Hallo,

immer, wenn ich ins Internet gehe meldet mir Avast einen Virus, unter anderem auch, wenn ich "FRST" downloaden will. Beim Download von "GMER"war alles in Ordnung. Beim drücken von "disable" in "defogger" erscheint nur ein schwarzes Fenster mit einem Cursor links oben, sonst nichts. Ist das normal, oder ist da irgendwas schiefgelaufen?

Ansonsten hab ich mehrere Scans mit mehreren Programmen durchgeführt ( Avast, Malwarebytes, AdwareCleaner, CCleaner, SuperAntiSpyware und TFC)

Avast: Funde
AdWare: Funde
Malwarebytes: neuester Scan brachte keine Funde, jedoch wurde bei einem Scan mit einer älteren Version etws gefunden. Das logfile dazu ist mir aber beim installieren der neuesten Version verloren gegangen.
SuperAntiSpyware: keine Funde
TFC und CCleaner: Datenmüll wurde gelöscht, wobei ich noch dazusagen muß, daß ich bei CCleaner keine Registry-säuberung durchgeführt habe.

Jetzt ist eure Hilfe gefragt! Ich muß mich allerdings gleich im Voraus dafür entschuldigen, wenns bei mir etwas länger dauert, weil ich berufstätig bin und deshalb sehr eingeschränkt Zeit habe. Aber ich hoffe, ihr könnt mir das nachsehen.

Würde mich sehr freuen, wenn ihr mich trotzdem tatkräftig unterstützen würdet!

MfG Fonsi

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!



Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

• Starte jetzt FRST.
• Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
• Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
• Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

• Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
• Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
• Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
• Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Log Gmer!

[CODE]GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-01-26 09:45:00
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\0000005d WDC_WD50 rev.17.0 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Fonsi\AppData\Local\Temp\awdoypoc.sys


---- System - GMER 2.1 ----

SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x8BC77AC4]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0x8BD330BA]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x8BC785A2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x8BC8463C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x8BC84688]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x8BC84822]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x8BC845AA]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0x8BD33494]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x8BC845F2]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThread [0x8BD33724]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x8BC847DC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x8BC79390]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x8BC77B2A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0x8BC7CB86]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0x8BC77716]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x8BD33574]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x8BC77B90]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x8BC7CF7C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x8BC79E78]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x8BC84666]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x8BC846AA]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x8BC84846]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x8BC845D0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x8BC7C47E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x8BC8475A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x8BC8461A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x8BC7C86A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x8BC84800]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x8BD33312]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x8BC79CEC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0x8BC79842]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x8BC77BF6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x8BC77C5C]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0x8BD33670]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x8BC777B0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x8BC77982]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x8BC77910]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x8BC7955A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x8BC796BC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x8BC77A0A]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0x8BD333E0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x8BC791EA]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x8BC77CC2]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwWriteVirtualMemory [0x8BD33244]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThreadEx [0x8BD3380E]

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!KeSetEvent + 10D 828E9758 4 Bytes [C4, 7A, C7, 8B]
.text ntkrnlpa.exe!KeSetEvent + 131 828E977C 4 Bytes [BA, 30, D3, 8B]
.text ntkrnlpa.exe!KeSetEvent + 191 828E97DC 4 Bytes [A2, 85, C7, 8B]
.text ntkrnlpa.exe!KeSetEvent + 1D1 828E981C 8 Bytes [3C, 46, C8, 8B, 88, 46, C8, ...]
.text ntkrnlpa.exe!KeSetEvent + 1DD 828E9828 4 Bytes [22, 48, C8, 8B]
.text ...
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82A7700F 4 Bytes CALL 8BC7A55F \SystemRoot\system32\drivers\aswSnx.sys
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82A7AC83 4 Bytes CALL 8BC7A575 \SystemRoot\system32\drivers\aswSnx.sys
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8AE0A340, 0x3DB197, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1720] kernel32.dll!SetUnhandledExceptionFilter 771CA9BD 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3552] kernel32.dll!SetUnhandledExceptionFilter 771CA9BD 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }

---- Devices - GMER 2.1 ----

AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 NBVolUp.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy2 NBVolUp.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 NBVolUp.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 NBVolUp.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 NBVolUp.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 NBVolUp.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 NBVolUp.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 NBVolUp.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 NBVolUp.sys
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 NBVol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 NBVol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 NBVol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 NBVol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 NBVol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 NBVol.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy10 NBVolUp.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 NBVol.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy11 NBVolUp.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 NBVol.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy12 NBVolUp.sys
AttachedDevice \Driver\tdx \Device\Udp aswTdi.sys

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----


log adwareCleaner

[CODE]# AdwCleaner v4.108 - Bericht erstellt am 18/01/2015 um 02:30:27
# Aktualisiert 17/01/2015 von Xplode
# Database : 2015-01-13.2 [Live]
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Fonsi - FONSI-PC
# Gestartet von : C:\Users\Fonsi\Downloads\AdwCleaner_4.108.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Users\Fonsi\AppData\Roaming\Mozilla\Firefox\Profiles\j0xf2jdg.default-1401371930054\user.js
Ordner Gefunden : C:\Program Files\ChatZum Toolbar
Ordner Gefunden : C:\ProgramData\d1a44d1000004f58
Ordner Gefunden : C:\Users\Fonsi\AppData\Local\PackageAware
Ordner Gefunden : C:\Users\Fonsi\AppData\Roaming\InetStat

***** [ Tasks ] *****

Task Gefunden : RegistryBooster

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gefunden : HKCU\Software\ChatZum Toolbar
Schlüssel Gefunden : HKCU\Software\InetStat
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\YahooPartnerToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gefunden : HKLM\SOFTWARE\ChatZum Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gefunden : HKLM\SOFTWARE\Driver-Soft
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gefunden : HKLM\SOFTWARE\SupDp
Schlüssel Gefunden : HKLM\SOFTWARE\Uniblue

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16599


-\\ Mozilla Firefox v35.0 (x86 de)

