Firefox wird von Werbung zugespammt ("Ads by ss8" und jetzt "Ads bei info")

luba9086 · 14.09.2014, 17:07

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
Ran by Heinz Bastong at 2014-09-14 17:55:42 Run:2
Running from H:\
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
emptytemp:
         
*****************

EmptyTemp: => Removed 2.2 GB temporary data.


The system needed a reboot. 

==== End of Fixlog ====

Ja es gibt immer noch Werbung en masse. Habe lediglich die Setup-Dateien gelöscht, soll ich auch die Programme deinstallieren, die damit einher gehen wie FreeYouTubeDownload Version etc? Habe nur den Eintrag Adobe ActiveX deinstalliert und nicht Adobe Flash Player Plugin 15.

Warlord711 · 15.09.2014, 13:37

Und bitte neue FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken

luba9086 · 15.09.2014, 14:12

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Heinz Bastong (administrator) on HEINZ on 15-09-2014 15:09:50
Running from H:\
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dropbox, Inc.) C:\Users\Heinz Bastong\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2012-01-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-29] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-353695896-3404839591-790940340-1000\...\MountPoints2: {b61f33c4-b32b-11e2-b797-806e6f6e6963} - Q:\LenovoQDrive.exe
Startup: C:\Users\Heinz Bastong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Heinz Bastong\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkcentre
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkcentre
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {1709494B-9679-4C2A-B049-67B072977AE6} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKCU - {1709494B-9679-4C2A-B049-67B072977AE6} URL = hxxp://www.sm.de/?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Heinz Bastong\AppData\Roaming\Mozilla\Firefox\Profiles\zmn9tnpu.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: captiondownloaderhiephmcom - C:\Users\Heinz Bastong\AppData\Roaming\Mozilla\Firefox\Profiles\zmn9tnpu.default\Extensions\captiondownloader@hiephm.com [2014-09-06]
FF Extension: Adblock Plus - C:\Users\Heinz Bastong\AppData\Roaming\Mozilla\Firefox\Profiles\zmn9tnpu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-02]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-07-02]
FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client

Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> SuchMaschine
CHR DefaultSearchProvider: Default -> SuchMaschine
CHR DefaultSearchURL: Default -> hxxp://www.sm.de/?q={searchTerms}
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\Heinz Bastong\AppData\Local\Google\Chrome\User Data\default
CHR Extension: (Docs) - C:\Users\Heinz Bastong\AppData\Local\Google\Chrome\User Data\default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-06]
CHR Extension: (Google Drive) - C:\Users\Heinz Bastong\AppData\Local\Google\Chrome\User Data\default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-06]
CHR Extension: (YouTube) - C:\Users\Heinz Bastong\AppData\Local\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-06]
CHR Extension: (Google-Suche) - C:\Users\Heinz Bastong\AppData\Local\Google\Chrome\User Data\default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-06]
CHR Extension: (avast! Online Security) - C:\Users\Heinz Bastong\AppData\Local\Google\Chrome\User Data\default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-06]
CHR Extension: (Google Wallet) - C:\Users\Heinz Bastong\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-06]
CHR Extension: (Google Mail) - C:\Users\Heinz Bastong\AppData\Local\Google\Chrome\User Data\default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-06] (AVAST Software)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-06] ()
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116480 2014-09-10] (AVM Berlin)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-13 09:20 - 2014-09-13 09:35 - 00000492 _____ () C:\Users\Heinz Bastong\Desktop\scan.txt
2014-09-11 12:57 - 2014-09-11 12:57 - 00001915 _____ () C:\Users\Heinz Bastong\Desktop\JRT.txt
2014-09-11 12:51 - 2014-09-11 12:51 - 01016261 _____ (Thisisu) C:\Users\Heinz Bastong\Downloads\JRT.exe
2014-09-11 12:51 - 2014-09-11 12:51 - 00000000 ____D () C:\Windows\ERUNT
2014-09-11 12:47 - 2014-09-11 12:47 - 01370483 _____ () C:\Users\Heinz Bastong\Downloads\adwcleaner_3.309(3).exe
2014-09-11 11:24 - 2014-09-11 11:24 - 01370483 _____ () C:\Users\Heinz Bastong\Downloads\adwcleaner_3.309(2).exe
2014-09-11 11:21 - 2014-09-15 15:09 - 00000000 ____D () C:\FRST
2014-09-11 09:48 - 2014-09-11 09:48 - 01370483 _____ () C:\Users\Heinz Bastong\Downloads\adwcleaner_3.309(1).exe
2014-09-11 09:31 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-11 09:30 - 2014-09-11 12:49 - 00000000 ____D () C:\AdwCleaner
2014-09-11 09:30 - 2014-09-11 09:30 - 01370467 _____ () C:\Users\Heinz Bastong\Downloads\adwcleaner_3.309.exe
2014-09-10 22:23 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 22:23 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 22:23 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 22:23 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 22:23 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 22:23 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 22:23 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 22:23 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 22:23 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 22:23 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 22:23 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 22:23 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 22:23 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 22:23 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 22:23 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 22:23 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 22:23 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 22:23 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 22:23 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 22:23 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 22:23 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 22:23 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 22:23 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 22:23 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 22:23 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 22:23 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 22:23 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 22:23 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 22:23 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 22:23 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 22:23 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 22:23 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 22:23 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 22:23 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 22:23 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 22:23 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 22:23 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 22:23 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 22:23 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 22:23 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 22:23 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 22:23 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 22:23 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 22:23 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 22:23 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 22:23 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 22:23 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 22:23 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 22:23 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 22:23 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 22:23 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 22:23 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 22:23 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 22:23 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 22:23 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 22:23 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 22:20 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 22:20 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 21:51 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 21:51 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 21:51 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 21:51 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 21:50 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 21:50 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 21:50 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 21:50 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 21:50 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 21:50 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 21:50 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 20:37 - 2014-09-11 19:06 - 00000000 ____D () C:\Users\Heinz Bastong\AppData\Local\Deployment
