Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Malware Bytes , logfile erhalten (https://www.trojaner-board.de/158749-malware-bytes-logfile-erhalten.html)

wegomyway 15.09.2014 20:10
Malware Bytes , logfile erhalten
 
Ich hab von einem Arbeitskollegen derenTochter folgendes Log erhalten. Ihr Freund , so ihre Aussage , hatte sich einen Virus ufn PeeCee eingehandelt (fragt mich nicht wie das festgestellt wurde, Aussage war das der PeeCee sich irgendwie komisch verhält bzw. verhalten hat nachdem ihr freund irgendwas installiert hat)
ich habe ihr halt geschrieben sie soll MB mal laufen lassen und mir das Log zukommen lassen :wtf:
ich würde mich freuen wenn ihr als experten da mal drüber blickt ... ich find das ist ne Menge, aber das zuzuordnen fällt mir schwer :

<?xml version="1.0" encoding="UTF-8" ?>
<mbam-log>
<header>
<date>2014/09/15 19:12:58 +0200</date>
<logfile>mbam-log-2014-09-15 (19-12-06).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.2.1012</version>
<malware-database>v2014.09.15.09</malware-database>
<rootkit-database>v2014.09.15.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 8.1</osversion>
<arch>x64</arch>
<username></username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>303265</objects>
<time>548</time>
<processes>2</processes>
<modules>1</modules>
<keys>56</keys>
<values>7</values>
<datas>8</datas>
<folders>37</folders>
<files>94</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<process><path>C:\ProgramData\IePluginServices\PluginService.exe</path><vendor>PUP.Optional.IePluginService.A</vendor><action>delete-on-reboot</action><pid>1148</pid><hash>06efea03fb80c96dfc4b7fe7a9583fc1</hash></process>
<process><path>C:\ProgramData\WindowsProtectManger\wprotectmanager.exe</path><vendor>PUP.Optional.WPM.A</vendor><action>delete-on-reboot</action><pid>1312</pid><hash>40b5737ac2b9e5512d3f6237cf32a35d</hash></process>
<module><path>C:\Program Files (x86)\SupTab\DpInterface32.dll</path><vendor>PUP.Optional.Skytech.A</vendor><action>delete-on-reboot</action><hash>52a3965793e885b1655ba6efe31edd23</hash></module>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginServices</path><vendor>PUP.Optional.IePluginService.A</vendor><action>success</action><hash>06efea03fb80c96dfc4b7fe7a9583fc1</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsProtectManger</path><vendor>PUP.Optional.WPM.A</vendor><action>success</action><hash>40b5737ac2b9e5512d3f6237cf32a35d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WindowsProtectManger</path><vendor>PUP.Optional.WPM.A</vendor><action>success</action><hash>40b5737ac2b9e5512d3f6237cf32a35d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>bc3924c989f2072f305e695529d9bf41</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>0fe613da740775c1543b219dba48fb05</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>629312db0576ea4ca2bbe2a7aa58e11f</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>738294595f1c3bfb87fa41f40ff1f10f</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>738294595f1c3bfb87fa41f40ff1f10f</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>738294595f1c3bfb87fa41f40ff1f10f</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>738294595f1c3bfb87fa41f40ff1f10f</hash></key>
<key><path>HKLM\SOFTWARE\Iminent</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>41b4effe057655e1baf4e84bc63dc937</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CrossriderApp0059603.BHO</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>a550db12a8d33ff7137e7b8ea55e4fb1</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CrossriderApp0059603.BHO.1</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>f40100ede8930f279bf6d435ab5832ce</hash></key>
<key><path>HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\21636</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>fff647a62b50f83e56143ceade25f30d</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}</path><vendor>PUP.Optional.Qone8</vendor><action>success</action><hash>04f1fbf22e4d48eeb2fea7ad1ee6867a</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DatamngrCoordinator.exe</path><vendor>PUP.Optional.DataMangr.A</vendor><action>success</action><hash>f500e00d0b7073c377bfdd2ea95a20e0</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\FREE_SOFTTODAY</path><vendor>PUP.Optional.Eorezo.A</vendor><action>success</action><hash>bb3a10dd98e386b0d687a866bd466d93</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\supWindowsProtectManger</path><vendor>PUP.Optional.WindowsProtectManger.A</vendor><action>success</action><hash>12e3c12caad1a096f56ae32bad56ff01</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftware</path><vendor>PUP.Optional.WebsSearches.A</vendor><action>success</action><hash>24d1af3e3645d6604902141223e00bf5</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0059603.BHO</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>738216d7097275c1c5ccdd2c12f18977</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0059603.BHO.1</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>16df836aea91a591563bcc3d14efa957</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9d581cd17b007fb756ee5ead70932ad6</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\21636</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>c72e8865e596171f92d8c75fca3937c9</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}</path><vendor>PUP.Optional.Qone8</vendor><action>success</action><hash>1adb44a9374486b03878054f838113ed</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DatamngrCoordinator.exe</path><vendor>PUP.Optional.DataMangr.A</vendor><action>success</action><hash>7a7b48a539421125fe3859b2c83baa56</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>896c935a79021c1ae16a1f4d788c0cf4</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>6293ba33aecd57df97b5125a4eb68080</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\SUPDP</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>46af40ad7dfe41f5dfd3ce34e023649c</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\SUPTAB</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>ac49e30a91ea3105e401b0522dd643bd</hash></key>
<key><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Fraven 1.1</path><vendor>PUP.Optional.Feven.A</vendor><action>success</action><hash>f005509deb90162091eaef22bd46b44c</hash></key>
<key><path>HKU\S-1-5-21-2940267510-147821796-3909958549-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\freesofttoday</path><vendor>PUP.Optional.FreeSoftToday.A</vendor><action>success</action><hash>da1b4e9f077450e651d4c7a40bf927d9</hash></key>
<key><path>HKU\S-1-5-21-2940267510-147821796-3909958549-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TutoTag</path><vendor>PUP.Optional.Tuto4PC.A</vendor><action>success</action><hash>f005e7062f4ccf67c0bf70fc12f2b44c</hash></key>
<key><path>HKU\S-1-5-21-2940267510-147821796-3909958549-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>d42177768cef79bdf366f76643c156aa</hash></key>
<key><path>HKU\S-1-5-21-2940267510-147821796-3909958549-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Fraven 1.1</path><vendor>PUP.Optional.Feven.A</vendor><action>success</action><hash>3db8d8151467ae8837441bf62fd452ae</hash></key>
<key><path>HKU\S-1-5-21-2940267510-147821796-3909958549-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\21636</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>75802ac3b1ca3501aa2a56a8d42e1ae6</hash></key>
<key><path>HKU\S-1-5-21-2940267510-147821796-3909958549-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\setup</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>dd18f2fb91ea62d488264c1ad52f916f</hash></key>
<key><path>HKU\S-1-5-21-2940267510-147821796-3909958549-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS</path><vendor>PUP.Optional.FastStart.A</vendor><action>success</action><hash>fef7a34aceadcc6a5e78ec13e61c48b8</hash></key>
<key><path>HKU\S-1-5-21-2940267510-147821796-3909958549-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader</path><vendor>PUP.Optional.Softonic.A</vendor><action>success</action><hash>45b0faf33c3fa98dd21573ae05fe54ac</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdate</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>13e21cd11c5fee48f5b863888181d32d</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdatem</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>13e21cd11c5fee48f5b863888181d32d</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>13e21cd11c5fee48f5b863888181d32d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>13e21cd11c5fee48f5b863888181d32d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>13e21cd11c5fee48f5b863888181d32d</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickCtrl.10</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>13e21cd11c5fee48f5b863888181d32d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.OneClickCtrl.10</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>13e21cd11c5fee48f5b863888181d32d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5645E0E7-FC12-43BF-A6E4-F9751942B298}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>13e21cd11c5fee48f5b863888181d32d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5645E0E7-FC12-43BF-A6E4-F9751942B298}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>13e21cd11c5fee48f5b863888181d32d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>13e21cd11c5fee48f5b863888181d32d</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\globalUpdate.Update3WebControl.4</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>13e21cd11c5fee48f5b863888181d32d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.Update3WebControl.4</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>13e21cd11c5fee48f5b863888181d32d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>13e21cd11c5fee48f5b863888181d32d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>13e21cd11c5fee48f5b863888181d32d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>13e21cd11c5fee48f5b863888181d32d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>13e21cd11c5fee48f5b863888181d32d</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511961103}</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>d2238d607dfed0669658669e877e827e</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511961103}</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>d2238d607dfed0669658669e877e827e</hash></key>
