[win7] wajam und VeberGreat entfernt. Logs ok?

MisterED · 14.04.2014, 21:53

Hallo,
habe eben auf dem PC von einem Freund die Adware Wajam und VeberGreat entfernt.
Bin dabei folgender Anleitung gefolgt: http://www.trojaner-board.de/146469-...entfernen.html
Habe auch alle Log-Dateien mitgenommen um sie euch zu zeigen.

Malewarebytes:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 14.04.2014
Scan Time: 20:07:58
Logfile: mbam nach scan.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.14.06
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Bi

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 218954
Time Elapsed: 3 min, 54 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 2
PUP.Optional.veberGreat.A, C:\Program Files\veberGreat\updateveberGreat.exe, 2264, Delete-on-Reboot, [f84655d592e974c2a4d474db17eaa55b]
PUP.Optional.veberGreat.A, C:\Program Files\veberGreat\bin\utilveberGreat.exe, 2412, Delete-on-Reboot, [61ddc56593e895a124541738f20fa65a]

Modules: 0
(No malicious items detected)

Registry Keys: 21
PUP.Optional.veberGreat.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update veberGreat, Quarantined, [f84655d592e974c2a4d474db17eaa55b], 
PUP.Optional.veberGreat.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util veberGreat, Quarantined, [61ddc56593e895a124541738f20fa65a], 
PUP.Optional.veberGreat.A, HKLM\SOFTWARE\CLASSES\CLSID\{7d22614c-6dd5-4a12-8680-026be7220328}, Quarantined, [2b132dfdaad1cc6a2750fe5152afb050], 
PUP.Optional.veberGreat.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{ac8cb492-a461-4661-92ca-c7e0efae3e4a}, Quarantined, [2b132dfdaad1cc6a2750fe5152afb050], 
PUP.Optional.veberGreat.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{502655BF-1153-4F2B-B690-B272A82F8F74}, Quarantined, [2b132dfdaad1cc6a2750fe5152afb050], 
PUP.Optional.veberGreat.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7D22614C-6DD5-4A12-8680-026BE7220328}, Quarantined, [2b132dfdaad1cc6a2750fe5152afb050], 
PUP.Optional.veberGreat.A, HKU\S-1-5-21-3650475012-31619874-125458576-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{7D22614C-6DD5-4A12-8680-026BE7220328}, Quarantined, [2b132dfdaad1cc6a2750fe5152afb050], 
PUP.Optional.veberGreat.A, HKU\S-1-5-21-3650475012-31619874-125458576-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{7D22614C-6DD5-4A12-8680-026BE7220328}, Quarantined, [2b132dfdaad1cc6a2750fe5152afb050], 
PUP.Optional.veberGreat.A, HKLM\SOFTWARE\CLASSES\CLSID\{a48f099a-4a1c-4ea4-b72c-1511b6728ebc}, Quarantined, [2b132dfdaad1cc6a2750fe5152afb050], 
PUP.Optional.veberGreat.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{e71b894b-e55b-4f28-af1e-ec5842fc9b01}, Quarantined, [2b132dfdaad1cc6a2750fe5152afb050], 
PUP.Optional.veberGreat.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D0CAC448-7BEC-415B-9885-FD7600A28390}, Quarantined, [2b132dfdaad1cc6a2750fe5152afb050], 
PUP.Optional.veberGreat.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A48F099A-4A1C-4EA4-B72C-1511B6728EBC}, Quarantined, [2b132dfdaad1cc6a2750fe5152afb050], 
PUP.Optional.veberGreat.A, HKU\S-1-5-21-3650475012-31619874-125458576-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A48F099A-4A1C-4EA4-B72C-1511B6728EBC}, Quarantined, [2b132dfdaad1cc6a2750fe5152afb050], 
PUP.Optional.veberGreat.A, HKU\S-1-5-21-3650475012-31619874-125458576-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A48F099A-4A1C-4EA4-B72C-1511B6728EBC}, Quarantined, [2b132dfdaad1cc6a2750fe5152afb050], 
PUP.Optional.veberGreat.A, HKLM\SOFTWARE\CLASSES\CLSID\{7D22614C-6DD5-4A12-8680-026BE7220328}\INPROCSERVER32, Quarantined, [2b132dfdaad1cc6a2750fe5152afb050], 
PUP.Optional.veberGreat.A, HKLM\SOFTWARE\CLASSES\CLSID\{A48F099A-4A1C-4EA4-B72C-1511B6728EBC}\INPROCSERVER32, Quarantined, [2b132dfdaad1cc6a2750fe5152afb050], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, Quarantined, [c07eb9716e0d0531aaf51138b9494ab6], 
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [4cf2d9517a01be78d0151038ee14fa06], 
PUP.Optional.VeberGreat.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\veberGreat, Quarantined, [1f1f9f8be299d561bb1d980622e1a060], 
PUP.Optional.VeberGreat.A, HKLM\SOFTWARE\veberGreat, Quarantined, [83bbd35794e7c4725089ebb39d66f10f], 
PUP.Optional.VeberGreat.A, HKU\S-1-5-21-3650475012-31619874-125458576-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\veberGreat, Quarantined, [2519062493e8e650508a8717b152a957], 