2014-09-10 20:37 - 2014-09-10 20:38 - 00004124 _____ () C:\Windows\avmacc.log
2014-09-10 20:37 - 2014-09-10 20:37 - 00116480 _____ (AVM Berlin) C:\Windows\system32\Drivers\avmaura.sys
2014-09-08 16:26 - 2014-09-11 13:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-08 16:26 - 2014-09-08 16:26 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-08 16:26 - 2014-09-08 16:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-08 16:26 - 2014-09-08 16:26 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-09-08 16:26 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-08 16:26 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-08 16:26 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-08 16:25 - 2014-09-08 16:25 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Heinz Bastong\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-01 22:16 - 2014-09-01 22:16 - 00003180 _____ () C:\Windows\System32\Tasks\{5C16D2AD-B0E9-4966-AEED-42A32362FF33}
2014-09-01 22:09 - 2014-09-05 10:00 - 00000000 ___HD () C:\Users\Public\Temp
2014-08-30 16:00 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-30 16:00 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-30 16:00 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-30 15:55 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-30 15:55 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-30 15:55 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-30 15:55 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-30 15:54 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-30 15:54 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-30 15:54 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-30 15:54 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-30 15:54 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-30 15:54 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-30 15:54 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-30 15:54 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-30 15:54 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-30 15:54 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-20 10:36 - 2014-08-20 10:36 - 00323600 _____ (Dropbox, Inc.) C:\Users\Heinz Bastong\Downloads\DropboxInstaller.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-15 15:09 - 2014-09-11 11:21 - 00000000 ____D () C:\FRST
2014-09-15 15:08 - 2013-07-02 17:05 - 01789015 _____ () C:\Windows\WindowsUpdate.log
2014-09-15 14:56 - 2013-07-17 21:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-15 11:40 - 2014-08-01 10:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-15 10:58 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-09-15 08:34 - 2009-07-14 06:45 - 00034208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-15 08:34 - 2009-07-14 06:45 - 00034208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-15 08:28 - 2013-07-03 19:30 - 00000000 ___RD () C:\Users\Heinz Bastong\Dropbox
2014-09-15 08:28 - 2013-07-03 19:27 - 00000000 ____D () C:\Users\Heinz Bastong\AppData\Roaming\Dropbox
2014-09-15 08:27 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-15 08:27 - 2009-07-14 06:51 - 00088944 _____ () C:\Windows\setupact.log
2014-09-14 17:58 - 2010-11-21 05:47 - 00969590 _____ () C:\Windows\PFRO.log
2014-09-14 17:44 - 2013-07-02 18:44 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-13 09:35 - 2014-09-13 09:20 - 00000492 _____ () C:\Users\Heinz Bastong\Desktop\scan.txt
2014-09-12 14:52 - 2012-12-25 16:17 - 00702980 _____ () C:\Windows\system32\perfh007.dat
2014-09-12 14:52 - 2012-12-25 16:17 - 00150620 _____ () C:\Windows\system32\perfc007.dat
2014-09-12 14:52 - 2009-07-14 07:13 - 01629444 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-11 19:06 - 2014-09-10 20:37 - 00000000 ____D () C:\Users\Heinz Bastong\AppData\Local\Deployment
2014-09-11 15:25 - 2014-02-27 22:13 - 01648918 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-11 13:07 - 2014-09-08 16:26 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-11 12:57 - 2014-09-11 12:57 - 00001915 _____ () C:\Users\Heinz Bastong\Desktop\JRT.txt
2014-09-11 12:51 - 2014-09-11 12:51 - 01016261 _____ (Thisisu) C:\Users\Heinz Bastong\Downloads\JRT.exe
2014-09-11 12:51 - 2014-09-11 12:51 - 00000000 ____D () C:\Windows\ERUNT
2014-09-11 12:49 - 2014-09-11 09:30 - 00000000 ____D () C:\AdwCleaner
2014-09-11 12:47 - 2014-09-11 12:47 - 01370483 _____ () C:\Users\Heinz Bastong\Downloads\adwcleaner_3.309(3).exe
2014-09-11 12:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-11 11:24 - 2014-09-11 11:24 - 01370483 _____ () C:\Users\Heinz Bastong\Downloads\adwcleaner_3.309(2).exe
2014-09-11 10:09 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\schemas
2014-09-11 09:48 - 2014-09-11 09:48 - 01370483 _____ () C:\Users\Heinz Bastong\Downloads\adwcleaner_3.309(1).exe
2014-09-11 09:30 - 2014-09-11 09:30 - 01370467 _____ () C:\Users\Heinz Bastong\Downloads\adwcleaner_3.309.exe
2014-09-10 22:22 - 2013-08-14 23:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 22:20 - 2014-05-06 20:26 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 22:20 - 2013-07-15 15:16 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 20:38 - 2014-09-10 20:37 - 00004124 _____ () C:\Windows\avmacc.log
2014-09-10 20:37 - 2014-09-10 20:37 - 00116480 _____ (AVM Berlin) C:\Windows\system32\Drivers\avmaura.sys
2014-09-10 20:37 - 2013-08-12 10:07 - 00000000 ____D () C:\Users\Heinz Bastong\AppData\Local\Apps\2.0
2014-09-10 14:32 - 2013-07-17 21:07 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 14:32 - 2013-07-02 19:06 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 14:32 - 2013-07-02 19:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-08 16:51 - 2012-12-25 07:48 - 00000000 ____D () C:\Windows\de
2014-09-08 16:26 - 2014-09-08 16:26 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-08 16:26 - 2014-09-08 16:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-08 16:26 - 2014-09-08 16:26 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-09-08 16:25 - 2014-09-08 16:25 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Heinz Bastong\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-06 22:00 - 2013-10-06 17:44 - 00000000 ____D () C:\Users\Heinz Bastong\AppData\Roaming\vlc