<value><path>HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE</path><valuename>path</valuename><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><valuedata>C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe</valuedata><hash>9d581cd17b007fb756ee5ead70932ad6</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>fst_de_69</valuename><vendor>PUP.Optional.FirstSeenToday.A</vendor><action>success</action><valuedata></valuedata><hash>c2330ce1f9825ed8ee971e017192fa06</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS</path><valuename>faststartff@gmail.com</valuename><vendor>PUP.Optional.FastStart.A</vendor><action>success</action><valuedata>C:\Users\sascha\AppData\Roaming\Mozilla\Firefox\Profiles\jy75wg5h.default\extensions\faststartff@gmail.com</valuedata><hash>ef06e904a7d489ad1f1dc8a0778dda26</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\SUPDP</path><valuename>dir</valuename><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><valuedata>C:\Program Files (x86)\SupTab</valuedata><hash>46af40ad7dfe41f5dfd3ce34e023649c</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\SUPTAB</path><valuename>ptid</valuename><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><valuedata>tugs</valuedata><hash>ac49e30a91ea3105e401b0522dd643bd</hash></value>
<value><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSPROTECTMANGER</path><valuename>ImagePath</valuename><vendor>PUP.Optional.WPM.A</vendor><action>success</action><valuedata>C:\ProgramData\WindowsProtectManger\wprotectmanager.exe -service</valuedata><hash>896c13da047751e53d6729e820e33ac6</hash></value>
<value><path>HKU\S-1-5-21-2940267510-147821796-3909958549-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS</path><valuename>appid</valuename><vendor>PUP.Optional.FastStart.A</vendor><action>success</action><valuedata>faststartff@gmail.com</valuedata><hash>fef7a34aceadcc6a5e78ec13e61c48b8</hash></value>
<data><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS</path><valuename>AppInit_DLLs</valuename><vendor>PUP.Optional.Skytech.A</vendor><action>replaced</action><valuedata>C:\PROGRA~2\SupTab\SEARCH~2.DLL</valuedata><baddata>C:\PROGRA~2\SupTab\SEARCH~2.DLL</baddata><gooddata></gooddata><hash>37be727ba9d2f046b10f425348b9fd03</hash></data>
<data><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS</path><valuename>AppInit_DLLs</valuename><vendor>PUP.Optional.Skytech.A</vendor><action>replaced</action><valuedata>C:\PROGRA~2\SupTab\SEARCH~1.DLL</valuedata><baddata>C:\PROGRA~2\SupTab\SEARCH~1.DLL</baddata><gooddata></gooddata><hash>b3420ae3522979bd427e15805fa27a86</hash></data>
<data><path>HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND</path><valuename></valuename><vendor>PUP.Optional.WebsSearches.A</vendor><action>replaced</action><valuedata>C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&amp;ts=1404106766&amp;from=tugs&amp;uid=ST500LM011XHM501II_S24QJ9EC605348</valuedata><baddata>C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&amp;ts=1404106766&amp;from=tugs&amp;uid=ST500LM011XHM501II_S24QJ9EC605348</baddata><gooddata>iexplore.exe</gooddata><hash>b83d0ce1691245f11698a94b26de30d0</hash></data>
<data><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Default_Search_URL</valuename><vendor>PUP.Optional.WebsSearches.A</vendor><action>replaced</action><valuedata>hxxp://istart.webssearches.com/web/?type=ds&amp;ts=1404106766&amp;from=tugs&amp;uid=ST500LM011XHM501II_S24QJ9EC605348&amp;q={searchTerms}</valuedata><baddata>hxxp://istart.webssearches.com/web/?type=ds&amp;ts=1404106766&amp;from=tugs&amp;uid=ST500LM011XHM501II_S24QJ9EC605348&amp;q={searchTerms}</baddata><gooddata>www.google.com</gooddata><hash>6c890be2700bc274fda88173927205fb</hash></data>
<data><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Default_Page_URL</valuename><vendor>PUP.Optional.WebsSearches.A</vendor><action>replaced</action><valuedata>hxxp://istart.webssearches.com/?type=hp&amp;ts=1404106766&amp;from=tugs&amp;uid=ST500LM011XHM501II_S24QJ9EC605348</valuedata><baddata>hxxp://istart.webssearches.com/?type=hp&amp;ts=1404106766&amp;from=tugs&amp;uid=ST500LM011XHM501II_S24QJ9EC605348</baddata><gooddata>www.google.com</gooddata><hash>14e1e508a8d360d6bee55a9adb29936d</hash></data>
<data><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Start Page</valuename><vendor>PUP.Optional.WebsSearches.A</vendor><action>replaced</action><valuedata>hxxp://istart.webssearches.com/?type=hp&amp;ts=1404106766&amp;from=tugs&amp;uid=ST500LM011XHM501II_S24QJ9EC605348</valuedata><baddata>hxxp://istart.webssearches.com/?type=hp&amp;ts=1404106766&amp;from=tugs&amp;uid=ST500LM011XHM501II_S24QJ9EC605348</baddata><gooddata>www.google.com</gooddata><hash>1dd827c65526fa3cfcab579d9a6ab64a</hash></data>
<data><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES</path><valuename>DefaultScope</valuename><vendor>PUP.Optional.Qone8</vendor><action>replaced</action><valuedata>{33BB0A4E-99AF-4226-BDF6-49120163DE86}</valuedata><baddata>{33BB0A4E-99AF-4226-BDF6-49120163DE86}</baddata><gooddata>{0633EE93-D776-472f-A0FF-E1416B8B2E3A}</gooddata><hash>51a4d617b3c8c6700acabd4139cbe917</hash></data>
<data><path>HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND</path><valuename></valuename><vendor>PUP.Optional.WebsSearches.A</vendor><action>replaced</action><valuedata>C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&amp;ts=1404106766&amp;from=tugs&amp;uid=ST500LM011XHM501II_S24QJ9EC605348</valuedata><baddata>C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&amp;ts=1404106766&amp;from=tugs&amp;uid=ST500LM011XHM501II_S24QJ9EC605348</baddata><gooddata>iexplore.exe</gooddata><hash>a154effec9b2d066644a8470d0340ef2</hash></data>
<folder><path>C:\ProgramData\IePluginServices</path><vendor>PUP.Optional.IePluginServices.A</vendor><action>delete-on-reboot</action><hash>ea0bfdf0fc7f70c6095c7f687e84ee12</hash></folder>
<folder><path>C:\ProgramData\IePluginServices\update</path><vendor>PUP.Optional.IePluginServices.A</vendor><action>success</action><hash>ea0bfdf0fc7f70c6095c7f687e84ee12</hash></folder>
<folder><path>C:\ProgramData\WindowsProtectManger</path><vendor>PUP.Optional.WPM.A</vendor><action>delete-on-reboot</action><hash>9c599b5294e7d95db05c07e1748e619f</hash></folder>
<folder><path>C:\ProgramData\WindowsProtectManger\log</path><vendor>PUP.Optional.WPM.A</vendor><action>success</action><hash>9c599b5294e7d95db05c07e1748e619f</hash></folder>
<folder><path>C:\ProgramData\WindowsProtectManger\update</path><vendor>PUP.Optional.WPM.A</vendor><action>success</action><hash>9c599b5294e7d95db05c07e1748e619f</hash></folder>
<folder><path>C:\Program Files (x86)\globalUpdate\Update</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>13e21cd11c5fee48f5b863888181d32d</hash></folder>
<folder><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>13e21cd11c5fee48f5b863888181d32d</hash></folder>
<folder><path>C:\Program Files (x86)\globalUpdate\Update\Download</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>13e21cd11c5fee48f5b863888181d32d</hash></folder>
<folder><path>C:\Program Files (x86)\globalUpdate\Update\Install</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>13e21cd11c5fee48f5b863888181d32d</hash></folder>
<folder><path>C:\Program Files (x86)\globalUpdate\Update\Offline</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>13e21cd11c5fee48f5b863888181d32d</hash></folder>
<folder><path>C:\Program Files (x86)\globalUpdate\Update\Offline\{0CC21F22-D00C-4289-BD89-B238EC9AB10B}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>13e21cd11c5fee48f5b863888181d32d</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab</path><vendor>PUP.Optional.SupTab.A</vendor><action>delete-on-reboot</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab\web</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab\web\img</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab\web\img\weather</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab\web\js</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab\web\_locales</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab\web\_locales\en-US</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab\web\_locales\es-419</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab\web\_locales\es-ES</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab\web\_locales\fr-BE</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab\web\_locales\fr-CA</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab\web\_locales\fr-CH</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab\web\_locales\fr-FR</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab\web\_locales\fr-LU</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab\web\_locales\it-CH</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab\web\_locales\it-IT</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab\web\_locales\pl</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab\web\_locales\pt</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab\web\_locales\pt-BR</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab\web\_locales\ru</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab\web\_locales\ru-MO</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab\web\_locales\tr-TR</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab\web\_locales\vi-VI</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab\web\_locales\zh-CN</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab\web\_locales\zh-TW</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></folder>
