCU\...\Run: [packe] - "C:\Users\Christian\AppData\Roaming\packe.exe" -autorun [x]
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-03-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-28] (Intel Corporation)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2012-01-30] (EasyBits Software AS)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [] -  [x]
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {4340BE58-4958-470C-B324-1205749D5B8A} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL [52920 2012-08-24] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-01] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-07-07] ()
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-07] (HP)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193536 2012-02-07] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] ()
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)

==================== Drivers (Whitelisted) ====================

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-29] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-29] (Avira Operations GmbH & Co. KG)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-02] (Broadcom Corporation.)
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2012-02-02] (Broadcom Corporation.)
R3 irstrtdv; C:\Windows\system32\drivers\irstrtdv.sys [26504 2012-02-07] (Intel Corporation)
R3 KovaPlusFltr; C:\Windows\System32\drivers\KovaPlusFltr.sys [15104 2010-01-25] (ROCCAT Development, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 RAMDiskVE; C:\Windows\System32\Drivers\RAMDiskVE.sys [75016 2013-02-19] (Dataram, Inc.)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [21264 2012-03-02] (Synaptics Incorporated)
R3 SmbDrvIntel; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27408 2013-05-25] (Synaptics Incorporated)
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-12 12:25 - 2013-08-12 12:25 - 00000000 ____D C:\Windows\ERUNT
2013-08-12 12:24 - 2013-08-12 12:24 - 00002038 _____ C:\Users\Christian\Desktop\AdwCleaner[S4].txt
2013-08-12 12:23 - 2013-08-12 12:23 - 00002038 _____ C:\AdwCleaner[S4].txt
2013-08-12 12:23 - 2013-08-12 12:23 - 00001977 _____ C:\AdwCleaner[R19].txt
2013-08-12 10:27 - 2013-08-12 10:27 - 00959258 _____ (Oleg N. Scherbakov) C:\Users\Christian\Desktop\JRT.exe
2013-08-12 10:26 - 2013-08-12 10:26 - 00666633 _____ C:\Users\Christian\Desktop\adwcleaner.exe
2013-08-12 10:25 - 2013-08-12 10:25 - 00001859 _____ C:\AdwCleaner[R18].txt
2013-08-12 10:25 - 2013-08-12 10:25 - 00000347 _____ C:\AdwCleaner[S3].txt
2013-08-11 11:50 - 2013-08-11 11:50 - 01790633 _____ (Farbar) C:\Users\Christian\Desktop\FRST64.exe
2013-08-11 11:50 - 2013-08-11 11:50 - 00000000 ____D C:\FRST
2013-08-09 21:16 - 2013-08-09 21:16 - 00001798 _____ C:\AdwCleaner[R17].txt
2013-08-09 11:01 - 2013-08-09 11:01 - 00001736 _____ C:\AdwCleaner[R16].txt
2013-08-08 14:08 - 2013-08-08 14:08 - 00001675 _____ C:\AdwCleaner[R15].txt
2013-08-07 09:51 - 2013-08-07 09:51 - 00001614 _____ C:\AdwCleaner[R14].txt
2013-08-06 14:58 - 2013-08-06 14:58 - 00001553 _____ C:\AdwCleaner[R13].txt
2013-08-06 14:57 - 2013-08-06 14:58 - 00001492 _____ C:\AdwCleaner[R12].txt
2013-08-06 14:56 - 2013-08-06 14:56 - 00001592 _____ C:\AdwCleaner[R11].txt
2013-08-06 10:00 - 2013-08-06 10:00 - 00001531 _____ C:\AdwCleaner[R10].txt
2013-08-05 15:09 - 2013-08-05 15:09 - 00001470 _____ C:\AdwCleaner[R9].txt
2013-08-03 15:48 - 2013-08-03 15:48 - 00001248 _____ C:\AdwCleaner[R8].txt
2013-08-03 13:55 - 2013-08-03 13:55 - 00001188 _____ C:\AdwCleaner[R7].txt
2013-08-03 10:39 - 2013-08-03 10:39 - 00001128 _____ C:\AdwCleaner[R6].txt
2013-08-03 10:31 - 2013-08-03 10:31 - 00001067 _____ C:\AdwCleaner[R5].txt
2013-08-03 10:30 - 2013-08-03 10:30 - 00001007 _____ C:\AdwCleaner[R4].txt
2013-08-03 10:28 - 2013-08-03 10:29 - 00001111 _____ C:\AdwCleaner[S2].txt
2013-08-03 10:28 - 2013-08-03 10:28 - 00001048 _____ C:\AdwCleaner[R3].txt
2013-08-03 10:27 - 2013-08-03 10:27 - 00000989 _____ C:\AdwCleaner[R2].txt
2013-08-03 10:25 - 2013-08-03 10:25 - 00026889 _____ C:\AdwCleaner[R1].txt
2013-08-03 10:25 - 2013-08-03 10:25 - 00026419 _____ C:\AdwCleaner[S1].txt
2013-07-13 12:30 - 2013-07-13 12:30 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\Razer

