Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Avast durch Gruppenrichtlinie blockiert (https://www.trojaner-board.de/158185-avast-gruppenrichtlinie-blockiert.html)

Arne_14 01.09.2014 10:48
Avast durch Gruppenrichtlinie blockiert
 
Hi,

bei mir tritt ebenfalls das Problem auf, dass avast/Spyware blockiert wird. Die Logs füge ich im nächsten Post gleich an.

Vielen Dank im Voraus!


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by arne (administrator) on ARNE-PC on 01-09-2014 11:47:22
Running from C:\Users\arne\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12666984 2011-08-09] (Realtek Semiconductor)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2777736 2013-04-03] (Crawler.com)
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-29] (AVAST Software)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Spyware Terminator <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Spyware Terminator <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKU\S-1-5-21-1168707051-2190759859-464888703-1000\...\Run: [BlackBerryLink.exe] => "C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.exe" /minimize
HKU\S-1-5-21-1168707051-2190759859-464888703-1000\...\MountPoints2: {004879d7-3e59-11e3-bc00-806e6f6e6963} - E:\SETUP.EXE
HKU\S-1-5-21-1168707051-2190759859-464888703-1000\...\MountPoints2: {08981a52-2bfe-11e3-b7f3-bc5ff48d4cd0} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\start.exe
HKU\S-1-5-21-1168707051-2190759859-464888703-1000\...\MountPoints2: {d1373b72-df00-11e2-9908-806e6f6e6963} - E:\Launch.exe
AppInit_DLLs: C:\Program Files C:\Program Files => C:\Program Files C:\Program Files File Not Found
AppInit_DLLs-x32: C:\Program Files C:\Program Files => "C:\Program Files C:\Program Files" File Not Found
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
SearchScopes: HKLM - DefaultScope {03900980-D311-4A3F-8903-F4ABA3547F45} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS
SearchScopes: HKLM - {03900980-D311-4A3F-8903-F4ABA3547F45} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 - {03900980-D311-4A3F-8903-F4ABA3547F45} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\arne\AppData\Roaming\Mozilla\Firefox\Profiles\4uanr8qj.default
FF SearchEngineOrder.1: Mysearchdial
FF Plugin: @videolan.org/vlc,version=2.0.7 -> D:\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF user.js: detected! => C:\Users\arne\AppData\Roaming\Mozilla\Firefox\Profiles\4uanr8qj.default\user.js
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: NoScript - C:\Users\arne\AppData\Roaming\Mozilla\Firefox\Profiles\4uanr8qj.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-06-27]
FF Extension: BetterPrivacy - C:\Users\arne\AppData\Roaming\Mozilla\Firefox\Profiles\4uanr8qj.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013-06-27]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-06-27]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-06-28]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-16]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-16] (AVAST Software)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S3 SandraAgentSrv; D:\SiSoftware Sandra Lite 2014.SP1a\RpcAgentSrv.exe [72344 2008-02-17] (SiSoftware) [File not signed]
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1149104 2013-04-03] (Crawler.com)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-16] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-16] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-16] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2014-01-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-16] ()
S3 E100B; C:\Windows\System32\DRIVERS\efe5b32e.sys [192256 2009-06-10] (Intel Corporation)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2013-09-12] (Research in Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 SANDRA; D:\SISOFTWARE SANDRA LITE 2014.SP1A\WNT500X64\Sandra.sys [23112 2009-08-07] (SiSoftware)
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2013-08-02] (Windows (R) Win 7 DDK provider)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 AsrCDDrv; \??\C:\Windows\SysWOW64\Drivers\AsrCDDrv.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-01 11:47 - 2014-09-01 11:47 - 00011341 _____ () C:\Users\arne\Desktop\FRST.txt
2014-09-01 11:47 - 2014-09-01 11:47 - 00000000 ____D () C:\FRST
2014-09-01 11:40 - 2014-09-01 11:40 - 02104832 _____ (Farbar) C:\Users\arne\Desktop\FRST64.exe
2014-09-01 11:22 - 2014-09-01 11:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-01 11:21 - 2014-09-01 11:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\arne\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-01 11:21 - 2014-09-01 11:21 - 00000619 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-01 11:21 - 2014-09-01 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-01 11:21 - 2014-09-01 11:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-01 11:21 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-01 11:21 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-01 11:21 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-29 00:09 - 2014-08-29 00:09 - 00000651 _____ () C:\Users\arne\Desktop\Start Tor Browser - Verknüpfung.lnk
2014-08-29 00:03 - 2014-08-29 00:04 - 27281991 _____ () C:\Users\arne\Desktop\torbrowser-install-3.6.4_en-US.exe
2014-08-28 18:47 - 2014-08-31 23:13 - 00000000 ____D () C:\ProgramData\EsizRurca
2014-08-28 00:16 - 2014-08-28 11:29 - 00000000 ____D () C:\ProgramData\UsqihAzbor
2014-08-27 23:52 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 23:52 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 23:52 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-26 23:51 - 2014-08-26 23:51 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-08-26 23:51 - 2014-08-26 23:51 - 00000000 ____D () C:\ProgramData\ErfeJufqi
2014-08-22 10:51 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-22 10:51 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-22 10:51 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-22 10:51 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-22 10:51 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-22 10:51 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-22 10:51 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-22 10:51 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-22 10:51 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-22 10:51 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-22 10:51 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-22 10:51 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-22 10:51 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-22 10:51 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-14 16:11 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 16:11 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-14 16:11 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 16:11 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 16:11 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-14 16:11 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 16:10 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 16:10 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 15:25 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 15:25 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 15:25 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 15:25 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 15:25 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 15:25 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 15:25 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 15:25 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 15:25 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 15:25 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 15:25 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 15:25 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 15:25 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 15:25 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 15:24 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 15:24 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 15:24 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 15:24 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 15:24 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 15:24 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 15:24 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 15:24 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 15:24 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 15:24 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 15:24 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 15:24 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 15:24 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 15:24 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 15:24 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 15:24 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 15:24 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 15:24 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 15:24 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-14 15:24 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 15:24 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 15:24 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 15:24 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 15:24 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 15:24 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 15:24 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 15:24 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 15:24 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 15:24 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 15:24 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 15:24 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 15:24 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 15:24 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 15:24 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 15:24 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 15:24 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 15:24 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 15:24 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 15:24 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 15:24 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 15:24 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 15:24 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-14 15:24 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 15:24 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 15:24 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 15:24 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 15:24 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 15:24 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 15:24 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-14 15:24 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 15:24 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 15:24 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 15:24 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 15:24 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 15:24 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 15:24 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 15:24 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 15:24 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 15:24 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 15:24 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 15:24 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 15:24 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 15:24 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 15:24 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 15:24 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 15:24 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 15:22 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 15:22 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-14 15:22 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 15:22 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-01 11:47 - 2014-09-01 11:47 - 00011341 _____ () C:\Users\arne\Desktop\FRST.txt
2014-09-01 11:47 - 2014-09-01 11:47 - 00000000 ____D () C:\FRST
2014-09-01 11:46 - 2014-07-28 20:48 - 00000408 _____ () C:\Users\arne\Desktop\wpa.txt
2014-09-01 11:45 - 2009-07-14 06:45 - 00027936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-01 11:45 - 2009-07-14 06:45 - 00027936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-01 11:42 - 2011-04-12 09:43 - 00699318 _____ () C:\Windows\system32\perfh007.dat
2014-09-01 11:42 - 2011-04-12 09:43 - 00149458 _____ () C:\Windows\system32\perfc007.dat
2014-09-01 11:42 - 2009-07-14 07:13 - 01620196 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-01 11:41 - 2013-06-27 10:15 - 01987737 _____ () C:\Windows\WindowsUpdate.log
2014-09-01 11:40 - 2014-09-01 11:40 - 02104832 _____ (Farbar) C:\Users\arne\Desktop\FRST64.exe
2014-09-01 11:38 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-01 11:37 - 2010-11-21 05:47 - 00324856 _____ () C:\Windows\PFRO.log
2014-09-01 11:37 - 2009-07-14 06:51 - 00036877 _____ () C:\Windows\setupact.log
2014-09-01 11:37 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Resources
2014-09-01 11:22 - 2014-09-01 11:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-01 11:21 - 2014-09-01 11:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\arne\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-01 11:21 - 2014-09-01 11:21 - 00000619 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-01 11:21 - 2014-09-01 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-01 11:21 - 2014-09-01 11:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-31 23:13 - 2014-08-28 18:47 - 00000000 ____D () C:\ProgramData\EsizRurca
2014-08-30 01:59 - 2013-07-31 12:03 - 00000000 ____D () C:\Users\arne\AppData\Roaming\vlc
2014-08-29 12:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-29 00:09 - 2014-08-29 00:09 - 00000651 _____ () C:\Users\arne\Desktop\Start Tor Browser - Verknüpfung.lnk
2014-08-29 00:09 - 2013-06-27 19:49 - 00000000 ____D () C:\Users\arne\Desktop\Tor Browser
2014-08-29 00:04 - 2014-08-29 00:03 - 27281991 _____ () C:\Users\arne\Desktop\torbrowser-install-3.6.4_en-US.exe
2014-08-28 21:05 - 2014-07-28 20:47 - 00000000 ____D () C:\Users\arne\Desktop\Bewerbungen
2014-08-28 11:29 - 2014-08-28 00:16 - 00000000 ____D () C:\ProgramData\UsqihAzbor
2014-08-28 11:13 - 2009-07-14 06:45 - 00413984 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 00:09 - 2013-08-02 00:12 - 00000000 ____D () C:\ProgramData\Spyware Terminator
2014-08-26 23:51 - 2014-08-26 23:51 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-08-26 23:51 - 2014-08-26 23:51 - 00000000 ____D () C:\ProgramData\ErfeJufqi
2014-08-26 23:49 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-26 10:38 - 2014-07-28 20:48 - 00000000 ____D () C:\Users\arne\Desktop\Stellen Screenshots
2014-08-26 00:03 - 2013-06-27 19:18 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-25 15:09 - 2013-06-27 21:34 - 00000000 ____D () C:\Users\arne\AppData\Local\Microsoft Help
2014-08-23 04:07 - 2014-08-27 23:52 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-27 23:52 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-27 23:52 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-14 22:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-14 16:14 - 2013-08-15 20:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 16:13 - 2013-07-07 10:22 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-14 16:10 - 2014-05-06 18:59 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-14 15:52 - 2013-10-03 09:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-14 15:52 - 2013-07-08 12:17 - 00001146 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-08-14 15:52 - 2013-07-08 12:17 - 00000000 ____D () C:\Users\arne\AppData\Roaming\DVDVideoSoft
2014-08-14 15:52 - 2013-07-08 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-08-07 04:06 - 2014-08-14 15:22 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-14 15:22 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 09:20 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-02 14:40 - 2014-05-18 11:01 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-02 14:40 - 2013-10-26 18:36 - 00000000 ____D () C:\Users\arne\AppData\Local\Google