<folder><path>C:\Users\sascha\AppData\Roaming\SupTab</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>5b9a9558cead0f274ca80de299698c74</hash></folder>
<file><path>C:\ProgramData\IePluginServices\PluginService.exe</path><vendor>PUP.Optional.IePluginService.A</vendor><action>delete-on-reboot</action><hash>06efea03fb80c96dfc4b7fe7a9583fc1</hash></file>
<file><path>C:\Program Files (x86)\SupTab\DpInterface32.dll</path><vendor>PUP.Optional.Skytech.A</vendor><action>delete-on-reboot</action><hash>52a3965793e885b1655ba6efe31edd23</hash></file>
<file><path>C:\ProgramData\WindowsProtectManger\wprotectmanager.exe</path><vendor>PUP.Optional.WPM.A</vendor><action>delete-on-reboot</action><hash>40b5737ac2b9e5512d3f6237cf32a35d</hash></file>
<file><path>C:\Program Files (x86)\SupTab\SearchProtect64.dll</path><vendor>PUP.Optional.Skytech.A</vendor><action>success</action><hash>37be727ba9d2f046b10f425348b9fd03</hash></file>
<file><path>C:\Program Files (x86)\SupTab\SearchProtect32.dll</path><vendor>PUP.Optional.Skytech.A</vendor><action>success</action><hash>b3420ae3522979bd427e15805fa27a86</hash></file>
<file><path>C:\Program Files (x86)\SupTab\DpInterface64.dll</path><vendor>PUP.Optional.Skytech.A</vendor><action>success</action><hash>946188659fdca6902c94a9eca25f08f8</hash></file>
<file><path>C:\Program Files (x86)\SupTab\DpInterfacef32.dll</path><vendor>PUP.Optional.Skytech.A</vendor><action>success</action><hash>995c1fce6b10290db60aafe654addb25</hash></file>
<file><path>C:\Program Files (x86)\SupTab\RSHP.exe</path><vendor>PUP.Optional.IEPluginService.A</vendor><action>success</action><hash>08edc528700bd95d41ad0b6d31d03ec2</hash></file>
<file><path>C:\Program Files (x86)\SupTab\SpAPPSv32.dll</path><vendor>PUP.Optional.Skytech.A</vendor><action>success</action><hash>7d78717c0a7179bd8937fb9a1ae708f8</hash></file>
<file><path>C:\Program Files (x86)\SupTab\SpAPPSv64.dll</path><vendor>PUP.Optional.Skytech.A</vendor><action>success</action><hash>01f417d6f289e5517c44742115ec6e92</hash></file>
<file><path>C:\Program Files (x86)\SupTab\SupTab.dll</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>738294595f1c3bfb87fa41f40ff1f10f</hash></file>
<file><path>C:\Users\sascha\Downloads\SoftonicDownloader_fuer_auslogics-registry-cleaner.exe</path><vendor>PUP.Optional.Softonic.A</vendor><action>success</action><hash>cd2829c43e3dcb6b43c6250ba55c49b7</hash></file>
<file><path>C:\Windows\System32\Tasks\b37f039f-a8ac-448f-ae4d-eba866185131-1</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>03f2cb22a3d8da5c95aa1cef33d0847c</hash></file>
<file><path>C:\Windows\System32\Tasks\b37f039f-a8ac-448f-ae4d-eba866185131-11</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>23d229c488f361d550ef06054bb802fe</hash></file>
<file><path>C:\Windows\System32\Tasks\b37f039f-a8ac-448f-ae4d-eba866185131-2</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>bf36f2fba6d553e3dc63ee1da063ae52</hash></file>
<file><path>C:\Windows\System32\Tasks\b37f039f-a8ac-448f-ae4d-eba866185131-3</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>02f3cb2287f4bf7795aa9b70d52eaf51</hash></file>
<file><path>C:\Windows\System32\Tasks\b37f039f-a8ac-448f-ae4d-eba866185131-4</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>e80d618c87f4fd393b047d8e788b31cf</hash></file>
<file><path>C:\Windows\System32\Tasks\b37f039f-a8ac-448f-ae4d-eba866185131-5</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>52a3f4f9c5b60234c37c7398d13214ec</hash></file>
<file><path>C:\Windows\System32\Tasks\b37f039f-a8ac-448f-ae4d-eba866185131-5_user</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>18dd4ba2017a69cd75ca53b8d0337d83</hash></file>
<file><path>C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml</path><vendor>PUP.Optional.WebsSearches.A</vendor><action>success</action><hash>33c227c6f08bf244212c61c5bd46e719</hash></file>
<file><path>C:\Windows\Tasks\b37f039f-a8ac-448f-ae4d-eba866185131-1.job</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>5c99638ab8c3b3833a893e2be420f709</hash></file>
<file><path>C:\Windows\Tasks\b37f039f-a8ac-448f-ae4d-eba866185131-11.job</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>3abbd31a99e256e09a293930699b8b75</hash></file>
<file><path>C:\Windows\Tasks\b37f039f-a8ac-448f-ae4d-eba866185131-2.job</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>bf3629c47ffc80b683404524689c768a</hash></file>
<file><path>C:\Windows\Tasks\b37f039f-a8ac-448f-ae4d-eba866185131-3.job</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>ae47e10c94e74bebcaf9dc8d729203fd</hash></file>
<file><path>C:\Windows\Tasks\b37f039f-a8ac-448f-ae4d-eba866185131-4.job</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>db1a01ecaccf0a2c863d4a1f956f5da3</hash></file>
<file><path>C:\Windows\Tasks\b37f039f-a8ac-448f-ae4d-eba866185131-5.job</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>24d113dae2996bcba71c591011f3e41c</hash></file>
<file><path>C:\Windows\Tasks\b37f039f-a8ac-448f-ae4d-eba866185131-5_user.job</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>e015826bdd9e59dd428182e77e86ee12</hash></file>
<file><path>C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>37be25c87b003303e1f83f2a53b19a66</hash></file>
<file><path>C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>668fcb225d1ed3636b6f41288282619f</hash></file>
<file><path>C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>c035d61723583bfba536274235cf9e62</hash></file>
<file><path>C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>8372d6173744f04616c6bcad768e57a9</hash></file>
<file><path>C:\ProgramData\IePluginServices\update\conf</path><vendor>PUP.Optional.IePluginServices.A</vendor><action>success</action><hash>ea0bfdf0fc7f70c6095c7f687e84ee12</hash></file>
<file><path>C:\ProgramData\WindowsProtectManger\log\wprotectmanager_2014-06-30[07-39-56-208].log</path><vendor>PUP.Optional.WPM.A</vendor><action>success</action><hash>9c599b5294e7d95db05c07e1748e619f</hash></file>
<file><path>C:\ProgramData\WindowsProtectManger\update\conf</path><vendor>PUP.Optional.WPM.A</vendor><action>success</action><hash>9c599b5294e7d95db05c07e1748e619f</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>13e21cd11c5fee48f5b863888181d32d</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>13e21cd11c5fee48f5b863888181d32d</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>13e21cd11c5fee48f5b863888181d32d</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>13e21cd11c5fee48f5b863888181d32d</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>13e21cd11c5fee48f5b863888181d32d</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>13e21cd11c5fee48f5b863888181d32d</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdate.dll</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>13e21cd11c5fee48f5b863888181d32d</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdateres_en.dll</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>13e21cd11c5fee48f5b863888181d32d</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>13e21cd11c5fee48f5b863888181d32d</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>13e21cd11c5fee48f5b863888181d32d</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psuser.dll</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>13e21cd11c5fee48f5b863888181d32d</hash></file>
<file><path>C:\Program Files (x86)\SupTab\ient.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
<file><path>C:\Program Files (x86)\SupTab\install.data</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
<file><path>C:\Program Files (x86)\SupTab\uninstall.exe</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
<file><path>C:\Program Files (x86)\SupTab\WebDataJs</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\data.html</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\indexIE.html</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\indexIE8.html</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\main.css</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\ver.txt</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\arrow.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\default_add_logo.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\default_add_logo_hover.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\default_logo.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\googlelogo.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\googlelogo2.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\google_trends.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\icon128.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\icon16.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\icon48.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\loading.gif</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\logo32.ico</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\img\weather\0.png</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\js\common.js</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\js\ga.js</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\js\ie8.js</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\js\js.js</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\js\library.js</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\js\xagainit.js</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
<file><path>C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>73828e5fb5c682b4c82ba04f6c96926e</hash></file>
</items>
</mbam-log>