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 3
PUP.Optional.VeberGreat.A, C:\Program Files\veberGreat, Delete-on-Reboot, [1f1f9f8be299d561bb1d980622e1a060], 
PUP.Optional.VeberGreat.A, C:\Program Files\veberGreat\bin, Delete-on-Reboot, [1f1f9f8be299d561bb1d980622e1a060], 
PUP.Optional.VeberGreat.A, C:\Program Files\veberGreat\bin\plugins, Quarantined, [1f1f9f8be299d561bb1d980622e1a060], 

Files: 21
PUP.Optional.veberGreat.A, C:\Program Files\veberGreat\updateveberGreat.exe, Delete-on-Reboot, [f84655d592e974c2a4d474db17eaa55b], 
PUP.Optional.veberGreat.A, C:\Program Files\veberGreat\bin\utilveberGreat.exe, Delete-on-Reboot, [61ddc56593e895a124541738f20fa65a], 
PUP.Optional.veberGreat.A, C:\Program Files\veberGreat\veberGreatBHO.dll, Quarantined, [2b132dfdaad1cc6a2750fe5152afb050], 
PUP.Optional.VeberGreat.A, C:\Program Files\veberGreat\veberGreat.ico, Quarantined, [1f1f9f8be299d561bb1d980622e1a060], 
PUP.Optional.VeberGreat.A, C:\Program Files\veberGreat\0, Quarantined, [1f1f9f8be299d561bb1d980622e1a060], 
PUP.Optional.VeberGreat.A, C:\Program Files\veberGreat\7za.exe, Quarantined, [1f1f9f8be299d561bb1d980622e1a060], 
PUP.Optional.VeberGreat.A, C:\Program Files\veberGreat\updateveberGreat.InstallState, Quarantined, [1f1f9f8be299d561bb1d980622e1a060], 
PUP.Optional.VeberGreat.A, C:\Program Files\veberGreat\veberGreatUninstall.exe, Quarantined, [1f1f9f8be299d561bb1d980622e1a060], 
PUP.Optional.VeberGreat.A, C:\Program Files\veberGreat\bin\FilterApp_C.exe, Quarantined, [1f1f9f8be299d561bb1d980622e1a060], 
PUP.Optional.VeberGreat.A, C:\Program Files\veberGreat\bin\sqlite3.dll, Quarantined, [1f1f9f8be299d561bb1d980622e1a060], 
PUP.Optional.VeberGreat.A, C:\Program Files\veberGreat\bin\utilveberGreat.InstallState, Quarantined, [1f1f9f8be299d561bb1d980622e1a060], 
PUP.Optional.VeberGreat.A, C:\Program Files\veberGreat\bin\veberGreat.BrowserFilter.Helper.dll, Quarantined, [1f1f9f8be299d561bb1d980622e1a060], 
PUP.Optional.VeberGreat.A, C:\Program Files\veberGreat\bin\veberGreat.BrowserFilter.Helper.dll.old.ab15553a-3f58-4b59-95d3-101b5bad0787, Quarantined, [1f1f9f8be299d561bb1d980622e1a060], 
PUP.Optional.VeberGreat.A, C:\Program Files\veberGreat\bin\veberGreatBrowserFilter.exe, Quarantined, [1f1f9f8be299d561bb1d980622e1a060], 
PUP.Optional.VeberGreat.A, C:\Program Files\veberGreat\bin\plugins\veberGreat.Bromon.dll, Quarantined, [1f1f9f8be299d561bb1d980622e1a060], 
PUP.Optional.VeberGreat.A, C:\Program Files\veberGreat\bin\plugins\veberGreat.BrowserAdapterS.dll, Quarantined, [1f1f9f8be299d561bb1d980622e1a060], 
PUP.Optional.VeberGreat.A, C:\Program Files\veberGreat\bin\plugins\veberGreat.BrowserFilterG.dll, Quarantined, [1f1f9f8be299d561bb1d980622e1a060], 
PUP.Optional.VeberGreat.A, C:\Program Files\veberGreat\bin\plugins\veberGreat.CompatibilityChecker.dll, Quarantined, [1f1f9f8be299d561bb1d980622e1a060], 
PUP.Optional.VeberGreat.A, C:\Program Files\veberGreat\bin\plugins\veberGreat.FFUpdate.dll, Quarantined, [1f1f9f8be299d561bb1d980622e1a060], 
PUP.Optional.VeberGreat.A, C:\Program Files\veberGreat\bin\plugins\veberGreat.IEUpdate.dll, Quarantined, [1f1f9f8be299d561bb1d980622e1a060], 
PUP.Optional.VeberGreat.A, C:\Program Files\veberGreat\bin\plugins\veberGreat.PurBrowseG.dll, Quarantined, [1f1f9f8be299d561bb1d980622e1a060], 