==================== One Month Modified Files and Folders =======

2013-08-12 14:57 - 2013-04-03 17:24 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\ArmA 2 OA
2013-08-12 13:09 - 2012-12-28 20:46 - 01712728 _____ C:\Windows\WindowsUpdate.log
2013-08-12 12:31 - 2009-07-14 06:45 - 00031248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-12 12:31 - 2009-07-14 06:45 - 00031248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-12 12:30 - 2012-03-25 06:06 - 00696870 _____ C:\Windows\system32\perfh007.dat
2013-08-12 12:30 - 2012-03-25 06:06 - 00148134 _____ C:\Windows\system32\perfc007.dat
2013-08-12 12:30 - 2009-07-14 07:13 - 00873456 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-12 12:29 - 2013-08-12 12:29 - 00001800 _____ C:\Users\Christian\Desktop\JRT.txt
2013-08-12 12:25 - 2013-08-12 12:25 - 00000000 ____D C:\Windows\ERUNT
2013-08-12 12:24 - 2013-08-12 12:24 - 00002038 _____ C:\Users\Christian\Desktop\AdwCleaner[S4].txt
2013-08-12 12:24 - 2013-06-24 17:27 - 00000000 ____D C:\Program Files (x86)\Steam
2013-08-12 12:23 - 2013-08-12 12:23 - 00002038 _____ C:\AdwCleaner[S4].txt
2013-08-12 12:23 - 2013-08-12 12:23 - 00001977 _____ C:\AdwCleaner[R19].txt
2013-08-12 12:23 - 2009-07-14 06:51 - 00080146 _____ C:\Windows\setupact.log
2013-08-12 10:27 - 2013-08-12 10:27 - 00959258 _____ (Oleg N. Scherbakov) C:\Users\Christian\Desktop\JRT.exe
2013-08-12 10:26 - 2013-08-12 10:26 - 00666633 _____ C:\Users\Christian\Desktop\adwcleaner.exe
2013-08-12 10:25 - 2013-08-12 10:25 - 00001859 _____ C:\AdwCleaner[R18].txt
2013-08-12 10:25 - 2013-08-12 10:25 - 00000347 _____ C:\AdwCleaner[S3].txt
2013-08-11 18:34 - 2010-11-21 05:47 - 00741328 _____ C:\Windows\PFRO.log
2013-08-11 11:50 - 2013-08-11 11:50 - 01790633 _____ (Farbar) C:\Users\Christian\Desktop\FRST64.exe
2013-08-11 11:50 - 2013-08-11 11:50 - 00000000 ____D C:\FRST
2013-08-10 16:00 - 2013-02-24 00:09 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\CrashDumps
2013-08-09 21:16 - 2013-08-09 21:16 - 00001798 _____ C:\AdwCleaner[R17].txt
2013-08-09 11:01 - 2013-08-09 11:01 - 00001736 _____ C:\AdwCleaner[R16].txt
2013-08-08 14:08 - 2013-08-08 14:08 - 00001675 _____ C:\AdwCleaner[R15].txt
2013-08-07 09:51 - 2013-08-07 09:51 - 00001614 _____ C:\AdwCleaner[R14].txt
2013-08-06 14:58 - 2013-08-06 14:58 - 00001553 _____ C:\AdwCleaner[R13].txt
2013-08-06 14:58 - 2013-08-06 14:57 - 00001492 _____ C:\AdwCleaner[R12].txt
2013-08-06 14:57 - 2012-12-28 21:25 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Mozilla
2013-08-06 14:56 - 2013-08-06 14:56 - 00001592 _____ C:\AdwCleaner[R11].txt
2013-08-06 10:00 - 2013-08-06 10:00 - 00001531 _____ C:\AdwCleaner[R10].txt
2013-08-05 15:09 - 2013-08-05 15:09 - 00001470 _____ C:\AdwCleaner[R9].txt
2013-08-03 15:48 - 2013-08-03 15:48 - 00001248 _____ C:\AdwCleaner[R8].txt
2013-08-03 13:55 - 2013-08-03 13:55 - 00001188 _____ C:\AdwCleaner[R7].txt
2013-08-03 10:39 - 2013-08-03 10:39 - 00001128 _____ C:\AdwCleaner[R6].txt
2013-08-03 10:36 - 2013-03-24 22:05 - 00000000 ____D C:\Users\Christian\AppData\Roaming\WildTangent
2013-08-03 10:31 - 2013-08-03 10:31 - 00001067 _____ C:\AdwCleaner[R5].txt
2013-08-03 10:30 - 2013-08-03 10:30 - 00001007 _____ C:\AdwCleaner[R4].txt
2013-08-03 10:29 - 2013-08-03 10:28 - 00001111 _____ C:\AdwCleaner[S2].txt
2013-08-03 10:28 - 2013-08-03 10:28 - 00001048 _____ C:\AdwCleaner[R3].txt
2013-08-03 10:27 - 2013-08-03 10:27 - 00000989 _____ C:\AdwCleaner[R2].txt
2013-08-03 10:25 - 2013-08-03 10:25 - 00026889 _____ C:\AdwCleaner[R1].txt
2013-08-03 10:25 - 2013-08-03 10:25 - 00026419 _____ C:\AdwCleaner[S1].txt
2013-08-02 16:49 - 2013-04-27 11:40 - 00000000 ____D C:\Program Files (x86)\VstPlugins
2013-08-01 10:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-14 09:59 - 2013-04-13 11:19 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-07-14 09:59 - 2012-12-30 14:19 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-07-13 13:26 - 2012-12-30 22:46 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Skype
2013-07-13 13:26 - 2012-03-24 21:56 - 00000000 ____D C:\ProgramData\Skype
2013-07-13 12:30 - 2013-07-13 12:30 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\Razer