was bleibt ... neu aufsetzen ?

schrauber 15.09.2014 20:23
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


wegomyway 21.09.2014 18:39
hat nen bisserl gedauert, sorry
da das ganze nicht auf meinem knecht sich befindet gibt es das folgend :
zuerst die FRST dann die ADDITION ...
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014 01
Ran by xxxxxx (administrator) on xxxxxx on 21-09-2014 18:12:44
Running from C:\Users\xxxxxx\Downloads
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-14] (AVAST Software)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1404106766&from=tugs&uid=ST500LM011XHM501II_S24QJ9EC605348&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1404106766&from=tugs&uid=ST500LM011XHM501II_S24QJ9EC605348&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: No Name -> {01F29AE5-D48D-417B-9D00-8A115C23A0EB} -> C:\Users\xxxxxx\AppData\LocalLow\systems ie bho\bho.dll ()
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\u27ueg27.default-1408301969577
FF Homepage: https://www.google.de/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF SearchPlugin: C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\u27ueg27.default-1408301969577\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\u27ueg27.default-1408301969577\searchplugins\google-maps.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Cliqz Beta - C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\u27ueg27.default-1408301969577\Extensions\cliqz@cliqz.com.xpi [2014-09-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-27]
FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\u27ueg27.default-1408301969577\extensions\cliqz@cliqz.com

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-27] (AVAST Software)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-06-30] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-06-30] (Microsoft Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-06-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-06-30] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-27] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-27] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-06-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-06-27] ()
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-06-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-21 18:12 - 2014-09-21 18:13 - 00007575 _____ () C:\Users\xxxxxx\Downloads\FRST.txt
2014-09-21 18:12 - 2014-09-21 18:12 - 00000000 ____D () C:\FRST
2014-09-21 18:11 - 2014-09-21 18:11 - 02105856 _____ (Farbar) C:\Users\xxxxxx\Downloads\FRST64.exe
2014-09-18 15:03 - 2014-08-02 02:18 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-09-16 19:43 - 2014-09-16 19:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-16 18:20 - 2014-09-18 15:03 - 00030880 _____ () C:\Users\xxxxxx\Desktop\Qualitätsmanagementsystem im Unternehmen Nattermann.odt
2014-09-16 18:20 - 2014-09-18 15:03 - 00025088 ___SH () C:\Users\xxxxxx\Desktop\Thumbs.db
2014-09-16 17:14 - 2014-09-16 17:14 - 00000795 _____ () C:\WINDOWS\setupact.log
2014-09-16 17:14 - 2014-09-16 17:14 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-09-16 17:12 - 2014-09-16 17:12 - 00000356 _____ () C:\WINDOWS\PFRO.log
2014-09-15 20:12 - 2014-08-16 03:54 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-09-15 20:12 - 2014-08-16 03:20 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-09-15 20:11 - 2014-08-16 04:40 - 23591424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-09-15 20:11 - 2014-08-16 04:04 - 17455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-09-15 20:11 - 2014-08-16 04:00 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-09-15 20:11 - 2014-08-16 04:00 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-09-15 20:11 - 2014-08-16 03:56 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-09-15 20:11 - 2014-08-16 03:45 - 04232704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-09-15 20:11 - 2014-08-16 03:43 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-09-15 20:11 - 2014-08-16 03:32 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-09-15 20:11 - 2014-08-16 03:25 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-09-15 20:11 - 2014-08-16 03:22 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-09-15 20:11 - 2014-08-16 03:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-09-15 20:11 - 2014-08-16 03:18 - 02185728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-09-15 20:11 - 2014-08-16 03:18 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-09-15 20:11 - 2014-08-16 03:11 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-09-15 20:11 - 2014-08-16 03:06 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-09-15 20:11 - 2014-08-16 03:05 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-09-15 20:11 - 2014-08-16 03:05 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-09-15 20:11 - 2014-08-16 03:03 - 02104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-09-15 20:11 - 2014-08-16 03:03 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-09-15 20:11 - 2014-08-16 02:58 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-15 20:11 - 2014-08-16 02:56 - 02310656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-09-15 20:11 - 2014-08-16 02:53 - 13588480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-09-15 20:11 - 2014-08-16 02:53 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-09-15 20:11 - 2014-08-16 02:53 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-09-15 20:11 - 2014-08-16 02:51 - 11769856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-09-15 20:11 - 2014-08-16 02:45 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-09-15 20:11 - 2014-08-16 02:44 - 02014208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-09-15 20:11 - 2014-08-16 02:44 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-09-15 20:11 - 2014-08-16 02:34 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-09-15 20:11 - 2014-08-16 02:20 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-09-15 20:11 - 2014-08-16 02:18 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-09-15 20:11 - 2014-08-16 02:14 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-09-15 20:11 - 2014-08-16 02:12 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-09-15 19:59 - 2014-08-23 09:48 - 02374784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2014-09-15 19:59 - 2014-08-23 09:13 - 02084520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2014-09-15 19:59 - 2014-08-23 08:10 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-09-15 19:59 - 2014-08-23 07:32 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-09-15 19:59 - 2014-08-23 06:44 - 02860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-09-15 19:59 - 2014-08-23 06:34 - 13423104 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-09-15 19:59 - 2014-08-23 06:33 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-09-15 19:59 - 2014-08-23 06:31 - 01038336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-09-15 19:59 - 2014-08-23 06:20 - 11818496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-09-15 19:58 - 2014-08-23 02:42 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-09-15 19:58 - 2014-08-15 02:36 - 00146752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2014-09-15 19:58 - 2014-08-07 04:12 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-09-15 19:58 - 2014-08-02 05:56 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-09-15 19:58 - 2014-07-30 03:56 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2014-09-15 19:58 - 2014-07-29 07:22 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll
2014-09-15 19:57 - 2014-07-24 05:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2014-09-15 19:57 - 2014-07-24 05:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2014-09-15 19:36 - 2014-09-15 19:36 - 00045364 _____ () C:\Users\xxxxxx\Desktop\1.Xml
2014-09-15 19:35 - 2014-09-15 19:35 - 00032257 _____ () C:\Users\xxxxxx\Desktop\ergebnis.txt
2014-09-14 13:27 - 2014-09-15 19:34 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-14 13:24 - 2014-09-14 13:24 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-14 13:24 - 2014-09-14 13:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-14 13:24 - 2014-09-14 13:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-14 13:24 - 2014-09-14 13:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-14 13:24 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-09-14 13:24 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-09-14 13:24 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-09-14 13:21 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\WINDOWS\SysWOW64\dhRichClient3.dll
2014-09-14 13:21 - 2011-03-25 20:42 - 00338432 _____ () C:\WINDOWS\SysWOW64\sqlite36_engine.dll
2014-09-14 13:20 - 2014-09-14 13:20 - 01101648 _____ () C:\Users\xxxxxx\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-21 18:13 - 2014-09-21 18:12 - 00007575 _____ () C:\Users\xxxxxx\Downloads\FRST.txt
2014-09-21 18:13 - 2014-06-30 06:47 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B2C11DEC-009A-47D4-9F78-8A63C9E316DE}
2014-09-21 18:12 - 2014-09-21 18:12 - 00000000 ____D () C:\FRST
2014-09-21 18:11 - 2014-09-21 18:11 - 02105856 _____ (Farbar) C:\Users\xxxxxx\Downloads\FRST64.exe
2014-09-21 18:07 - 2014-06-30 06:43 - 00000000 ___DO () C:\Users\xxxxxx\OneDrive
2014-09-21 18:06 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-21 18:05 - 2014-06-27 21:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-18 15:29 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-09-18 15:28 - 2014-06-30 01:37 - 01940330 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-18 15:27 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-09-18 15:03 - 2014-09-16 18:20 - 00030880 _____ () C:\Users\xxxxxx\Desktop\Qualitätsmanagementsystem im Unternehmen Nattermann.odt
2014-09-18 15:03 - 2014-09-16 18:20 - 00025088 ___SH () C:\Users\xxxxxx\Desktop\Thumbs.db
2014-09-18 15:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-09-18 14:42 - 2014-06-30 07:42 - 00000294 _____ () C:\WINDOWS\Tasks\SpeedUpMyPC Maintenance.job
2014-09-16 19:43 - 2014-09-16 19:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-16 18:45 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-09-16 17:16 - 2014-03-18 12:03 - 01686150 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-16 17:16 - 2014-03-18 11:25 - 00727930 _____ () C:\WINDOWS\system32\perfh007.dat
2014-09-16 17:16 - 2014-03-18 11:25 - 00151586 _____ () C:\WINDOWS\system32\perfc007.dat
2014-09-16 17:14 - 2014-09-16 17:14 - 00000795 _____ () C:\WINDOWS\setupact.log
2014-09-16 17:14 - 2014-09-16 17:14 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-09-16 17:14 - 2014-06-27 21:14 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-09-16 17:13 - 2013-08-22 16:44 - 00362760 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-09-16 17:12 - 2014-09-16 17:12 - 00000356 _____ () C:\WINDOWS\PFRO.log
2014-09-15 20:13 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-09-15 20:12 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-09-15 20:11 - 2014-06-28 10:42 - 00000000 ____D () C:\Users\xxxxxx\AppData\Roaming\Wise Disk Cleaner
2014-09-15 20:03 - 2014-06-30 02:07 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-09-15 20:03 - 2014-06-30 02:07 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-09-15 20:03 - 2014-06-30 02:07 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-09-15 20:03 - 2014-06-30 02:07 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-09-15 20:03 - 2014-06-30 02:07 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-09-15 20:03 - 2014-06-30 02:07 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-09-15 20:03 - 2014-06-30 02:07 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-09-15 20:03 - 2014-06-30 02:07 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-09-15 20:03 - 2014-06-30 02:07 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-09-15 20:03 - 2014-06-30 02:07 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-09-15 20:03 - 2014-06-30 02:07 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-09-15 20:03 - 2014-06-30 02:07 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-09-15 20:03 - 2014-06-30 02:07 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-09-15 20:03 - 2014-06-30 02:07 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-09-15 20:03 - 2014-06-30 02:02 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-09-15 20:03 - 2014-06-30 02:02 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-09-15 20:02 - 2014-06-28 13:15 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-15 20:01 - 2014-06-28 13:15 - 101694776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-15 19:36 - 2014-09-15 19:36 - 00045364 _____ () C:\Users\xxxxxx\Desktop\1.Xml
2014-09-15 19:35 - 2014-09-15 19:35 - 00032257 _____ () C:\Users\xxxxxx\Desktop\ergebnis.txt
2014-09-15 19:34 - 2014-09-14 13:27 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-15 19:24 - 2014-06-30 07:40 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-09-15 15:01 - 2014-06-27 20:43 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2940267510-147821796-3909958549-1001
2014-09-15 15:01 - 2013-08-22 15:25 - 00008192 ___SH () C:\WINDOWS\system32\config\ELAM
2014-09-14 13:24 - 2014-09-14 13:24 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-14 13:24 - 2014-09-14 13:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-14 13:24 - 2014-09-14 13:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-14 13:24 - 2014-09-14 13:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-14 13:20 - 2014-09-14 13:20 - 01101648 _____ () C:\Users\xxxxxx\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2014-09-02 22:06 - 2013-08-22 17:38 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-09-02 22:06 - 2013-08-22 17:38 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-23 09:48 - 2014-09-15 19:59 - 02374784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2014-08-23 09:13 - 2014-09-15 19:59 - 02084520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2014-08-23 08:10 - 2014-09-15 19:59 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-08-23 07:32 - 2014-09-15 19:59 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-08-23 06:44 - 2014-09-15 19:59 - 02860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-08-23 06:34 - 2014-09-15 19:59 - 13423104 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-08-23 06:33 - 2014-09-15 19:59 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-08-23 06:31 - 2014-09-15 19:59 - 01038336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-08-23 06:20 - 2014-09-15 19:59 - 11818496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-08-23 02:42 - 2014-09-15 19:58 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-15 20:07

