| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows 7 (64-Bit): Avast wird durch Gruppenrichtlinien blockiertWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.04.2014, 15:52
| #16 |
 |  Windows 7 (64-Bit): Avast wird durch Gruppenrichtlinien blockiert Hier nun die aktuellsten Logs des FRST Scans.  FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2014
Ran by Viola (administrator) on Viola-PC on 22-04-2014 16:47:58
Running from C:\Users\Viola\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1360440249\ee\aolsoftware.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(AOL LLC) C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7\shellmon.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7406392 2012-11-29] (Logitech Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1360440249\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => D:\AdobeReader\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-03-31] (AVAST Software)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKU\S-1-5-21-1625969147-3722016134-4087849955-1002\...\Run: [AOL Fast Start] => C:\Program Files (x86)\AOL Desktop 9.7\AOL.EXE [72312 2012-10-15] (AOL Inc.)
HKU\S-1-5-21-1625969147-3722016134-4087849955-1002\...\MountPoints2: {3a21f640-a8fe-11e2-ab00-806e6f6e6963} - F:\Autorun.exe
AppInit_DLLs-x32: C:\PROGRA~2\Amazon\AMAZON~1\\AMAZON~3.DLL => "C:\PROGRA~2\Amazon\AMAZON~1\\AMAZON~3.DLL" File Not Found
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAEA1B21744DCCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {A7BAFCBA-0CA6-4B75-824C-5812F73D272B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} - No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - No Name - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - No File
Toolbar: HKCU - AOL Toolbar - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{35647C03-67FC-4D91-A993-AEAE76516521}: [NameServer]62.109.121.1 62.109.121.2
FireFox:
========
FF ProfilePath: C:\Users\Viola\AppData\Roaming\Mozilla\Firefox\Profiles\vatby8be.default
FF NewTab: user_pref("browser.newtab.url", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-02-09]
Chrome:
=======
CHR StartupUrls: "startup_urls_migration_time": "13042129996248628"
CHR DefaultSearchKeyword: webssearches
CHR DefaultSearchProvider: webssearches
CHR DefaultSearchURL: hxxp://istart.webssearches.com/web/?type=ds&ts=1397653289&from=tugs&uid=M4-CT064M4SSD2_00000000120609190661&q={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\Viola\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-09]
CHR Extension: (Google Drive) - C:\Users\Viola\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-09]
CHR Extension: (YouTube) - C:\Users\Viola\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-09]
CHR Extension: (Google-Suche) - C:\Users\Viola\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-09]
CHR Extension: (Google Wallet) - C:\Users\Viola\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (Google Mail) - C:\Users\Viola\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-09]
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-31] (AVAST Software)
==================== Drivers (Whitelisted) ====================
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-03-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-03-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-03-31] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-03-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-03-31] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-03-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-03-31] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2014-04-11] (DT Soft Ltd)
S3 E100B; C:\Windows\System32\DRIVERS\efe5b32e.sys [192256 2009-06-10] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [119512 2014-04-21] (Malwarebytes Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-04-19] (Duplex Secure Ltd.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-22 16:47 - 2014-04-22 16:47 - 00000000 ____D () C:\Users\Viola\Downloads\FRST-OlderVersion
2014-04-21 19:33 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-21 19:33 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-21 19:33 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-21 19:33 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-21 19:33 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-21 19:33 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-21 19:33 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-21 19:33 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-21 19:33 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-21 19:33 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-21 19:33 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-21 19:33 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-21 19:33 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-21 19:33 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-21 19:33 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-21 19:33 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-21 19:33 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-21 19:33 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-21 19:33 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-21 19:33 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-21 19:33 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-21 19:33 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-21 19:33 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-21 19:33 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-21 19:33 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-21 19:33 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-21 19:33 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-21 19:33 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-21 19:33 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-21 19:33 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-21 19:33 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-21 19:33 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-21 19:33 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-21 19:33 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-21 19:33 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-21 19:33 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-21 19:33 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-21 19:33 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-21 19:33 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-21 19:33 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-21 19:33 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-21 19:33 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-21 19:33 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-21 19:33 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-21 19:33 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-21 19:33 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-21 19:33 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-21 19:33 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-21 12:31 - 2014-04-21 12:31 - 00001476 _____ () C:\Users\Viola\Downloads\JRT.txt
2014-04-21 12:31 - 2014-04-21 12:31 - 00001476 _____ () C:\Users\Viola\Desktop\JRT.txt
2014-04-21 12:26 - 2014-04-21 12:26 - 00002644 _____ () C:\Users\Viola\Downloads\AdwCleaner[S1].txt
2014-04-17 15:07 - 2014-04-17 15:07 - 00000000 ____D () C:\Windows\ERUNT
2014-04-17 15:06 - 2014-04-17 15:07 - 01016261 _____ (Thisisu) C:\Users\Viola\Downloads\JRT.exe
2014-04-17 14:56 - 2014-04-21 12:25 - 00000000 ____D () C:\AdwCleaner
2014-04-17 14:55 - 2014-04-17 14:55 - 01426178 _____ () C:\Users\Viola\Downloads\adwcleaner.exe
2014-04-17 14:54 - 2014-04-17 14:54 - 00352422 _____ () C:\Users\Viola\Downloads\mbam.txt
2014-04-17 14:41 - 2014-04-21 12:14 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-17 14:41 - 2014-04-17 14:41 - 00001112 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-17 14:41 - 2014-04-17 14:41 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-17 14:41 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-17 14:41 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-17 14:40 - 2014-04-17 14:41 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Viola\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-17 12:25 - 2014-04-17 12:25 - 00026741 _____ () C:\Users\Viola\Downloads\GMER.log
2014-04-17 12:19 - 2014-04-17 12:19 - 00380416 _____ () C:\Users\Viola\Downloads\hdfgddc6.exe
2014-04-17 12:15 - 2014-04-22 16:48 - 00012670 _____ () C:\Users\Viola\Downloads\FRST.txt
2014-04-17 12:15 - 2014-04-22 16:47 - 00000000 ____D () C:\FRST
2014-04-17 12:15 - 2014-04-17 12:16 - 00020982 _____ () C:\Users\Viola\Downloads\Addition.txt