Some content of TEMP:
====================
C:\Users\arne\AppData\Local\Temp\10719uninstall.exe
C:\Users\arne\AppData\Local\Temp\214uninstall.exe
C:\Users\arne\AppData\Local\Temp\23166uninstall.exe
C:\Users\arne\AppData\Local\Temp\39171uninstall.exe
C:\Users\arne\AppData\Local\Temp\39343uninstall.exe
C:\Users\arne\AppData\Local\Temp\3956uninstall.exe
C:\Users\arne\AppData\Local\Temp\4391uninstall.exe
C:\Users\arne\AppData\Local\Temp\51599uninstall.exe
C:\Users\arne\AppData\Local\Temp\52202uninstall.exe
C:\Users\arne\AppData\Local\Temp\58841uninstall.exe
C:\Users\arne\AppData\Local\Temp\59523uninstall.exe
C:\Users\arne\AppData\Local\Temp\59928uninstall.exe
C:\Users\arne\AppData\Local\Temp\60118uninstall.exe
C:\Users\arne\AppData\Local\Temp\63431uninstall.exe
C:\Users\arne\AppData\Local\Temp\65000uninstall.exe
C:\Users\arne\AppData\Local\Temp\65368uninstall.exe
C:\Users\arne\AppData\Local\Temp\75520uninstall.exe
C:\Users\arne\AppData\Local\Temp\77376uninstall.exe
C:\Users\arne\AppData\Local\Temp\81355uninstall.exe
C:\Users\arne\AppData\Local\Temp\83628uninstall.exe
C:\Users\arne\AppData\Local\Temp\85299uninstall.exe
C:\Users\arne\AppData\Local\Temp\86023uninstall.exe
C:\Users\arne\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
C:\Users\arne\AppData\Local\Temp\96870uninstall.exe
C:\Users\arne\AppData\Local\Temp\99843uninstall.exe
C:\Users\arne\AppData\Local\Temp\BlackBerryDeviceManager.exe
C:\Users\arne\AppData\Local\Temp\BlackBerryLauncher.exe
C:\Users\arne\AppData\Local\Temp\DesktopInstaller.exe
C:\Users\arne\AppData\Local\Temp\Sqlite3.dll
C:\Users\arne\AppData\Local\Temp\_is1C75.exe
C:\Users\arne\AppData\Local\Temp\_is1F52.exe
C:\Users\arne\AppData\Local\Temp\_is5C04.exe
C:\Users\arne\AppData\Local\Temp\_is94DB.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-27 16:33

