Virus Problem

schrauber · 16.04.2015, 06:44

in welchem Browser? Das frische FRST log fehlt noch.

Avirz · 16.04.2015, 12:34

Bei Mozilla Firefox.

Welches FRST von Combofix ?

schrauber · 16.04.2015, 21:14

Du hast doch ganz am Anfang das Tool FRST benutzt. Davon bitte ein neues Scanlog.

Avirz · 16.04.2015, 21:48

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-04-2015 04
Ran by Timo (administrator) on TIMO-PC on 16-04-2015 22:46:22
Running from C:\Users\Timo\Downloads
Loaded Profiles: Timo (Available profiles: Timo)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Atheros) C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AdminService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Atheros Communications) C:\Program Files\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AthBtTray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Spotify Ltd) C:\Users\Timo\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files\Bluetooth Suite\BtvStack.exe [490656 2011-03-01] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files\Bluetooth Suite\AthBtTray.exe [302240 2011-03-01] (Atheros Commnucations)
HKLM\...\Run: [HPOSD] => C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-01] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3044770782-112996184-995125354-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2011-03-04] (Hewlett-Packard Company)
HKU\S-1-5-21-3044770782-112996184-995125354-1000\...\Run: [Spotify Web Helper] => C:\Users\Timo\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-03] (Spotify Ltd)
HKU\S-1-5-21-3044770782-112996184-995125354-1000\...\Run: [Spotify] => C:\Users\Timo\AppData\Roaming\Spotify\Spotify.exe [7112248 2015-04-03] (Spotify Ltd)
HKU\S-1-5-21-3044770782-112996184-995125354-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5529880 2015-03-13] (Piriform Ltd)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3044770782-112996184-995125354-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype
HKU\S-1-5-21-3044770782-112996184-995125354-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-13] (Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-05-01] (Oracle Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files\Bluetooth Suite\IEPlugIn.dll [2011-03-01] (Atheros Commnucations)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-05-01] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2