==================== End Of Log ============================
--- --- ---
FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-09-2014 01
Ran by xxxxxx at 2014-09-21 18:13:51
Running from C:\Users\xxxxxx\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.22 - Cliqz.com)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 32.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.1 (x86 de)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Wise Disk Cleaner 8.13 (HKLM-x32\...\Wise Disk Cleaner_is1) (Version: 8.13 - WiseCleaner.com, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

26-08-2014 20:07:35 Created by Wise Disk Cleaner
15-09-2014 17:59:55 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1DE0CA86-2FC0-42EE-B3E5-675AE49C6571} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2559CBD2-D54B-411A-84C9-E2A689E2115A} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {39A54321-7887-4F58-A680-6B039ED17920} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-27] (AVAST Software)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {426C8D74-EF13-42B6-8E51-00CAC5017F3B} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {72D573D3-BD5F-41AA-8F2C-CE1E1AEFA462} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-09-15] (Microsoft Corporation)
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7BB1EC61-3140-48A7-9245-3DD56ECC42BA} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {B7A35660-39DD-49EE-9697-2E77B19B3EE3} - System32\Tasks\SpeedUpMyPC Maintenance => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe [2014-06-17] (Uniblue Systems Limited) <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D4F1838F-B2D1-4B45-AEF2-FB800DF0E0ED} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E94AD784-2629-45A6-8A60-EF19755DCEE7} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: C:\WINDOWS\Tasks\SpeedUpMyPC Maintenance.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-01-30 00:02 - 2014-01-30 00:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-09-21 18:07 - 2014-09-21 18:07 - 02864640 _____ () C:\Program Files\AVAST Software\Avast\defs\14092100\algo.dll
2014-06-27 21:14 - 2014-06-27 21:14 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-09-16 19:43 - 2014-09-16 19:43 - 03716720 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\xxxxxx\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/18/2014 03:14:30 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (09/15/2014 07:10:24 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (09/15/2014 03:07:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20573 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 13b0

Startzeit: 01cfd0e475ec73b0

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: 3a6a6eb2-3cd9-11e4-be79-84a6c834d4cd

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (09/14/2014 01:20:17 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (08/31/2014 03:26:20 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (08/26/2014 10:13:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm avastui.exe, Version 9.0.2018.404 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 122c

Startzeit: 01cfc159bd74e583

Endzeit: 8639

Anwendungspfad: C:\Program Files\AVAST Software\Avast\avastui.exe

Berichts-ID: 570a969f-2d5d-11e4-be78-84a6c834d4cd

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (08/26/2014 09:01:37 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (08/22/2014 01:00:35 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (08/19/2014 08:39:44 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (08/19/2014 00:20:57 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005


System errors:
=============
Error: (09/21/2014 06:07:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet:
%%127

Error: (09/21/2014 06:07:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet:
%%127

Error: (09/21/2014 06:06:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet:
%%127

Error: (09/21/2014 06:06:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet:
%%127

Error: (09/21/2014 06:06:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet:
%%127

Error: (09/21/2014 06:05:46 PM) (Source: BTHUSB) (EventID: 30) (User: )
Description: Der lokale Adapter bietet keine Unterstützung für einen wichtigen Controllerstatus für energiearme Geräte. Die mindestens erforderliche unterstützte Statusmaske ist "0x1f7fffff", vorhanden ist jedoch "0x1f3fffff". Die Funktionalität für energiearme Geräte wird deaktiviert.

Error: (09/18/2014 02:39:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet:
%%127

Error: (09/16/2014 05:14:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet:
%%127

Error: (09/16/2014 05:14:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet:
%%127

Error: (09/16/2014 05:14:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet:
%%127


Microsoft Office Sessions:
=========================
Error: (09/18/2014 03:14:30 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (09/15/2014 07:10:24 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (09/15/2014 03:07:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2057313b001cfd0e475ec73b04294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\LiveComm.exe3a6a6eb2-3cd9-11e4-be79-84a6c834d4cdmicrosoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (09/14/2014 01:20:17 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\xxxxxx\Downloads\SoftonicDownloader_fuer_auslogics-registry-cleaner.exe

Error: (08/31/2014 03:26:20 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (08/26/2014 10:13:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: avastui.exe9.0.2018.404122c01cfc159bd74e5838639C:\Program Files\AVAST Software\Avast\avastui.exe570a969f-2d5d-11e4-be78-84a6c834d4cd

Error: (08/26/2014 09:01:37 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (08/22/2014 01:00:35 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (08/19/2014 08:39:44 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (08/19/2014 00:20:57 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU B960 @ 2.20GHz
Percentage of memory in use: 38%
Total physical RAM: 3972.63 MB
Available physical RAM: 2432.08 MB
Total Pagefile: 4676.63 MB
Available Pagefile: 3180.25 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:403.17 GB) (Free:382.94 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:43.48 GB) NTFS
Drive g: (USB DISK) (Fixed) (Total:0.06 GB) (Free:0.04 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 3A192899)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 60 MB) (Disk ID: 01F199CF)
Partition 1: (Active) - (Size=60 MB) - (Type=06)

==================== End Of Log ============================
--- --- ---

schrauber 22.09.2014 09:39
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

wegomyway 25.09.2014 14:07
so ... dieses mal nen bisserl schneller ...AdwCleaner Logfile:
Code:
# AdwCleaner v3.310 - Bericht erstellt am 24/09/2014 um 18:21:51
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Windows 8.1  (64 bits)
# Benutzername : sascha - SASCHA
# Gestartet von : C:\Users\sascha\Downloads\AdwCleaner_3.310.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Program Files (x86)\Uniblue
Ordner Gelöscht : C:\Users\sascha\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\sascha\AppData\Roaming\Uniblue
Datei Gelöscht : C:\END

***** [ Tasks ] *****

Task Gelöscht : SpeedUpMyPC Maintenance

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\sascha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASMANCS
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\SOFTWARE\Tutorials
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\Wpm
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17278