2014-04-17 12:14 - 2014-04-22 16:47 - 02061312 _____ (Farbar) C:\Users\Viola\Downloads\FRST64.exe
2014-04-17 12:10 - 2014-04-17 12:10 - 00000652 _____ () C:\Users\Viola\Downloads\defogger_disable.log
2014-04-17 12:10 - 2014-04-17 12:10 - 00000188 _____ () C:\Users\Viola\defogger_reenable
2014-04-17 12:09 - 2014-04-17 12:09 - 00050477 _____ () C:\Users\Viola\Downloads\Defogger.exe
2014-04-16 16:54 - 2014-04-16 16:54 - 00001172 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-04-16 16:54 - 2014-04-16 16:54 - 00000000 ____D () C:\Users\Viola\AppData\Roaming\TeamViewer
2014-04-16 16:54 - 2014-04-16 16:54 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-04-16 16:53 - 2014-04-16 16:53 - 06120184 _____ (TeamViewer GmbH) C:\Users\Viola\Downloads\TeamViewer_Setup_de.exe
2014-04-16 16:50 - 2014-04-16 16:50 - 00380416 _____ () C:\Users\Viola\Documents\Gmer-19357.exe
2014-04-16 16:35 - 2014-04-17 14:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-16 16:35 - 2014-04-16 16:35 - 00000000 ____D () C:\Users\Viola\AppData\Roaming\Malwarebytes
2014-04-16 16:35 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-16 16:34 - 2014-04-16 16:35 - 05115824 _____ (Malwarebytes Corporation ) C:\Users\Viola\Documents\mbam144-setup.exe
2014-04-16 15:38 - 2014-04-16 15:39 - 00000000 ____D () C:\Users\Viola\AppData\Local\Battle.net
2014-04-16 15:38 - 2014-04-16 15:38 - 00001156 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-04-16 15:38 - 2014-04-16 15:38 - 00000000 ____D () C:\Users\Viola\AppData\Roaming\Battle.net
2014-04-16 15:38 - 2014-04-16 15:38 - 00000000 ____D () C:\Users\Viola\AppData\Local\Blizzard Entertainment
2014-04-16 15:38 - 2014-04-16 15:38 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-04-16 15:27 - 2014-04-16 15:49 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-04-16 15:01 - 2014-04-21 11:00 - 00000300 _____ () C:\Windows\Tasks\PCHelpers_period.job
2014-04-16 15:01 - 2014-04-16 15:14 - 00000300 _____ () C:\Windows\Tasks\PCHelpers1st.job
2014-04-16 15:01 - 2014-04-16 15:06 - 00002876 _____ () C:\Windows\System32\Tasks\PCHelpers_period
2014-04-16 15:01 - 2014-04-16 15:01 - 01097384 _____ (AnyProtect.com) C:\Users\Viola\AppData\Local\nskF855.tmp
2014-04-16 15:01 - 2014-04-16 15:01 - 00002686 _____ () C:\Windows\System32\Tasks\PCHelpers1st
2014-04-16 15:01 - 2014-04-16 15:01 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerplus
2014-04-13 13:23 - 2014-04-13 19:32 - 00000000 ____D () C:\Users\Viola\AppData\Roaming\TS3Client
2014-04-13 13:23 - 2014-04-13 13:23 - 00001172 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-04-13 13:23 - 2014-04-13 13:23 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-04-13 13:21 - 2014-04-13 13:21 - 27601296 _____ (TeamSpeak Systems GmbH) C:\Users\Viola\Downloads\TeamSpeak3-Client-win32-3.0.14 (1).exe
2014-04-13 13:18 - 2014-04-13 13:18 - 27601296 _____ (TeamSpeak Systems GmbH) C:\Users\Viola\Downloads\TeamSpeak3-Client-win32-3.0.14.exe
2014-04-12 11:31 - 2014-04-12 11:31 - 00001157 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-12 11:31 - 2014-04-12 11:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-12 11:30 - 2014-04-12 11:31 - 00283192 _____ (Mozilla) C:\Users\Viola\Downloads\Firefox Setup Stub 28.0.exe
2014-04-11 21:52 - 2014-04-11 21:52 - 00283200 _____ (DT Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-04-09 16:48 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 16:48 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 16:48 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 16:48 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 16:48 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 16:48 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 16:48 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 16:48 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 16:48 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 16:48 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 16:48 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 16:48 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 16:48 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 16:48 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 16:48 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 16:48 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 16:48 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-08 09:10 - 2014-04-08 09:10 - 00000243 _____ () C:\Windows\Change.ini
2014-03-31 14:14 - 2014-03-31 14:14 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-26 12:51 - 2014-03-31 06:51 - 00000076 _____ () C:\Users\Viola\AppData\Roaming\WB.CFG
==================== One Month Modified Files and Folders =======
2014-04-22 16:48 - 2014-04-17 12:15 - 00012670 _____ () C:\Users\Viola\Downloads\FRST.txt
2014-04-22 16:47 - 2014-04-22 16:47 - 00000000 ____D () C:\Users\Viola\Downloads\FRST-OlderVersion
2014-04-22 16:47 - 2014-04-17 12:15 - 00000000 ____D () C:\FRST
2014-04-22 16:47 - 2014-04-17 12:14 - 02061312 _____ (Farbar) C:\Users\Viola\Downloads\FRST64.exe
2014-04-22 16:46 - 2011-04-12 09:43 - 00700470 _____ () C:\Windows\system32\perfh007.dat
2014-04-22 16:46 - 2011-04-12 09:43 - 00150108 _____ () C:\Windows\system32\perfc007.dat
2014-04-22 16:46 - 2009-07-14 07:13 - 01624106 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-22 16:45 - 2013-02-09 21:20 - 01580441 _____ () C:\Windows\WindowsUpdate.log
2014-04-22 16:45 - 2009-07-14 06:45 - 00025408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-22 16:45 - 2009-07-14 06:45 - 00025408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-22 16:40 - 2013-06-21 08:24 - 00019535 _____ () C:\Windows\setupact.log
2014-04-22 16:40 - 2013-02-09 22:11 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-22 16:40 - 2013-02-07 09:43 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-22 16:40 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-22 16:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-21 19:31 - 2013-02-09 22:32 - 00000000 ____D () C:\Users\Viola\AppData\Local\Firestorm
2014-04-21 19:04 - 2013-02-09 22:11 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-21 14:53 - 2013-02-11 14:10 - 00079312 _____ () C:\Users\Viola\Documents\Läden.xlsx
2014-04-21 12:31 - 2014-04-21 12:31 - 00001476 _____ () C:\Users\Viola\Downloads\JRT.txt
2014-04-21 12:31 - 2014-04-21 12:31 - 00001476 _____ () C:\Users\Viola\Desktop\JRT.txt
2014-04-21 12:26 - 2014-04-21 12:26 - 00002644 _____ () C:\Users\Viola\Downloads\AdwCleaner[S1].txt
2014-04-21 12:25 - 2014-04-17 14:56 - 00000000 ____D () C:\AdwCleaner
2014-04-21 12:22 - 2010-11-21 05:47 - 00847574 _____ () C:\Windows\PFRO.log
2014-04-21 12:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-04-21 12:14 - 2014-04-17 14:41 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-21 11:00 - 2014-04-16 15:01 - 00000300 _____ () C:\Windows\Tasks\PCHelpers_period.job
2014-04-21 10:23 - 2013-02-10 13:14 - 00000000 ____D () C:\Users\Viola\AppData\Roaming\Winamp
2014-04-18 20:39 - 2013-08-15 20:49 - 00000000 ____D () C:\Windows\rescache
2014-04-17 15:07 - 2014-04-17 15:07 - 00000000 ____D () C:\Windows\ERUNT
2014-04-17 15:07 - 2014-04-17 15:06 - 01016261 _____ (Thisisu) C:\Users\Viola\Downloads\JRT.exe
2014-04-17 15:03 - 2013-02-09 22:11 - 00001288 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-17 14:55 - 2014-04-17 14:55 - 01426178 _____ () C:\Users\Viola\Downloads\adwcleaner.exe
2014-04-17 14:54 - 2014-04-17 14:54 - 00352422 _____ () C:\Users\Viola\Downloads\mbam.txt
2014-04-17 14:52 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\addins
2014-04-17 14:41 - 2014-04-17 14:41 - 00001112 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-17 14:41 - 2014-04-17 14:41 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-17 14:41 - 2014-04-17 14:40 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Viola\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-17 14:41 - 2014-04-16 16:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-17 12:25 - 2014-04-17 12:25 - 00026741 _____ () C:\Users\Viola\Downloads\GMER.log
2014-04-17 12:19 - 2014-04-17 12:19 - 00380416 _____ () C:\Users\Viola\Downloads\hdfgddc6.exe
2014-04-17 12:16 - 2014-04-17 12:15 - 00020982 _____ () C:\Users\Viola\Downloads\Addition.txt
2014-04-17 12:10 - 2014-04-17 12:10 - 00000652 _____ () C:\Users\Viola\Downloads\defogger_disable.log
2014-04-17 12:10 - 2014-04-17 12:10 - 00000188 _____ () C:\Users\Viola\defogger_reenable
2014-04-17 12:10 - 2013-02-09 21:22 - 00000000 ____D () C:\Users\Viola
2014-04-17 12:09 - 2014-04-17 12:09 - 00050477 _____ () C:\Users\Viola\Downloads\Defogger.exe