Physical Sectors: 0
(No malicious items detected)


(end)

ADWCleaner:

Code:

ATTFilter

# AdwCleaner v3.023 - Bericht erstellt am 14/04/2014 um 20:21:59
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : Bi - BI-PC
# Gestartet von : G:\Tools\adwcleaner.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\END
Datei Gefunden : C:\Users\Bi\AppData\Roaming\Mozilla\Firefox\Profiles\cd5m9wdc.default\user.js
Ordner Gefunden C:\Program Files\AVG SafeGuard toolbar
Ordner Gefunden C:\Program Files\Common Files\AVG Secure Search
Ordner Gefunden C:\Program Files\SearchProtect
Ordner Gefunden C:\ProgramData\AVG Secure Search
Ordner Gefunden C:\Users\Bi\AppData\Local\AVG SafeGuard toolbar
Ordner Gefunden C:\Users\Bi\AppData\Local\AVG Secure Search
Ordner Gefunden C:\Users\Bi\AppData\Local\SearchProtect

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\AVG SafeGuard toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKLM\Software\AVG Security Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\Bi\AppData\Roaming\Mozilla\Firefox\Profiles\cd5m9wdc.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [3649 octets] - [14/04/2014 20:21:59]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3709 octets] ##########

Code:

ATTFilter

# AdwCleaner v3.023 - Bericht erstellt am 14/04/2014 um 20:26:07
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : Bi - BI-PC
# Gestartet von : G:\Tools\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\AVG Secure Search
Ordner Gelöscht : C:\Program Files\AVG SafeGuard toolbar
Ordner Gelöscht : C:\Program Files\SearchProtect
Ordner Gelöscht : C:\Program Files\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Users\Bi\AppData\Local\AVG SafeGuard toolbar
Ordner Gelöscht : C:\Users\Bi\AppData\Local\AVG Secure Search
Ordner Gelöscht : C:\Users\Bi\AppData\Local\SearchProtect
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Bi\AppData\Roaming\Mozilla\Firefox\Profiles\cd5m9wdc.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\AVG SafeGuard toolbar
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\Software\AVG Security Toolbar

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\Bi\AppData\Roaming\Mozilla\Firefox\Profiles\cd5m9wdc.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [3789 octets] - [14/04/2014 20:21:59]
AdwCleaner[S0].txt - [3724 octets] - [14/04/2014 20:26:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3784 octets] ##########