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v32.0.2 (x86 de)

[ Datei : C:\Users\sascha\AppData\Roaming\Mozilla\Firefox\Profiles\u27ueg27.default-1408301969577\prefs.js ]


*************************

AdwCleaner[R0].txt - [7589 octets] - [24/09/2014 18:19:37]
AdwCleaner[S0].txt - [6532 octets] - [24/09/2014 18:21:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6592 octets] ##########
--- --- ---JRT Logfile:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.0 (09.22.2014:1)
OS: Windows 8.1 x64
Ran by sascha on 24/09/2014 at 18:29:22.19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2940267510-147821796-3909958549-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\sascha\AppData\Roaming\mozilla\firefox\profiles\u27ueg27.default-1408301969577\minidumps [2 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24/09/2014 at 18:33:41.91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- --- ---

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-09-2014
Ran by sascha (administrator) on SASCHA on 24-09-2014 18:36:40
Running from C:\Users\sascha\Downloads
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-14] (AVAST Software)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: No Name -> {01F29AE5-D48D-417B-9D00-8A115C23A0EB} -> C:\Users\sascha\AppData\LocalLow\systems ie bho\bho.dll ()
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\sascha\AppData\Roaming\Mozilla\Firefox\Profiles\u27ueg27.default-1408301969577
FF Homepage: https://www.google.de/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF SearchPlugin: C:\Users\sascha\AppData\Roaming\Mozilla\Firefox\Profiles\u27ueg27.default-1408301969577\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\sascha\AppData\Roaming\Mozilla\Firefox\Profiles\u27ueg27.default-1408301969577\searchplugins\google-maps.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Cliqz Beta - C:\Users\sascha\AppData\Roaming\Mozilla\Firefox\Profiles\u27ueg27.default-1408301969577\Extensions\cliqz@cliqz.com.xpi [2014-09-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-27]
FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\sascha\AppData\Roaming\Mozilla\Firefox\Profiles\u27ueg27.default-1408301969577\extensions\cliqz@cliqz.com

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-27] (AVAST Software)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-06-30] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-06-30] (Microsoft Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-06-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-06-30] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-27] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-27] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-06-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-06-27] ()
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-06-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-24 18:36 - 2014-09-24 18:36 - 00000000 ____D () C:\Users\sascha\Downloads\FRST-OlderVersion
2014-09-24 18:33 - 2014-09-24 18:35 - 00001620 _____ () C:\Users\sascha\Desktop\JRT.txt
2014-09-24 18:29 - 2014-09-24 18:29 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-09-24 18:28 - 2014-09-24 18:28 - 00006684 _____ () C:\Users\sascha\Desktop\AdwCleaner[S0].txt
2014-09-24 18:19 - 2014-09-24 18:27 - 00000000 ____D () C:\AdwCleaner
2014-09-24 18:17 - 2014-09-24 18:17 - 01024790 _____ (Thisisu) C:\Users\sascha\Downloads\JRT.exe
2014-09-24 18:16 - 2014-09-24 18:17 - 01373475 _____ () C:\Users\sascha\Downloads\AdwCleaner_3.310.exe
2014-09-21 18:26 - 2014-09-21 18:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-21 18:13 - 2014-09-21 18:14 - 00017007 _____ () C:\Users\sascha\Downloads\Addition.txt
2014-09-21 18:12 - 2014-09-24 18:36 - 00006789 _____ () C:\Users\sascha\Downloads\FRST.txt
2014-09-21 18:12 - 2014-09-24 18:36 - 00000000 ____D () C:\FRST
2014-09-21 18:11 - 2014-09-24 18:36 - 02106880 _____ (Farbar) C:\Users\sascha\Downloads\FRST64.exe
2014-09-18 15:03 - 2014-08-02 02:18 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-09-16 18:20 - 2014-09-18 15:03 - 00030880 _____ () C:\Users\sascha\Desktop\Qualitätsmanagementsystem im Unternehmen Nattermann.odt
2014-09-16 18:20 - 2014-09-18 15:03 - 00025088 ___SH () C:\Users\sascha\Desktop\Thumbs.db
2014-09-16 17:14 - 2014-09-16 17:14 - 00000795 _____ () C:\WINDOWS\setupact.log
2014-09-16 17:14 - 2014-09-16 17:14 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-09-16 17:12 - 2014-09-24 18:23 - 00000670 _____ () C:\WINDOWS\PFRO.log
2014-09-15 20:12 - 2014-08-16 03:54 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-09-15 20:12 - 2014-08-16 03:20 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-09-15 20:11 - 2014-08-16 04:40 - 23591424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-09-15 20:11 - 2014-08-16 04:04 - 17455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-09-15 20:11 - 2014-08-16 04:00 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-09-15 20:11 - 2014-08-16 04:00 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-09-15 20:11 - 2014-08-16 03:56 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-09-15 20:11 - 2014-08-16 03:45 - 04232704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-09-15 20:11 - 2014-08-16 03:43 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-09-15 20:11 - 2014-08-16 03:32 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-09-15 20:11 - 2014-08-16 03:25 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-09-15 20:11 - 2014-08-16 03:22 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-09-15 20:11 - 2014-08-16 03:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-09-15 20:11 - 2014-08-16 03:18 - 02185728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-09-15 20:11 - 2014-08-16 03:18 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-09-15 20:11 - 2014-08-16 03:11 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-09-15 20:11 - 2014-08-16 03:06 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-09-15 20:11 - 2014-08-16 03:05 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-09-15 20:11 - 2014-08-16 03:05 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-09-15 20:11 - 2014-08-16 03:03 - 02104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-09-15 20:11 - 2014-08-16 03:03 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-09-15 20:11 - 2014-08-16 02:58 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-15 20:11 - 2014-08-16 02:56 - 02310656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-09-15 20:11 - 2014-08-16 02:53 - 13588480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-09-15 20:11 - 2014-08-16 02:53 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-09-15 20:11 - 2014-08-16 02:53 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-09-15 20:11 - 2014-08-16 02:51 - 11769856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-09-15 20:11 - 2014-08-16 02:45 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-09-15 20:11 - 2014-08-16 02:44 - 02014208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-09-15 20:11 - 2014-08-16 02:44 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-09-15 20:11 - 2014-08-16 02:34 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-09-15 20:11 - 2014-08-16 02:20 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-09-15 20:11 - 2014-08-16 02:18 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-09-15 20:11 - 2014-08-16 02:14 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-09-15 20:11 - 2014-08-16 02:12 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-09-15 19:59 - 2014-08-23 09:48 - 02374784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2014-09-15 19:59 - 2014-08-23 09:13 - 02084520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2014-09-15 19:59 - 2014-08-23 08:10 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-09-15 19:59 - 2014-08-23 07:32 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-09-15 19:59 - 2014-08-23 06:44 - 02860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-09-15 19:59 - 2014-08-23 06:34 - 13423104 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-09-15 19:59 - 2014-08-23 06:33 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-09-15 19:59 - 2014-08-23 06:31 - 01038336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-09-15 19:59 - 2014-08-23 06:20 - 11818496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-09-15 19:58 - 2014-08-23 02:42 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-09-15 19:58 - 2014-08-15 02:36 - 00146752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2014-09-15 19:58 - 2014-08-07 04:12 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-09-15 19:58 - 2014-08-02 05:56 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-09-15 19:58 - 2014-07-30 03:56 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2014-09-15 19:58 - 2014-07-29 07:22 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll
2014-09-15 19:57 - 2014-07-24 05:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2014-09-15 19:57 - 2014-07-24 05:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2014-09-15 19:36 - 2014-09-15 19:36 - 00045364 _____ () C:\Users\sascha\Desktop\1.Xml
2014-09-15 19:35 - 2014-09-15 19:35 - 00032257 _____ () C:\Users\sascha\Desktop\ergebnis.txt
2014-09-14 13:27 - 2014-09-15 19:34 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-14 13:24 - 2014-09-14 13:24 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-14 13:24 - 2014-09-14 13:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-14 13:24 - 2014-09-14 13:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-14 13:24 - 2014-09-14 13:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-14 13:24 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-09-14 13:24 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-09-14 13:24 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-09-14 13:21 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\WINDOWS\SysWOW64\dhRichClient3.dll
2014-09-14 13:21 - 2011-03-25 20:42 - 00338432 _____ () C:\WINDOWS\SysWOW64\sqlite36_engine.dll
2014-09-14 13:20 - 2014-09-14 13:20 - 01101648 _____ () C:\Users\sascha\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-24 18:37 - 2014-09-21 18:12 - 00006789 _____ () C:\Users\sascha\Downloads\FRST.txt
2014-09-24 18:36 - 2014-09-24 18:36 - 00000000 ____D () C:\Users\sascha\Downloads\FRST-OlderVersion
2014-09-24 18:36 - 2014-09-21 18:12 - 00000000 ____D () C:\FRST
2014-09-24 18:36 - 2014-09-21 18:11 - 02106880 _____ (Farbar) C:\Users\sascha\Downloads\FRST64.exe
2014-09-24 18:36 - 2014-06-27 20:43 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2940267510-147821796-3909958549-1001
2014-09-24 18:35 - 2014-09-24 18:33 - 00001620 _____ () C:\Users\sascha\Desktop\JRT.txt
2014-09-24 18:29 - 2014-09-24 18:29 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-09-24 18:28 - 2014-09-24 18:28 - 00006684 _____ () C:\Users\sascha\Desktop\AdwCleaner[S0].txt
2014-09-24 18:28 - 2014-09-24 18:19 - 00000000 ____D () C:\AdwCleaner
2014-09-24 18:27 - 2014-06-30 06:43 - 00000000 ___DO () C:\Users\sascha\OneDrive
2014-09-24 18:24 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-24 18:23 - 2014-09-16 17:12 - 00000670 _____ () C:\WINDOWS\PFRO.log
2014-09-24 18:23 - 2014-06-27 21:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-24 18:23 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-09-24 18:22 - 2014-06-30 01:37 - 02056712 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-24 18:21 - 2014-06-30 06:41 - 00001013 _____ () C:\Users\sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-24 18:17 - 2014-09-24 18:17 - 01024790 _____ (Thisisu) C:\Users\sascha\Downloads\JRT.exe
2014-09-24 18:17 - 2014-09-24 18:16 - 01373475 _____ () C:\Users\sascha\Downloads\AdwCleaner_3.310.exe
2014-09-24 18:10 - 2014-06-30 06:47 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B2C11DEC-009A-47D4-9F78-8A63C9E316DE}
2014-09-24 18:09 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-09-21 18:26 - 2014-09-21 18:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-21 18:14 - 2014-09-21 18:13 - 00017007 _____ () C:\Users\sascha\Downloads\Addition.txt
2014-09-18 15:27 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-09-18 15:03 - 2014-09-16 18:20 - 00030880 _____ () C:\Users\sascha\Desktop\Qualitätsmanagementsystem im Unternehmen Nattermann.odt
2014-09-18 15:03 - 2014-09-16 18:20 - 00025088 ___SH () C:\Users\sascha\Desktop\Thumbs.db
2014-09-16 18:45 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-09-16 17:16 - 2014-03-18 12:03 - 01686150 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-16 17:16 - 2014-03-18 11:25 - 00727930 _____ () C:\WINDOWS\system32\perfh007.dat
2014-09-16 17:16 - 2014-03-18 11:25 - 00151586 _____ () C:\WINDOWS\system32\perfc007.dat
2014-09-16 17:14 - 2014-09-16 17:14 - 00000795 _____ () C:\WINDOWS\setupact.log
2014-09-16 17:14 - 2014-09-16 17:14 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-09-16 17:14 - 2014-06-27 21:14 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-09-16 17:13 - 2013-08-22 16:44 - 00362760 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-09-15 20:13 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-09-15 20:12 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-09-15 20:11 - 2014-06-28 10:42 - 00000000 ____D () C:\Users\sascha\AppData\Roaming\Wise Disk Cleaner
2014-09-15 20:03 - 2014-06-30 02:07 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-09-15 20:03 - 2014-06-30 02:07 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-09-15 20:03 - 2014-06-30 02:07 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-09-15 20:03 - 2014-06-30 02:07 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-09-15 20:03 - 2014-06-30 02:07 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-09-15 20:03 - 2014-06-30 02:07 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-09-15 20:03 - 2014-06-30 02:07 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-09-15 20:03 - 2014-06-30 02:07 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-09-15 20:03 - 2014-06-30 02:07 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-09-15 20:03 - 2014-06-30 02:07 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-09-15 20:03 - 2014-06-30 02:07 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-09-15 20:03 - 2014-06-30 02:07 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-09-15 20:03 - 2014-06-30 02:07 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-09-15 20:03 - 2014-06-30 02:07 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-09-15 20:03 - 2014-06-30 02:02 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-09-15 20:03 - 2014-06-30 02:02 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-09-15 20:02 - 2014-06-28 13:15 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-15 20:01 - 2014-06-28 13:15 - 101694776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-15 19:36 - 2014-09-15 19:36 - 00045364 _____ () C:\Users\sascha\Desktop\1.Xml
2014-09-15 19:35 - 2014-09-15 19:35 - 00032257 _____ () C:\Users\sascha\Desktop\ergebnis.txt
2014-09-15 19:34 - 2014-09-14 13:27 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-15 15:01 - 2013-08-22 15:25 - 00008192 ___SH () C:\WINDOWS\system32\config\ELAM
2014-09-14 13:24 - 2014-09-14 13:24 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-14 13:24 - 2014-09-14 13:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-14 13:24 - 2014-09-14 13:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-14 13:24 - 2014-09-14 13:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-14 13:20 - 2014-09-14 13:20 - 01101648 _____ () C:\Users\sascha\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2014-09-02 22:06 - 2013-08-22 17:38 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-09-02 22:06 - 2013-08-22 17:38 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\sascha\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-15 20:07