[j0xf2jdg.default-1401371930054] - Zeile gefunden : user_pref("browser.search.searchengine.alias", "mystartsearch");
[j0xf2jdg.default-1401371930054] - Zeile gefunden : user_pref("browser.search.searchengine.iconURL", "hxxp://www.mystartsearch.com/favicon.ico");
[j0xf2jdg.default-1401371930054] - Zeile gefunden : user_pref("browser.search.searchengine.name", "mystartsearch");
[j0xf2jdg.default-1401371930054] - Zeile gefunden : user_pref("browser.search.searchengine.url", "hxxp://www.mystartsearch.com/web/?type=ds&ts=1421048058&from=ima&uid=395049983_266162_B0E9A5E9&q={searchTerms}");
[j0xf2jdg.default-1401371930054] - Zeile gefunden : user_pref("browser.search.selectedEngine", "mystartsearch");
[j0xf2jdg.default-1401371930054] - Zeile gefunden : user_pref("extensions.quick_start.enable_search1", false);
[j0xf2jdg.default-1401371930054] - Zeile gefunden : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

*************************

AdwCleaner[R0].txt - [8356 octets] - [18/01/2015 02:30:27]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8416 octets] ##########

log Malwarebytes

[CODE] Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 25.01.2015
Suchlauf-Zeit: 23:39:49
Logdatei: log 25.01.2015.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.25.11
Rootkit Datenbank: v2015.01.14.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x86
Dateisystem: NTFS
Benutzer: Fonsi

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 311300
Verstrichene Zeit: 11 Min, 12 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


log SuperAntiSpyware

[CODE]SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 01/26/2015 at 00:05 AM

Application Version : 6.0.1168
Database Version : 11723

Scan type : Complete Scan
Total Scan Time : 00:10:16

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Administrator

Memory items scanned : 564
Memory threats detected : 0
Registry items scanned : 32473
Registry threats detected : 0
File items scanned : 13923
File threats detected : 0

============
End of Log
==========

Avast Funde befinden sich in Quarantäne. Kein logfile vorhanden. Könnte nur die gefundenen Schaddateien einzeln aus der Quarantäne exportieren(mit Icon und Namen) und dann einzeln posten.

FRST-Logs fehlen noch. Und die CODE-Tags bitte richtig setzen

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

• Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
• Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
• Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
• Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Kann FRST nicht downloaden, da Avast das verhindert. Avast meldet mir beim Anklicken des Downloads einen Virus.

Sowas nennt man Fehlalarm. Avast deaktivieren, dann mit FRST weitermachen

Muß mich leider vorerst mal verabschieden. Pflicht ruft. Bis später

MfG Fonsi

Guten Abend,
bin wieder da.
hier die logfiles von FRST

log FRST.txt


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-01-2015 01
Ran by Fonsi (administrator) on FONSI-PC on 26-01-2015 23:04:51
Running from C:\Users\Fonsi\Desktop
Loaded Profiles: Fonsi (Available profiles: Fonsi)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
() C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [IndexSearch] => C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM\...\Run: [PDFHook] => C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] => C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-24] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoDriveAutoRun] 0x0000
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2575526705-2737878171-550286687-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2575526705-2737878171-550286687-1000\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation)
HKU\S-1-5-21-2575526705-2737878171-550286687-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2575526705-2737878171-550286687-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Fonsi\AppData\Roaming\Mozilla\Firefox\Profiles\j0xf2jdg.default-1401371930054
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Fonsi\AppData\Roaming\Mozilla\Firefox\Profiles\j0xf2jdg.default-1401371930054\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Fonsi\AppData\Roaming\Mozilla\Firefox\Profiles\j0xf2jdg.default-1401371930054\searchplugins\google-maps.xml
FF HKLM\...\Firefox\Extensions: [{3112ca9c-de6d-4884-a869-9855de68056c}] - C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF Extension: Google Toolbar for Firefox - C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007-11-22]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-03]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-10]
FF HKU\S-1-5-21-2575526705-2737878171-550286687-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Fonsi\AppData\Roaming\Mozilla\Firefox\Profiles\j0xf2jdg.default-1401371930054\extensions\cliqz@cliqz.com

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-01]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-23] (SUPERAntiSpyware.com)
R2 AcerMemUsageCheckService; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [24576 2006-11-12] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-01] (AVAST Software)
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-11-19] (Hewlett-Packard Co.) [File not signed]
U2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-03-25] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-10-19] (Hewlett-Packard Company) [File not signed]
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed]
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-12-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-12-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55240 2014-12-01] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-12-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-12-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-12-01] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57928 2014-12-01] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-12-01] ()
R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2006-12-26] (NewTech Infosystems, Inc.) [File not signed]
R0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [10624 2006-11-10] (HiTRUST) [File not signed]
R0 PSDNServ; C:\Windows\System32\drivers\PSDNServ.sys [7936 2006-11-10] (HiTRUST) [File not signed]
R0 psdvdisk; C:\Windows\System32\drivers\psdvdisk.sys [53760 2006-11-08] (HiTRUST) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 TelekomNM3; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [35040 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
R2 tmcomm; C:\Windows\system32\drivers\tmcomm.sys [102664 2007-08-01] (Trend Micro Inc.)
S2 int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-26 23:04 - 2015-01-26 23:05 - 00013129 _____ () C:\Users\Fonsi\Desktop\FRST.txt
2015-01-26 23:03 - 2015-01-26 23:04 - 00000000 ____D () C:\FRST
2015-01-26 23:02 - 2015-01-26 23:02 - 01120768 _____ (Farbar) C:\Users\Fonsi\Desktop\FRST.exe
2015-01-26 09:03 - 2015-01-26 09:03 - 00380416 _____ () C:\Users\Fonsi\Desktop\Gmer-19357.exe
2015-01-26 08:25 - 2015-01-26 08:25 - 00000472 _____ () C:\Users\Fonsi\Desktop\defogger_disable.log
2015-01-26 08:25 - 2015-01-26 08:25 - 00000000 _____ () C:\Users\Fonsi\defogger_reenable
2015-01-26 00:07 - 2015-01-26 09:46 - 00000000 ____D () C:\Users\Fonsi\Desktop\ExpoPro
2015-01-22 19:46 - 2015-01-22 19:48 - 00000000 ____D () C:\Users\Fonsi\Downloads\Kundenmitteilungen Raiba
2015-01-21 13:35 - 2015-01-21 13:35 - 00050477 _____ () C:\Users\Fonsi\Desktop\Defogger.exe
2015-01-20 14:08 - 2015-01-20 14:08 - 00001223 _____ () C:\mbam suchlauf protokoll.txt
2015-01-19 19:33 - 2015-01-19 19:33 - 00000000 ____D () C:\Users\Fonsi\Downloads\Autoruns
2015-01-19 19:31 - 2015-01-19 19:31 - 00448512 _____ (OldTimer Tools) C:\Users\Fonsi\Downloads\TFC.exe
2015-01-19 14:26 - 2015-01-19 14:26 - 01095584 _____ (Avira Operations GmbH & Co. KG) C:\Users\Fonsi\Downloads\avira_registry_cleaner_de.exe
2015-01-18 09:32 - 2015-01-18 09:32 - 00000814 _____ () C:\Windows\PFRO.log
2015-01-18 02:52 - 2015-01-18 02:52 - 00000808 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-18 02:52 - 2015-01-18 02:52 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-18 02:30 - 2015-01-20 15:48 - 00000000 ____D () C:\AdwCleaner
2015-01-18 02:28 - 2015-01-18 02:28 - 02186752 _____ () C:\Users\Fonsi\Downloads\AdwCleaner_4.108.exe
2015-01-18 01:57 - 2015-01-18 01:57 - 00001804 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-01-18 01:57 - 2015-01-18 01:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-01-18 01:56 - 2015-01-18 01:56 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-01-17 15:33 - 2015-01-17 15:34 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-16 11:07 - 2014-12-19 01:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-16 11:01 - 2014-12-06 04:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-16 11:01 - 2014-12-06 04:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-16 11:01 - 2014-12-06 04:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-16 11:00 - 2014-12-06 04:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-16 09:00 - 2015-01-16 09:00 - 00000000 ____D () C:\SUPERDelete
2015-01-14 08:53 - 2015-01-14 08:53 - 00000000 ____D () C:\Users\Fonsi\Downloads\cpu-z_1.711
2015-01-12 11:00 - 2015-01-12 11:31 - 00000000 ____D () C:\Users\Fonsi\AppData\Roaming\Nico Mak Computing
2015-01-12 08:33 - 2015-01-12 08:42 - 00000000 ____D () C:\Program Files\Optimizer Pro 3.27
2015-01-12 08:32 - 2015-01-25 23:17 - 00000000 ____D () C:\Users\Fonsi\AppData\Local\winengine
2015-01-06 14:20 - 2015-01-06 14:20 - 00000223 _____ () C:\Users\Fonsi\Desktop\VirusTotal - Free Online Virus, Malware and URL Scanner.URL