JunkWareRemovalTool:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x86
Ran by Bi on 14.04.2014 at 20:29:27,85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Bi\AppData\Roaming\mozilla\firefox\profiles\cd5m9wdc.default\minidumps [11 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.04.2014 at 20:31:35,52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ShortcutCleaner:

Code:

ATTFilter

Shortcut Cleaner 1.3.3 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
 hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/

Windows Version: Windows 7 Professional Service Pack 1
Program started at: 04/14/2014 08:33:04 PM.

Scanning for registry hijacks:

 * No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\Bi\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\Bi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Users\Public\Desktop\

Searching C:\Users\Bi\Desktop


0 bad shortcuts found.

Program finished at: 04/14/2014 08:33:04 PM
Execution time: 0 hours(s), 0 minute(s), and 0 seconds(s)

FRST

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-04-2014
Ran by Bi (administrator) on BI-PC on 14-04-2014 20:34:05
Running from G:\Tools
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Lexmark International, Inc.) C:\Windows\System32\LEXBCES.EXE
(Lexmark International, Inc.) C:\Windows\System32\LEXPPS.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Reimage®) C:\Program Files\Reimage\Reimage Repair\ReiGuard.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-05] (AVAST Software)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [VX1000] - C:\Windows\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [LifeCam] - C:\Program Files\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Lexmark X74-X75] - "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDB086FB5A628CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
SearchScopes: HKLM - DefaultScope value is missing.
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 162.248.99.162 37.1.206.9

FireFox:
========
FF ProfilePath: C:\Users\Bi\AppData\Roaming\Mozilla\Firefox\Profiles\cd5m9wdc.default
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF Homepage: https://www.google.de/
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Bi\AppData\Roaming\Mozilla\Firefox\Profiles\cd5m9wdc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-11]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-13]