2014-09-05 10:00 - 2014-09-01 22:09 - 00000000 ___HD () C:\Users\Public\Temp
2014-09-05 04:10 - 2014-09-10 21:50 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 04:05 - 2014-09-10 21:50 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-02 18:17 - 2009-07-14 04:34 - 00000580 _____ () C:\Windows\win.ini
2014-09-02 15:33 - 2014-07-30 10:58 - 00000000 ____D () C:\Users\Heinz Bastong\AppData\Roaming\Audacity
2014-09-01 22:23 - 2014-03-02 17:33 - 00001171 _____ () C:\Users\Heinz Bastong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-01 22:23 - 2013-07-02 18:37 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-01 22:23 - 2013-07-02 17:08 - 00001432 _____ () C:\Users\Heinz Bastong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-01 22:16 - 2014-09-01 22:16 - 00003180 _____ () C:\Windows\System32\Tasks\{5C16D2AD-B0E9-4966-AEED-42A32362FF33}
2014-09-01 22:08 - 2012-12-25 07:44 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-31 03:17 - 2009-07-14 06:45 - 00437104 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-30 15:55 - 2013-07-02 17:45 - 00000000 ____D () C:\Users\Heinz Bastong\AppData\Roaming\HpUpdate
2014-08-23 04:07 - 2014-08-30 16:00 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-30 16:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-30 16:00 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 19:42 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-21 10:33 - 2013-07-02 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-08-20 10:37 - 2013-07-03 19:29 - 00000000 ____D () C:\Users\Heinz Bastong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-20 10:36 - 2014-08-20 10:36 - 00323600 _____ (Dropbox, Inc.) C:\Users\Heinz Bastong\Downloads\DropboxInstaller.exe
2014-08-19 20:05 - 2014-09-10 22:23 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 19:39 - 2014-09-10 22:23 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-19 01:01 - 2014-09-10 22:23 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 00:29 - 2014-09-10 22:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-19 00:29 - 2014-09-10 22:23 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-19 00:26 - 2014-09-10 22:23 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-19 00:20 - 2014-09-10 22:23 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-19 00:19 - 2014-09-10 22:23 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-19 00:15 - 2014-09-10 22:23 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-19 00:15 - 2014-09-10 22:23 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-19 00:14 - 2014-09-10 22:23 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-19 00:14 - 2014-09-10 22:23 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-19 00:08 - 2014-09-10 22:23 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-19 00:08 - 2014-09-10 22:23 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-19 00:08 - 2014-09-10 22:23 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-19 00:05 - 2014-09-10 22:23 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-19 00:03 - 2014-09-10 22:23 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-19 00:03 - 2014-09-10 22:23 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-19 00:03 - 2014-09-10 22:23 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 23:57 - 2014-09-10 22:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-18 23:56 - 2014-09-10 22:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 23:51 - 2014-09-10 22:23 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 23:46 - 2014-09-10 22:23 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-18 23:45 - 2014-09-10 22:23 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 23:45 - 2014-09-10 22:23 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-18 23:44 - 2014-09-10 22:23 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-18 23:44 - 2014-09-10 22:23 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-18 23:42 - 2014-09-10 22:23 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-18 23:40 - 2014-09-10 22:23 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 23:39 - 2014-09-10 22:23 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 23:39 - 2014-09-10 22:23 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-18 23:39 - 2014-09-10 22:23 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-18 23:38 - 2014-09-10 22:23 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 23:37 - 2014-09-10 22:23 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-18 23:36 - 2014-09-10 22:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-18 23:35 - 2014-09-10 22:23 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-18 23:27 - 2014-09-10 22:23 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-18 23:25 - 2014-09-10 22:23 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 23:25 - 2014-09-10 22:23 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 23:23 - 2014-09-10 22:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 23:23 - 2014-09-10 22:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 23:22 - 2014-09-10 22:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 23:19 - 2014-09-10 22:23 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-18 23:17 - 2014-09-10 22:23 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-18 23:17 - 2014-09-10 22:23 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-18 23:16 - 2014-09-10 22:23 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 23:15 - 2014-09-10 22:23 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-18 23:15 - 2014-09-10 22:23 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 23:09 - 2014-09-10 22:23 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-18 23:08 - 2014-09-10 22:23 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-18 23:07 - 2014-09-10 22:23 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-18 22:55 - 2014-09-10 22:23 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 22:46 - 2014-09-10 22:23 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-18 22:38 - 2014-09-10 22:23 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-18 22:38 - 2014-09-10 22:23 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-18 22:36 - 2014-09-10 22:23 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-16 11:10 - 2014-06-01 19:45 - 00000000 ____D () C:\Users\Heinz Bastong\Documents\Urlaub 2014 am Bodensee