==================== End Of Log ============================
--- --- ---

schrauber 25.09.2014 19:11

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

wegomyway 28.09.2014 18:49
Results of screen317's Security Check version 0.99.87
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Defender
avast! Antivirus
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Wise Disk Cleaner 8.13
Adobe Flash Player 14.0.0.179
Mozilla Firefox (32.0.3)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````




C:\AdwCleaner\Quarantine\C\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe.vir Win32/SpeedUpMyPC evtl. unerwünschte Anwendung
C:\Users\sascha\Downloads\registry-cleaner-setup_CB-DL-Manager [1].exe MSIL/MyPCBackup.B evtl. unerwünschte Anwendung
C:\Users\sascha\Downloads\registry-cleaner-setup_CB-DL-Manager.exe Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2014
Ran by sascha (administrator) on SASCHA on 28-09-2014 10:22:39
Running from C:\Users\sascha\Downloads
Loaded Profile: sascha (Available profiles: sascha)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17200_none_fa7026dd9b04586e\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-14] (AVAST Software)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: No Name -> {01F29AE5-D48D-417B-9D00-8A115C23A0EB} -> C:\Users\sascha\AppData\LocalLow\systems ie bho\bho.dll ()
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\sascha\AppData\Roaming\Mozilla\Firefox\Profiles\u27ueg27.default-1408301969577
FF Homepage: https://www.google.de/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF SearchPlugin: C:\Users\sascha\AppData\Roaming\Mozilla\Firefox\Profiles\u27ueg27.default-1408301969577\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\sascha\AppData\Roaming\Mozilla\Firefox\Profiles\u27ueg27.default-1408301969577\searchplugins\google-maps.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Cliqz Beta - C:\Users\sascha\AppData\Roaming\Mozilla\Firefox\Profiles\u27ueg27.default-1408301969577\Extensions\cliqz@cliqz.com.xpi [2014-09-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-27]
FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\sascha\AppData\Roaming\Mozilla\Firefox\Profiles\u27ueg27.default-1408301969577\extensions\cliqz@cliqz.com