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-26 22:38 - 2014-12-11 19:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-26 22:27 - 2007-03-10 23:04 - 01473758 _____ () C:\Windows\WindowsUpdate.log
2015-01-26 22:22 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-26 22:22 - 2006-11-02 13:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-26 22:22 - 2006-11-02 13:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-26 12:26 - 2006-11-02 14:01 - 00032628 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-26 08:25 - 2007-03-10 17:14 - 00000000 ____D () C:\Users\Fonsi
2015-01-26 00:52 - 2014-07-31 10:36 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-25 23:53 - 2012-10-09 20:26 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-25 20:38 - 2014-08-17 10:38 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-25 20:38 - 2014-08-17 10:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-22 19:43 - 2014-10-14 13:59 - 00000000 ____D () C:\Users\Fonsi\Downloads\Kontoauszüge Raiba
2015-01-19 19:18 - 2006-11-02 13:47 - 00160344 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-19 18:44 - 2007-03-10 17:15 - 00039496 _____ () C:\Users\Fonsi\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-18 03:13 - 2006-12-26 09:11 - 00000000 ____D () C:\Windows\Panther
2015-01-18 02:38 - 2011-05-29 07:47 - 00000871 _____ () C:\Users\Fonsi\Desktop\iexplore - Verknüpfung.lnk
2015-01-18 02:38 - 2011-05-02 16:21 - 00000862 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-18 02:38 - 2007-11-22 16:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
2015-01-18 02:18 - 2012-05-11 18:26 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-16 11:07 - 2013-08-15 02:12 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-16 11:02 - 2006-11-02 11:24 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-01-13 09:40 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\PLA
2015-01-13 09:06 - 2014-07-31 10:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-13 09:06 - 2014-07-31 10:36 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-01-12 10:47 - 2007-11-22 16:34 - 00000850 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-08 09:55 - 2009-10-03 09:09 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2009-07-01 20:21 - 2009-07-01 20:21 - 0000009 _____ () C:\Users\Fonsi\AppData\Roaming\mdb.bin
2007-05-08 18:09 - 2012-06-10 17:15 - 0009216 _____ () C:\Users\Fonsi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2007-03-12 18:33 - 2007-03-12 18:33 - 0000093 _____ () C:\Users\Fonsi\AppData\Local\fusioncache.dat
2007-12-05 15:30 - 2007-12-05 15:30 - 0000305 _____ () C:\ProgramData\addr_file.html
2007-03-10 17:57 - 2013-07-27 14:00 - 0042270 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-26 22:37