2014-04-16 17:11 - 2009-07-14 06:45 - 00420704 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-16 17:04 - 2013-02-09 21:23 - 00109296 _____ () C:\Users\Viola\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-16 16:54 - 2014-04-16 16:54 - 00001172 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-04-16 16:54 - 2014-04-16 16:54 - 00000000 ____D () C:\Users\Viola\AppData\Roaming\TeamViewer
2014-04-16 16:54 - 2014-04-16 16:54 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-04-16 16:53 - 2014-04-16 16:53 - 06120184 _____ (TeamViewer GmbH) C:\Users\Viola\Downloads\TeamViewer_Setup_de.exe
2014-04-16 16:50 - 2014-04-16 16:50 - 00380416 _____ () C:\Users\Viola\Documents\Gmer-19357.exe
2014-04-16 16:35 - 2014-04-16 16:35 - 00000000 ____D () C:\Users\Viola\AppData\Roaming\Malwarebytes
2014-04-16 16:35 - 2014-04-16 16:34 - 05115824 _____ (Malwarebytes Corporation ) C:\Users\Viola\Documents\mbam144-setup.exe
2014-04-16 15:49 - 2014-04-16 15:27 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-04-16 15:39 - 2014-04-16 15:38 - 00000000 ____D () C:\Users\Viola\AppData\Local\Battle.net
2014-04-16 15:38 - 2014-04-16 15:38 - 00001156 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-04-16 15:38 - 2014-04-16 15:38 - 00000000 ____D () C:\Users\Viola\AppData\Roaming\Battle.net
2014-04-16 15:38 - 2014-04-16 15:38 - 00000000 ____D () C:\Users\Viola\AppData\Local\Blizzard Entertainment
2014-04-16 15:38 - 2014-04-16 15:38 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-04-16 15:14 - 2014-04-16 15:01 - 00000300 _____ () C:\Windows\Tasks\PCHelpers1st.job
2014-04-16 15:06 - 2014-04-16 15:01 - 00002876 _____ () C:\Windows\System32\Tasks\PCHelpers_period
2014-04-16 15:01 - 2014-04-16 15:01 - 01097384 _____ (AnyProtect.com) C:\Users\Viola\AppData\Local\nskF855.tmp
2014-04-16 15:01 - 2014-04-16 15:01 - 00002686 _____ () C:\Windows\System32\Tasks\PCHelpers1st
2014-04-16 15:01 - 2014-04-16 15:01 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerplus
2014-04-13 19:32 - 2014-04-13 13:23 - 00000000 ____D () C:\Users\Viola\AppData\Roaming\TS3Client
2014-04-13 13:23 - 2014-04-13 13:23 - 00001172 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-04-13 13:23 - 2014-04-13 13:23 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-04-13 13:21 - 2014-04-13 13:21 - 27601296 _____ (TeamSpeak Systems GmbH) C:\Users\Viola\Downloads\TeamSpeak3-Client-win32-3.0.14 (1).exe
2014-04-13 13:18 - 2014-04-13 13:18 - 27601296 _____ (TeamSpeak Systems GmbH) C:\Users\Viola\Downloads\TeamSpeak3-Client-win32-3.0.14.exe
2014-04-12 11:31 - 2014-04-12 11:31 - 00001157 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-12 11:31 - 2014-04-12 11:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-12 11:31 - 2014-04-12 11:30 - 00283192 _____ (Mozilla) C:\Users\Viola\Downloads\Firefox Setup Stub 28.0.exe
2014-04-12 11:31 - 2013-02-09 22:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-11 21:52 - 2014-04-11 21:52 - 00283200 _____ (DT Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-04-11 21:52 - 2013-04-19 16:32 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2014-04-09 20:15 - 2014-02-24 17:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 20:14 - 2014-02-24 17:50 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-08 13:54 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-04-08 09:10 - 2014-04-08 09:10 - 00000243 _____ () C:\Windows\Change.ini
2014-04-06 11:53 - 2014-03-19 17:54 - 00000000 ____D () C:\Program Files (x86)\Firestorm-Release
2014-04-03 09:51 - 2014-04-17 14:41 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-17 14:41 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-16 16:35 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 14:14 - 2014-03-31 14:14 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-31 14:14 - 2013-12-31 11:09 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-03-31 14:14 - 2013-03-14 11:14 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-31 14:14 - 2013-03-14 11:14 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-31 14:14 - 2013-02-09 22:15 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-31 14:14 - 2013-02-09 22:15 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-31 14:14 - 2013-02-09 22:15 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-31 14:14 - 2013-02-09 22:15 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-03-31 14:14 - 2013-02-09 22:15 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-31 14:14 - 2013-02-09 22:15 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-31 14:14 - 2013-02-09 22:15 - 00001972 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-03-31 09:35 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-31 06:51 - 2014-03-26 12:51 - 00000076 _____ () C:\Users\Viola\AppData\Roaming\WB.CFG
2014-03-27 20:59 - 2013-02-09 22:11 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-27 20:59 - 2013-02-09 22:11 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-23 10:03 - 2013-02-18 08:57 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-23 10:03 - 2013-02-18 08:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
Some content of TEMP:
====================
C:\Users\Viola\AppData\Local\Temp\aol_trioF90.exe
C:\Users\Viola\AppData\Local\Temp\BackupSetup.exe
C:\Users\Viola\AppData\Local\Temp\EnableExtDll.dll
C:\Users\Viola\AppData\Local\Temp\ose00000.exe
C:\Users\Viola\AppData\Local\Temp\Quarantine.exe
C:\Users\Viola\AppData\Local\Temp\ShoppinHelper2new2.exe
C:\Users\Viola\AppData\Local\Temp\tbtriopreinstE517.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-19 00:28
==================== End Of Log ============================
--- --- --- FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2014
Ran by Viola at 2014-04-22 16:48:12
Running from C:\Users\Viola\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
AOL Toolbar (HKCU\...\AOL Toolbar) (Version: - )
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Logitech Gaming Software (Version: 8.40.83 - Logitech Inc.) Hidden
Logitech Gaming Software 8.40 (HKLM\...\Logitech Gaming Software) (Version: 8.40.83 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NVIDIA 3D Vision Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Systemsteuerung 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27614 - TeamViewer)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Family Safety (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
==================== Restore Points =========================
21-04-2014 15:34:29 Geplanter Prüfpunkt
21-04-2014 17:33:10 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {12A42892-E554-4C79-B86E-3A0E5EAFAA9E} - \BrowserProtect No Task File <==== ATTENTION
Task: {330AA131-2070-48D0-BEE1-867A28DD13E5} - System32\Tasks\PCHelpers1st => C:\Program Files (x86)\Optimizer Elite Max\Optimizer Elite Max.exe <==== ATTENTION
Task: {5750BBAE-5701-4C44-BAC7-B61771A4329C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-09] (Google Inc.)
Task: {597760E1-EDF8-43D3-A422-844151FB1A47} - \SaveSense No Task File <==== ATTENTION
Task: {72099386-9B81-4D9E-AD86-E8026EBD833B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BD0CF917-06C4-43E1-B639-C8E61278AC76} - System32\Tasks\PCHelpers_period => C:\Program Files (x86)\Optimizer Elite Max\Optimizer Elite Max.exe <==== ATTENTION
Task: {EA34773D-C47D-42A3-93F3-56D2D5FDD315} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-09] (Google Inc.)
Task: {F97F7EBA-1E84-441D-B0AF-DA5F714B8BA5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-03-31] (AVAST Software)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCHelpers1st.job => C:\Program Files (x86)\Optimizer Elite Max\Optimizer Elite Max.exe
Task: C:\Windows\Tasks\PCHelpers_period.job => C:\Program Files (x86)\Optimizer Elite Max\Optimizer Elite Max.exe
==================== Loaded Modules (whitelisted) =============
2013-02-07 09:43 - 2013-10-23 10:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-04-21 12:23 - 2014-04-21 12:23 - 02215424 _____ () C:\Program Files\AVAST Software\Avast\defs\14042100\algo.dll
2014-04-22 16:41 - 2014-04-22 16:41 - 02215424 _____ () C:\Program Files\AVAST Software\Avast\defs\14042200\algo.dll
2012-10-15 18:45 - 2012-10-15 18:45 - 00048640 _____ () C:\Program Files (x86)\AOL Desktop 9.7\zlib.dll
2012-10-15 18:45 - 2012-10-15 18:45 - 00094208 _____ () C:\Program Files (x86)\AOL Desktop 9.7\Components\Tier2Svc.dll
2012-10-15 18:45 - 2012-10-15 18:45 - 00060928 _____ () C:\Program Files (x86)\AOL Desktop 9.7\Components\DataSvcs.dll
2014-03-01 11:30 - 2014-03-01 11:30 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\7fb509dd6887788f670fac03bb2f996d\PSIClient.ni.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/22/2014 04:42:01 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.