FireFox:
========
FF ProfilePath: C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\pynb15te.default-1428757884930
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\system32\npDeployJava1.dll [2014-05-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.15.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-05-01] (Oracle Corporation)
FF Extension: Adblock Plus - C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\pynb15te.default-1428757884930\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-11]
FF HKLM\...\Firefox\Extensions: [{A8B09F17-E5D7-43EF-A521-AD9AD17A6BDC}] - C:\Windows\Installer\{92FE8025-FC2A-4F0F-A316-EC5CD7A02A18}\{A8B09F17-E5D7-43EF-A521-AD9AD17A6BDC}.xpi
FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\my-prefs.js [2015-04-05] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\my.cfg [2015-04-05] <==== ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2013-03-28] (Advanced Micro Devices, Inc.) [File not signed]
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-01] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files\Bluetooth Suite\adminservice.exe [72864 2011-03-01] (Atheros Commnucations) [File not signed]
S2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 HP Support Assistant Service; C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2635552 2015-04-09] (IObit)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [34976 2011-03-01] (Atheros)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-03-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-05-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37896 2015-03-05] (Avira Operations GmbH & Co. KG)
S3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [259232 2011-03-01] (Atheros)
R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [24736 2011-03-01] (Atheros)
S3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [175776 2011-03-01] (Atheros)
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [49312 2011-03-01] (Atheros)
S3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [141088 2011-03-01] (Atheros)
S3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [242336 2011-03-01] (Atheros)
S3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [101680 2013-09-25] (Focusrite Audio Engineering Limited.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-04-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-05-09] (Avira GmbH)
S3 amdiox86; system32\DRIVERS\amdiox86.sys [X]
S3 catchme; \??\C:\Users\Timo\AppData\Local\Temp\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-16 22:46 - 2015-04-16 22:46 - 00000000 ____D () C:\Users\Timo\Downloads\FRST-OlderVersion
2015-04-15 19:51 - 2015-04-15 19:51 - 00000000 ____D () C:\ab4aad485517e0f15dc6dc87
2015-04-15 17:58 - 2015-04-15 17:58 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-04-15 11:02 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 11:02 - 2015-03-23 05:06 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 11:02 - 2015-03-23 05:06 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 11:02 - 2015-03-23 05:06 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 11:02 - 2015-03-23 05:06 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 11:02 - 2015-03-23 05:06 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 11:02 - 2015-03-23 05:06 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 11:02 - 2015-03-23 05:06 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 11:02 - 2015-03-23 04:59 - 00896000 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 11:02 - 2015-03-17 06:49 - 03981248 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-15 11:02 - 2015-03-17 06:49 - 03925944 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 11:02 - 2015-03-17 06:49 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 11:02 - 2015-03-17 06:49 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 11:02 - 2015-03-17 06:47 - 01306104 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 11:02 - 2015-03-17 06:45 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 11:02 - 2015-03-17 06:45 - 00551424 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 11:02 - 2015-03-17 06:45 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 11:02 - 2015-03-17 06:45 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 11:02 - 2015-03-17 06:45 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 11:02 - 2015-03-17 06:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 11:02 - 2015-03-17 06:45 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 11:02 - 2015-03-17 06:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 11:02 - 2015-03-17 06:45 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 11:02 - 2015-03-17 06:45 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 11:02 - 2015-03-17 06:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 11:02 - 2015-03-17 06:45 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-04-15 11:02 - 2015-03-17 06:45 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-04-15 11:02 - 2015-03-17 06:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 11:02 - 2015-03-17 06:45 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 11:02 - 2015-03-17 06:45 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-04-15 11:02 - 2015-03-17 06:45 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 11:02 - 2015-03-17 06:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 11:02 - 2015-03-17 06:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 11:02 - 2015-03-17 06:45 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 11:02 - 2015-03-17 06:44 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-04-15 11:02 - 2015-03-17 06:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 11:02 - 2015-03-17 06:44 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-04-15 11:02 - 2015-03-17 06:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 11:02 - 2015-03-17 06:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 11:02 - 2015-03-17 06:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 11:02 - 2015-03-17 06:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 11:02 - 2015-03-17 05:58 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-04-15 11:02 - 2015-03-14 00:26 - 00523472 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-04-15 11:02 - 2015-03-14 00:26 - 00458856 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-04-15 11:02 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 11:02 - 2015-03-13 05:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 11:02 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 11:02 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 11:02 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 11:02 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 11:02 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 11:02 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 11:02 - 2015-03-13 05:16 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 11:02 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 11:02 - 2015-03-13 05:09 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 11:02 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 11:02 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 11:02 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 11:02 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 11:02 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 11:02 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 11:02 - 2015-03-13 04:43 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 11:02 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 11:02 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 11:02 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 11:02 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 11:02 - 2015-03-05 06:10 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 11:02 - 2015-03-04 06:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 11:02 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 11:01 - 2015-03-25 05:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 11:01 - 2015-03-25 05:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 11:01 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 11:01 