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-05] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109048 2014-04-05] (AVAST Software)
R2 LexBceS; C:\Windows\System32\LEXBCES.EXE [303104 2002-10-14] (Lexmark International, Inc.)
R2 ReimageRealTimeProtection; C:\Program Files\Reimage\Reimage Repair\ReiGuard.exe [4030824 2014-01-15] (Reimage®)
S2 vToolbarUpdater18.0.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26136 2014-04-05] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-04-05] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [269728 2014-04-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-04-05] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-04-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [776976 2014-04-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411552 2014-04-05] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [67264 2014-04-05] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180760 2014-04-05] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42272 2014-03-29] (AVG Technologies)
S3 e1kexpress; C:\Windows\System32\DRIVERS\e1k6032.sys [164864 2009-07-14] (Intel Corporation)
R3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1961072 2010-05-20] (Microsoft Corporation)
R1 wStLibG; C:\Windows\System32\drivers\wStLibG.sys [52928 2014-03-25] (StdLib)
S3 cpuz134; \??\C:\Users\Bi\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-14 20:34 - 2014-04-14 20:34 - 00000000 ____D () C:\FRST
2014-04-14 20:31 - 2014-04-14 20:31 - 00000751 _____ () C:\Users\Bi\Desktop\JRT.txt
2014-04-14 20:29 - 2014-04-14 20:29 - 00000000 ____D () C:\Windows\ERUNT
2014-04-14 20:20 - 2014-04-14 20:26 - 00000000 ____D () C:\AdwCleaner
2014-04-14 20:02 - 2014-04-14 20:10 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-14 20:02 - 2014-04-14 20:02 - 00001056 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-14 20:02 - 2014-04-14 20:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-14 20:02 - 2014-04-14 20:02 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-04-14 20:02 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-14 20:02 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-14 20:02 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-14 06:40 - 2014-04-14 06:40 - 01051528 _____ () C:\Windows\Minidump\041414-6099-01.dmp
2014-04-14 06:36 - 2014-04-14 06:36 - 00984672 _____ () C:\Windows\Minidump\041414-5912-01.dmp
2014-04-11 07:10 - 2014-04-11 07:10 - 01627192 _____ () C:\Users\Bi\Downloads\setup_dm_Fotowelt(1).exe
2014-04-11 07:09 - 2014-04-11 07:09 - 01627192 _____ () C:\Users\Bi\Downloads\setup_dm_Fotowelt.exe
2014-04-09 22:33 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 22:33 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 22:33 - 2014-03-04 11:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 22:33 - 2014-02-04 04:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 22:33 - 2014-02-04 04:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 22:33 - 2014-02-04 04:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 22:33 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 22:33 - 2014-01-24 04:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-08 18:37 - 2014-04-08 18:37 - 01194408 _____ () C:\Windows\Minidump\040814-7066-01.dmp
2014-04-06 22:21 - 2014-04-06 22:21 - 00853504 _____ () C:\Windows\Minidump\040614-7051-01.dmp
2014-04-06 18:08 - 2014-04-06 18:10 - 25032080 _____ (Mozilla) C:\Users\Bi\Downloads\Firefox_Setup_de28.0.exe
2014-04-06 18:04 - 2014-04-06 18:06 - 37059280 _____ (Microsoft Corporation) C:\Users\Bi\Downloads\IE11_w7_Windows6.1-x86-de-de.exe
2014-04-06 15:26 - 2014-04-06 15:26 - 00852840 _____ () C:\Windows\Minidump\040614-6318-01.dmp
2014-04-05 13:29 - 2014-04-05 13:29 - 00269728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-04-05 13:29 - 2014-04-05 13:29 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-04 10:51 - 2014-04-04 10:51 - 01252048 _____ () C:\Windows\Minidump\040414-6177-01.dmp
2014-04-03 12:34 - 2014-04-12 11:35 - 00001056 _____ () C:\Windows\system32\SettingsFile
2014-04-02 22:33 - 2014-04-02 22:33 - 00658728 _____ () C:\Windows\Minidump\040214-9952-01.dmp
2014-03-31 20:51 - 2014-03-31 20:51 - 00000000 ____D () C:\Program Files\Microsoft Sync Framework
2014-03-31 19:40 - 2014-04-02 13:24 - 00001100 _____ () C:\Users\Bi\Desktop\POWERPNT - Verknüpfung.lnk
2014-03-31 19:40 - 2014-04-02 13:24 - 00001093 _____ () C:\Users\Bi\Desktop\WINWORD - Verknüpfung.lnk
2014-03-31 19:39 - 2014-04-02 13:24 - 00001081 _____ () C:\Users\Bi\Desktop\EXCEL - Verknüpfung.lnk
2014-03-31 19:37 - 2014-03-31 19:37 - 00000400 _____ () C:\Windows\ODBC.INI
2014-03-31 19:37 - 2007-04-09 13:23 - 00028040 _____ (Microsoft Corporation) C:\Windows\system32\mdimon.dll
2014-03-31 13:58 - 2014-03-31 13:58 - 00785536 _____ (Reimage®) C:\Users\Bi\Downloads\ReimageRepair(1).exe
2014-03-29 11:12 - 2014-04-06 18:11 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-29 10:06 - 2014-03-29 10:06 - 00002050 _____ () C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
2014-03-29 10:06 - 2014-03-29 10:06 - 00000000 ____D () C:\ProgramData\CDB
2014-03-29 10:05 - 2014-04-05 08:20 - 00000000 ____D () C:\rei
2014-03-29 10:05 - 2014-03-29 10:05 - 00042272 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
2014-03-29 10:05 - 2014-03-29 10:05 - 00000000 ____D () C:\Program Files\Reimage
2014-03-29 10:03 - 2014-04-05 08:20 - 00000163 _____ () C:\Windows\Reimage.ini
2014-03-25 21:35 - 2014-03-25 21:35 - 00000000 ____D () C:\Users\Bi\AppData\Roaming\TeamViewer
2014-03-25 17:33 - 2014-03-25 17:36 - 57601627 _____ () C:\Users\Bi\Downloads\wetransfer-920c54.zip
2014-03-25 10:07 - 2014-03-25 10:07 - 00052928 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG.sys
2014-03-24 08:31 - 2014-03-24 08:31 - 00190448 _____ () C:\Windows\Minidump\032414-6224-01.dmp
2014-03-15 08:17 - 2014-04-14 20:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