==================== End Of Log ============================
--- --- ---

--- --- ---

Warlord711 01.09.2014 10:48
Hallo Arne_14

:hallo:

Mein Name ist Timo und ich werde Dir bei deinem Problem behilflich sein.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scans durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist immer der sicherste Weg.

Wir "arbeiten" hier alle freiwillig und in unserer Freizeit *hust*. Daher kann es bei Antworten zu Verzögerungen kommen.
Solltest du innerhalb 48 Std keine Antwort von mir erhalten, dann schreib mit eine PM
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis ich oder jemand vom Team sagt, dass Du clean bist.

Arne_14 01.09.2014 10:49
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2014 02
Ran by arne at 2014-09-01 11:47:43
Running from C:\Users\arne\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.10.100.30328 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.0328.2218.38225 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.80328.2204 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2013.0328.2218.38225 - Ihr Firmenname) Hidden
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CrystalDiskInfo 6.1.9a (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.1.9a - Crystal Dew World)
Free YouTube to MP3 Converter version 3.12.43.806 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.43.806 - DVDVideoSoft Ltd.)
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 23.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 23.0.1 (x86 de)) (Version: 23.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 23.0.1 - Mozilla)
NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6433 - Realtek Semiconductor Corp.)
SiSoftware Sandra Lite 2014.SP1a (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 20.21.2014.3 - SiSoftware)
Spyware Terminator 2012 (HKLM-x32\...\{56736259-613E-4A3B-B428-6235F2E76F44}_is1) (Version: 3.0.0.82 - Crawler.com)
TL-WN751ND Driver (HKLM-x32\...\{14770694-6C1C-4137-95F9-6F934D8491B4}) (Version: 1.00.0000 - TP-LINK)
TP-LINK TL-WN781ND Driver (HKLM-x32\...\{87C7B472-9BC2-43C8-9F03-86D2908E1A51}) (Version: 1.2.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.2.1 - TP-LINK)
Update for Microsoft Office Word 2007 (KB974631) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{1D53FB73-9826-4541-B2E0-A239C6EBA718}) (Version:  - )
Update for Microsoft Office Word 2007 (KB974631) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{34726474-50D6-49FC-B8AC-35411459D27A}) (Version:  - )
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.64  - Nullsoft, Inc)
WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

14-08-2014 13:19:42 Windows Update
14-08-2014 14:10:29 Windows Update
19-08-2014 18:42:07 Windows Update
22-08-2014 08:51:17 Windows Update
26-08-2014 21:53:27 Windows Update
27-08-2014 23:58:14 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {54D077AE-DA69-4B58-8C53-031BE810F221} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-16] (AVAST Software)
Task: {67AA71DC-D1E6-4091-9363-381420CF6702} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

==================== Loaded Modules (whitelisted) =============

2013-03-28 22:31 - 2013-03-28 22:31 - 00210944 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-09-23 13:53 - 2012-09-23 13:53 - 00748544 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-09-23 13:53 - 2012-09-23 13:53 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-03-28 22:30 - 2013-03-28 22:30 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-03-28 22:30 - 2013-03-28 22:30 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-07-16 15:31 - 2014-07-16 15:31 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-01 10:49 - 2014-09-01 10:49 - 02805248 _____ () C:\Program Files\AVAST Software\Avast\defs\14090100\algo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/01/2014 11:39:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/01/2014 10:50:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/31/2014 11:13:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/30/2014 10:17:32 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 11.0.9600.17239 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: f08

Startzeit: 01cfc42a651809c1

Endzeit: 0

Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe

Berichts-ID: 112c2d7b-301e-11e4-83ab-bc5ff48d4cd0

Error: (08/30/2014 10:14:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CLIStart.exe, Version: 3.5.0.0, Zeitstempel: 0x5154f847
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x02c54b26
ID des fehlerhaften Prozesses: 0xce0
Startzeit der fehlerhaften Anwendung: 0xCLIStart.exe0
Pfad der fehlerhaften Anwendung: CLIStart.exe1
Pfad des fehlerhaften Moduls: CLIStart.exe2
Berichtskennung: CLIStart.exe3

Error: (08/30/2014 10:14:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/30/2014 01:03:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CLIStart.exe, Version: 3.5.0.0, Zeitstempel: 0x5154f847
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x027a4b26
ID des fehlerhaften Prozesses: 0xdd8
Startzeit der fehlerhaften Anwendung: 0xCLIStart.exe0
Pfad der fehlerhaften Anwendung: CLIStart.exe1
Pfad des fehlerhaften Moduls: CLIStart.exe2
Berichtskennung: CLIStart.exe3

Error: (08/30/2014 01:02:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/29/2014 03:51:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/29/2014 11:28:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CLIStart.exe, Version: 3.5.0.0, Zeitstempel: 0x5154f847
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x027c4b26
ID des fehlerhaften Prozesses: 0xd98
Startzeit der fehlerhaften Anwendung: 0xCLIStart.exe0
Pfad der fehlerhaften Anwendung: CLIStart.exe1
Pfad des fehlerhaften Moduls: CLIStart.exe2
Berichtskennung: CLIStart.exe3


System errors:
=============
Error: (09/01/2014 10:48:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update Jump Flip" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (09/01/2014 00:22:24 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (09/01/2014 00:21:17 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (09/01/2014 00:21:17 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (09/01/2014 00:14:11 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (09/01/2014 00:14:10 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (08/31/2014 11:12:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update Jump Flip" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (08/30/2014 10:14:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update Jump Flip" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (08/30/2014 01:01:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update Jump Flip" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (08/29/2014 03:49:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update Jump Flip" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2