Some content of TEMP:
====================
C:\Users\Heinz Bastong\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxg_tvt.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-06 11:18

==================== End Of Log ============================

--- --- ---

Addition

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-09-2014
Ran by Heinz Bastong at 2014-09-15 15:10:22
Running from H:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
CanoScan LiDE 210 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4809) (Version:  - Canon Inc.)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)
Free YouTube Download version 3.2.33.424 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.33.424 - DVDVideoSoft Ltd.)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8100 - Grundlegende Software für das Gerät (HKLM\...\{312A65D1-64B1-4E81-85C0-85BE743A6550}) (Version: 25.0.617.0 - Hewlett-Packard Co.)
HP Officejet Pro 8100 Hilfe (HKLM-x32\...\{65038824-6DC7-4A44-828A-D7A7F04CD61B}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x86) ENU  (HKLM-x32\...\{FF63121D-91C6-42CC-B341-F1AA729728E7}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x86) ENU  (HKLM-x32\...\{D3A80508-CD83-4CA3-8671-914A1BC78B61}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
OJPro8100FWUpdateAlert (x32 Version: 1.00.0000 - HP) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6543 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.08.82 - Akademische Arbeitsgemeinschaft)
Untis 2015 (HKLM-x32\...\Untis 2015) (Version: 2015 - Gruber&Petters)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Intel Corporation (igfx) Display  (03/19/2012 8.15.10.2696) (HKLM\...\6AF882A8E50505CE490495746E271C3F586F9110) (Version: 03/19/2012 8.15.10.2696 - Intel Corporation)
Windows-Treiberpaket - Intel hdc  (09/10/2010 9.2.0.1011) (HKLM\...\171901D8B4D5484C362A709BF264A50F065A14FB) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows-Treiberpaket - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows-Treiberpaket - Intel System  (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows-Treiberpaket - Intel System  (11/20/2010 9.2.0.1016) (HKLM\...\43B5066463CEBC83E99586A67037B6F9FC4193FE) (Version: 11/20/2010 9.2.0.1016 - Intel)
Windows-Treiberpaket - Intel USB  (12/21/2010 9.2.0.1021) (HKLM\...\0DD5528A211904214F70A66DE6ADBD378B21566D) (Version: 12/21/2010 9.2.0.1021 - Intel)
Windows-Treiberpaket - Realtek (RTL8167) Net  (11/23/2011 7.050.1123.2011) (HKLM\...\93D0B653D730EB57C01C763D1BE4E63ABC9204F0) (Version: 11/23/2011 7.050.1123.2011 - Realtek)
Windows-Treiberpaket - Realtek Semiconductor Corp. HD Audio Driver (01/03/2012 6.0.1.6543) (HKLM\...\5DE3700033F94FCFD8726BE46A6727E460254CD5) (Version: 01/03/2012 6.0.1.6543 - Realtek Semiconductor Corp.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-353695896-3404839591-790940340-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Heinz Bastong\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-353695896-3404839591-790940340-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Heinz Bastong\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-353695896-3404839591-790940340-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Heinz Bastong\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-353695896-3404839591-790940340-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Heinz Bastong\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-353695896-3404839591-790940340-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Heinz Bastong\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-353695896-3404839591-790940340-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Heinz Bastong\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-353695896-3404839591-790940340-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Heinz Bastong\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-353695896-3404839591-790940340-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Heinz Bastong\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-353695896-3404839591-790940340-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Heinz Bastong\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

