Trojaner-Board - Langsamer Laptop atiedxx.exe, csrss.exe und winlogon.exe

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Langsamer Laptop atiedxx.exe, csrss.exe und winlogon.exe (https://www.trojaner-board.de/163038-langsamer-laptop-atiedxx-exe-csrss-exe-winlogon-exe.html)

Langsamer Laptop atiedxx.exe, csrss.exe und winlogon.exe

Hallo zusammen,

ich habe heute festgestellt dass mein Laptop der Windows 7 home permium 64 bit drauf hat sehr viel langsamer ist als sonst. Im Taskmanager habe ich dan die oben genannten Prozesse gefunden und nach ihnen gegoogelt und bin auf euer Forum gestoßen.
Dort hatte ein User das selbe problem. Also habe ich Anti-Malwarebytes runter geladen und wollte meinen PC durch scannen.
Dieser Scan wurde aber abgebrochen. Zumindest ist es ohne Vorwarnung einfach geschlossen worden.
Anti-Malwarebytes version 2.0.4.1028

Ich hoffe ihr könnt mir helfen.

Grüße, Sabrina

Außerdem würde mich interessieren wie der da hin gekommen ist.

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Dies hier ist mal des was Malwarebytes datei

Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Scan Date: 21.01.2015
Scan Time: 16:51:46
Logfile: mw.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.21.07
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: SAB LAP

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 324994
Time Elapsed: 25 min, 39 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3638818728-868247861-3901511755-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, , [7299bf3ba2e79c9a4c7f5b60ef1435cb],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3638818728-868247861-3901511755-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, , [907bde1ce2a784b22cb0af2264a018e8],

Registry Values: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3638818728-868247861-3901511755-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0R0DtO0U1C1S1U1StR0J1Q2P1J1K1I2R, , [907bde1ce2a784b22cb0af2264a018e8]

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.IBUpdater.A, C:\ProgramData\IBUpdaterService, , [030853a7e0a97fb7ebb3b2a78f7428d8],

Files: 2
Adware.InstallBrain, C:\Users\SAB LAP\AppData\Local\Temp\PCPerformer_Home_Setup.exe, , [23e86d8d40493ef86f25cdde907002fe],
PUP.Optional.CrossRider, C:\Users\SAB LAP\AppData\Local\DownloadGuide\Offers\plus-hd-3-8.exe, , [f3187a805c2d63d3287add68be4349b7],

Physical Sectors: 0
(No malicious items detected)

(end)

Die gefundenen habe ich gelöscht bzw. in quarantäne verschoben. Sie tauchten bei nochmaligem Scannen nicht auf aber stehen noch im Taskmanager

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015

Ran by SAB LAP (administrator) on SABLAP-PC on 22-01-2015 16:26:46

Running from C:\Users\SAB LAP\Desktop

Loaded Profiles: SAB LAP (Available profiles: SAB LAP)

Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe

(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe

(Novell, Inc.) C:\Windows\System32\iprntsrv.exe

() C:\ProgramData\MobileBrServ\mbbService.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe

(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe

(Novell, Inc.) C:\Windows\System32\iprntctl.exe

(Novell, Inc.) C:\Windows\System32\iprntlgn.exe

(Dropbox, Inc.) C:\Users\SAB LAP\AppData\Roaming\Dropbox\bin\Dropbox.exe

(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\audiodg.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)

HKLM\...\Run: [iPrint Tray] => C:\Windows\system32\iprntctl.exe [65816 2013-04-22] (Novell, Inc.)

HKLM\...\Run: [iPrint Event Monitor] => C:\Windows\system32\iprntlgn.exe [70936 2013-04-22] (Novell, Inc.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)

HKU\S-1-5-21-3638818728-868247861-3901511755-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent

HKU\S-1-5-21-3638818728-868247861-3901511755-1000\...\Run: [Facebook Update] => C:\Users\SAB LAP\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-11-15] (Facebook Inc.)

HKU\S-1-5-21-3638818728-868247861-3901511755-1000\...\Policies\Explorer: [DisallowRun] 1

HKU\S-1-5-21-3638818728-868247861-3901511755-1000\...\MountPoints2: {b78769bf-7e05-11e3-b800-74de2b2becdc} - F:\AutoRun.exe

Lsa: [Notification Packages] scecli iPrntWinCredMan

Startup: C:\Users\SAB LAP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\SAB LAP\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\SAB LAP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk

ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

ProxyServer: [S-1-5-21-3638818728-868247861-3901511755-1000] => 193.196.187.66:8080

HKU\S-1-5-21-3638818728-868247861-3901511755-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome

HKU\S-1-5-21-3638818728-868247861-3901511755-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome