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-27] (AVAST Software)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-06-30] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-06-30] (Microsoft Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-06-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-06-30] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-27] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-27] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-06-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-06-27] ()
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-06-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-28 10:18 - 2014-09-28 10:18 - 00000758 _____ () C:\Users\sascha\Desktop\checkup.txt
2014-09-28 10:12 - 2014-09-28 10:12 - 00854417 _____ () C:\Users\sascha\Desktop\SecurityCheck.exe
2014-09-28 10:02 - 2014-09-28 10:02 - 00000385 _____ () C:\Users\sascha\Desktop\EST.txt
2014-09-28 09:23 - 2014-09-28 09:23 - 02347384 _____ (ESET) C:\Users\sascha\Downloads\esetsmartinstaller_deu.exe
2014-09-26 18:59 - 2014-09-26 18:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 18:36 - 2014-09-28 10:19 - 00000000 ____D () C:\Users\sascha\Downloads\FRST-OlderVersion
2014-09-24 18:33 - 2014-09-24 18:35 - 00001620 _____ () C:\Users\sascha\Desktop\JRT.txt
2014-09-24 18:29 - 2014-09-24 18:29 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-09-24 18:28 - 2014-09-24 18:28 - 00006684 _____ () C:\Users\sascha\Desktop\AdwCleaner[S0].txt
2014-09-24 18:19 - 2014-09-24 18:28 - 00000000 ____D () C:\AdwCleaner
2014-09-24 18:17 - 2014-09-24 18:17 - 01024790 _____ (Thisisu) C:\Users\sascha\Downloads\JRT.exe
2014-09-24 18:16 - 2014-09-24 18:17 - 01373475 _____ () C:\Users\sascha\Downloads\AdwCleaner_3.310.exe
2014-09-21 18:13 - 2014-09-21 18:14 - 00017007 _____ () C:\Users\sascha\Downloads\Addition.txt
2014-09-21 18:12 - 2014-09-28 10:22 - 00006991 _____ () C:\Users\sascha\Downloads\FRST.txt
2014-09-21 18:12 - 2014-09-28 10:22 - 00000000 ____D () C:\FRST
2014-09-21 18:11 - 2014-09-28 10:19 - 02108928 _____ (Farbar) C:\Users\sascha\Downloads\FRST64.exe
2014-09-18 15:03 - 2014-08-02 02:18 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-09-16 18:20 - 2014-09-18 15:03 - 00030880 _____ () C:\Users\sascha\Desktop\Qualitätsmanagementsystem im Unternehmen Nattermann.odt
2014-09-16 18:20 - 2014-09-18 15:03 - 00025088 ___SH () C:\Users\sascha\Desktop\Thumbs.db
2014-09-15 20:12 - 2014-08-16 03:54 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-09-15 20:12 - 2014-08-16 03:20 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-09-15 20:11 - 2014-08-16 04:40 - 23591424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-09-15 20:11 - 2014-08-16 04:04 - 17455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-09-15 20:11 - 2014-08-16 04:00 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-09-15 20:11 - 2014-08-16 04:00 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-09-15 20:11 - 2014-08-16 03:56 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-09-15 20:11 - 2014-08-16 03:45 - 04232704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-09-15 20:11 - 2014-08-16 03:43 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-09-15 20:11 - 2014-08-16 03:32 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-09-15 20:11 - 2014-08-16 03:25 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-09-15 20:11 - 2014-08-16 03:22 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-09-15 20:11 - 2014-08-16 03:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-09-15 20:11 - 2014-08-16 03:18 - 02185728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-09-15 20:11 - 2014-08-16 03:18 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-09-15 20:11 - 2014-08-16 03:11 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-09-15 20:11 - 2014-08-16 03:06 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-09-15 20:11 - 2014-08-16 03:05 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-09-15 20:11 - 2014-08-16 03:05 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-09-15 20:11 - 2014-08-16 03:03 - 02104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-09-15 20:11 - 2014-08-16 03:03 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-09-15 20:11 - 2014-08-16 02:58 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-15 20:11 - 2014-08-16 02:56 - 02310656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-09-15 20:11 - 2014-08-16 02:53 - 13588480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-09-15 20:11 - 2014-08-16 02:53 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-09-15 20:11 - 2014-08-16 02:53 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-09-15 20:11 - 2014-08-16 02:51 - 11769856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-09-15 20:11 - 2014-08-16 02:45 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-09-15 20:11 - 2014-08-16 02:44 - 02014208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-09-15 20:11 - 2014-08-16 02:44 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-09-15 20:11 - 2014-08-16 02:34 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-09-15 20:11 - 2014-08-16 02:20 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-09-15 20:11 - 2014-08-16 02:18 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-09-15 20:11 - 2014-08-16 02:14 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-09-15 20:11 - 2014-08-16 02:12 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-09-15 19:59 - 2014-08-23 09:48 - 02374784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2014-09-15 19:59 - 2014-08-23 09:13 - 02084520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2014-09-15 19:59 - 2014-08-23 08:10 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-09-15 19:59 - 2014-08-23 07:32 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-09-15 19:59 - 2014-08-23 06:44 - 02860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-09-15 19:59 - 2014-08-23 06:34 - 13423104 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-09-15 19:59 - 2014-08-23 06:33 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-09-15 19:59 - 2014-08-23 06:31 - 01038336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-09-15 19:59 - 2014-08-23 06:20 - 11818496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-09-15 19:58 - 2014-08-23 02:42 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-09-15 19:58 - 2014-08-15 02:36 - 00146752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2014-09-15 19:58 - 2014-08-07 04:12 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-09-15 19:58 - 2014-08-02 05:56 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-09-15 19:58 - 2014-07-30 03:56 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2014-09-15 19:58 - 2014-07-29 07:22 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll
2014-09-15 19:57 - 2014-07-24 05:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2014-09-15 19:57 - 2014-07-24 05:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2014-09-15 19:36 - 2014-09-15 19:36 - 00045364 _____ () C:\Users\sascha\Desktop\1.Xml
2014-09-15 19:35 - 2014-09-15 19:35 - 00032257 _____ () C:\Users\sascha\Desktop\ergebnis.txt
2014-09-14 13:27 - 2014-09-15 19:34 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-14 13:24 - 2014-09-14 13:24 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-14 13:24 - 2014-09-14 13:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-14 13:24 - 2014-09-14 13:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-14 13:24 - 2014-09-14 13:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-14 13:24 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-09-14 13:24 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-09-14 13:24 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-09-14 13:21 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\WINDOWS\SysWOW64\dhRichClient3.dll
2014-09-14 13:21 - 2011-03-25 20:42 - 00338432 _____ () C:\WINDOWS\SysWOW64\sqlite36_engine.dll
2014-09-14 13:20 - 2014-09-14 13:20 - 01101648 _____ () C:\Users\sascha\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-28 10:22 - 2014-06-30 01:37 - 01583368 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-28 10:22 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-09-28 10:22 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-09-28 10:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-09-28 09:16 - 2014-06-30 06:47 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B2C11DEC-009A-47D4-9F78-8A63C9E316DE}
2014-09-28 09:13 - 2014-06-30 06:43 - 00000000 ___DO () C:\Users\sascha\OneDrive
2014-09-28 09:13 - 2014-06-27 21:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-25 14:13 - 2014-06-27 20:43 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2940267510-147821796-3909958549-1001
2014-09-25 13:49 - 2013-08-22 15:25 - 00008192 ___SH () C:\WINDOWS\system32\config\ELAM
2014-09-24 19:38 - 2014-06-28 10:42 - 00000000 ____D () C:\Users\sascha\AppData\Roaming\Wise Disk Cleaner
2014-09-24 18:24 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-24 18:23 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-09-24 18:21 - 2014-06-30 06:41 - 00001013 _____ () C:\Users\sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-16 18:45 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-09-16 17:16 - 2014-03-18 12:03 - 01686150 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-16 17:16 - 2014-03-18 11:25 - 00727930 _____ () C:\WINDOWS\system32\perfh007.dat
2014-09-16 17:16 - 2014-03-18 11:25 - 00151586 _____ () C:\WINDOWS\system32\perfc007.dat
2014-09-16 17:14 - 2014-06-27 21:14 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-09-16 17:13 - 2013-08-22 16:44 - 00362760 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-09-15 20:13 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-09-15 20:03 - 2014-06-30 02:07 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-09-15 20:03 - 2014-06-30 02:07 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-09-15 20:03 - 2014-06-30 02:07 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-09-15 20:03 - 2014-06-30 02:07 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-09-15 20:03 - 2014-06-30 02:07 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-09-15 20:03 - 2014-06-30 02:07 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-09-15 20:03 - 2014-06-30 02:07 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-09-15 20:03 - 2014-06-30 02:07 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-09-15 20:03 - 2014-06-30 02:07 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-09-15 20:03 - 2014-06-30 02:07 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-09-15 20:03 - 2014-06-30 02:07 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-09-15 20:03 - 2014-06-30 02:07 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-09-15 20:03 - 2014-06-30 02:07 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-09-15 20:03 - 2014-06-30 02:07 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-09-15 20:03 - 2014-06-30 02:02 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-09-15 20:03 - 2014-06-30 02:02 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-09-15 20:02 - 2014-06-28 13:15 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-15 20:01 - 2014-06-28 13:15 - 101694776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-02 22:06 - 2013-08-22 17:38 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-09-02 22:06 - 2013-08-22 17:38 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-15 20:07

==================== End Of Log ============================
--- --- ---

--- --- ---

ich hoff mal das die dame , so wie beschrieben , das erledigt hat. bisher klagte sie jedenfalls nicht

schrauber 29.09.2014 16:05
Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

wegomyway 01.10.2014 21:48
so , ich darf sozusagen vollzug melden. die dame hat entsprechend nach der anweisung hier gehandelt und ist nun , zumindest ihr freund weil da sich das ganze abspielte, zufrieden und geschafft ...
somit closed und schrauber hat einen patienten weniger .... danke für diese echt einmalige, klare hilfestellung ... habs in anderen thread bereits getan

edit :secunia läuft nicht. nach erstinstallation funktioniert es noch, danach grundsätzlich hängend beim starten. hab den thread dafür mal durch ... internetoptionen entsprechend durchgeackert und in firefox auch. neustart des rechners bewirkt keine lösung des problems

schrauber 02.10.2014 17:06
Secunia weg, und teste dann mal den FileHippo UpdateChecker.


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:48 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27