01-09-2014 20:07:37 Uniblue SpeedUpMyPC installation
01-09-2014 20:14:42 Removed SyncToy 2.1 (x86)
05-09-2014 09:01:54 Windows Update
09-09-2014 11:03:13 Windows Update
10-09-2014 18:37:49 Gerätetreiber-Paketinstallation: AVM Berlin AVM USB-Fernanschluss
10-09-2014 20:19:56 Windows Update
14-09-2014 15:53:00 Removed Adobe Flash Player 10 ActiveX.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01DACE7C-09FF-4F0A-910A-70AB1A9FF45C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {11C8C501-4A4D-4E45-A53A-B5604A50B3E9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {18DEAE1A-1CE9-4865-A09B-F07919830560} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-01-21] (Microsoft)
Task: {3A86D228-4230-4B3C-A558-10694A6CD184} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {6B51AEA1-3143-480D-811F-47C63C8B8D6D} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
Task: {6EF6376B-064D-415F-B977-DF57F57FD9CE} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-06] (AVAST Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2008-10-24 17:35 - 2008-10-24 17:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2012-12-25 16:14 - 2012-03-19 09:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-07-06 18:48 - 2014-07-06 18:48 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-14 17:44 - 2014-09-14 17:44 - 02862592 _____ () C:\Program Files\AVAST Software\Avast\defs\14091401\algo.dll
2014-09-15 08:28 - 2014-09-15 08:28 - 00043008 _____ () c:\Users\Heinz Bastong\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxg_tvt.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Heinz Bastong\AppData\Roaming\Dropbox\bin\libcef.dll
2014-07-06 18:48 - 2014-07-06 18:48 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-09-11 09:59 - 2014-09-11 09:59 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\27372090b75ca919048606aad2206bf4\IsdiInterop.ni.dll
2012-12-25 07:32 - 2012-02-01 17:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-12-25 07:30 - 2011-12-16 04:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-08-01 10:15 - 2014-08-01 10:15 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-09-10 14:32 - 2014-09-10 14:32 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Heinz Bastong\AppData\Roaming\Kommagetrennte Werte (Windows).EML:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/15/2014 08:28:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/14/2014 05:59:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/14/2014 05:55:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x530
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (09/14/2014 05:51:48 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/14/2014 05:47:32 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/14/2014 05:44:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/13/2014 09:03:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/12/2014 07:46:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/12/2014 07:21:44 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/12/2014 02:55:11 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (09/15/2014 03:09:33 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (09/15/2014 03:09:32 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (09/15/2014 03:09:32 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (09/14/2014 05:59:05 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (09/14/2014 05:59:05 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (09/14/2014 05:59:04 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (09/14/2014 05:59:04 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (09/11/2014 01:18:06 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (09/11/2014 01:05:55 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.

Error: (09/11/2014 01:05:54 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3470S CPU @ 2.90GHz
Percentage of memory in use: 65%
Total physical RAM: 3917.79 MB
Available physical RAM: 1332.61 MB
Total Pagefile: 7833.75 MB
Available Pagefile: 5045.42 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:445.06 GB) (Free:173.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (My Passport) (Fixed) (Total:298.02 GB) (Free:88.18 GB) FAT32
Drive h: (LUSB) (Removable) (Total:7.56 GB) (Free:7.52 GB) NTFS
Drive q: (Lenovo_Recovery) (Fixed) (Total:19.53 GB) (Free:9.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: E43AA1B7)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=445.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 298.1 GB) (Disk ID: 44FDFE06)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=0C)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 7.6 GB) (Disk ID: 4DF552B1)
Partition 1: (Active) - (Size=7.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Warlord711 · 15.09.2014, 14:21

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

SearchScopes: HKLM - {1709494B-9679-4C2A-B049-67B072977AE6} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKCU - {1709494B-9679-4C2A-B049-67B072977AE6} URL = hxxp://www.sm.de/?q={searchTerms}

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Hmm, kannst mir kurz beschreiben, wie und wo die Werbung erscheint ?