HKU\S-1-5-21-3638818728-868247861-3901511755-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland

HKU\S-1-5-21-3638818728-868247861-3901511755-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = GIGA - Leidenschaft für Technik und Games

SearchScopes: HKU\S-1-5-21-3638818728-868247861-3901511755-1000 -> DefaultScope {BA93E50F-3206-4A80-B816-175C74684F75} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout

SearchScopes: HKU\S-1-5-21-3638818728-868247861-3901511755-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear

SearchScopes: HKU\S-1-5-21-3638818728-868247861-3901511755-1000 -> {BA93E50F-3206-4A80-B816-175C74684F75} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Winsock: Catalog9 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 19 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9-x64 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9-x64 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9-x64 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9-x64 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9-x64 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9-x64 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9-x64 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9-x64 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9-x64 19 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @novell.com/iPrint -> C:\Windows\SysWOW64 ()

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKU\S-1-5-21-3638818728-868247861-3901511755-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\SAB LAP\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 

Chrome: 

=======

CHR HomePage: Default -> chrome://newtab

CHR Profile: C:\Users\SAB LAP\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\SAB LAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-09]

CHR Extension: (Google Drive) - C:\Users\SAB LAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-09]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\SAB LAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-16]

CHR Extension: (YouTube) - C:\Users\SAB LAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-09]

CHR Extension: (Adblock Plus) - C:\Users\SAB LAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-10-13]

CHR Extension: (Google-Suche) - C:\Users\SAB LAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-09]

CHR Extension: (Avira Browserschutz) - C:\Users\SAB LAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-08]

CHR Extension: (Google Wallet) - C:\Users\SAB LAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-09]

CHR Extension: (Citavi Picker) - C:\Users\SAB LAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2014-11-26]

CHR Extension: (Google Mail) - C:\Users\SAB LAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-09]

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\SAB LAP\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2014-04-08]

CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - No Path
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)

S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-11] (Avira Operations GmbH & Co. KG)

R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)

R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-09-11] (Foxit Software Inc.)

R2 iprntsrv; C:\Windows\system32\iprntsrv.exe [55296 2013-04-22] (Novell, Inc.) [File not signed]

R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239696 2013-07-23] ()

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)

R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [128200 2013-06-20] (Qualcomm Atheros Co., Ltd.)

S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-22 16:26 - 2015-01-22 16:27 - 00015760 _____ () C:\Users\SAB LAP\Desktop\FRST.txt

2015-01-22 16:26 - 2015-01-22 16:26 - 00000000 ____D () C:\FRST

2015-01-22 16:25 - 2015-01-22 16:25 - 02126848 _____ (Farbar) C:\Users\SAB LAP\Desktop\FRST64.exe

2015-01-21 17:20 - 2015-01-21 17:20 - 00001877 _____ () C:\Users\SAB LAP\Desktop\mw.txt

2015-01-21 16:51 - 2015-01-21 17:25 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-01-21 16:51 - 2015-01-21 16:51 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-01-21 16:51 - 2015-01-21 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-01-21 16:50 - 2015-01-21 16:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-01-21 16:50 - 2015-01-21 16:50 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-01-21 16:50 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-01-21 16:50 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-01-21 16:50 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-01-21 16:49 - 2015-01-21 16:49 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\SAB LAP\Desktop\mbam-setup-2.0.4.1028.exe

2015-01-19 16:50 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-01-19 16:50 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-01-19 16:50 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-01-19 16:50 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-01-19 16:50 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-01-19 16:50 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-01-19 16:50 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-01-19 16:50 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

2015-01-19 16:50 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll

2015-01-19 16:50 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

2015-01-14 09:04 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll

2015-01-14 09:04 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2015-01-14 09:04 - 2014-12-11 18:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-22 16:25 - 2013-10-09 21:21 - 01770529 _____ () C:\Windows\WindowsUpdate.log

2015-01-22 16:25 - 2009-07-14 05:45 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-22 16:25 - 2009-07-14 05:45 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-22 16:18 - 2014-12-07 16:29 - 00000000 ___RD () C:\Users\SAB LAP\Dropbox

2015-01-22 16:18 - 2014-12-07 16:13 - 00000000 ____D () C:\Users\SAB LAP\AppData\Roaming\Dropbox

2015-01-22 16:18 - 2013-10-09 21:39 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-22 16:17 - 2013-03-12 22:41 - 00038249 _____ () C:\Windows\setupact.log

2015-01-22 16:17 - 2010-11-21 04:47 - 00017036 _____ () C:\Windows\PFRO.log

2015-01-22 16:17 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-21 17:02 - 2013-10-09 21:39 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-21 16:50 - 2011-04-12 08:43 - 00699342 _____ () C:\Windows\system32\perfh007.dat