Microsoft Office Sessions:
=========================
Error: (08/28/2014 08:30:46 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5001, Microsoft Office Version: 12.0.4518.1014. This session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor: AMD FX(tm)-6300 Six-Core Processor
Percentage of memory in use: 18%
Total physical RAM: 8175.24 MB
Available physical RAM: 6694.57 MB
Total Pagefile: 16348.66 MB
Available Pagefile: 14733.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:111.79 GB) (Free:62.16 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Volume) (Fixed) (Total:931.51 GB) (Free:798.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: 8D16E952)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: BF651D54)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Warlord711 01.09.2014 10:56
Schritt 1:

Deinstallation von Programmen:
  • Klicke auf Start
  • Klicke auf Systemsteuerung
  • Klicke auf Programme und Funktionen
  • suche den Einträge
    Code:
    Adobe Flash Player 11 ActiveX
    Spyware Terminator 2012
  • klicke jeweils mit der rechten Maustaste und wähle deinstallieren

Deinstalliere auch - falls du es nicht absichtlich installiert hast - alles was den Zusatz "Toolbar" enthält, sowie Downloader-Anwendungen

Gehe bitte die folgende Liste durch und deinstalliere die genannten Programme, falls vorhanden:
CCleaner oder andere Registry-Cleaner, TuneUp Utilities (inkl. Language Pack), Glary Utilities, Spybot S & D (inklusive Teatimer), Zonealarm Firewall, McAfee Security Scan, Spyware Hunter, Spyware Terminator, Java 6 (alle), Pokersoftware, xp-Antispy, Hotspot Shield, iLivid, Amazon Icon, DriverEasy, Advanced Driver Updater, DriverCure, Uniblue DriverScanner, FireJump, SearchAnonymizer, SpeedMaxPC

Schritt 2:
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Spyware Terminator <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Spyware Terminator <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
AppInit_DLLs: C:\Program Files C:\Program Files => C:\Program Files C:\Program Files File Not Found
AppInit_DLLs-x32: C:\Program Files C:\Program Files => "C:\Program Files C:\Program Files" File Not Found

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Schritt 3:
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 4:

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


Schritt 5:
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Arne_14 01.09.2014 11:04
Spyware lässt sich nicht deinstallieren. Ich soll mich an den Systemadmin wenden

Warlord711 01.09.2014 11:38
Software mit Revo Uninstaller deinstallieren Downloade Dir bitte den Revo Uninstaller
  • Doppelklicke auf die revosetup.exe.
  • Installiere das Tool in den vorgegebenen Pfad.
  • Doppelklicke auf das Revo Uninstall Icon.
  • Suche Dir nun folgende Software aus der Code-Box.
    Code:
    Spyware Terminator 2012
    Klicke darauf und bestätige mit Ja.
  • Belasse die Einstellung der Deinstallationsroutine auf Moderat und klicke auf weiter.
  • Das Tool wird nun nach allen Einträgen auf dem Rechner suchen. Klick auf weiter
  • Klicke auf den Markiere alle Button und klicke auf löschen und bestätige mit Ja.
Bebilderte Anleitung Starte den Rechner neu.

Arne_14 01.09.2014 15:33
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-08-2014 02
Ran by arne at 2014-09-01 15:54:12 Run:1
Running from C:\Users\arne\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Spyware Terminator <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Spyware Terminator <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
AppInit_DLLs: C:\Program Files C:\Program Files => C:\Program Files C:\Program Files File Not Found
AppInit_DLLs-x32: C:\Program Files C:\Program Files => "C:\Program Files C:\Program Files" File Not Found
*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
"C:\Program Files C:\Program Files" => Value Data removed successfully.
"C:\Program Files C:\Program Files" => Value Data removed successfully.

==== End of Fixlog ====
Code:
# AdwCleaner v3.308 - Bericht erstellt am 01/09/2014 um 15:55:50
# Aktualisiert 20/08/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : arne - ARNE-PC
# Gestartet von : C:\Users\arne\Desktop\adwcleaner_3.308.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Users\arne\AppData\Roaming\Mozilla\Firefox\Profiles\4uanr8qj.default\user.js
Ordner Gefunden : C:\Program Files (x86)\Jump Flip
Ordner Gefunden : C:\Users\arne\AppData\Local\Temp\mt_ffx
Ordner Gefunden : C:\Users\arne\AppData\Local\Temp\OCS
Ordner Gefunden : C:\Users\arne\AppData\LocalLow\Softonic
Ordner Gefunden : C:\Users\arne\AppData\Roaming\pdfforge

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\InstallCore
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\updateJumpFlip_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\updateJumpFlip_RASMANCS
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v23.0.1 (de)

[ Datei : C:\Users\arne\AppData\Roaming\Mozilla\Firefox\Profiles\4uanr8qj.default\prefs.js ]

Zeile gefunden : user_pref("browser.search.order.1", "Mysearchdial");
Zeile gefunden : user_pref("extensions.irmysearch.aflt", "irmsd0101");
Zeile gefunden : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1Qzu0CtB0FtA0CtCtCyC0FyCyD0ByCyB0FyDtN0D0Tzu0SyBtAtBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");
Zeile gefunden : user_pref("extensions.irmysearch.cr", "2017528363");
Zeile gefunden : user_pref("extensions.irmysearch.instlRef", "");

*************************

AdwCleaner[R0].txt - [3498 octets] - [01/09/2014 15:55:50]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3558 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by arne on 01.09.2014 at 16:10:22,27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.09.2014 at 16:16:11,92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 01.09.2014
Suchlauf-Zeit: 11:53:18
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.01.01
Rootkit Datenbank: v2014.08.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: arne