==================== One Month Modified Files and Folders =======

2014-04-14 20:34 - 2014-04-14 20:34 - 00000000 ____D () C:\FRST
2014-04-14 20:33 - 2009-07-14 06:34 - 00022704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-14 20:33 - 2009-07-14 06:34 - 00022704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-14 20:31 - 2014-04-14 20:31 - 00000751 _____ () C:\Users\Bi\Desktop\JRT.txt
2014-04-14 20:31 - 2010-11-20 23:01 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-14 20:29 - 2014-04-14 20:29 - 00000000 ____D () C:\Windows\ERUNT
2014-04-14 20:29 - 2014-02-13 12:20 - 01078077 _____ () C:\Windows\WindowsUpdate.log
2014-04-14 20:26 - 2014-04-14 20:20 - 00000000 ____D () C:\AdwCleaner
2014-04-14 20:26 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-14 20:26 - 2009-07-14 06:39 - 00066118 _____ () C:\Windows\setupact.log
2014-04-14 20:18 - 2014-03-15 08:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-14 20:10 - 2014-04-14 20:02 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-14 20:09 - 2010-11-20 23:48 - 00075718 _____ () C:\Windows\PFRO.log
2014-04-14 20:09 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\tracing
2014-04-14 20:02 - 2014-04-14 20:02 - 00001056 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-14 20:02 - 2014-04-14 20:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-14 20:02 - 2014-04-14 20:02 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-04-14 06:40 - 2014-04-14 06:40 - 01051528 _____ () C:\Windows\Minidump\041414-6099-01.dmp
2014-04-14 06:40 - 2014-02-27 16:28 - 250278928 _____ () C:\Windows\MEMORY.DMP
2014-04-14 06:40 - 2014-02-27 16:28 - 00000000 ____D () C:\Windows\Minidump
2014-04-14 06:36 - 2014-04-14 06:36 - 00984672 _____ () C:\Windows\Minidump\041414-5912-01.dmp
2014-04-12 11:35 - 2014-04-03 12:34 - 00001056 _____ () C:\Windows\system32\SettingsFile
2014-04-11 16:46 - 2009-07-14 06:33 - 00409408 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-11 16:17 - 2014-02-13 12:34 - 00109280 _____ () C:\Users\Bi\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-11 16:05 - 2014-02-13 12:51 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-11 07:10 - 2014-04-11 07:10 - 01627192 _____ () C:\Users\Bi\Downloads\setup_dm_Fotowelt(1).exe
2014-04-11 07:09 - 2014-04-11 07:09 - 01627192 _____ () C:\Users\Bi\Downloads\setup_dm_Fotowelt.exe
2014-04-10 12:06 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-04-09 23:10 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-04-09 23:07 - 2014-02-14 12:52 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 23:06 - 2014-02-14 12:52 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-08 18:37 - 2014-04-08 18:37 - 01194408 _____ () C:\Windows\Minidump\040814-7066-01.dmp
2014-04-06 22:21 - 2014-04-06 22:21 - 00853504 _____ () C:\Windows\Minidump\040614-7051-01.dmp
2014-04-06 22:14 - 2014-02-13 12:38 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-06 18:14 - 2014-02-15 14:39 - 00010946 _____ () C:\Windows\IE11_main.log
2014-04-06 18:11 - 2014-03-29 11:12 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-06 18:11 - 2014-02-13 12:38 - 00001101 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-06 18:10 - 2014-04-06 18:08 - 25032080 _____ (Mozilla) C:\Users\Bi\Downloads\Firefox_Setup_de28.0.exe
2014-04-06 18:06 - 2014-04-06 18:04 - 37059280 _____ (Microsoft Corporation) C:\Users\Bi\Downloads\IE11_w7_Windows6.1-x86-de-de.exe
2014-04-06 15:26 - 2014-04-06 15:26 - 00852840 _____ () C:\Windows\Minidump\040614-6318-01.dmp