2015-01-21 16:50 - 2011-04-12 08:43 - 00149450 _____ () C:\Windows\system32\perfc007.dat

2015-01-21 16:50 - 2009-07-14 06:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-01-19 16:55 - 2013-10-09 22:02 - 00000000 ____D () C:\Windows\system32\MRT

2015-01-19 16:41 - 2013-03-12 21:48 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-01-14 16:04 - 2013-11-15 18:59 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3638818728-868247861-3901511755-1000UA.job

2015-01-14 07:31 - 2013-11-15 18:59 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3638818728-868247861-3901511755-1000Core.job

2014-12-23 14:02 - 2014-11-26 09:59 - 00000000 ____D () C:\Users\SAB LAP\Documents\Citavi 4
 

Some content of TEMP:

====================

C:\Users\SAB LAP\AppData\Local\Temp\amazonicon_v4.exe

C:\Users\SAB LAP\AppData\Local\Temp\amazoninstallernircmdc.exe

C:\Users\SAB LAP\AppData\Local\Temp\AutoRun.exe

C:\Users\SAB LAP\AppData\Local\Temp\AutoRunGUI.dll

C:\Users\SAB LAP\AppData\Local\Temp\avgnt.exe

C:\Users\SAB LAP\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdfjab5.dll

C:\Users\SAB LAP\AppData\Local\Temp\Foxit Reader Updater.exe

C:\Users\SAB LAP\AppData\Local\Temp\Foxit Updater.exe

C:\Users\SAB LAP\AppData\Local\Temp\ose00000.exe

C:\Users\SAB LAP\AppData\Local\Temp\sdanircmdc.exe

C:\Users\SAB LAP\AppData\Local\Temp\sdapskill.exe

C:\Users\SAB LAP\AppData\Local\Temp\sdaspwn.exe

C:\Users\SAB LAP\AppData\Local\Temp\securitascout_3.exe

C:\Users\SAB LAP\AppData\Local\Temp\xmlUpdater.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-12-17 11:44
 

==================== End Of Log ============================

--- --- ---

--- --- ---
FRST Additions Logfile:

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015

Ran by SAB LAP at 2015-01-22 16:28:38

Running from C:\Users\SAB LAP\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)

Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)

Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)

Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.4.0.28 - Swiss Academic Software)

Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.43.0 - Conexant)

Dropbox (HKU\S-1-5-21-3638818728-868247861-3901511755-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)

Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)

Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.1.32.905 - Foxit Software Inc.)

Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.3.916 - Foxit Software Inc.)

Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)

Free YouTube to MP3 Converter version 3.12.42.716 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.42.716 - DVDVideoSoft Ltd.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Harry Potter und der Feuerkelch™ (HKLM-x32\...\{9799BD05-5F89-484C-008E-F50592F53440}) (Version:  - )

ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)

Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)

Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)

Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020FF}) (Version: 8.0.200 - Oracle Corporation)

Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)

Java SE Development Kit 8 Update 20 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180200}) (Version: 8.0.200 - Oracle Corporation)

Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.10.1209.1 - Lenovo EasyCamera)

MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )

Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Access 2010 (HKLM\...\Office14.AccessR) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.21.00.03 - Huawei Technologies Co.,Ltd)

Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)

Novell iPrint Client v05.90.00 (HKLM\...\Novell iPrint Client) (Version:  - Novell, Inc.)

Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)

Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.19 - Qualcomm Atheros Inc.)

Secure Download Manager (HKLM-x32\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0015-0000-1000-0000000FF1CE}_Office14.AccessR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden

Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)

Southpark Stick of Truth (HKLM-x32\...\U291dGhwYXJrU3RpY2tvZlRydXRo_is1) (Version: 1 - )

TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)

TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27614 - TeamViewer)

WinRAR 5.10 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.3 - win.rar GmbH)

XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-5 - Bitnami)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 

CustomCLSID: HKU\S-1-5-21-3638818728-868247861-3901511755-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\SAB LAP\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3638818728-868247861-3901511755-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SAB LAP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3638818728-868247861-3901511755-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SAB LAP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3638818728-868247861-3901511755-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SAB LAP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3638818728-868247861-3901511755-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SAB LAP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3638818728-868247861-3901511755-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SAB LAP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3638818728-868247861-3901511755-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SAB LAP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3638818728-868247861-3901511755-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SAB LAP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3638818728-868247861-3901511755-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SAB LAP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 

==================== Restore Points  =========================
 

03-12-2014 19:40:09 Geplanter Prüfpunkt

11-12-2014 15:36:56 Windows Update

18-12-2014 17:03:05 Windows Update

19-01-2015 16:41:09 Windows Update

20-01-2015 18:09:14 Windows Update
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {2FFC0252-5235-46EE-9500-419734C98C11} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3638818728-868247861-3901511755-1000Core => C:\Users\SAB LAP\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-15] (Facebook Inc.)