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 11:01 - 2015-03-25 05:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 11:01 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 11:01 - 2015-03-25 05:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 11:01 - 2015-03-25 05:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 11:01 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 11:01 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 11:01 - 2015-03-25 05:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 11:01 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 11:01 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 11:01 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 11:01 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 11:01 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 11:01 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 11:01 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 11:01 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 11:01 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 11:01 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 11:01 - 2015-02-24 07:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 11:21 - 2015-04-14 11:21 - 00000620 _____ () C:\Users\Timo\Desktop\JRT.txt
2015-04-14 11:21 - 2015-04-14 11:21 - 00000620 _____ () C:\Users\Timo\Desktop\JRT.log
2015-04-14 11:14 - 2015-04-14 11:14 - 00001310 _____ () C:\Users\Timo\Desktop\Adwc.log
2015-04-14 11:06 - 2015-04-14 21:38 - 00001183 _____ () C:\Users\Timo\Desktop\vorgehensw.txt
2015-04-14 10:54 - 2015-04-14 10:54 - 00017012 _____ () C:\Users\Timo\Desktop\mbam.txt
2015-04-13 15:51 - 2015-04-13 15:51 - 00021171 _____ () C:\ComboFix.txt
2015-04-13 15:26 - 2015-04-13 15:51 - 00000000 ____D () C:\Qoobox
2015-04-13 15:26 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-13 15:26 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-13 15:26 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-13 15:26 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-13 15:26 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-13 15:26 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-13 15:26 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-13 15:26 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-13 15:25 - 2015-04-13 15:48 - 00000000 ____D () C:\Windows\erdnt
2015-04-10 22:17 - 2015-04-10 22:18 - 00021842 _____ () C:\Users\Timo\Downloads\Addition.txt
2015-04-10 22:15 - 2015-04-16 22:46 - 00012702 _____ () C:\Users\Timo\Downloads\FRST.txt
2015-04-10 22:15 - 2015-04-16 22:46 - 00000000 ____D () C:\FRST
2015-04-10 22:12 - 2015-04-16 22:46 - 01137152 _____ (Farbar) C:\Users\Timo\Downloads\FRST.exe
2015-04-10 12:43 - 2015-04-16 11:11 - 00001400 _____ () C:\Windows\setupact.log
2015-04-10 12:43 - 2015-04-15 22:51 - 00003584 _____ () C:\Windows\PFRO.log
2015-04-10 12:43 - 2015-04-10 12:43 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-09 11:26 - 2015-04-09 11:26 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-TIMO-PC-Windows-7-Ultimate-(32-bit).dat
2015-04-09 11:26 - 2015-04-09 11:26 - 00000000 ____D () C:\RegBackup
2015-04-09 10:50 - 2015-04-09 10:50 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-09 10:21 - 2015-04-09 10:21 - 00000017 _____ () C:\Users\Timo\AppData\Local\resmon.resmoncfg
2015-04-09 10:05 - 2015-04-14 21:40 - 00000000 ____D () C:\Users\Timo\Desktop\Antivirus  Reinigung Pc
2015-04-09 09:37 - 2015-04-16 11:13 - 00000000 ____D () C:\ProgramData\ProductData
2015-04-09 09:37 - 2015-04-09 09:37 - 00001210 _____ () C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2015-04-09 09:37 - 2015-04-09 09:37 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\ProductData
2015-04-09 09:37 - 2015-04-09 09:37 - 00000000 ____D () C:\ProgramData\IObit
2015-04-09 09:37 - 2015-04-09 09:37 - 00000000 ____D () C:\Program Files\IObit
2015-04-09 09:36 - 2015-04-09 09:37 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\IObit
2015-04-09 09:12 - 2015-04-16 13:37 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-09 09:10 - 2015-04-09 09:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-09 09:10 - 2015-04-09 09:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-09 09:10 - 2015-04-09 09:10 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-04-09 09:10 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-09 09:10 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-09 09:10 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-05 03:01 - 2015-04-05 03:01 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-05 01:08 - 2015-04-05 01:08 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-04 23:36 - 2015-04-14 11:11 - 00000000 ____D () C:\AdwCleaner
2015-04-01 18:28 - 2015-04-01 18:28 - 00000004 _____ () C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-16 22:42 - 2014-05-01 21:56 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2015-04-16 16:50 - 2014-05-01 16:34 - 01489565 _____ () C:\Windows\WindowsUpdate.log
2015-04-16 11:21 - 2009-07-14 06:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-16 11:21 - 2009-07-14 06:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-16 11:13 - 2014-10-13 16:49 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\Spotify
2015-04-16 11:12 - 2014-10-13 16:50 - 00000000 ____D () C:\Users\Timo\AppData\Local\Spotify
2015-04-16 11:12 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-16 03:14 - 2014-12-10 19:45 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-16 03:14 - 2014-05-13 13:23 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-16 02:13 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-15 22:51 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-04-15 19:51 - 2014-05-13 11:18 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 19:51 - 2014-05-13 11:18 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-13 15:51 - 2014-05-01 22:07 - 00000000 ____D () C:\Users\Malisa
2015-04-13 15:51 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2015-04-13 15:51 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2015-04-13 15:44 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2015-04-12 20:15 - 2014-07-14 22:19 - 00000052 _____ () C:\Windows\system32\DOErrors.log
2015-04-09 11:29 - 2014-05-20 10:28 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-09 11:29 - 2014-05-20 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-09 11:29 - 2014-05-20 10:28 - 00000000 ____D () C:\Program Files\Avira
2015-04-09 10:55 - 2014-05-24 15:49 - 00000000 ____D () C:\Users\Timo\AppData\Local\CrashDumps
2015-04-09 10:55 - 2014-05-02 13:43 - 00000000 ____D () C:\Windows\Minidump
2015-04-09 10:55 - 2014-05-01 17:30 - 00000000 ____D () C:\Windows\Panther
2015-04-09 09:44 - 2014-05-01 16:38 - 00000000 ____D () C:\Program Files\WinRAR
2015-04-09 09:44 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Help
2015-04-09 09:13 - 2015-02-09 18:53 - 00000000 ____D () C:\Users\Timo\Desktop\studio one-focus rite
2015-04-09 09:11 - 2014-05-01 21:28 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-04-08 08:23 - 2010-11-20 23:01 - 00006272 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-04 23:43 - 2014-05-13 11:51 - 00001019 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-04 23:43 - 2014-05-13 11:51 - 00001007 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-04 23:43 - 2014-05-01 16:46 - 00001146 _____ () C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-03 03:11 - 2014-10-13 16:50 - 00001762 _____ () C:\Users\Timo\Desktop\Spotify.lnk
2015-04-03 03:11 - 2014-10-13 16:50 - 00001748 _____ () C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-04-01 11:40 - 2014-05-20 10:38 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\Avira
2015-04-01 11:39 - 2014-05-20 10:28 - 00000000 ____D () C:\ProgramData\Avira
2015-03-25 15:50 - 2015-02-15 21:22 - 00000193 _____ () C:\Windows\WORDPAD.INI
2015-03-17 12:17 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2015-03-17 11:44 - 2009-07-14 06:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2014-05-25 05:19 - 2009-10-23 23:00 - 5811712 _____ (reFX) C:\Program Files\Nexus.dll
2015-04-09 10:21 - 2015-04-09 10:21 - 0000017 _____ () C:\Users\Timo\AppData\Local\resmon.resmoncfg