Error: (04/21/2014 02:46:17 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SLVoice.exe, Version: 4.5.9.17865, Zeitstempel: 0x505b00f4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000264
Fehleroffset: 0x000a2525
ID des fehlerhaften Prozesses: 0x924
Startzeit der fehlerhaften Anwendung: 0xSLVoice.exe0
Pfad der fehlerhaften Anwendung: SLVoice.exe1
Pfad des fehlerhaften Moduls: SLVoice.exe2
Berichtskennung: SLVoice.exe3
Error: (04/21/2014 00:54:09 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SLVoice.exe, Version: 4.5.9.17865, Zeitstempel: 0x505b00f4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000264
Fehleroffset: 0x000a2525
ID des fehlerhaften Prozesses: 0x11d4
Startzeit der fehlerhaften Anwendung: 0xSLVoice.exe0
Pfad der fehlerhaften Anwendung: SLVoice.exe1
Pfad des fehlerhaften Moduls: SLVoice.exe2
Berichtskennung: SLVoice.exe3
System errors:
=============
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 8%
Total physical RAM: 32729.05 MB
Available physical RAM: 29976.88 MB
Total Pagefile: 65456.27 MB
Available Pagefile: 62488.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:59.62 GB) (Free:19.1 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data1) (Fixed) (Total:931.51 GB) (Free:643.72 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 60 GB) (Disk ID: 1B9F7518)
Partition 1: (Active) - (Size=60 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 1B9F7515)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
22.04.2014, 21:07
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows 7 (64-Bit): Avast wird durch Gruppenrichtlinien blockiert Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.
__________________Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
AppInit_DLLs-x32: C:\PROGRA~2\Amazon\AMAZON~1\\AMAZON~3.DLL => "C:\PROGRA~2\Amazon\AMAZON~1\\AMAZON~3.DLL" File Not Found
FF NewTab: user_pref("browser.newtab.url", "");
Task: {12A42892-E554-4C79-B86E-3A0E5EAFAA9E} - \BrowserProtect No Task File <==== ATTENTION
Task: {330AA131-2070-48D0-BEE1-867A28DD13E5} - System32\Tasks\PCHelpers1st => C:\Program Files (x86)\Optimizer Elite Max\Optimizer Elite Max.exe <==== ATTENTION
Task: {597760E1-EDF8-43D3-A422-844151FB1A47} - \SaveSense No Task File <==== ATTENTION
Task: {BD0CF917-06C4-43E1-B639-C8E61278AC76} - System32\Tasks\PCHelpers_period => C:\Program Files (x86)\Optimizer Elite Max\Optimizer Elite Max.exe <==== ATTENTION
C:\Program Files (x86)\Optimizer Elite Max
C:\Users\Viola\AppData\Local\Temp\aol_trioF90.exe
C:\Users\Viola\AppData\Local\Temp\BackupSetup.exe
C:\Users\Viola\AppData\Local\Temp\EnableExtDll.dll
C:\Users\Viola\AppData\Local\Temp\ose00000.exe
C:\Users\Viola\AppData\Local\Temp\Quarantine.exe
C:\Users\Viola\AppData\Local\Temp\ShoppinHelper2new2.exe
C:\Users\Viola\AppData\Local\Temp\tbtriopreinstE517.exe
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ |
|
23.04.2014, 15:39
| #18 |
| | Windows 7 (64-Bit): Avast wird durch Gruppenrichtlinien blockiert So, hier das neuste FRST Log.
__________________Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-04-2014
Ran by Viola at 2014-04-23 16:33:58 Run:1
Running from C:\Users\Viola\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
AppInit_DLLs-x32: C:\PROGRA~2\Amazon\AMAZON~1\\AMAZON~3.DLL => "C:\PROGRA~2\Amazon\AMAZON~1\\AMAZON~3.DLL" File Not Found
FF NewTab: user_pref("browser.newtab.url", "");
Task: {12A42892-E554-4C79-B86E-3A0E5EAFAA9E} - \BrowserProtect No Task File <==== ATTENTION
Task: {330AA131-2070-48D0-BEE1-867A28DD13E5} - System32\Tasks\PCHelpers1st => C:\Program Files (x86)\Optimizer Elite Max\Optimizer Elite Max.exe <==== ATTENTION
Task: {597760E1-EDF8-43D3-A422-844151FB1A47} - \SaveSense No Task File <==== ATTENTION
Task: {BD0CF917-06C4-43E1-B639-C8E61278AC76} - System32\Tasks\PCHelpers_period => C:\Program Files (x86)\Optimizer Elite Max\Optimizer Elite Max.exe <==== ATTENTION
C:\Program Files (x86)\Optimizer Elite Max
C:\Users\Viola\AppData\Local\Temp\aol_trioF90.exe
C:\Users\Viola\AppData\Local\Temp\BackupSetup.exe
C:\Users\Viola\AppData\Local\Temp\EnableExtDll.dll
C:\Users\Viola\AppData\Local\Temp\ose00000.exe
C:\Users\Viola\AppData\Local\Temp\Quarantine.exe
C:\Users\Viola\AppData\Local\Temp\ShoppinHelper2new2.exe
C:\Users\Viola\AppData\Local\Temp\tbtriopreinstE517.exe
*****************
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
"C:\PROGRA~2\Amazon\AMAZON~1\\AMAZON~3.DLL" => Value Data removed successfully.
Firefox newtab deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{12A42892-E554-4C79-B86E-3A0E5EAFAA9E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12A42892-E554-4C79-B86E-3A0E5EAFAA9E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserProtect => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{330AA131-2070-48D0-BEE1-867A28DD13E5} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{330AA131-2070-48D0-BEE1-867A28DD13E5} => Key deleted successfully.
C:\Windows\System32\Tasks\PCHelpers1st => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCHelpers1st => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{597760E1-EDF8-43D3-A422-844151FB1A47} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{597760E1-EDF8-43D3-A422-844151FB1A47} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SaveSense => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BD0CF917-06C4-43E1-B639-C8E61278AC76} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD0CF917-06C4-43E1-B639-C8E61278AC76} => Key deleted successfully.
C:\Windows\System32\Tasks\PCHelpers_period => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCHelpers_period => Key deleted successfully.
"C:\Program Files (x86)\Optimizer Elite Max" => File/Directory not found.
C:\Users\Viola\AppData\Local\Temp\aol_trioF90.exe => Moved successfully.
C:\Users\Viola\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\Viola\AppData\Local\Temp\EnableExtDll.dll => Moved successfully.
C:\Users\Viola\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\Viola\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Viola\AppData\Local\Temp\ShoppinHelper2new2.exe => Moved successfully.
C:\Users\Viola\AppData\Local\Temp\tbtriopreinstE517.exe => Moved successfully.