Task: {3A245C24-B10A-48DD-8C0E-1072CD1C1D8F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.)

Task: {3E8ADC46-6211-4E8C-B5C0-6CEA946027AB} - System32\Tasks\{564ABF7F-20F9-40EC-9D2B-BB8225CFEE19} => Chrome.exe Skype für den Desktop herunterladen

Task: {50CE6058-DA2C-44C2-8EA5-70EAC7E37979} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3638818728-868247861-3901511755-1000UA => C:\Users\SAB LAP\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-15] (Facebook Inc.)

Task: {714F34A2-18E3-46B1-884A-78C117A4BD01} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.)

Task: {8FC17A42-26CC-4970-83E8-4B7A0A168339} - System32\Tasks\FreeDriverScout => C:\Program Files\Covus Freemium\Free Driver Scout\1Click.exe

Task: {AAE5BF0A-CA4D-41B1-BEA0-23FFF95B3041} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3638818728-868247861-3901511755-1000Core.job => C:\Users\SAB LAP\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3638818728-868247861-3901511755-1000UA.job => C:\Users\SAB LAP\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2014-01-15 17:57 - 2013-07-23 04:47 - 00239696 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\SAB LAP\AppData\Roaming\Dropbox\bin\libGLESv2.dll

2015-01-22 16:18 - 2015-01-22 16:18 - 00043008 _____ () c:\Users\SAB LAP\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdfjab5.dll

2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\SAB LAP\AppData\Roaming\Dropbox\bin\libEGL.dll

2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\SAB LAP\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll

2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\SAB LAP\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2014-12-15 10:21 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll

2014-12-15 10:21 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll

2014-12-15 10:21 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll

2014-12-15 10:21 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (whitelisted) =============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

(Currently there is no automatic fix for this section.)
 

MSCONFIG\Services: gupdate => 2

MSCONFIG\Services: gupdatem => 3

MSCONFIG\Services: gusvc => 3
 

========================= Accounts: ==========================
 

Administrator (S-1-5-21-3638818728-868247861-3901511755-500 - Administrator - Disabled)

Gast (S-1-5-21-3638818728-868247861-3901511755-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-3638818728-868247861-3901511755-1002 - Limited - Enabled)

SAB LAP (S-1-5-21-3638818728-868247861-3901511755-1000 - Administrator - Enabled) => C:\Users\SAB LAP
 

==================== Faulty Device Manager Devices =============
 

Name: 

Description: 

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (01/22/2015 04:28:44 PM) (Source: ATIeRecord) (EventID: 16386) (User: )

Description: ATI EEU Client has failed to start
 

Error: (01/22/2015 04:28:44 PM) (Source: ATIeRecord) (EventID: 16388) (User: )

Description: ATI EEU Client event error
 

Error: (01/22/2015 04:27:44 PM) (Source: ATIeRecord) (EventID: 16386) (User: )

Description: ATI EEU Client has failed to start
 

Error: (01/22/2015 04:27:44 PM) (Source: ATIeRecord) (EventID: 16388) (User: )

Description: ATI EEU Client event error
 

Error: (01/22/2015 04:26:44 PM) (Source: ATIeRecord) (EventID: 16386) (User: )

Description: ATI EEU Client has failed to start
 

Error: (01/22/2015 04:26:44 PM) (Source: ATIeRecord) (EventID: 16388) (User: )

Description: ATI EEU Client event error
 

Error: (01/22/2015 04:25:44 PM) (Source: ATIeRecord) (EventID: 16386) (User: )

Description: ATI EEU Client has failed to start
 

Error: (01/22/2015 04:25:44 PM) (Source: ATIeRecord) (EventID: 16388) (User: )

Description: ATI EEU Client event error
 

Error: (01/22/2015 04:24:44 PM) (Source: ATIeRecord) (EventID: 16386) (User: )

Description: ATI EEU Client has failed to start
 

Error: (01/22/2015 04:24:44 PM) (Source: ATIeRecord) (EventID: 16388) (User: )

Description: ATI EEU Client event error
 
 

System errors:

=============

Error: (01/20/2015 06:06:11 PM) (Source: cdrom) (EventID: 15) (User: )

Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 

Error: (01/20/2015 06:06:11 PM) (Source: cdrom) (EventID: 15) (User: )

Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 

Error: (01/20/2015 06:06:11 PM) (Source: cdrom) (EventID: 15) (User: )

Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 

Error: (01/20/2015 06:06:11 PM) (Source: cdrom) (EventID: 15) (User: )

Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 

Error: (01/20/2015 06:06:11 PM) (Source: cdrom) (EventID: 15) (User: )

Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 

Error: (01/20/2015 06:06:11 PM) (Source: cdrom) (EventID: 15) (User: )

Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 

Error: (01/20/2015 06:06:11 PM) (Source: cdrom) (EventID: 15) (User: )

Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 

Error: (01/20/2015 06:06:11 PM) (Source: cdrom) (EventID: 15) (User: )

Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 

Error: (01/19/2015 04:33:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.
 