2014-04-05 13:29 - 2014-04-05 13:29 - 00269728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-04-05 13:29 - 2014-04-05 13:29 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-05 13:29 - 2014-02-13 12:42 - 00002053 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-04-05 13:29 - 2014-02-13 12:41 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-05 13:29 - 2014-02-13 12:41 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-04-05 13:29 - 2014-02-13 12:41 - 00271264 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-05 13:29 - 2014-02-13 12:41 - 00180760 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-05 13:29 - 2014-02-13 12:41 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-05 13:29 - 2014-02-13 12:41 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-05 13:29 - 2014-02-13 12:41 - 00067264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-04-05 13:29 - 2014-02-13 12:41 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-05 13:29 - 2014-02-13 12:41 - 00026136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-04-05 08:20 - 2014-03-29 10:05 - 00000000 ____D () C:\rei
2014-04-05 08:20 - 2014-03-29 10:03 - 00000163 _____ () C:\Windows\Reimage.ini
2014-04-04 10:51 - 2014-04-04 10:51 - 01252048 _____ () C:\Windows\Minidump\040414-6177-01.dmp
2014-04-03 09:51 - 2014-04-14 20:02 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-14 20:02 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-14 20:02 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 22:33 - 2014-04-02 22:33 - 00658728 _____ () C:\Windows\Minidump\040214-9952-01.dmp
2014-04-02 13:24 - 2014-03-31 19:40 - 00001100 _____ () C:\Users\Bi\Desktop\POWERPNT - Verknüpfung.lnk
2014-04-02 13:24 - 2014-03-31 19:40 - 00001093 _____ () C:\Users\Bi\Desktop\WINWORD - Verknüpfung.lnk
2014-04-02 13:24 - 2014-03-31 19:39 - 00001081 _____ () C:\Users\Bi\Desktop\EXCEL - Verknüpfung.lnk
2014-04-02 13:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-03-31 20:51 - 2014-03-31 20:51 - 00000000 ____D () C:\Program Files\Microsoft Sync Framework
2014-03-31 19:43 - 2014-02-13 12:22 - 00000000 ____D () C:\Users\Bi
2014-03-31 19:37 - 2014-03-31 19:37 - 00000400 _____ () C:\Windows\ODBC.INI
2014-03-31 19:37 - 2014-02-13 12:51 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-03-31 19:37 - 2011-04-12 03:39 - 00000000 ____D () C:\Windows\ShellNew
2014-03-31 19:34 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system
2014-03-31 13:58 - 2014-03-31 13:58 - 00785536 _____ (Reimage®) C:\Users\Bi\Downloads\ReimageRepair(1).exe
2014-03-31 09:35 - 2014-02-13 12:45 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-31 02:13 - 2014-04-09 22:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 01:57 - 2014-04-09 22:33 - 17073152 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-29 10:06 - 2014-03-29 10:06 - 00002050 _____ () C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
2014-03-29 10:06 - 2014-03-29 10:06 - 00000000 ____D () C:\ProgramData\CDB
2014-03-29 10:05 - 2014-03-29 10:05 - 00042272 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
2014-03-29 10:05 - 2014-03-29 10:05 - 00000000 ____D () C:\Program Files\Reimage
2014-03-25 21:35 - 2014-03-25 21:35 - 00000000 ____D () C:\Users\Bi\AppData\Roaming\TeamViewer
2014-03-25 17:36 - 2014-03-25 17:33 - 57601627 _____ () C:\Users\Bi\Downloads\wetransfer-920c54.zip
2014-03-25 10:07 - 2014-03-25 10:07 - 00052928 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG.sys
2014-03-24 08:31 - 2014-03-24 08:31 - 00190448 _____ () C:\Windows\Minidump\032414-6224-01.dmp
2014-03-22 16:25 - 2009-07-14 06:53 - 00032634 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-15 21:18 - 2014-02-13 13:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-15 21:18 - 2014-02-13 13:38 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\Bi\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-10 11:36