==================== End Of Log ============================
         

--- --- ---

--- --- ---

--- --- ---

--- --- ---


log Addition.txt

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-01-2015 01
Ran by Fonsi at 2015-01-26 23:06:09
Running from C:\Users\Fonsi\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 2.1.5 - Hewlett-Packard) Hidden
Acer eDataSecurity Management (HKLM\...\{AEEAE013-92F1-4515-B278-139F1A692A35}) (Version: 2.5.3023 - Acer Inc.)
Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.5.3002 - Acer Inc.)
Acer ePerformance Management (HKLM\...\{D462BF9E-0C35-4705-BF9B-3DF9F3816643}) (Version: 2.5.3000 - Acer Inc.)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.00.0000 - Acer Inc.)
Acer Tour (HKLM\...\{94389919-B0AA-4882-9BE8-9F0B004ECA35}) (Version: 1.0.3001 - Acer Inc.)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
Brother MFL-Pro Suite MFC-J870DW (HKLM\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.4.0 - Brother Industries, Ltd.)
BufferChm (Version: 82.0.173.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Copy (Version: 120.0.214.000 - Hewlett-Packard) Hidden
Destination Component (Version: 090.000.091.086 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 110.0.180.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DocProc (Version: 8.1.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version:  - )
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
LightScribe  1.4.124.1 (Version: 1.4.124.1 - hxxp://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 German Language Pack (HKLM\...\{E78BFA60-5393-4C38-82AB-E8019E464EB4}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Automated Troubleshooting Services Shim (HKLM\...\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb) (Version:  - )
Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 35.0 (x86 de) (HKLM\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero BackItUp 12 Essentials (HKLM\...\{A4C430F5-5828-4645-91CF-13220EE609D2}) (Version: 12.0.00800 - Nero AG)
Nero Backup Drivers (HKLM\...\{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}) (Version: 12.0.4000 - Nero AG)
Nero Prerequisite Installer 2.0 (HKLM\...\{0DBC021C-95D9-435A-A4B0-E6515AFD1A71}) (Version: 12.0.01000 - Nero AG)
Netzmanager (HKLM\...\Netzmanager) (Version: 1.071 - Deutsche Telekom AG)
Netzmanager (Version: 1.071 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden
Nuance PaperPort 12 (HKLM\...\{869FCC6C-5669-4B0B-827E-2BBAACD88A87}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Paragon Partition Manager™ 2014 Free (HKLM\...\{47E5588F-C3A0-11DE-9857-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Prerequisite installer (Version: 12.0.0003 - Nero AG) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5322 - Realtek Semiconductor Corp.)
Scansoft PDF Professional (Version:  - ) Hidden
SolutionCenter (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
Status (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Steuer 2005 (Version: 12.00 - Lexware) Hidden
Steuer 2007 (Version: 14.00 - Lexware) Hidden
Steuer Update 14.01 (Version: 14.01 - Lexware) Hidden
Steuer Update 15.01 (Version: 15.01 - Lexware) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1168 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TrayApp (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
winengine (HKU\S-1-5-21-2575526705-2737878171-550286687-1000\...\winengine) (Version: 20.020 - Ad business Crown Solutions)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

13-01-2015 09:50:53 Windows Update
13-01-2015 23:26:22 Geplanter Prüfpunkt
15-01-2015 11:39:54 Geplanter Prüfpunkt
16-01-2015 11:00:10 Windows Update
17-01-2015 09:11:55 Geplanter Prüfpunkt
18-01-2015 00:34:45 Geplanter Prüfpunkt
18-01-2015 14:03:56 Geplanter Prüfpunkt
19-01-2015 15:56:26 Geplanter Prüfpunkt
22-01-2015 14:57:24 Geplanter Prüfpunkt
23-01-2015 13:28:13 Geplanter Prüfpunkt
24-01-2015 13:03:22 Geplanter Prüfpunkt
25-01-2015 20:25:33 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2006-09-18 22:41 - 00000736 ____A C:\Windows\system32\Drivers\etc\hosts
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0D1F97D2-DA5C-4B22-898E-5F65A66E307F} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {3EC7F038-8E37-4F8D-9190-8782FDABEB62} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Fonsi => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {4DC207EF-AA9F-48FD-A829-46EE3A0B09D5} - System32\Tasks\Fonsi 12 0 => C:\Program Files\Nero\Nero 12\Nero BackItUp\NBCore.exe [2013-04-07] (Nero AG)
Task: {8F732CA8-226B-4B80-827B-827CC4EA9D6E} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\ConfigExec => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunCollectConfigurationInfo
Task: {971B2FB0-4D9F-4F31-8890-640B47DA2D2C} - System32\Tasks\{9E0A9937-89A7-43BA-958B-1176C27D3844} => pcalua.exe -a E:\OFFICE_2003\SETUP.EXE -d E:\OFFICE_2003
Task: {9B917065-3E53-4055-885F-7766E5F30754} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {9F017340-C270-4F98-B1A0-EF556F61E29C} - System32\Tasks\InstallShield Software-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-08-11] (Macrovision Corporation)
Task: {AD3753B5-4197-40C8-8805-2DA7943BA65C} - System32\Tasks\{9B881C8B-3318-4826-A4B2-48438729C45F} => pcalua.exe -a C:\Users\Fonsi\Downloads\Norton_Removal_Tool.exe -d C:\Users\Fonsi\Downloads
Task: {AE1752FB-C171-4A6B-A52B-E113EDF8C7A0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-01] (AVAST Software)
Task: {BD055F53-0004-414A-807E-3336696DFC20} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {C9723305-40D4-463E-B231-9868F641C958} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {DFC69EFF-B866-4FAB-8997-870ADF510E7B} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\OSUpgrade => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunHandleOSUpgrade

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2015-01-26 00:11 - 2015-01-26 00:11 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012501\algo.dll
2015-01-26 22:22 - 2015-01-26 22:22 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012601\algo.dll
2007-03-10 17:17 - 2006-11-12 21:35 - 00024576 _____ () C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
2007-03-10 17:17 - 2006-11-12 21:34 - 00016384 _____ () C:\Acer\Empowering Technology\ePerformance\MemCheck.Interface.dll
2007-03-10 17:17 - 2006-11-12 21:34 - 00040960 _____ () C:\Acer\Empowering Technology\ePerformance\ePerformance.Library.dll
2014-05-18 17:37 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2014-08-10 19:34 - 2014-12-01 00:05 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk => C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Windows Calendar.lnk => C:\Windows\pss\Windows Calendar.lnk.CommonStartup
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler

========================= Accounts: ==========================

Administrator (S-1-5-21-2575526705-2737878171-550286687-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2575526705-2737878171-550286687-1002 - Limited - Enabled)
Fonsi (S-1-5-21-2575526705-2737878171-550286687-1000 - Administrator - Enabled) => C:\Users\Fonsi
Gast (S-1-5-21-2575526705-2737878171-550286687-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/26/2015 09:36:00 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (01/26/2015 09:28:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung Gmer-19357.exe, Version 2.1.19357.0, Zeitstempel 0x52e7ea83, fehlerhaftes Modul Gmer-19357.exe, Version 2.1.19357.0, Zeitstempel 0x52e7ea83, Ausnahmecode 0xc0000005, Fehleroffset 0x00012298,
Prozess-ID 0x880, Anwendungsstartzeit Gmer-19357.exe0.

Error: (01/20/2015 01:39:49 PM) (Source: MatSvc) (EventID: 15) (User: )
Description: Fehler der geplanten MATS-Aufgabe beim Sammeln von Konfigurationsdaten. hr=0xC004F00E
.