==== End of Fixlog ====
|
|
23.04.2014, 15:53
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7 (64-Bit): Avast wird durch Gruppenrichtlinien blockiert Avast sollte nicht mehr geblockt werden?! Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.04.2014, 11:17
| #20 |
| | Windows 7 (64-Bit): Avast wird durch Gruppenrichtlinien blockiert Der Viren-Scanner funktioniert wieder tadellos, weswegen ich Dir einen herzlichen Dank von meiner Frau ausrichten soll.  Hier noch die gewünschten Logs: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-04-2014 Ran by Viola (administrator) on Viola-PC on 25-04-2014 12:12:44 Running from C:\Users\Viola\Downloads Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1360440249\ee\aolsoftware.exe (Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe (Adobe Systems Incorporated) D:\AdobeReader\Reader\reader_sl.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (AOL LLC) C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe (Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe (AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7\shellmon.exe (AOL Inc.) C:\Program Files (x86)\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7406392 2012-11-29] (Logitech Inc.) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation) HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1360440249\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => D:\AdobeReader\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-03-31] (AVAST Software) HKLM-x32\...\RunOnce: [20131224] - C:\Program Files\AVAST Software\Avast\setup\emupdate\c6bf6666-83e6-4b36-a47d-ff857ebaba06.exe /check [181136 2014-04-25] (AVAST Software) HKU\S-1-5-21-1625969147-3722016134-4087849955-1002\...\Run: [AOL Fast Start] => C:\Program Files (x86)\AOL Desktop 9.7\AOL.EXE [72312 2012-10-15] (AOL Inc.) HKU\S-1-5-21-1625969147-3722016134-4087849955-1002\...\MountPoints2: {3a21f640-a8fe-11e2-ab00-806e6f6e6963} - F:\Autorun.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAEA1B21744DCCD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {A7BAFCBA-0CA6-4B75-824C-5812F73D272B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO-x32: No Name - {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} - No File BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.) Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM-x32 - No Name - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - No File Toolbar: HKCU - AOL Toolbar - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\..\Interfaces\{35647C03-67FC-4D91-A993-AEAE76516521}: [NameServer]62.109.121.1 62.109.121.2 FireFox: ======== FF ProfilePath: C:\Users\Viola\AppData\Roaming\Mozilla\Firefox\Profiles\vatby8be.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @viewpoint.com/VMP - C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-02-09] Chrome: ======= CHR StartupUrls: "startup_urls_migration_time": "13042129996248628" CHR DefaultSearchKeyword: webssearches CHR DefaultSearchProvider: webssearches CHR DefaultSearchURL: hxxp://istart.webssearches.com/web/?type=ds&ts=1397653289&from=tugs&uid=M4-CT064M4SSD2_00000000120609190661&q={searchTerms} CHR DefaultNewTabURL: CHR Extension: (Google Docs) - C:\Users\Viola\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-09] CHR Extension: (Google Drive) - C:\Users\Viola\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-09] CHR Extension: (YouTube) - C:\Users\Viola\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-09] CHR Extension: (Google-Suche) - C:\Users\Viola\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-09] CHR Extension: (Google Wallet) - C:\Users\Viola\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31] CHR Extension: (Google Mail) - C:\Users\Viola\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-09] ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-31] (AVAST Software) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) ==================== Drivers (Whitelisted) ==================== R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-03-31] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-03-31] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-03-31] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-03-31] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-03-31] (AVAST Software) R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-03-31] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-03-31] () R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2014-04-11] (DT Soft Ltd) S3 E100B; C:\Windows\System32\DRIVERS\efe5b32e.sys [192256 2009-06-10] (Intel Corporation) R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28216 2012-09-01] (Intel Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-25] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) S4 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-04-19] (Duplex Secure Ltd.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-23 16:38 - 2014-04-23 16:38 - 00000000 ____D () C:\ProgramData\Viewpoint 2014-04-23 16:38 - 2014-04-23 16:38 - 00000000 ____D () C:\Program Files (x86)\Viewpoint 2014-04-22 16:49 - 2014-04-22 16:49 - 00037237 _____ () C:\Users\Viola\Downloads\FRST2.txt 2014-04-22 16:48 - 2014-04-22 16:48 - 00010008 _____ () C:\Users\Viola\Downloads\Addition2.txt 2014-04-22 16:47 - 2014-04-25 12:12 - 00000000 ____D () C:\Users\Viola\Downloads\FRST-OlderVersion 2014-04-21 19:33 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-21 19:33 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-21 19:33 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-21 19:33 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-21 19:33 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-21 19:33 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-21 19:33 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-21 19:33 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-21 19:33 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-21 19:33 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-21 19:33 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-21 19:33 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-21 19:33 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-21 19:33 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-21 19:33 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-21 19:33 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-21 19:33 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-21 19:33 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-21 19:33 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-21 19:33 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-21 19:33 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-21 19:33 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-21 19:33 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-21 19:33 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-21 19:33 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-21 19:33 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-21 19:33 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-21 19:33 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-21 19:33 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-21 19:33 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-21 19:33 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-21 19:33 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-21 19:33 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-04-21 19:33 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-21 19:33 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-21 19:33 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-21 19:33 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-21 19:33 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-04-21 19:33 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-21 19:33 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-21 19:33 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-21 19:33 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-21 19:33 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-21 19:33 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-21 19:33 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-21 19:33 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-21 19:33 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-21 19:33 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-21 12:31 - 2014-04-21 12:31 - 00001476 _____ () C:\Users\Viola\Downloads\JRT.txt 2014-04-21 12:31 - 2014-04-21 12:31 - 00001476 _____ () C:\Users\Viola\Desktop\JRT.txt 2014-04-21 12:26 - 2014-04-21 12:26 - 00002644 _____ () C:\Users\Viola\Downloads\AdwCleaner[S1].txt 2014-04-17 15:07 - 2014-04-17 15:07 - 00000000 ____D () C:\Windows\ERUNT 2014-04-17 15:06 - 2014-04-17 15:07 - 