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 342586
Verstrichene Zeit: 5 Min, 36 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 26
PUP.Optional.Softonic.A, C:\Users\arne\AppData\Roaming\Mozilla\Firefox\Profiles\4uanr8qj.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.admin", false);), Ersetzt,[680db335c6b50e28e2360c0d65a09a66]
PUP.Optional.Softonic.A, C:\Users\arne\AppData\Roaming\Mozilla\Firefox\Profiles\4uanr8qj.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.aflt", "OC");), Ersetzt,[fb7ab5337a0161d50d0b5bbeff064db3]
PUP.Optional.Softonic.A, C:\Users\arne\AppData\Roaming\Mozilla\Firefox\Profiles\4uanr8qj.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.appId", "{7ABBFE1C-E485-44AA-8F36-353751B4124D}");), Ersetzt,[284dc3250576c76fd24638e1917401ff]
PUP.Optional.Softonic.A, C:\Users\arne\AppData\Roaming\Mozilla\Firefox\Profiles\4uanr8qj.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.autoRvrt", "false");), Ersetzt,[a2d3feea8cef83b3ba5e0613fb0a956b]
PUP.Optional.Softonic.A, C:\Users\arne\AppData\Roaming\Mozilla\Firefox\Profiles\4uanr8qj.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.dfltLng", "de");), Ersetzt,[5025f1f781fac2748a8e12075baa41bf]
PUP.Optional.Softonic.A, C:\Users\arne\AppData\Roaming\Mozilla\Firefox\Profiles\4uanr8qj.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.dfltSrch", true);), Ersetzt,[8fe6e40485f6f145a276a5749273bb45]
PUP.Optional.Softonic.A, C:\Users\arne\AppData\Roaming\Mozilla\Firefox\Profiles\4uanr8qj.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.dnsErr", true);), Ersetzt,[e68f6a7e6a11b581cf49f227d92c46ba]
PUP.Optional.Softonic.A, C:\Users\arne\AppData\Roaming\Mozilla\Firefox\Profiles\4uanr8qj.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.excTlbr", false);), Ersetzt,[4e275593e99242f4b4640b0ee421b749]
PUP.Optional.Softonic.A, C:\Users\arne\AppData\Roaming\Mozilla\Firefox\Profiles\4uanr8qj.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.ffxUnstlRst", false);), Ersetzt,[ec890ddb29525cda96825dbc8b7a8977]
PUP.Optional.Softonic.A, C:\Users\arne\AppData\Roaming\Mozilla\Firefox\Profiles\4uanr8qj.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.hmpg", true);), Ersetzt,[fd788c5ca6d58ea8b76163b6a06552ae]
PUP.Optional.Softonic.A, C:\Users\arne\AppData\Roaming\Mozilla\Firefox\Profiles\4uanr8qj.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=13&cc=&mi=be7467f5000000000000bc5ff48d4cd0");), Ersetzt,[64111fc99edd6bcbda3e22f743c2ca36]
PUP.Optional.Softonic.A, C:\Users\arne\AppData\Roaming\Mozilla\Firefox\Profiles\4uanr8qj.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.id", "be7467f5000000000000bc5ff48d4cd0");), Ersetzt,[9ed713d5e4979d9951c7f3267e8711ef]
PUP.Optional.Softonic.A, C:\Users\arne\AppData\Roaming\Mozilla\Firefox\Profiles\4uanr8qj.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.instlDay", "16004");), Ersetzt,[f184499fbbc038fec55325f4c243659b]
PUP.Optional.Softonic.A, C:\Users\arne\AppData\Roaming\Mozilla\Firefox\Profiles\4uanr8qj.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.instlRef", "MOY00621");), Ersetzt,[8aebb5336912a88ec2564ecb15f006fa]
PUP.Optional.Softonic.A, C:\Users\arne\AppData\Roaming\Mozilla\Firefox\Profiles\4uanr8qj.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.newTab", true);), Ersetzt,[c0b5b434fc7fd75fd8409e7bc1446799]
PUP.Optional.Softonic.A, C:\Users\arne\AppData\Roaming\Mozilla\Firefox\Profiles\4uanr8qj.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MOY00621/tb_v1/?SearchSource=15&cc=&mi=be7467f5000000000000bc5ff48d4cd0");), Ersetzt,[3e378a5e8cef1323d0481108996c916f]
PUP.Optional.Softonic.A, C:\Users\arne\AppData\Roaming\Mozilla\Firefox\Profiles\4uanr8qj.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.prdct", "Softonic");), Ersetzt,[2e4784641665e452a6723ddcb74e24dc]
PUP.Optional.Softonic.A, C:\Users\arne\AppData\Roaming\Mozilla\Firefox\Profiles\4uanr8qj.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.prtnrId", "softonic");), Ersetzt,[62139454a3d8ef47c55333e61ee74ab6]
PUP.Optional.Softonic.A, C:\Users\arne\AppData\Roaming\Mozilla\Firefox\Profiles\4uanr8qj.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.rvrt", "false");), Ersetzt,[037244a4eb90d46276a28e8b35d0c13f]
PUP.Optional.Softonic.A, C:\Users\arne\AppData\Roaming\Mozilla\Firefox\Profiles\4uanr8qj.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.smplGrp", "none");), Ersetzt,[1d58aa3e562583b37a9ebb5ef70e6f91]
PUP.Optional.Softonic.A, C:\Users\arne\AppData\Roaming\Mozilla\Firefox\Profiles\4uanr8qj.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");), Ersetzt,[3441dc0c7407a0962cec7c9dc441d729]
PUP.Optional.Softonic.A, C:\Users\arne\AppData\Roaming\Mozilla\Firefox\Profiles\4uanr8qj.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.tlbrId", "opencandy2013");), Ersetzt,[65105f89a5d670c634e49188a263a55b]
PUP.Optional.Softonic.A, C:\Users\arne\AppData\Roaming\Mozilla\Firefox\Profiles\4uanr8qj.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=1&cc=&mi=be7467f5000000000000bc5ff48d4cd0&q=");), Ersetzt,[babb9a4e4f2cde5857c124f5689db749]
PUP.Optional.Softonic.A, C:\Users\arne\AppData\Roaming\Mozilla\Firefox\Profiles\4uanr8qj.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.vrsn", "1.8.21.14");), Ersetzt,[ef865692df9c78beee2a85941de81ce4]
PUP.Optional.Softonic.A, C:\Users\arne\AppData\Roaming\Mozilla\Firefox\Profiles\4uanr8qj.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.vrsnTs", "1.8.21.1418:36:29");), Ersetzt,[284d5098b1cad85e9583ca4f5ea7f010]
PUP.Optional.Softonic.A, C:\Users\arne\AppData\Roaming\Mozilla\Firefox\Profiles\4uanr8qj.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.vrsni", "1.8.21.14");), Ersetzt,[5c19a2466912350151c7f2270203ab55]