Error: (01/20/2015 01:39:48 PM) (Source: MatSvc) (EventID: 3) (User: )
Description: Webdienstfehler im MATS-Dienst. hr=0x80072EFD

Error: (01/19/2015 02:53:21 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (01/19/2015 02:45:01 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (01/18/2015 05:51:53 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2015/01/18 17:51:53.598]: [00003200]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5

Error: (01/18/2015 05:51:53 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2015/01/18 17:51:53.488]: [00003200]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5

Error: (01/18/2015 05:51:53 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2015/01/18 17:51:53.332]: [00003200]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5

Error: (01/18/2015 04:38:18 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2015/01/18 16:38:18.590]: [00003200]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5


System errors:
=============
Error: (01/26/2015 10:23:44 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (01/26/2015 10:22:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: int15%%3

Error: (01/26/2015 08:08:42 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (01/26/2015 08:07:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: int15%%3

Error: (01/25/2015 07:55:53 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (01/25/2015 07:54:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: int15%%3

Error: (01/24/2015 00:34:49 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (01/24/2015 00:33:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: int15%%3

Error: (01/24/2015 03:01:19 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (01/24/2015 02:59:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: int15%%3


Microsoft Office Sessions:
=========================
Error: (01/26/2015 09:36:00 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (01/26/2015 09:28:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c00000050001229888001d0393ff8dde615

Error: (01/20/2015 01:39:49 PM) (Source: MatSvc) (EventID: 15) (User: )
Description: hr=0xC004F00E

Error: (01/20/2015 01:39:48 PM) (Source: MatSvc) (EventID: 3) (User: )
Description: hr=0x80072EFDISapCatalogService::GetFullSapCatalog

Error: (01/19/2015 02:53:21 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (01/19/2015 02:45:01 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (01/18/2015 05:51:53 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2015/01/18 17:51:53.598]: [00003200]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5

Error: (01/18/2015 05:51:53 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2015/01/18 17:51:53.488]: [00003200]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5

Error: (01/18/2015 05:51:53 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2015/01/18 17:51:53.332]: [00003200]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5

Error: (01/18/2015 04:38:18 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2015/01/18 16:38:18.590]: [00003200]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5


CodeIntegrity Errors:
===================================
  Date: 2015-01-25 23:46:28.193
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-25 23:46:27.257
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-25 23:46:26.321
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-25 23:46:25.385
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-25 23:46:24.059
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-25 23:46:23.139
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-25 23:46:22.203
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-25 23:46:21.283
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-18 03:31:00.223
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-18 03:30:59.225
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
Percentage of memory in use: 73%
Total physical RAM: 766.82 MB
Available physical RAM: 205.75 MB
Total Pagefile: 3733.37 MB
Available Pagefile: 2985.85 MB
Total Virtual: 2047.88 MB
Available Virtual: 1895.8 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:113.7 GB) (Free:62.47 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive l: (Volume) (Fixed) (Total:346.21 GB) (Free:345.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0DC00E1F)
Partition 1: (Not Active) - (Size=0) - (Type=27)
Partition 2: (Active) - (Size=113.7 GB) - (Type=27)
Partition 3: (Not Active) - (Size=346.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Hoffe, das war jetzt so richtig. Ist für mich nicht ganz einfach. Bitte habt ein bißchen Geduld

Scan MBAR

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

• Starte bitte die mbar.exe.
• Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
• Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
• Klicke auf den CleanUp Button und erlaube den Neustart.
• Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
• Nach dem Neustart starte die mbar.exe erneut.
• Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Hallo erstmal,

mbar hat nichts gefunden, eine logfile wurde deshalb nicht erstellt.

Gruß Fonsi

Das Log wird immer erstellt. Bitte richtig nachsehen...

tut mir leid, war mein Fehler. Hatte nicht neu gestartet.

hier das logfile:

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org

Database version:
  main:    v2015.01.27.05
  rootkit: v2015.01.14.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Fonsi :: FONSI-PC [administrator]

27.01.2015 10:23:04
mbar-log-2015-01-27 (10-23-04).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 312415
Time elapsed: 14 minute(s), 

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         

sorry, daß sich das bei mir immer so hinzieht, aber ich bin zwischendurch immer mal wieder auf Arbeit und kann deshalb nur morgens und abends mal kurz was abarbeiten.
Geht halt nicht anders.

MfG Fonsi

Adware/Junkware/Toolbars entfernen

(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!)

1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

• Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
• Drücke eine beliebige Taste, um das Tool zu starten.
• Je nach System kann der Scan eine Weile dauern.
• Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
• Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

• Starte jetzt FRST.
• Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
• Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
• Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Hier sind alle logfiles:

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v4.109 - Bericht erstellt am 27/01/2015 um 22:42:21
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-26.1 [Live]
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Fonsi - FONSI-PC
# Gestartet von : C:\Users\Fonsi\Desktop\AdwCleaner_4.109.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\zcln

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16599


-\\ Mozilla Firefox v35.0.1 (x86 de)


*************************

AdwCleaner[R0].txt - [828 octets] - [27/01/2015 22:33:59]
AdwCleaner[S0].txt - [750 octets] - [27/01/2015 22:42:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [809 octets] ##########
         