01016261 _____ (Thisisu) C:\Users\Viola\Downloads\JRT.exe 2014-04-17 14:56 - 2014-04-21 12:25 - 00000000 ____D () C:\AdwCleaner 2014-04-17 14:55 - 2014-04-17 14:55 - 01426178 _____ () C:\Users\Viola\Downloads\adwcleaner.exe 2014-04-17 14:54 - 2014-04-17 14:54 - 00352422 _____ () C:\Users\Viola\Downloads\mbam.txt 2014-04-17 14:41 - 2014-04-25 12:09 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-17 14:41 - 2014-04-17 14:41 - 00001112 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-17 14:41 - 2014-04-17 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-04-17 14:41 - 2014-04-17 14:41 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-17 14:41 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-17 14:41 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-17 14:40 - 2014-04-17 14:41 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Viola\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-17 12:25 - 2014-04-17 12:25 - 00026741 _____ () C:\Users\Viola\Downloads\GMER.log 2014-04-17 12:19 - 2014-04-17 12:19 - 00380416 _____ () C:\Users\Viola\Downloads\hdfgddc6.exe 2014-04-17 12:15 - 2014-04-25 12:12 - 00013528 _____ () C:\Users\Viola\Downloads\FRST.txt 2014-04-17 12:15 - 2014-04-25 12:12 - 00000000 ____D () C:\FRST 2014-04-17 12:15 - 2014-04-22 16:48 - 00010008 _____ () C:\Users\Viola\Downloads\Addition.txt 2014-04-17 12:14 - 2014-04-25 12:12 - 02061824 _____ (Farbar) C:\Users\Viola\Downloads\FRST64.exe 2014-04-17 12:10 - 2014-04-17 12:10 - 00000652 _____ () C:\Users\Viola\Downloads\defogger_disable.log 2014-04-17 12:10 - 2014-04-17 12:10 - 00000188 _____ () C:\Users\Viola\defogger_reenable 2014-04-17 12:09 - 2014-04-17 12:09 - 00050477 _____ () C:\Users\Viola\Downloads\Defogger.exe 2014-04-16 16:54 - 2014-04-16 16:54 - 00001184 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk 2014-04-16 16:54 - 2014-04-16 16:54 - 00001172 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk 2014-04-16 16:54 - 2014-04-16 16:54 - 00000000 ____D () C:\Users\Viola\AppData\Roaming\TeamViewer 2014-04-16 16:54 - 2014-04-16 16:54 - 00000000 ____D () C:\Program Files (x86)\TeamViewer 2014-04-16 16:53 - 2014-04-16 16:53 - 06120184 _____ (TeamViewer GmbH) C:\Users\Viola\Downloads\TeamViewer_Setup_de.exe 2014-04-16 16:50 - 2014-04-16 16:50 - 00380416 _____ () C:\Users\Viola\Documents\Gmer-19357.exe 2014-04-16 16:35 - 2014-04-17 14:41 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-16 16:35 - 2014-04-16 16:35 - 00000000 ____D () C:\Users\Viola\AppData\Roaming\Malwarebytes 2014-04-16 16:35 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-16 16:34 - 2014-04-16 16:35 - 05115824 _____ (Malwarebytes Corporation ) C:\Users\Viola\Documents\mbam144-setup.exe 2014-04-16 15:38 - 2014-04-16 15:39 - 00000000 ____D () C:\Users\Viola\AppData\Local\Battle.net 2014-04-16 15:38 - 2014-04-16 15:38 - 00001156 _____ () C:\Users\Public\Desktop\Battle.net.lnk 2014-04-16 15:38 - 2014-04-16 15:38 - 00000000 ____D () C:\Users\Viola\AppData\Roaming\Battle.net 2014-04-16 15:38 - 2014-04-16 15:38 - 00000000 ____D () C:\Users\Viola\AppData\Local\Blizzard Entertainment 2014-04-16 15:38 - 2014-04-16 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net 2014-04-16 15:38 - 2014-04-16 15:38 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-04-16 15:27 - 2014-04-16 15:49 - 00000000 ____D () C:\Program Files (x86)\Amazon 2014-04-16 15:01 - 2014-04-21 11:00 - 00000300 _____ () C:\Windows\Tasks\PCHelpers_period.job 2014-04-16 15:01 - 2014-04-16 15:14 - 00000300 _____ () C:\Windows\Tasks\PCHelpers1st.job 2014-04-16 15:01 - 2014-04-16 15:01 - 01097384 _____ (AnyProtect.com) C:\Users\Viola\AppData\Local\nskF855.tmp 2014-04-16 15:01 - 2014-04-16 15:01 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerplus 2014-04-13 13:23 - 2014-04-13 19:32 - 00000000 ____D () C:\Users\Viola\AppData\Roaming\TS3Client 2014-04-13 13:23 - 2014-04-13 13:23 - 00001172 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2014-04-13 13:23 - 2014-04-13 13:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client 2014-04-13 13:23 - 2014-04-13 13:23 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client 2014-04-13 13:21 - 2014-04-13 13:21 - 27601296 _____ (TeamSpeak Systems GmbH) C:\Users\Viola\Downloads\TeamSpeak3-Client-win32-3.0.14 (1).exe 2014-04-13 13:18 - 2014-04-13 13:18 - 27601296 _____ (TeamSpeak Systems GmbH) C:\Users\Viola\Downloads\TeamSpeak3-Client-win32-3.0.14.exe 2014-04-12 11:31 - 2014-04-12 11:31 - 00001169 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-04-12 11:31 - 2014-04-12 11:31 - 00001157 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-04-12 11:31 - 2014-04-12 11:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-04-12 11:30 - 2014-04-12 11:31 - 00283192 _____ (Mozilla) C:\Users\Viola\Downloads\Firefox Setup Stub 28.0.exe 2014-04-11 21:52 - 2014-04-11 21:52 - 00283200 _____ (DT Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys 2014-04-09 16:48 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-09 16:48 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-04-09 16:48 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-04-09 16:48 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-04-09 16:48 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-04-09 16:48 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-04-09 16:48 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-09 16:48 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-04-09 16:48 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-04-09 16:48 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-04-09 16:48 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-04-09 16:48 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-09 16:48 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-09 16:48 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-04-09 16:48 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-04-09 16:48 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2014-04-09 16:48 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-04-08 09:10 - 2014-04-08 09:10 - 00000243 _____ () C:\Windows\Change.ini 2014-03-31 14:14 - 2014-03-31 14:14 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-03-26 12:51 - 2014-03-31 06:51 - 00000076 _____ () C:\Users\Viola\AppData\Roaming\WB.CFG ==================== One Month Modified Files and Folders ======= 2014-04-25 12:12 - 2014-04-22 16:47 - 00000000 ____D () C:\Users\Viola\Downloads\FRST-OlderVersion 2014-04-25 12:12 - 2014-04-17 12:15 - 00013528 _____ () C:\Users\Viola\Downloads\FRST.txt 2014-04-25 12:12 - 2014-04-17 12:15 - 00000000 ____D () C:\FRST 2014-04-25 12:12 - 2014-04-17 12:14 - 02061824 _____ (Farbar) C:\Users\Viola\Downloads\FRST64.exe 2014-04-25 12:12 - 2013-02-09 21:20 - 01632802 _____ () C:\Windows\WindowsUpdate.log 2014-04-25 12:09 - 2014-04-17 14:41 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-25 12:09 - 2013-06-21 08:24 - 00019759 _____ () C:\Windows\setupact.log 2014-04-25 12:09 - 2013-02-09 22:11 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-25 12:09 - 2013-02-07 09:43 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-04-25 12:09 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-24 19:12 - 2013-02-09 22:32 - 00000000 ____D () C:\Users\Viola\AppData\Local\Firestorm 2014-04-24 19:04 - 2013-02-09 22:11 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-24 18:08 - 2013-02-11 14:10 - 00079391 _____ () C:\Users\Viola\Documents\Läden.xlsx 2014-04-24 17:39 - 2009-07-14 06:45 - 00025408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-24 17:39 - 2009-07-14 06:45 - 00025408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-24 17:38 - 2011-04-12 09:43 - 00700470 _____ () C:\Windows\system32\perfh007.dat 2014-04-24 17:38 - 2011-04-12 09:43 - 00150108 _____ () C:\Windows\system32\perfc007.dat 2014-04-24 17:38 - 2009-07-14 07:13 - 01624106 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-23 16:38 - 2014-04-23 16:38 - 00000000 ____D () C:\ProgramData\Viewpoint 2014-04-23 16:38 - 2014-04-23 16:38 - 00000000 ____D () C:\Program Files (x86)\Viewpoint 2014-04-22 16:49 - 2014-04-22 16:49 - 00037237 _____ () C:\Users\Viola\Downloads\FRST2.txt 2014-04-22 16:48 - 2014-04-22 16:48 - 00010008 _____ () C:\Users\Viola\Downloads\Addition2.txt 2014-04-22 16:48 - 2014-04-17 12:15 - 00010008 _____ () C:\Users\Viola\Downloads\Addition.txt 2014-04-22 16:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-04-21 12:31 - 2014-04-21 12:31 - 00001476 _____ () C:\Users\Viola\Downloads\JRT.txt 2014-04-21 12:31 - 2014-04-21 12:31 - 00001476 _____ () C:\Users\Viola\Desktop\JRT.txt 2014-04-21 12:26 - 2014-04-21 12:26 - 00002644 _____ () C:\Users\Viola\Downloads\AdwCleaner[S1].txt 2014-04-21 12:25 - 2014-04-17 14:56 - 00000000 ____D () C:\AdwCleaner 2014-04-21 12:22 - 2010-11-21 05:47 - 00847574 _____ () C:\Windows\PFRO.log 2014-04-21 12:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\LiveKernelReports 2014-04-21 11:00 - 2014-04-16 15:01 - 00000300 _____ () C:\Windows\Tasks\PCHelpers_period.job 2014-04-21 10:23 - 2013-02-10 13:14 - 00000000 ____D () C:\Users\Viola\AppData\Roaming\Winamp 2014-04-18 20:39 - 2013-08-15 20:49 - 00000000 ____D () C:\Windows\rescache 2014-04-17 15:07 - 2014-04-17 15:07 - 00000000 ____D () C:\Windows\ERUNT 2014-04-17 15:07 - 2014-04-17 15:06 - 01016261 _____ (Thisisu) C:\Users\Viola\Downloads\JRT.exe 2014-04-17 15:03 - 2013-02-09 22:11 - 00001288 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-04-17 15:03 - 2013-02-09 22:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-04-17 14:55 - 2014-04-17 14:55 - 01426178 _____ () C:\Users\Viola\Downloads\adwcleaner.exe 2014-04-17 14:54 - 2014-04-17 14:54 - 00352422 _____ () C:\Users\Viola\Downloads\mbam.txt 2014-04-17 14:52 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\addins 2014-04-17 14:41 - 2014-04-17 14:41 - 00001112 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-17 14:41 - 2014-04-17 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-04-17 14:41 - 2014-04-17 14:41 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-17 14:41 - 2014-04-17 14:40 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Viola\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-17 14:41 - 2014-04-16 16:35 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-17 12:25 - 2014-04-17 12:25 - 00026741 _____ () C:\Users\Viola\Downloads\GMER.log 2014-04-17 12:19 - 2014-04-17 12:19 - 00380416 _____ () C:\Users\Viola\Downloads\hdfgddc6.exe 2014-04-17 12:10 - 2014-04-17 12:10 - 00000652 _____ () C:\Users\Viola\Downloads\defogger_disable.log 2014-04-17 12:10 - 2014-04-17 12:10 - 00000188 _____ () C:\Users\Viola\defogger_reenable 2014-04-17 12:10 - 2013-02-09 21:22 - 00000000 ____D () C:\Users\Viola 2014-04-17 12:09 - 2014-04-17 12:09 - 00050477 _____ () C:\Users\Viola\Downloads\Defogger.exe 2014-04-16 17:11 - 2009-07-14 06:45 - 00420704 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-16 17:04 - 2013-02-09 21:23 - 00109296 _____ () C:\Users\Viola\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-16 16:54 - 2014-04-16 16:54 - 00001184 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk 2014-04-16 16:54 - 2014-04-16 16:54 - 00001172 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk 2014-04-16 16:54 - 2014-04-16 16:54 - 00000000 ____D () C:\Users\Viola\AppData\Roaming\TeamViewer 2014-04-16 16:54 - 2014-04-16 16:54 - 00000000 ____D () C:\Program Files (x86)\TeamViewer 2014-04-16 16:53 - 2014-04-16 16:53 - 06120184 _____ (TeamViewer GmbH) C:\Users\Viola\Downloads\TeamViewer_Setup_de.exe 2014-04-16 16:50 - 2014-04-16 16:50 - 00380416 _____ () C:\Users\Viola\Documents\Gmer-19357.exe 2014-04-16 16:35 - 2014-04-16 16:35 - 00000000 ____D () C:\Users\Viola\AppData\Roaming\Malwarebytes 2014-04-16 16:35 - 2014-04-16 16:34 - 05115824 _____ (Malwarebytes Corporation ) C:\Users\Viola\Documents\mbam144-setup.exe 2014-04-16 15:49 - 2014-04-16 15:27 - 00000000 ____D () C:\Program Files (x86)\Amazon 2014-04-16 15:39 - 2014-04-16 15:38 - 00000000 ____D () C:\Users\Viola\AppData\Local\Battle.net 2014-04-16 15:38 - 2014-04-16 15:38 - 00001156 _____ () C:\Users\Public\Desktop\Battle.net.lnk 2014-04-16 15:38 - 2014-04-16 15:38 - 00000000 ____D () C:\Users\Viola\AppData\Roaming\Battle.net 2014-04-16 15:38 - 2014-04-16 15:38 - 00000000 ____D () C:\Users\Viola\AppData\Local\Blizzard Entertainment 2014-04-16 15:38 - 2014-04-16 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net 2014-04-16 15:38 - 2014-04-16 15:38 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-04-16 15:14 - 2014-04-16 15:01 - 00000300 _____ () C:\Windows\Tasks\PCHelpers1st.job 2014-04-16 15:01 - 2014-04-16 15:01 - 01097384 _____ (AnyProtect.com) C:\Users\Viola\AppData\Local\nskF855.tmp 2014-04-16 15:01 - 2014-04-16 15:01 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerplus 2014-04-13 19:32 - 2014-04-13 13:23 - 00000000 ____D () C:\Users\Viola\AppData\Roaming\TS3Client 2014-04-13 13:23 - 2014-04-13 13:23 - 00001172 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2014-04-13 13:23 - 2014-04-13 13:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client 2014-04-13 13:23 - 2014-04-13 13:23 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client 2014-04-13 13:21 - 2014-04-13 13:21 - 27601296 _____ (TeamSpeak Systems GmbH) C:\Users\Viola\Downloads\TeamSpeak3-Client-win32-3.0.14 (1).exe 2014-04-13 13:18 - 2014-04-13 13:18 - 27601296 _____ (TeamSpeak Systems GmbH) C:\Users\Viola\Downloads\TeamSpeak3-Client-win32-3.0.14.exe 2014-04-12 11:31 - 2014-04-12 11:31 - 00001169 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-04-12 11:31 - 2014-04-12 11:31 - 00001157 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-04-12 11:31 - 2014-04-12 11:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-04-12 11:31 - 2014-04-12 11:30 - 00283192 _____ (Mozilla) C:\Users\Viola\Downloads\Firefox Setup Stub 28.0.exe 2014-04-12 11:31 - 2013-02-09 22:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-11 21:52 - 2014-04-11 21:52 - 00283200 _____ (DT Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys 2014-04-11 21:52 - 2013-04-19 16:32 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite 2014-04-09 20:15 - 2014-02-24 17:50 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-09 20:14 - 2014-02-24 17:50 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-08 13:54 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-04-08 09:10 - 2014-04-08 09:10 - 00000243 _____ () C:\Windows\Change.ini 2014-04-08 09:10 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2014-04-06 11:53 - 2014-03-19 17:54 - 00000000 ____D () C:\Program Files (x86)\Firestorm-Release 2014-04-03 09:51 - 2014-04-17 14:41 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-17 14:41 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-16 16:35 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-31 14:14 - 2014-03-31 14:14 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-03-31 14:14 - 2013-12-31 11:09 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-03-31 14:14 - 2013-03-14 11:14 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-03-31 14:14 - 2013-03-14 11:14 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-03-31 14:14 - 2013-02-09 22:15 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-03-31 14:14 - 2013-02-09 22:15 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-03-31 14:14 - 2013-02-09 22:15 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-03-31 14:14 - 2013-02-09 22:15 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-03-31 14:14 - 2013-02-09 22:15 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-03-31 14:14 - 2013-02-09 22:15 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-03-31 14:14 - 2013-02-09 22:15 - 00001972 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-03-31 09:35 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-03-31 06:51 - 2014-03-26 12:51 - 00000076 _____ () C:\Users\Viola\AppData\Roaming\WB.CFG 2014-03-29 01:03 - 2013-02-10 13:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III 2014-03-27 20:59 - 2013-02-09 22:11 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-03-27 20:59 - 2013-02-09 22:11 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-19 00:28 ==================== End Of Log ============================ --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-04-2014
Ran by Viola at 2014-04-25 12:12:57
Running from C:\Users\Viola\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
AOL Toolbar (HKCU\...\AOL Toolbar) (Version: - )
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Logitech Gaming Software (Version: 8.40.83 - Logitech Inc.) Hidden
Logitech Gaming Software 8.40 (HKLM\...\Logitech Gaming Software) (Version: 8.40.83 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NVIDIA 3D Vision Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Systemsteuerung 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27614 - TeamViewer)
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version: - )
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Family Safety (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
==================== Restore Points =========================
21-04-2014 15:34:29 Geplanter Prüfpunkt
21-04-2014 17:33:10 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {5750BBAE-5701-4C44-BAC7-B61771A4329C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-09] (Google Inc.)
Task: {72099386-9B81-4D9E-AD86-E8026EBD833B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EA34773D-C47D-42A3-93F3-56D2D5FDD315} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-09] (Google Inc.)