Error: (01/19/2015 04:33:11 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: Das System wurde zuvor am ‎14.‎01.‎2015 um 17:52:03 unerwartet heruntergefahren.
 
 

Microsoft Office Sessions:

=========================

Error: (01/22/2015 04:28:44 PM) (Source: ATIeRecord) (EventID: 16386) (User: )

Description: 
 

Error: (01/22/2015 04:28:44 PM) (Source: ATIeRecord) (EventID: 16388) (User: )

Description: 
 

Error: (01/22/2015 04:27:44 PM) (Source: ATIeRecord) (EventID: 16386) (User: )

Description: 
 

Error: (01/22/2015 04:27:44 PM) (Source: ATIeRecord) (EventID: 16388) (User: )

Description: 
 

Error: (01/22/2015 04:26:44 PM) (Source: ATIeRecord) (EventID: 16386) (User: )

Description: 
 

Error: (01/22/2015 04:26:44 PM) (Source: ATIeRecord) (EventID: 16388) (User: )

Description: 
 

Error: (01/22/2015 04:25:44 PM) (Source: ATIeRecord) (EventID: 16386) (User: )

Description: 
 

Error: (01/22/2015 04:25:44 PM) (Source: ATIeRecord) (EventID: 16388) (User: )

Description: 
 

Error: (01/22/2015 04:24:44 PM) (Source: ATIeRecord) (EventID: 16386) (User: )

Description: 
 

Error: (01/22/2015 04:24:44 PM) (Source: ATIeRecord) (EventID: 16388) (User: )

Description: 
 
 

CodeIntegrity Errors:

===================================

  Date: 2013-03-12 22:33:59.564

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\DisplaySwitch.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-03-12 22:30:00.380

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\DisplaySwitch.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-03-12 22:30:00.287

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\DisplaySwitch.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-03-12 22:30:00.177

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\DisplaySwitch.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-03-12 22:30:00.053

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\DisplaySwitch.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-03-12 22:24:53.442

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\DisplaySwitch.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-03-12 22:11:01.356

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\DisplaySwitch.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-03-12 22:03:37.717

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\DisplaySwitch.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-03-12 22:00:16.407

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\DisplaySwitch.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2013-03-12 20:34:15.940

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\DisplaySwitch.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 
 

==================== Memory info =========================== 
 

Processor: AMD E-450 APU with Radeon(tm) HD Graphics

Percentage of memory in use: 44%

Total physical RAM: 5738.9 MB

Available physical RAM: 3184.02 MB

Total Pagefile: 11475.99 MB

Available Pagefile: 8568.33 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:654.69 GB) (Free:585.1 GB) NTFS

Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:6.93 GB) NTFS

Drive g: (OFFICE14) (CDROM) (Total:0.67 GB) (Free:0 GB) UDF
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 484A6877)

Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=654.7 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)

Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)
 

==================== End Of Log ============================

--- --- ---

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Einmal der Adwarecleaner

AdwCleaner Logfile:

Code:

# AdwCleaner v4.109 - Bericht erstellt am 25/01/2015 um 16:06:07

# Aktualisiert 24/01/2015 von Xplode

# Database : 2015-01-25.1 [Live]

# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)

# Benutzername : SAB LAP - SABLAP-PC

# Gestartet von : C:\Users\SAB LAP\Desktop\AdwCleaner_4.109.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\Users\SABLAP~1\AppData\Local\Temp\OCS

Ordner Gelöscht : C:\Program Files\SoftwareUpdater

Ordner Gelöscht : C:\Users\SAB LAP\AppData\Local\DownloadGuide

Datei Gelöscht : C:\Windows\System32\roboot64.exe

Datei Gelöscht : C:\Users\SAB LAP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
 

***** [ Tasks ] *****
 

Task Gelöscht : FreeDriverScout
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Schlüssel Gelöscht : HKCU\Software\OCS

Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - 193.196.187.66:8080
 

***** [ Browser ] *****
 

-\\ Internet Explorer v11.0.9600.17496
 
 

-\\ Google Chrome v40.0.2214.91
 
 