Physische Sektoren: 0
(No malicious items detected)


(end)

Warlord711 01.09.2014 15:45
Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Arne_14 01.09.2014 23:06

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by arne (administrator) on ARNE-PC on 02-09-2014 00:05:53
Running from C:\Users\arne\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12666984 2011-08-09] (Realtek Semiconductor)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-29] (AVAST Software)
HKU\S-1-5-21-1168707051-2190759859-464888703-1000\...\Run: [BlackBerryLink.exe] => "C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.exe" /minimize
HKU\S-1-5-21-1168707051-2190759859-464888703-1000\...\MountPoints2: {004879d7-3e59-11e3-bc00-806e6f6e6963} - E:\SETUP.EXE
HKU\S-1-5-21-1168707051-2190759859-464888703-1000\...\MountPoints2: {08981a52-2bfe-11e3-b7f3-bc5ff48d4cd0} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\start.exe
HKU\S-1-5-21-1168707051-2190759859-464888703-1000\...\MountPoints2: {d1373b72-df00-11e2-9908-806e6f6e6963} - E:\Launch.exe
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
SearchScopes: HKLM - {03900980-D311-4A3F-8903-F4ABA3547F45} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS
SearchScopes: HKLM-x32 - {03900980-D311-4A3F-8903-F4ABA3547F45} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\arne\AppData\Roaming\Mozilla\Firefox\Profiles\4uanr8qj.default
FF Plugin: @videolan.org/vlc,version=2.0.7 -> D:\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: NoScript - C:\Users\arne\AppData\Roaming\Mozilla\Firefox\Profiles\4uanr8qj.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-06-27]
FF Extension: BetterPrivacy - C:\Users\arne\AppData\Roaming\Mozilla\Firefox\Profiles\4uanr8qj.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013-06-27]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-06-27]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-06-28]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-16]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-16] (AVAST Software)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S3 SandraAgentSrv; D:\SiSoftware Sandra Lite 2014.SP1a\RpcAgentSrv.exe [72344 2008-02-17] (SiSoftware) [File not signed]
S2 ST2012_Svc; "C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-16] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-16] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-16] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2014-01-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-16] ()
S3 E100B; C:\Windows\System32\DRIVERS\efe5b32e.sys [192256 2009-06-10] (Intel Corporation)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2013-09-12] (Research in Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 SANDRA; D:\SISOFTWARE SANDRA LITE 2014.SP1A\WNT500X64\Sandra.sys [23112 2009-08-07] (SiSoftware)
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2013-08-02] (Windows (R) Win 7 DDK provider)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 AsrCDDrv; \??\C:\Windows\SysWOW64\Drivers\AsrCDDrv.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-01 16:31 - 2014-09-01 16:32 - 00007309 _____ () C:\Users\arne\Desktop\mbam.txt
2014-09-01 16:16 - 2014-09-01 16:16 - 00000758 _____ () C:\Users\arne\Desktop\JRT.txt
2014-09-01 16:10 - 2014-09-01 16:10 - 00000000 ____D () C:\Windows\ERUNT
2014-09-01 15:55 - 2014-09-01 16:08 - 00000000 ____D () C:\AdwCleaner
2014-09-01 15:51 - 2014-09-01 15:51 - 00001280 _____ () C:\Users\arne\Desktop\Revo Uninstaller.lnk
2014-09-01 15:51 - 2014-09-01 15:51 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-01 15:50 - 2014-09-01 15:50 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\arne\Desktop\revosetup95.exe
2014-09-01 12:06 - 2014-09-01 12:06 - 01364531 _____ () C:\Users\arne\Desktop\adwcleaner_3.308.exe
2014-09-01 12:06 - 2014-09-01 12:06 - 01016261 _____ (Thisisu) C:\Users\arne\Desktop\JRT.exe
2014-09-01 11:47 - 2014-09-02 00:05 - 00009812 _____ () C:\Users\arne\Desktop\FRST.txt
2014-09-01 11:47 - 2014-09-02 00:05 - 00000000 ____D () C:\FRST
2014-09-01 11:47 - 2014-09-01 11:47 - 00020240 _____ () C:\Users\arne\Desktop\Addition.txt
2014-09-01 11:40 - 2014-09-01 11:40 - 02104832 _____ (Farbar) C:\Users\arne\Desktop\FRST64.exe
2014-09-01 11:22 - 2014-09-01 16:32 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-01 11:21 - 2014-09-01 11:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\arne\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-01 11:21 - 2014-09-01 11:21 - 00000619 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-01 11:21 - 2014-09-01 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-01 11:21 - 2014-09-01 11:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-01 11:21 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-01 11:21 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-01 11:21 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-29 00:09 - 2014-08-29 00:09 - 00000651 _____ () C:\Users\arne\Desktop\Start Tor Browser - Verknüpfung.lnk
2014-08-29 00:03 - 2014-08-29 00:04 - 27281991 _____ () C:\Users\arne\Desktop\torbrowser-install-3.6.4_en-US.exe
2014-08-28 18:47 - 2014-08-31 23:13 - 00000000 ____D () C:\ProgramData\EsizRurca
2014-08-28 00:16 - 2014-08-28 11:29 - 00000000 ____D () C:\ProgramData\UsqihAzbor
2014-08-27 23:52 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 23:52 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 23:52 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-26 23:51 - 2014-08-26 23:51 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-08-26 23:51 - 2014-08-26 23:51 - 00000000 ____D () C:\ProgramData\ErfeJufqi
2014-08-22 10:51 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-22 10:51 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-22 10:51 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-22 10:51 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-22 10:51 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-22 10:51 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-22 10:51 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-22 10:51 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-22 10:51 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-22 10:51 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-22 10:51 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-22 10:51 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-22 10:51 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-22 10:51 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-14 16:11 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 16:11 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-14 16:11 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 16:11 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 16:11 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-14 16:11 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 16:10 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 16:10 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 15:25 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 15:25 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 15:25 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 15:25 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 15:25 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 15:25 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 15:25 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 15:25 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 15:25 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 15:25 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 15:25 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 15:25 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 15:25 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 15:25 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 15:24 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 15:24 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 15:24 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 15:24 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 15:24 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 15:24 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 15:24 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 15:24 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 15:24 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 15:24 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 15:24 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 15:24 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 15:24 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 15:24 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 15:24 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 15:24 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 15:24 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 15:24 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 15:24 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-14 15:24 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 15:24 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 15:24 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 15:24 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 15:24 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 15:24 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 15:24 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 15:24 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 15:24 