==================== End Of Log ============================

FRST Addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-04-2014
Ran by Bi at 2014-04-14 20:34:24
Running from G:\Tools
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Audiograbber 1.83 SE  (HKLM\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
Audiograbber MP3-Plugin (HKLM\...\Audiograbber-Lame) (Version: 1.0 - AG)
avast! Internet Security (HKLM\...\Avast) (Version: 9.0.2016 - Avast Software)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
Classic Shell (HKLM\...\{13793E6A-6DBC-4112-81B7-7554DFC5D959}) (Version: 4.0.4 - IvoSoft)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version:  - Microsoft)
Ergo-Konzept (HKLM\...\Ergo-Konzept) (Version:  - )
HP Softpaq SP45411  (HKLM\...\SP45411) (Version:  - )
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft LifeCam (HKLM\...\{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Quicken Deluxe 2000 (HKLM\...\Quicken Deluxe 2000) (Version:  - )
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.6.5.5 - Reimage)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.13 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.13.104 - Skype Technologies S.A.)
ThumbsPlus Version 3.21-R (HKLM\...\ThumbsPlus 3.21) (Version:  - )
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{4B93560B-F33D-4A67-A224-F5E1C329BD22}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Windows Phone app for desktop (HKLM\...\{9C4D79B6-238E-49D8-AEBC-26384EBDE6B3}) (Version: 1.0.1720.1 - Microsoft Corporation)
WinRAR 5.01 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Restore Points  =========================

18-03-2014 10:01:12 Windows Update
27-03-2014 19:11:05 Geplanter Prüfpunkt
31-03-2014 17:36:56 Microsoft Office Professional Edition 2003 wird installiert
01-04-2014 05:44:46 Windows Update
02-04-2014 11:21:37 Windows Update
05-04-2014 11:28:15 avast! antivirus system restore point
05-04-2014 11:29:51 Gerätetreiber-Paketinstallation: Avast Netzwerkdienst
08-04-2014 07:15:46 Windows Update
09-04-2014 21:05:55 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {00E22E72-A2FD-4070-8B64-E9D29997A93D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-15] (Adobe Systems Incorporated)
Task: {5D180F8F-3B7A-4573-89C5-1140B966682B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-05] (AVAST Software)
Task: {EB69B46C-5FF4-414B-811D-80D3A8655456} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2014-01-15] (Reimage ltd.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-04-14 18:58 - 2014-04-14 18:58 - 02211328 _____ () C:\Program Files\AVAST Software\Avast\defs\14041401\algo.dll
2014-02-13 12:41 - 2014-02-13 12:41 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: PS/2-kompatible Maus
Description: PS/2-kompatible Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Intel(R) 82567LM-3-Gigabit-Netzwerkverbindung
Description: Intel(R) 82567LM-3-Gigabit-Netzwerkverbindung
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: e1kexpress
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 21%
Total physical RAM: 3543.25 MB
Available physical RAM: 2766.14 MB
Total Pagefile: 7084.78 MB
Available Pagefile: 6301.88 MB
Total Virtual: 2047.88 MB
Available Virtual: 1885.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:117.38 GB) (Free:87.24 GB) NTFS
Drive f: () (Fixed) (Total:232.88 GB) (Free:115 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (DatenFloh) (Removable) (Total:14.91 GB) (Free:5.74 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 117 GB) (Disk ID: 136DC708)
Partition 1: (Not Active) - (Size=117 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 38C7B8C5)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 15 GB) (Disk ID: 00B3A19F)

Partition: GPT Partition Type.

==================== End Of Log ============================

So, hoffe das war alles was ihr braucht um die Lage bewerten zu können.
Schonmal vielen dank für eure Hilfe und dafür dass es dieses Forum gibt

schrauber · 15.04.2014, 09:27

hi,

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

S2 vToolbarUpdater18.0.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [X]

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

[win7] wajam und VeberGreat entfernt. Logs ok?

Log-Analyse und Auswertung: [win7] wajam und VeberGreat entfernt. Logs ok?

[win7] wajam und VeberGreat entfernt. Logs ok?

[win7] wajam und VeberGreat entfernt. Logs ok?

Ähnliche Themen: [win7] wajam und VeberGreat entfernt. Logs ok?