Task: {F97F7EBA-1E84-441D-B0AF-DA5F714B8BA5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-03-31] (AVAST Software)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCHelpers1st.job => C:\Program Files (x86)\Optimizer Elite Max\Optimizer Elite Max.exe
Task: C:\Windows\Tasks\PCHelpers_period.job => C:\Program Files (x86)\Optimizer Elite Max\Optimizer Elite Max.exe
==================== Loaded Modules (whitelisted) =============
2013-02-07 09:43 - 2013-10-23 10:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-04-24 17:32 - 2014-04-24 17:32 - 02215936 _____ () C:\Program Files\AVAST Software\Avast\defs\14042400\algo.dll
2014-04-25 12:10 - 2014-04-25 12:10 - 02252800 _____ () C:\Program Files\AVAST Software\Avast\defs\14042500\algo.dll
2012-10-15 18:45 - 2012-10-15 18:45 - 00048640 _____ () C:\Program Files (x86)\AOL Desktop 9.7\zlib.dll
2012-10-15 18:45 - 2012-10-15 18:45 - 00094208 _____ () C:\Program Files (x86)\AOL Desktop 9.7\Components\Tier2Svc.dll
2012-10-15 18:45 - 2012-10-15 18:45 - 00060928 _____ () C:\Program Files (x86)\AOL Desktop 9.7\Components\DataSvcs.dll
2013-12-02 21:42 - 2013-12-02 21:42 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-03-01 11:30 - 2014-03-01 11:30 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\7fb509dd6887788f670fac03bb2f996d\PSIClient.ni.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/25/2014 00:11:12 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.
Error: (04/24/2014 05:33:57 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.
Error: (04/23/2014 07:24:12 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SLVoice.exe, Version: 4.5.9.17865, Zeitstempel: 0x505b00f4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000264
Fehleroffset: 0x000a2525
ID des fehlerhaften Prozesses: 0x6d4
Startzeit der fehlerhaften Anwendung: 0xSLVoice.exe0
Pfad der fehlerhaften Anwendung: SLVoice.exe1
Pfad des fehlerhaften Moduls: SLVoice.exe2
Berichtskennung: SLVoice.exe3
Error: (04/23/2014 04:39:55 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.
Error: (04/23/2014 04:25:09 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.
Error: (04/22/2014 04:42:01 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.
Error: (04/21/2014 02:46:17 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SLVoice.exe, Version: 4.5.9.17865, Zeitstempel: 0x505b00f4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000264
Fehleroffset: 0x000a2525
ID des fehlerhaften Prozesses: 0x924
Startzeit der fehlerhaften Anwendung: 0xSLVoice.exe0
Pfad der fehlerhaften Anwendung: SLVoice.exe1
Pfad des fehlerhaften Moduls: SLVoice.exe2
Berichtskennung: SLVoice.exe3
Error: (04/21/2014 00:54:09 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SLVoice.exe, Version: 4.5.9.17865, Zeitstempel: 0x505b00f4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000264
Fehleroffset: 0x000a2525
ID des fehlerhaften Prozesses: 0x11d4
Startzeit der fehlerhaften Anwendung: 0xSLVoice.exe0
Pfad der fehlerhaften Anwendung: SLVoice.exe1
Pfad des fehlerhaften Moduls: SLVoice.exe2
Berichtskennung: SLVoice.exe3
System errors:
=============
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 8%
Total physical RAM: 32729.05 MB
Available physical RAM: 29949.6 MB
Total Pagefile: 65456.27 MB
Available Pagefile: 62636.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:59.62 GB) (Free:18.62 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data1) (Fixed) (Total:931.51 GB) (Free:643.72 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 60 GB) (Disk ID: 1B9F7518)
Partition 1: (Active) - (Size=60 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 1B9F7515)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
25.04.2014, 12:12
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7 (64-Bit): Avast wird durch Gruppenrichtlinien blockiert Okay, dann bitte Kontrollscans mit MBAM und ESET bitte: Downloade Dir bitte  Malwarebytes Anti-Malware
ESET Online Scanner
__________________ --> Windows 7 (64-Bit): Avast wird durch Gruppenrichtlinien blockiert |
|
26.04.2014, 10:22
| #22 |
| | Windows 7 (64-Bit): Avast wird durch Gruppenrichtlinien blockiert So, hier also die Logs von MBAM und ESET. MBAM Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 26.04.2014 Suchlauf-Zeit: 10:13:49 Logdatei: mbam2.txt Administrator: Ja Version: 2.00.1.1004 Malware Datenbank: v2014.04.26.01 Rootkit Datenbank: v2014.03.27.01 Lizenz: Premium Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Chameleon: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Viola Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 294940 Verstrichene Zeit: 6 Min, 55 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 1 PUP.Optional.WebsSearches.A, C:\Users\Viola\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "search_url": "hxxp://istart.webssearches.com/web/?type=ds&ts=1397653289&from=tugs&uid=M4-CT064M4SSD2_00000000120609190661&q={searchTerms}",), Ersetzt,[dd238f7140c01fe19bc79bc0956fd32d] Physische Sektoren: 0 (No malicious items detected) (end) ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=fbc0fcfc2691b74186221cc3af286c9d
# engine=18039
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-26 09:15:42
# local_time=2014-04-26 11:15:42 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=771 16777213 83 67 2171438 2235690 0 0
# compatibility_mode=5893 16776573 100 94 74127 150133592 0 0
# scanned=298946
# found=2
# cleaned=0
# scan_time=3117
sh=8405853EB6516C8F45A313D9C0924051CA877538 ft=1 fh=048c9f26147e5502 vn="a variant of Win32/AdWare.Lollipop.U application" ac=I fn="C:\Users\Viola\AppData\Local\Temp\c6261fb5-930c-47be-951e-39ae529b1fa5\software\LollipopInstaller_uni.exe"
sh=08AACAA579099EB10879AC6B90E6D39CFC398A1A ft=1 fh=2b5e415f204ff3b2 vn="Win32/SpeedingUpMyPC.I application" ac=I fn="C:\Users\Viola\AppData\Local\Temp\c6261fb5-930c-47be-951e-39ae529b1fa5\software\OptimizerPro.exe"
|
|
26.04.2014, 12:00
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7 (64-Bit): Avast wird durch Gruppenrichtlinien blockiert Nur Reste TFC - Temp File Cleaner Lade dir  TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
Sieht soweit ok aus  Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ist aber nur optional. Um Usertracking zu verhindern kann man gut die Firefox-Erweiterung Ghostery verwenden. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.04.2014, 13:23
| #24 |
| | Windows 7 (64-Bit): Avast wird durch Gruppenrichtlinien blockiert So, nun auch das mit dem TFC erledigt. Und was das System angeht, so gibt’s noch immer das kleine Problem, mit dem es wohl anfing. Ich dachte es würde sich mit der Bereinigung legen, das Google Chrome sporadisch auf ein "falsches Java-Update" verweist, doch dies scheint nicht der Fall zu sein. Das hat meine Frau damals wohl auch angeklickt und sich den Mist damit eingefangen. Sie sagte mir vor ca. 10 Minuten, dass dies immer noch sporadisch auftaucht und die offene Website dann einfach beendet. |
|
27.04.2014, 21:19
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7 (64-Bit): Avast wird durch Gruppenrichtlinien blockiert Teste mal mit einem neuen Chrome-Profil
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.05.2014, 12:15
| #26 |
| | Windows 7 (64-Bit): Avast wird durch Gruppenrichtlinien blockiert Sorry das ich erst nun Antworte, aber wollte erst testen, ob das neue Profil in Chrome das Problem aus der Welt schafft. Hat funktioniert! Daher nochmals vielen Dank für die professionelle Hilfe! |
|
02.05.2014, 12:28
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7 (64-Bit): Avast wird durch Gruppenrichtlinien blockiert Dann wären wir durch! Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board Die Programme, die hier zum Einsatz kamen, können alle deinstalliert werden. Es empfiehlt sich Malwarebytes Anti-Malware zu behalten und damit wöchentlich nach Malware zu scannen. Helfen kann dir dabei delfix: Die Reihenfolge ist hier entscheidend.
Bitte abschließend noch die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => Browsers and Plugins - FilePony.de Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
Linear-Darstellung