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 15:24 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 15:24 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 15:24 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 15:24 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 15:24 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 15:24 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 15:24 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 15:24 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 15:24 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 15:24 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 15:24 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 15:24 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 15:24 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 15:24 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-14 15:24 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 15:24 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 15:24 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 15:24 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 15:24 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 15:24 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 15:24 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-14 15:24 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 15:24 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 15:24 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 15:24 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 15:24 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 15:24 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 15:24 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 15:24 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 15:24 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 15:24 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 15:24 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 15:24 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 15:24 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 15:24 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 15:24 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 15:24 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 15:24 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 15:22 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 15:22 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-14 15:22 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 15:22 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-02 00:06 - 2014-09-01 11:47 - 00009812 _____ () C:\Users\arne\Desktop\FRST.txt
2014-09-02 00:05 - 2014-09-01 11:47 - 00000000 ____D () C:\FRST
2014-09-02 00:02 - 2011-04-12 09:43 - 00699318 _____ () C:\Windows\system32\perfh007.dat
2014-09-02 00:02 - 2011-04-12 09:43 - 00149458 _____ () C:\Windows\system32\perfc007.dat
2014-09-02 00:02 - 2009-07-14 07:13 - 01620196 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-01 23:58 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-01 23:58 - 2009-07-14 06:51 - 00037101 _____ () C:\Windows\setupact.log
2014-09-01 17:19 - 2013-06-27 10:15 - 02022998 _____ () C:\Windows\WindowsUpdate.log
2014-09-01 16:46 - 2009-07-14 06:45 - 00027936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-01 16:46 - 2009-07-14 06:45 - 00027936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-01 16:32 - 2014-09-01 16:31 - 00007309 _____ () C:\Users\arne\Desktop\mbam.txt
2014-09-01 16:32 - 2014-09-01 11:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-01 16:16 - 2014-09-01 16:16 - 00000758 _____ () C:\Users\arne\Desktop\JRT.txt
2014-09-01 16:10 - 2014-09-01 16:10 - 00000000 ____D () C:\Windows\ERUNT
2014-09-01 16:09 - 2013-08-02 00:12 - 00000000 ____D () C:\Program Files (x86)\Spyware Terminator
2014-09-01 16:09 - 2010-11-21 05:47 - 00326460 _____ () C:\Windows\PFRO.log
2014-09-01 16:08 - 2014-09-01 15:55 - 00000000 ____D () C:\AdwCleaner
2014-09-01 15:51 - 2014-09-01 15:51 - 00001280 _____ () C:\Users\arne\Desktop\Revo Uninstaller.lnk
2014-09-01 15:51 - 2014-09-01 15:51 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-01 15:50 - 2014-09-01 15:50 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\arne\Desktop\revosetup95.exe
2014-09-01 12:06 - 2014-09-01 12:06 - 01364531 _____ () C:\Users\arne\Desktop\adwcleaner_3.308.exe
2014-09-01 12:06 - 2014-09-01 12:06 - 01016261 _____ (Thisisu) C:\Users\arne\Desktop\JRT.exe
2014-09-01 11:47 - 2014-09-01 11:47 - 00020240 _____ () C:\Users\arne\Desktop\Addition.txt
2014-09-01 11:46 - 2014-07-28 20:48 - 00000408 _____ () C:\Users\arne\Desktop\wpa.txt
2014-09-01 11:40 - 2014-09-01 11:40 - 02104832 _____ (Farbar) C:\Users\arne\Desktop\FRST64.exe
2014-09-01 11:37 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Resources
2014-09-01 11:21 - 2014-09-01 11:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\arne\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-01 11:21 - 2014-09-01 11:21 - 00000619 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-01 11:21 - 2014-09-01 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-01 11:21 - 2014-09-01 11:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-31 23:13 - 2014-08-28 18:47 - 00000000 ____D () C:\ProgramData\EsizRurca
2014-08-30 01:59 - 2013-07-31 12:03 - 00000000 ____D () C:\Users\arne\AppData\Roaming\vlc
2014-08-29 12:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-29 00:09 - 2014-08-29 00:09 - 00000651 _____ () C:\Users\arne\Desktop\Start Tor Browser - Verknüpfung.lnk
2014-08-29 00:09 - 2013-06-27 19:49 - 00000000 ____D () C:\Users\arne\Desktop\Tor Browser
2014-08-29 00:04 - 2014-08-29 00:03 - 27281991 _____ () C:\Users\arne\Desktop\torbrowser-install-3.6.4_en-US.exe
2014-08-28 21:05 - 2014-07-28 20:47 - 00000000 ____D () C:\Users\arne\Desktop\Bewerbungen
2014-08-28 11:29 - 2014-08-28 00:16 - 00000000 ____D () C:\ProgramData\UsqihAzbor
2014-08-28 11:13 - 2009-07-14 06:45 - 00413984 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 00:09 - 2013-08-02 00:12 - 00000000 ____D () C:\ProgramData\Spyware Terminator
2014-08-26 23:51 - 2014-08-26 23:51 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-08-26 23:51 - 2014-08-26 23:51 - 00000000 ____D () C:\ProgramData\ErfeJufqi
2014-08-26 23:49 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-26 10:38 - 2014-07-28 20:48 - 00000000 ____D () C:\Users\arne\Desktop\Stellen Screenshots
2014-08-26 00:03 - 2013-06-27 19:18 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-25 15:09 - 2013-06-27 21:34 - 00000000 ____D () C:\Users\arne\AppData\Local\Microsoft Help
2014-08-23 04:07 - 2014-08-27 23:52 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-27 23:52 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-27 23:52 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-14 22:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-14 16:14 - 2013-08-15 20:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 16:13 - 2013-07-07 10:22 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-14 16:10 - 2014-05-06 18:59 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-14 15:52 - 2013-10-03 09:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-14 15:52 - 2013-07-08 12:17 - 00001146 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-08-14 15:52 - 2013-07-08 12:17 - 00000000 ____D () C:\Users\arne\AppData\Roaming\DVDVideoSoft
2014-08-14 15:52 - 2013-07-08 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-08-07 04:06 - 2014-08-14 15:22 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-14 15:22 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 09:20 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\arne\AppData\Local\Temp\10719uninstall.exe
C:\Users\arne\AppData\Local\Temp\214uninstall.exe
C:\Users\arne\AppData\Local\Temp\23166uninstall.exe
C:\Users\arne\AppData\Local\Temp\39171uninstall.exe
C:\Users\arne\AppData\Local\Temp\39343uninstall.exe
C:\Users\arne\AppData\Local\Temp\3956uninstall.exe
C:\Users\arne\AppData\Local\Temp\4391uninstall.exe
C:\Users\arne\AppData\Local\Temp\51599uninstall.exe
C:\Users\arne\AppData\Local\Temp\52202uninstall.exe
C:\Users\arne\AppData\Local\Temp\58841uninstall.exe
C:\Users\arne\AppData\Local\Temp\59523uninstall.exe
C:\Users\arne\AppData\Local\Temp\59928uninstall.exe
C:\Users\arne\AppData\Local\Temp\60118uninstall.exe
C:\Users\arne\AppData\Local\Temp\63431uninstall.exe
C:\Users\arne\AppData\Local\Temp\65000uninstall.exe
C:\Users\arne\AppData\Local\Temp\65368uninstall.exe
C:\Users\arne\AppData\Local\Temp\75520uninstall.exe
C:\Users\arne\AppData\Local\Temp\77376uninstall.exe
C:\Users\arne\AppData\Local\Temp\81355uninstall.exe
C:\Users\arne\AppData\Local\Temp\83628uninstall.exe
C:\Users\arne\AppData\Local\Temp\85299uninstall.exe
C:\Users\arne\AppData\Local\Temp\86023uninstall.exe
C:\Users\arne\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
C:\Users\arne\AppData\Local\Temp\96870uninstall.exe
C:\Users\arne\AppData\Local\Temp\99843uninstall.exe
C:\Users\arne\AppData\Local\Temp\BlackBerryDeviceManager.exe
C:\Users\arne\AppData\Local\Temp\BlackBerryLauncher.exe
C:\Users\arne\AppData\Local\Temp\DesktopInstaller.exe
C:\Users\arne\AppData\Local\Temp\Quarantine.exe
C:\Users\arne\AppData\Local\Temp\Sqlite3.dll
C:\Users\arne\AppData\Local\Temp\_is1C75.exe
C:\Users\arne\AppData\Local\Temp\_is1F52.exe
C:\Users\arne\AppData\Local\Temp\_is5C04.exe
C:\Users\arne\AppData\Local\Temp\_is94DB.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-27 16:33