*************************
 

AdwCleaner[R0].txt - [1566 octets] - [25/01/2015 16:03:01]

AdwCleaner[S0].txt - [1441 octets] - [25/01/2015 16:06:07]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1501 octets] ##########

--- --- ---

JunkwareremovalJRT Logfile:

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.1 (12.28.2014:1)

OS: Windows 7 Ultimate x64

Ran by SAB LAP on 25.01.2015 at 16:12:33,11

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 25.01.2015 at 16:19:05,11

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--- --- ---
FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01

Ran by SAB LAP (administrator) on SABLAP-PC on 25-01-2015 16:21:01

Running from C:\Users\SAB LAP\Desktop

Loaded Profiles: SAB LAP (Available profiles: SAB LAP)

Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe

(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe

(Novell, Inc.) C:\Windows\System32\iprntsrv.exe

() C:\ProgramData\MobileBrServ\mbbService.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe

(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe

(Novell, Inc.) C:\Windows\System32\iprntctl.exe

(Novell, Inc.) C:\Windows\System32\iprntlgn.exe

(Dropbox, Inc.) C:\Users\SAB LAP\AppData\Roaming\Dropbox\bin\Dropbox.exe

(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\audiodg.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)

HKLM\...\Run: [iPrint Tray] => C:\Windows\system32\iprntctl.exe [65816 2013-04-22] (Novell, Inc.)

HKLM\...\Run: [iPrint Event Monitor] => C:\Windows\system32\iprntlgn.exe [70936 2013-04-22] (Novell, Inc.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)

HKU\S-1-5-21-3638818728-868247861-3901511755-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent

HKU\S-1-5-21-3638818728-868247861-3901511755-1000\...\Run: [Facebook Update] => C:\Users\SAB LAP\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-11-15] (Facebook Inc.)

HKU\S-1-5-21-3638818728-868247861-3901511755-1000\...\Policies\Explorer: [DisallowRun] 1

HKU\S-1-5-21-3638818728-868247861-3901511755-1000\...\MountPoints2: {b78769bf-7e05-11e3-b800-74de2b2becdc} - F:\AutoRun.exe

Lsa: [Notification Packages] scecli iPrntWinCredMan

Startup: C:\Users\SAB LAP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\SAB LAP\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\SAB LAP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk

ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-3638818728-868247861-3901511755-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome

HKU\S-1-5-21-3638818728-868247861-3901511755-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome

HKU\S-1-5-21-3638818728-868247861-3901511755-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland

HKU\S-1-5-21-3638818728-868247861-3901511755-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = GIGA - Leidenschaft für Technik und Games

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-3638818728-868247861-3901511755-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear

SearchScopes: HKU\S-1-5-21-3638818728-868247861-3901511755-1000 -> {BA93E50F-3206-4A80-B816-175C74684F75} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @novell.com/iPrint -> C:\Windows\SysWOW64 ()

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKU\S-1-5-21-3638818728-868247861-3901511755-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\SAB LAP\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 

Chrome: 

=======

CHR HomePage: Default -> chrome://newtab

CHR Profile: C:\Users\SAB LAP\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\SAB LAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-09]

CHR Extension: (Google Drive) - C:\Users\SAB LAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-09]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\SAB LAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-16]

CHR Extension: (YouTube) - C:\Users\SAB LAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-09]

CHR Extension: (Adblock Plus) - C:\Users\SAB LAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-10-13]

CHR Extension: (Google-Suche) - C:\Users\SAB LAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-09]

CHR Extension: (Avira Browserschutz) - C:\Users\SAB LAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-08]

CHR Extension: (Google Wallet) - C:\Users\SAB LAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-09]

CHR Extension: (Citavi Picker) - C:\Users\SAB LAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2014-11-26]

CHR Extension: (Google Mail) - C:\Users\SAB LAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-09]

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - No Path
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)

S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-11] (Avira Operations GmbH & Co. KG)

R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)

R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-09-11] (Foxit Software Inc.)

R2 iprntsrv; C:\Windows\system32\iprntsrv.exe [55296 2013-04-22] (Novell, Inc.) [File not signed]

R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239696 2013-07-23] ()

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)

R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [128200 2013-06-20] (Qualcomm Atheros Co., Ltd.)