Code: Alles auswählenAufklappen

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Fonsi on 27.01.2015 at 22:53:31,99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Fonsi\appdata\local\{00F0A0DF-3605-4FD3-8E6B-0D75B477FD21}
Successfully deleted: [Empty Folder] C:\Users\Fonsi\appdata\local\{78127CD1-6B33-4ED1-B73C-2AEBC6A1D8CF}
Successfully deleted: [Empty Folder] C:\Users\Fonsi\appdata\local\{908E248B-2D44-48F8-9F71-7D69D2E92291}



~~~ FireFox

Successfully deleted the following from C:\Users\Fonsi\AppData\Roaming\mozilla\firefox\profiles\j0xf2jdg.default-1401371930054\prefs.js

user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");
user_pref("browser.search.searchengine.ptid", "ima");
user_pref("browser.search.searchengine.uid", "395049983_266162_B0E9A5E9");
Emptied folder: C:\Users\Fonsi\AppData\Roaming\mozilla\firefox\profiles\j0xf2jdg.default-1401371930054\minidumps [34 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.01.2015 at 22:57:02,68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-01-2015 01
Ran by Fonsi (administrator) on FONSI-PC on 27-01-2015 23:03:18
Running from C:\Users\Fonsi\Desktop
Loaded Profiles: Fonsi (Available profiles: Fonsi)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
() C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [IndexSearch] => C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM\...\Run: [PDFHook] => C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] => C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-24] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoDriveAutoRun] 0x0000
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2575526705-2737878171-550286687-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2575526705-2737878171-550286687-1000\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation)
HKU\S-1-5-21-2575526705-2737878171-550286687-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2575526705-2737878171-550286687-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Fonsi\AppData\Roaming\Mozilla\Firefox\Profiles\j0xf2jdg.default-1401371930054
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Fonsi\AppData\Roaming\Mozilla\Firefox\Profiles\j0xf2jdg.default-1401371930054\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Fonsi\AppData\Roaming\Mozilla\Firefox\Profiles\j0xf2jdg.default-1401371930054\searchplugins\google-maps.xml
FF HKLM\...\Firefox\Extensions: [{3112ca9c-de6d-4884-a869-9855de68056c}] - C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF Extension: Google Toolbar for Firefox - C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007-11-22]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-03]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-10]
FF HKU\S-1-5-21-2575526705-2737878171-550286687-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Fonsi\AppData\Roaming\Mozilla\Firefox\Profiles\j0xf2jdg.default-1401371930054\extensions\cliqz@cliqz.com

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-01]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-23] (SUPERAntiSpyware.com)
R2 AcerMemUsageCheckService; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [24576 2006-11-12] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-01] (AVAST Software)
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-11-19] (Hewlett-Packard Co.) [File not signed]
S2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-03-25] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-10-19] (Hewlett-Packard Company) [File not signed]
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed]
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-12-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-12-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55240 2014-12-01] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-12-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-12-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-12-01] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57928 2014-12-01] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-12-01] ()
R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2006-12-26] (NewTech Infosystems, Inc.) [File not signed]
R0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [10624 2006-11-10] (HiTRUST) [File not signed]
R0 PSDNServ; C:\Windows\System32\drivers\PSDNServ.sys [7936 2006-11-10] (HiTRUST) [File not signed]
R0 psdvdisk; C:\Windows\System32\drivers\psdvdisk.sys [53760 2006-11-08] (HiTRUST) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 TelekomNM3; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [35040 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
R2 tmcomm; C:\Windows\system32\drivers\tmcomm.sys [102664 2007-08-01] (Trend Micro Inc.)
S2 int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-27 23:03 - 2015-01-27 23:04 - 00013125 _____ () C:\Users\Fonsi\Desktop\FRST.txt
2015-01-27 22:57 - 2015-01-27 22:57 - 00001459 _____ () C:\Users\Fonsi\Desktop\JRT.txt
2015-01-27 22:53 - 2015-01-27 22:53 - 00000000 ____D () C:\Windows\ERUNT
2015-01-27 22:48 - 2015-01-27 22:48 - 01707939 _____ (Thisisu) C:\Users\Fonsi\Desktop\JRT.exe
2015-01-27 22:33 - 2015-01-27 22:42 - 00000000 ____D () C:\AdwCleaner
2015-01-27 22:32 - 2015-01-27 22:32 - 02194432 _____ () C:\Users\Fonsi\Desktop\AdwCleaner_4.109.exe
2015-01-27 12:06 - 2015-01-27 12:06 - 00000248 _____ () C:\Users\Fonsi\Desktop\Log-Analyse und Auswertung - Trojaner-Board.URL
2015-01-27 10:22 - 2015-01-27 11:33 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-27 10:18 - 2015-01-27 11:33 - 00000000 ____D () C:\Users\Fonsi\Desktop\mbar
2015-01-27 10:13 - 2015-01-27 10:13 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Fonsi\Desktop\mbar-1.08.3.1004.exe
2015-01-26 23:43 - 2015-01-26 23:43 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-26 23:03 - 2015-01-27 23:03 - 00000000 ____D () C:\FRST
2015-01-26 23:02 - 2015-01-26 23:02 - 01120768 _____ (Farbar) C:\Users\Fonsi\Desktop\FRST.exe
2015-01-26 09:03 - 2015-01-26 09:03 - 00380416 _____ () C:\Users\Fonsi\Desktop\Gmer-19357.exe
2015-01-26 08:25 - 2015-01-26 08:25 - 00000472 _____ () C:\Users\Fonsi\Desktop\defogger_disable.log
2015-01-26 08:25 - 2015-01-26 08:25 - 00000000 _____ () C:\Users\Fonsi\defogger_reenable
2015-01-26 00:07 - 2015-01-26 23:11 - 00000000 ____D () C:\Users\Fonsi\Desktop\ExpoPro
2015-01-22 19:46 - 2015-01-22 19:48 - 00000000 ____D () C:\Users\Fonsi\Downloads\Kundenmitteilungen Raiba
2015-01-21 13:35 - 2015-01-21 13:35 - 00050477 _____ () C:\Users\Fonsi\Desktop\Defogger.exe
2015-01-20 14:08 - 2015-01-20 14:08 - 00001223 _____ () C:\mbam suchlauf protokoll.txt
2015-01-19 19:33 - 2015-01-19 19:33 - 00000000 ____D () C:\Users\Fonsi\Downloads\Autoruns
2015-01-19 19:31 - 2015-01-19 19:31 - 00448512 _____ (OldTimer Tools) C:\Users\Fonsi\Downloads\TFC.exe
2015-01-19 14:26 - 2015-01-19 14:26 - 01095584 _____ (Avira Operations GmbH & Co. KG) C:\Users\Fonsi\Downloads\avira_registry_cleaner_de.exe
2015-01-18 09:32 - 2015-01-27 22:44 - 00001128 _____ () C:\Windows\PFRO.log