Welcher Browser ?

luba9086 · 15.09.2014, 15:02

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
Ran by Heinz Bastong at 2014-09-15 15:38:18 Run:3
Running from H:\
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - {1709494B-9679-4C2A-B049-67B072977AE6} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKCU - {1709494B-9679-4C2A-B049-67B072977AE6} URL = hxxp://www.sm.de/?q={searchTerms}
         
*****************

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1709494B-9679-4C2A-B049-67B072977AE6}" => Key deleted successfully.
"HKCR\CLSID\{1709494B-9679-4C2A-B049-67B072977AE6}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1709494B-9679-4C2A-B049-67B072977AE6}" => Key deleted successfully.
"HKCR\CLSID\{1709494B-9679-4C2A-B049-67B072977AE6}" => Key not found.

==== End of Fixlog ====

Der verwendete Browser ist Mozilla Firefox in neuester Version. Werbung erscheint ungewollt in neuen Tabs, öffnet sich meistens, wenn ich auf Links klicke. Zum Beispiel von McAfee

Code:

ATTFilter

hxxp://zym.tollbahsuburban.com/sd/dw32.html?u=http%3A%2F%2Fplh.tractionize.com%2FWhiteLabelBidRequestHandlerServlet%3Foid%3D1%26width%3D1%26height%3D100%26pubid%3D9700%26tagid%3D1043%26noaop%3D1%26revmod%3DCRD%26cb%3Dcybabw%26encoded%3D1%26cirf%3Dhttp%3A%2F%2Fwww.trojaner-board.de%2F158571-firefox-werbung-zugespammt-ads-by-ss8-ads-info-2.html%26pstn%3D97001043&p=Info&a=&c=9700-1043&b=firefox&bv=32&t1=1410789111723&tt=1410789111723&r=www.trojaner-board.de&ua=0&n=convertmedia&sn=&mpa=0&mp=0

Es gibt auch Werbebanner, Werbelinks und auf manchen Seiten auch Werbeeinblendungen z.B. auf amazon. Hier ein Screenshot von der Seite trojaner-board mit Werbung:

https://dl.dropboxusercontent.com/u/23888891/Werbung.jpg

Warlord711 · 15.09.2014, 16:34

Hast oder hattest du mal Symantec VPN installiert ?

luba9086 · 15.09.2014, 17:42

Nein, definitiv nicht.

Warlord711 · 16.09.2014, 08:21

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

folder: C:\Program Files (x86)\Symantec\VIP Access Client

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Warlord711 · 16.09.2014, 08:22

Zitat:

Zitat von Warlord711

Hast oder hattest du mal Symantec VPN installiert ?

VIP Access Client meinte ich, sorry.

luba9086 · 16.09.2014, 09:33

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
Ran by Heinz Bastong at 2014-09-16 10:32:14 Run:4
Running from H:\
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
folder: C:\Program Files (x86)\Symantec\VIP Access Client
         
*****************


========================= folder: C:\Program Files (x86)\Symantec\VIP Access Client ========================

Directory Not Found

==== End of Fixlog ====

Warlord711 · 16.09.2014, 10:30

OK mal testen:

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schreib mal obs danach weg ist.

luba9086 · 16.09.2014, 11:02

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
Ran by Heinz Bastong at 2014-09-16 11:56:35 Run:5
Running from H:\
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
         
*****************

HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\VIP2X@verisign.com => value deleted successfully.

==== End of Fixlog ====

Schade...nein, immer noch nicht weg. Scheint alles noch da zu sein.