==================== End Of Log ============================
--- --- ---

Warlord711 02.09.2014 07:52
Hat das Deinstallieren vom Spyware Terminator 2012 geklappt ? Im Log stehen noch 2 Einträge.

Arne_14 02.09.2014 11:11
Laut Revo ja.

Warlord711 02.09.2014 11:28
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
"C:\Program Files (x86)\Spyware Terminator\C:\Program Files (x86)\Spyware Terminator\"
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2013-08-02] (Windows (R) Win 7 DDK provider)
Folder: "C:\ProgramData\EsizRurca"
Folder: "C:\ProgramData\UsqihAzbor"
Folder: "C:\ProgramData\ErfeJufqi"
C:\Windows\System32\DRIVERS\stflt.sys

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.


Und ESET Online Scanner, der braucht längere Zeit zum Durchlaufen.


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Arne_14 02.09.2014 23:00
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-08-2014 02
Ran by arne at 2014-09-02 23:57:16 Run:3
Running from C:\Users\arne\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
"C:\Program Files (x86)\Spyware Terminator\C:\Program Files (x86)\Spyware Terminator\"
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2013-08-02] (Windows (R) Win 7 DDK provider)
Folder: "C:\ProgramData\EsizRurca"
Folder: "C:\ProgramData\UsqihAzbor"
Folder: "C:\ProgramData\ErfeJufqi"
C:\Windows\System32\DRIVERS\stflt.sys
       
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SpywareTerminatorShield => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SpywareTerminatorUpdater => Value not found.
"C:\Program Files (x86)\Spyware Terminator\C:\Program Files (x86)\Spyware Terminator" => File/Directory not found.
sp_rsdrv2 => Service not found.

========================= Folder: "C:\ProgramData\EsizRurca" ========================


====== End of Folder: ======


========================= Folder: "C:\ProgramData\UsqihAzbor" ========================


====== End of Folder: ======


========================= Folder: "C:\ProgramData\ErfeJufqi" ========================


====== End of Folder: ======

"C:\Windows\System32\DRIVERS\stflt.sys" => File/Directory not found.

==== End of Fixlog ====
Code:
Results of screen317's Security Check version 0.99.87 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Mozilla Firefox 23.0.1 Firefox out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast avastui.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

Warlord711 03.09.2014 07:52
Das Eset Log läuft noch ?

Arne_14 08.09.2014 13:03
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=749a1d6609290946be71659a403b98bf
# engine=20049
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-08 11:59:52
# local_time=2014-09-08 01:59:52 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 184911 174598082 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 182834 161807442 0 0
# scanned=147223
# found=5
# cleaned=0
# scan_time=4229
sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\arne\AppData\Local\Temp\OCS\ocs_v71a.exe.vir"
sh=848C686280EAA04B172FCCFFBD312132A0C46172 ft=1 fh=7764b0effb0b9556 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\arne\AppData\Local\Temp\OCS\ocs_v7f.exe.vir"
sh=A836A8346F791EC8A83B51BC78E84B2F6659E6DA ft=1 fh=0a2e45c370149901 vn="Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\arne\AppData\Local\Temp\is1070216317\1706571_stp\wajam_validate.exe"
sh=97589A8700F9DA93958B16E6417A61C074179B76 ft=1 fh=a2a87c52a9479b7e vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\arne\Desktop\SiSoft Sandra Lite 2014 - CHIP-Downloader.exe"
sh=5A2FAE2BBA4D304309B5A9F0C6E5559B8959388F ft=0 fh=0000000000000000 vn="Win32/Toolbar.Montiera.I evtl. unerwünschte Anwendung" ac=I fn="F:\ARNE-PC\Backup Set 2014-03-09 104839\Backup Files 2014-03-09 104839\Backup files 1.zip"


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:17 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131