2015-01-18 02:52 - 2015-01-18 02:52 - 00000808 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-18 02:52 - 2015-01-18 02:52 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-18 01:57 - 2015-01-18 01:57 - 00001804 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-01-18 01:57 - 2015-01-18 01:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-01-18 01:56 - 2015-01-18 01:56 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-01-16 11:07 - 2014-12-19 01:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-16 11:01 - 2014-12-06 04:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-16 11:01 - 2014-12-06 04:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-16 11:01 - 2014-12-06 04:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-16 11:00 - 2014-12-06 04:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-16 09:00 - 2015-01-16 09:00 - 00000000 ____D () C:\SUPERDelete
2015-01-14 08:53 - 2015-01-14 08:53 - 00000000 ____D () C:\Users\Fonsi\Downloads\cpu-z_1.711
2015-01-12 11:00 - 2015-01-12 11:31 - 00000000 ____D () C:\Users\Fonsi\AppData\Roaming\Nico Mak Computing
2015-01-12 08:33 - 2015-01-12 08:42 - 00000000 ____D () C:\Program Files\Optimizer Pro 3.27
2015-01-12 08:32 - 2015-01-25 23:17 - 00000000 ____D () C:\Users\Fonsi\AppData\Local\winengine
2015-01-06 14:20 - 2015-01-06 14:20 - 00000223 _____ () C:\Users\Fonsi\Desktop\VirusTotal - Free Online Virus, Malware and URL Scanner.URL

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-27 22:50 - 2007-03-10 23:04 - 01508553 _____ () C:\Windows\WindowsUpdate.log
2015-01-27 22:44 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-27 22:44 - 2006-11-02 13:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-27 22:44 - 2006-11-02 13:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-27 22:43 - 2006-11-02 14:01 - 00032628 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-27 22:38 - 2014-12-11 19:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-27 21:15 - 2012-05-11 18:26 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-27 10:22 - 2014-07-31 10:36 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-27 10:18 - 2014-07-31 10:36 - 00082648 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-26 08:25 - 2007-03-10 17:14 - 00000000 ____D () C:\Users\Fonsi
2015-01-25 23:53 - 2012-10-09 20:26 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-25 20:38 - 2014-08-17 10:38 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-25 20:38 - 2014-08-17 10:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-22 19:43 - 2014-10-14 13:59 - 00000000 ____D () C:\Users\Fonsi\Downloads\Kontoauszüge Raiba
2015-01-19 19:18 - 2006-11-02 13:47 - 00160344 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-19 18:44 - 2007-03-10 17:15 - 00039496 _____ () C:\Users\Fonsi\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-18 03:13 - 2006-12-26 09:11 - 00000000 ____D () C:\Windows\Panther
2015-01-18 02:38 - 2011-05-29 07:47 - 00000871 _____ () C:\Users\Fonsi\Desktop\iexplore - Verknüpfung.lnk
2015-01-18 02:38 - 2011-05-02 16:21 - 00000862 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-18 02:38 - 2007-11-22 16:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
2015-01-16 11:07 - 2013-08-15 02:12 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-16 11:02 - 2006-11-02 11:24 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-01-13 09:40 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\PLA
2015-01-13 09:06 - 2014-07-31 10:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-13 09:06 - 2014-07-31 10:36 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-01-12 10:47 - 2007-11-22 16:34 - 00000850 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-08 09:55 - 2009-10-03 09:09 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2009-07-01 20:21 - 2009-07-01 20:21 - 0000009 _____ () C:\Users\Fonsi\AppData\Roaming\mdb.bin
2007-05-08 18:09 - 2012-06-10 17:15 - 0009216 _____ () C:\Users\Fonsi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2007-03-12 18:33 - 2007-03-12 18:33 - 0000093 _____ () C:\Users\Fonsi\AppData\Local\fusioncache.dat
2007-12-05 15:30 - 2007-12-05 15:30 - 0000305 _____ () C:\ProgramData\addr_file.html
2007-03-10 17:57 - 2013-07-27 14:00 - 0042270 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Fonsi\AppData\Local\Temp\Quarantine.exe
C:\Users\Fonsi\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-27 22:53

==================== End Of Log ============================
         

--- --- ---

--- --- ---

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-01-2015 01
Ran by Fonsi at 2015-01-27 23:04:54
Running from C:\Users\Fonsi\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 2.1.5 - Hewlett-Packard) Hidden
Acer eDataSecurity Management (HKLM\...\{AEEAE013-92F1-4515-B278-139F1A692A35}) (Version: 2.5.3023 - Acer Inc.)
Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.5.3002 - Acer Inc.)
Acer ePerformance Management (HKLM\...\{D462BF9E-0C35-4705-BF9B-3DF9F3816643}) (Version: 2.5.3000 - Acer Inc.)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.00.0000 - Acer Inc.)
Acer Tour (HKLM\...\{94389919-B0AA-4882-9BE8-9F0B004ECA35}) (Version: 1.0.3001 - Acer Inc.)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
Brother MFL-Pro Suite MFC-J870DW (HKLM\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.4.0 - Brother Industries, Ltd.)
BufferChm (Version: 82.0.173.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Copy (Version: 120.0.214.000 - Hewlett-Packard) Hidden
Destination Component (Version: 090.000.091.086 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 110.0.180.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DocProc (Version: 8.1.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version:  - )
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
LightScribe  1.4.124.1 (Version: 1.4.124.1 - hxxp://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 German Language Pack (HKLM\...\{E78BFA60-5393-4C38-82AB-E8019E464EB4}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Automated Troubleshooting Services Shim (HKLM\...\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb) (Version:  - )
Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 35.0.1 (x86 de) (HKLM\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero BackItUp 12 Essentials (HKLM\...\{A4C430F5-5828-4645-91CF-13220EE609D2}) (Version: 12.0.00800 - Nero AG)
Nero Backup Drivers (HKLM\...\{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}) (Version: 12.0.4000 - Nero AG)
Nero Prerequisite Installer 2.0 (HKLM\...\{0DBC021C-95D9-435A-A4B0-E6515AFD1A71}) (Version: 12.0.01000 - Nero AG)
Netzmanager (HKLM\...\Netzmanager) (Version: 1.071 - Deutsche Telekom AG)
Netzmanager (Version: 1.071 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden
Nuance PaperPort 12 (HKLM\...\{869FCC6C-5669-4B0B-827E-2BBAACD88A87}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Paragon Partition Manager™ 2014 Free (HKLM\...\{47E5588F-C3A0-11DE-9857-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Prerequisite installer (Version: 12.0.0003 - Nero AG) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5322 - Realtek Semiconductor Corp.)