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-08 18:49

==================== End Of Log ============================

--- --- ---

cosinus · 12.08.2013, 15:29

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKCU\...\Run: [packe] - "C:\Users\Christian\AppData\Roaming\packe.exe" -autorun [x]
C:\Users\Christian\AppData\Roaming\packe.exe

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

kono · 12.08.2013, 15:54

OK hier

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-08-2013
Ran by Christian at 2013-08-12 16:53:18 Run:1
Running from C:\Users\Christian\Desktop
Boot Mode: Normal
==============================================

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\packe => Value deleted successfully.
"C:\Users\Christian\AppData\Roaming\packe.exe" => File/Directory not found.

==== End of Fixlog ====

cosinus · 12.08.2013, 15:55

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

kono · 12.08.2013, 17:07

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=352df385db85e942a8c788c7cfc1f54f
# engine=14749
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-12 04:01:29
# local_time=2013-08-12 06:01:29 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 3924 241746579 0 0
# compatibility_mode=5893 16776573 100 94 6191 127953139 0 0
# scanned=142826
# found=0
# cleaned=0
# scan_time=3432

09.08.2013, 22:29	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Immer wieder Rückkehr von pup.optional. Viren PUP=potentially unwanted software Meist sind das irgendwelche nervige Werbemüll-Geschichten, aber so ohne Logs kann man nichts Genaues sagen __________________ Logfiles bitte immer in CODE-Tags posten

10.08.2013, 14:35	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Immer wieder Rückkehr von pup.optional. Viren Wo bitte hast du was mit BIOS gelesen?! __________________ --> Immer wieder Rückkehr von pup.optional. Viren

11.08.2013, 16:14	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Immer wieder Rückkehr von pup.optional. Viren Und wo ist das Log bitte jetzt? __________________ Logfiles bitte immer in CODE-Tags posten

Immer wieder Rückkehr von pup.optional. Viren

Log-Analyse und Auswertung: Immer wieder Rückkehr von pup.optional. Viren