Some content of TEMP:
====================
C:\Users\Timo\AppData\Local\temp\avgnt.exe
C:\Users\Timo\AppData\Local\temp\Quarantine.exe
C:\Users\Timo\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-15 18:16

==================== End Of Log ============================

--- --- ---

schrauber · 17.04.2015, 19:23

Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen

Java und FLash udpaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3044770782-112996184-995125354-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\my-prefs.js [2015-04-05] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\my.cfg [2015-04-05] <==== ATTENTION
FF HKLM\...\Firefox\Extensions: [{A8B09F17-E5D7-43EF-A521-AD9AD17A6BDC}] - C:\Windows\Installer\{92FE8025-FC2A-4F0F-A316-EC5CD7A02A18}\{A8B09F17-E5D7-43EF-A521-AD9AD17A6BDC}.xpi
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Frisches FRST log bitte.

Avirz · 19.04.2015, 11:00

habe bei Revo uninstaller jetzt nichts gelesen mit ,, reste entfernen lassen,

Firefox habe ich neuinstalliert , aber weis nicht wo und wie Ich Java und flash ,,player '' ? updaten kann , wenn ich auf dieser Seite Die sachen suche finde ich verschiedenes wo ich nicht weis welches das richtige ist.

Gruß

schrauber · 19.04.2015, 22:03

Firefox nach neu installieren auch zurück gesetzt?

Java und Flash Player deinstallieren, dann bei Adobe auf der Seite die aktuellen Versionen installieren.

Avirz · 21.04.2015, 10:05

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-04-2015
Ran by Timo at 2015-04-21 10:58:19 Run:1
Running from C:\Users\Timo\Desktop
Loaded Profiles: Timo (Available profiles: Timo)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
ATTFilter

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3044770782-112996184-995125354-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\my-prefs.js [2015-04-05] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\my.cfg [2015-04-05] <==== ATTENTION
FF HKLM\...\Firefox\Extensions: [{A8B09F17-E5D7-43EF-A521-AD9AD17A6BDC}] - C:\Windows\Installer\{92FE8025-FC2A-4F0F-A316-EC5CD7A02A18}\{A8B09F17-E5D7-43EF-A521-AD9AD17A6BDC}.xpi
Emptytemp:
*****************

ATTFilter => Error: No automatic fix found for this entry.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-3044770782-112996184-995125354-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
C:\Program Files\mozilla firefox\browser\defaults\preferences\my-prefs.js => Moved successfully.
C:\Program Files\mozilla firefox\my.cfg => Moved successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\{A8B09F17-E5D7-43EF-A521-AD9AD17A6BDC} => value deleted successfully.
EmptyTemp: => Removed 208 MB temporary data.

The system needed a reboot.

==== End of Fixlog 10:58:27 ====

Sieht so aus als wär alles wieder Inordnung.

Vielen Dank

Ps. Falls sowas nochmal passiert, kann ich dann das gleiche machen ?

Gruß

schrauber · 22.04.2015, 07:21

Nee, is immer individuell.

Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren

Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
Klicke auf OK.
Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

und/oder das Forum mit einer kleinen Spende unterstützen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:

NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.

Lade Software von einem sauberen Portal wie

.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

16.04.2015, 06:44	#16
schrauber /// the machine /// TB-Ausbilder	Virus Problem in welchem Browser? Das frische FRST log fehlt noch. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

16.04.2015, 21:14	#18
schrauber /// the machine /// TB-Ausbilder	Virus Problem Du hast doch ganz am Anfang das Tool FRST benutzt. Davon bitte ein neues Scanlog. __________________ __________________

19.04.2015, 22:03	#22
schrauber /// the machine /// TB-Ausbilder	Virus Problem Firefox nach neu installieren auch zurück gesetzt? Java und Flash Player deinstallieren, dann bei Adobe auf der Seite die aktuellen Versionen installieren. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Virus Problem

Plagegeister aller Art und deren Bekämpfung: Virus Problem

Virus Problem

Virus Problem

Virus Problem

Virus Problem

Virus Problem

Virus Problem

Virus Problem

Virus Problem

Virus Problem

Ähnliche Themen: Virus Problem

16.04.2015, 12:34	#17
Avirz	Virus Problem Bei Mozilla Firefox. Welches FRST von Combofix ? __________________

19.04.2015, 11:00	#21
Avirz	Virus Problem habe bei Revo uninstaller jetzt nichts gelesen mit ,, reste entfernen lassen, Firefox habe ich neuinstalliert , aber weis nicht wo und wie Ich Java und flash ,,player '' ? updaten kann , wenn ich auf dieser Seite Die sachen suche finde ich verschiedenes wo ich nicht weis welches das richtige ist. Gruß