Scansoft PDF Professional (Version:  - ) Hidden
SolutionCenter (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
Status (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Steuer 2005 (Version: 12.00 - Lexware) Hidden
Steuer 2007 (Version: 14.00 - Lexware) Hidden
Steuer Update 14.01 (Version: 14.01 - Lexware) Hidden
Steuer Update 15.01 (Version: 15.01 - Lexware) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1168 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TrayApp (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
winengine (HKU\S-1-5-21-2575526705-2737878171-550286687-1000\...\winengine) (Version: 20.020 - Ad business Crown Solutions)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

13-01-2015 23:26:22 Geplanter Prüfpunkt
15-01-2015 11:39:54 Geplanter Prüfpunkt
16-01-2015 11:00:10 Windows Update
17-01-2015 09:11:55 Geplanter Prüfpunkt
18-01-2015 00:34:45 Geplanter Prüfpunkt
18-01-2015 14:03:56 Geplanter Prüfpunkt
19-01-2015 15:56:26 Geplanter Prüfpunkt
22-01-2015 14:57:24 Geplanter Prüfpunkt
23-01-2015 13:28:13 Geplanter Prüfpunkt
24-01-2015 13:03:22 Geplanter Prüfpunkt
25-01-2015 20:25:33 Geplanter Prüfpunkt
27-01-2015 00:37:29 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2006-09-18 22:41 - 00000736 ____A C:\Windows\system32\Drivers\etc\hosts
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0D1F97D2-DA5C-4B22-898E-5F65A66E307F} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {3E34DAB7-F482-4169-BBB0-1D2F0C0F7643} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Fonsi => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {4DC207EF-AA9F-48FD-A829-46EE3A0B09D5} - System32\Tasks\Fonsi 12 0 => C:\Program Files\Nero\Nero 12\Nero BackItUp\NBCore.exe [2013-04-07] (Nero AG)
Task: {8F732CA8-226B-4B80-827B-827CC4EA9D6E} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\ConfigExec => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunCollectConfigurationInfo
Task: {971B2FB0-4D9F-4F31-8890-640B47DA2D2C} - System32\Tasks\{9E0A9937-89A7-43BA-958B-1176C27D3844} => pcalua.exe -a E:\OFFICE_2003\SETUP.EXE -d E:\OFFICE_2003
Task: {9B917065-3E53-4055-885F-7766E5F30754} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {9F017340-C270-4F98-B1A0-EF556F61E29C} - System32\Tasks\InstallShield Software-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-08-11] (Macrovision Corporation)
Task: {AD3753B5-4197-40C8-8805-2DA7943BA65C} - System32\Tasks\{9B881C8B-3318-4826-A4B2-48438729C45F} => pcalua.exe -a C:\Users\Fonsi\Downloads\Norton_Removal_Tool.exe -d C:\Users\Fonsi\Downloads
Task: {AE1752FB-C171-4A6B-A52B-E113EDF8C7A0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-01] (AVAST Software)
Task: {BD055F53-0004-414A-807E-3336696DFC20} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {C9723305-40D4-463E-B231-9868F641C958} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {DFC69EFF-B866-4FAB-8997-870ADF510E7B} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\OSUpgrade => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunHandleOSUpgrade

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2015-01-27 22:35 - 2015-01-27 22:35 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012701\algo.dll
2007-03-10 17:17 - 2006-11-12 21:35 - 00024576 _____ () C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
2007-03-10 17:17 - 2006-11-12 21:34 - 00016384 _____ () C:\Acer\Empowering Technology\ePerformance\MemCheck.Interface.dll
2007-03-10 17:17 - 2006-11-12 21:34 - 00040960 _____ () C:\Acer\Empowering Technology\ePerformance\ePerformance.Library.dll
2014-05-18 17:37 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2014-08-10 19:34 - 2014-12-01 00:05 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk => C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Windows Calendar.lnk => C:\Windows\pss\Windows Calendar.lnk.CommonStartup
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler

========================= Accounts: ==========================

Administrator (S-1-5-21-2575526705-2737878171-550286687-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2575526705-2737878171-550286687-1002 - Limited - Enabled)
Fonsi (S-1-5-21-2575526705-2737878171-550286687-1000 - Administrator - Enabled) => C:\Users\Fonsi
Gast (S-1-5-21-2575526705-2737878171-550286687-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-01-27 23:04:44.867
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-27 23:04:43.947
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-27 23:04:43.026
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-27 23:04:42.106
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-27 10:30:42.138
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-27 10:30:41.202
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-27 10:30:40.251
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-27 10:30:39.299
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-27 10:30:38.332
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-27 10:30:37.396
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
Percentage of memory in use: 76%
Total physical RAM: 766.82 MB
Available physical RAM: 179.48 MB
Total Pagefile: 3733.37 MB
Available Pagefile: 2962.05 MB
Total Virtual: 2047.88 MB
Available Virtual: 1916.3 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:113.7 GB) (Free:63.14 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive l: (Volume) (Fixed) (Total:346.21 GB) (Free:345.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0DC00E1F)
Partition 1: (Not Active) - (Size=0) - (Type=27)
Partition 2: (Active) - (Size=113.7 GB) - (Type=27)
Partition 3: (Not Active) - (Size=346.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code: Alles auswählenAufklappen

ATTFilter

HKU\S-1-5-21-2575526705-2737878171-550286687-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
EmptyTemp:
Hosts:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

• Starte nun FRST erneut und klicke den Entfernen Button.
• Das Tool erstellt eine Fixlog.txt.
• Poste mir deren Inhalt.

Guten Morgen,

hier ist das Fixlog

Code: Alles auswählenAufklappen

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-01-2015 01
Ran by Fonsi at 2015-01-28 10:10:34 Run:1
Running from C:\Users\Fonsi\Desktop
Loaded Profiles: Fonsi (Available profiles: Fonsi)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-2575526705-2737878171-550286687-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
EmptyTemp:
Hosts:
*****************

"HKU\S-1-5-21-2575526705-2737878171-550286687-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 14 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 10:11:25 ====
         

Kurz noch eine Frage zu Avast. Brauchst du den letzten Scanreport? Hab ihn jetzt gefunden. Er befindet sich nicht , wie immer angenommen wird im Ordner "logs", sondern im Ordner "report". Aber komischerweise ist hier nur der letzte Scan enthalten, die vorherigen nicht.
Frage: wird hier nur immer der aktuellste Bericht gespeichert und die anderen immer überschrieben, oder wie ist das bei Avast?

Gruß Fonsi