Warlord711 · 16.09.2014, 11:16

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

FF Extension: captiondownloaderhiephmcom - C:\Users\Heinz Bastong\AppData\Roaming\Mozilla\Firefox\Profiles\zmn9tnpu.default\Extensions\captiondownloader@hiephm.com [2014-09-06]

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Und direkt nochmal testen.

luba9086 · 16.09.2014, 11:50

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
Ran by Heinz Bastong at 2014-09-16 12:45:26 Run:6
Running from H:\
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
FF Extension: captiondownloaderhiephmcom - C:\Users\Heinz Bastong\AppData\Roaming\Mozilla\Firefox\Profiles\zmn9tnpu.default\Extensions\captiondownloader@hiephm.com [2014-09-06]
         
*****************

C:\Users\Heinz Bastong\AppData\Roaming\Mozilla\Firefox\Profiles\zmn9tnpu.default\Extensions\captiondownloader@hiephm.com => Moved successfully.

==== End of Fixlog ====

Erfolg! Werbung scheint vollständig abhanden gekommen zu sein. Hab mehrere Seiten ausprobiert und konnte normal surfen.

Warlord711 · 16.09.2014, 12:13

Ok. Der hat sich recht gut versteckt, wenn ich hatte den Eintrag eigenlich als legitim eingestuft: SystemLookup

Kann passieren...aber nur einmal ;-P

Dann wären wir durch.

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.

Ändere regelmäßig alle deine Passwörter, jetzt, nach der Bereinigung ist ein idealer Zeitpunkt dafür

verwende für jede Anwendung und jeden Account ein anderes Passwort
ändere regelmäßig dein Passwort, vor allem bei Onlinebanking oder deinem Emailpostfach ist dieses sehr wichtig
speichere keine Passwörter auf deinem PC, gib diese nicht an dritte weiter
ein sicheres Passwort besteht aus mindestens 8 Zeichen und beinhaltet Groß- und Kleinbuchstaben, Zahlen und Sonderzeichen
benutze keine Zahlen- oder Buchstabenkombinationen, ( zB 12345678, qwertzui) auch keine Zahlen oder Buchstabenmuster
verwende keine Passwörter die einen Bezug zu dir, deinem Wohnort, Familienmitglied oder Haustier (Geburtsdatum, Postleitzahl, Adresse, Name) haben

Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7 / 8 : Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti-Viren-Programm und zusätzlicher Schutz

Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist!
MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
AdwCleaner
Dieses Tool erkennt eine Vielzahl von Werbeprogrammen (Adware) und unerwümschten Programmen (PUPs).
Starte das Tool einmal die Woche und lass es laufen. Sollte eine neue Version verfügbar sein, so wird dies angezeigt und du kannst dir die neueste Version direkt auf den Desktop downloaden.
SpywareBlaster
Eine kurze Einführung findest du Hier
WOT (Web of trust)
Dieses AddOn warnt dich, bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Mozilla Firefox

Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
NoScript
Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
AdblockPlus
Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
Es spart außerdem Downloadkapazität.

Performance

Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von Registry Cleanern.
Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
Miekemoes Blogspot ( MVP )

Was du vermeiden solltest:

Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.
Lade keine Software von Softonic oder Chip herunter, da diese Installer oft mit Adware oder unerünschter Software versehen sind!

Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

15.09.2014, 13:37	#17
Warlord711 /// TB-Ausbilder	Firefox wird von Werbung zugespammt ("Ads by ss8" und jetzt "Ads bei info") Und bitte neue FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken __________________ __________________

15.09.2014, 16:34	#21
Warlord711 /// TB-Ausbilder	Firefox wird von Werbung zugespammt ("Ads by ss8" und jetzt "Ads bei info") Hast oder hattest du mal Symantec VPN installiert ? __________________ --> Firefox wird von Werbung zugespammt ("Ads by ss8" und jetzt "Ads bei info")

Firefox wird von Werbung zugespammt ("Ads by ss8" und jetzt "Ads bei info")

Log-Analyse und Auswertung: Firefox wird von Werbung zugespammt ("Ads by ss8" und jetzt "Ads bei info")