S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-25 16:20 - 2015-01-25 16:20 - 00000000 ____D () C:\Users\SAB LAP\Desktop\FRST-OlderVersion

2015-01-25 16:19 - 2015-01-25 16:19 - 00000623 _____ () C:\Users\SAB LAP\Desktop\JRT.txt

2015-01-25 16:12 - 2015-01-25 16:12 - 00000000 ____D () C:\Windows\ERUNT

2015-01-25 16:11 - 2015-01-25 16:11 - 01707939 _____ (Thisisu) C:\Users\SAB LAP\Desktop\JRT.exe

2015-01-25 16:02 - 2015-01-25 16:06 - 00000000 ____D () C:\AdwCleaner

2015-01-25 16:02 - 2015-01-25 16:02 - 02194432 _____ () C:\Users\SAB LAP\Desktop\AdwCleaner_4.109.exe

2015-01-25 15:56 - 2015-01-25 15:56 - 00791632 _____ () C:\Windows\Minidump\012515-18907-01.dmp

2015-01-22 16:28 - 2015-01-22 16:29 - 00022028 _____ () C:\Users\SAB LAP\Desktop\Addition.txt

2015-01-22 16:26 - 2015-01-25 16:21 - 00013343 _____ () C:\Users\SAB LAP\Desktop\FRST.txt

2015-01-22 16:26 - 2015-01-25 16:21 - 00000000 ____D () C:\FRST

2015-01-22 16:25 - 2015-01-25 16:20 - 02129920 _____ (Farbar) C:\Users\SAB LAP\Desktop\FRST64.exe

2015-01-21 17:20 - 2015-01-21 17:20 - 00001877 _____ () C:\Users\SAB LAP\Desktop\mw.txt

2015-01-21 16:51 - 2015-01-21 17:25 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-01-21 16:51 - 2015-01-21 16:51 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-01-21 16:51 - 2015-01-21 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-01-21 16:50 - 2015-01-21 16:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-01-21 16:50 - 2015-01-21 16:50 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-01-21 16:50 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-01-21 16:50 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-01-21 16:50 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-01-21 16:49 - 2015-01-21 16:49 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\SAB LAP\Desktop\mbam-setup-2.0.4.1028.exe

2015-01-19 16:50 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-01-19 16:50 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-01-19 16:50 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-01-19 16:50 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-01-19 16:50 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-01-19 16:50 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-01-19 16:50 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-01-19 16:50 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

2015-01-19 16:50 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll

2015-01-19 16:50 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

2015-01-14 09:04 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll

2015-01-14 09:04 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2015-01-14 09:04 - 2014-12-11 18:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-25 16:15 - 2009-07-14 05:45 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-25 16:15 - 2009-07-14 05:45 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-25 16:08 - 2014-12-07 16:29 - 00000000 ___RD () C:\Users\SAB LAP\Dropbox

2015-01-25 16:08 - 2014-12-07 16:13 - 00000000 ____D () C:\Users\SAB LAP\AppData\Roaming\Dropbox

2015-01-25 16:07 - 2013-10-09 21:39 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-25 16:07 - 2013-03-12 22:41 - 00038361 _____ () C:\Windows\setupact.log

2015-01-25 16:07 - 2010-11-21 04:47 - 00017342 _____ () C:\Windows\PFRO.log

2015-01-25 16:07 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-25 16:06 - 2013-10-09 21:21 - 01868958 _____ () C:\Windows\WindowsUpdate.log

2015-01-25 16:04 - 2013-11-15 18:59 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3638818728-868247861-3901511755-1000UA.job

2015-01-25 16:02 - 2013-10-09 21:39 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-25 15:56 - 2013-12-02 17:37 - 381867232 _____ () C:\Windows\MEMORY.DMP

2015-01-25 15:56 - 2013-12-02 17:37 - 00000000 ____D () C:\Windows\Minidump

2015-01-24 19:04 - 2013-11-15 18:59 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3638818728-868247861-3901511755-1000Core.job

2015-01-21 16:50 - 2011-04-12 08:43 - 00699342 _____ () C:\Windows\system32\perfh007.dat

2015-01-21 16:50 - 2011-04-12 08:43 - 00149450 _____ () C:\Windows\system32\perfc007.dat

2015-01-21 16:50 - 2009-07-14 06:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-01-19 16:55 - 2013-10-09 22:02 - 00000000 ____D () C:\Windows\system32\MRT

2015-01-19 16:41 - 2013-03-12 21:48 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 

Some content of TEMP:

====================

C:\Users\SAB LAP\AppData\Local\Temp\amazonicon_v4.exe

C:\Users\SAB LAP\AppData\Local\Temp\amazoninstallernircmdc.exe

C:\Users\SAB LAP\AppData\Local\Temp\AutoRun.exe

C:\Users\SAB LAP\AppData\Local\Temp\AutoRunGUI.dll

C:\Users\SAB LAP\AppData\Local\Temp\avgnt.exe

C:\Users\SAB LAP\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzd0zmy.dll

C:\Users\SAB LAP\AppData\Local\Temp\Foxit Reader Updater.exe

C:\Users\SAB LAP\AppData\Local\Temp\Foxit Updater.exe

C:\Users\SAB LAP\AppData\Local\Temp\ose00000.exe

C:\Users\SAB LAP\AppData\Local\Temp\Quarantine.exe

C:\Users\SAB LAP\AppData\Local\Temp\sdanircmdc.exe

C:\Users\SAB LAP\AppData\Local\Temp\sdapskill.exe

C:\Users\SAB LAP\AppData\Local\Temp\sdaspwn.exe

C:\Users\SAB LAP\AppData\Local\Temp\securitascout_3.exe

C:\Users\SAB LAP\AppData\Local\Temp\sqlite3.dll

C:\Users\SAB LAP\AppData\Local\Temp\xmlUpdater.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-01-22 17:16
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Die Prozesse sind immernoch im Tasmanager, inzwischen allerdings Betitelt. Das waren sie davor nicht.

Die Prozesse sind legitim.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Danke für den super schnellen und für meine Gefühle kompetente Hilfe! Aber ich glaube dass des irgendwie was Hartnäckiges ist ?

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=68a5a199c766b241aff23d1e5217940e
# engine=17865
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-04-14 07:28:46
# local_time=2014-04-14 09:28:46 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 66147 16109269 63389 0
# compatibility_mode=5893 16776574 100 94 15874191 149090376 0 0
# scanned=68764
# found=19
# cleaned=0
# scan_time=51230
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe"
sh=120DC13B4F5E666393F1DA9A07581F2BB3C8C8ED ft=1 fh=4a303e5d20f8d7e0 vn="Variante von Win32/HackTool.Crack.BL potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Southpark Stick of Truth\steam_api.dll"
sh=D93DFB48F135DD4DE95CB82544C3EDA3BAD2C753 ft=1 fh=d1199f70f2992f69 vn="Win32/Packed.ScrambleWrapper.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\SAB LAP\AppData\Local\DownloadGuide\Offers\plus-hd-3-8.exe"
sh=E17CAE66109644F591CE5A08EB6BB7D8426E7F61 ft=1 fh=fc2dd634d5b1c6e4 vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\SAB LAP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CODY5D2T\Setup[1].exe"
sh=855AEEF55884E524E79084E3C8B96876A89E3756 ft=1 fh=0b1fb44a769485e9 vn="Variante von Win32/InstallBrain evtl. unerwünschte Anwendung" ac=I fn="C:\Users\SAB LAP\AppData\Local\Temp\PCPerformer_Home_Setup.exe"
sh=1A376885858134D257064FD589715094441FB645 ft=1 fh=03df30316233ca53 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\SAB LAP\AppData\Local\Temp\is266438442\853410_stp.EXE"
sh=A836A8346F791EC8A83B51BC78E84B2F6659E6DA ft=1 fh=0a2e45c370149901 vn="Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\SAB LAP\AppData\Local\Temp\is266438442\853437_stp\wajam_validate.exe"
sh=175A8A0C7650EF29B0E1AE7137F5F48FDFCD6588 ft=1 fh=deea2a09617af006 vn="Variante von Win32/AdWare.SpeedingUpMyPC.G Anwendung" ac=I fn="C:\Users\SAB LAP\AppData\Local\Temp\is266438442\853698_stp\PCSpeedMaximizer_AQDE_AFD_PPI.exe"
sh=82FCB8F238714B0CB9CB50A1D233BB876EAE1F8E ft=1 fh=0a28b37f82595fb9 vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\SAB LAP\AppData\Local\Temp\is266438442\853860_stp\whilokii_is.exe"
sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\SAB LAP\AppData\Local\Temp\OCS\ocs_v71a.exe"
sh=1A376885858134D257064FD589715094441FB645 ft=1 fh=03df30316233ca53 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\SAB LAP\Downloads\foxit-pdf-reader [1].exe"
sh=4E65B7FCC34FF700E5812C0B44B4692DF889BB85 ft=1 fh=f735f6c30210c836 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\SAB LAP\Downloads\FreeAudioCDToMP3Converter (1).exe"
sh=4E65B7FCC34FF700E5812C0B44B4692DF889BB85 ft=1 fh=f735f6c30210c836 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\SAB LAP\Downloads\FreeAudioCDToMP3Converter.exe"
sh=AFFE6E9713E9A978FB02DDE2DC7B140AE7D49EEC ft=1 fh=ddacea57b1eca302 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="C:\Users\SAB LAP\Downloads\iLividSetup-r484-n-bc.exe"
sh=1D9BE2046CA18FB0D5AA7881E5463C6171917309 ft=1 fh=d21aa5e713887d8e vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\SAB LAP\Downloads\PC-Performer-lnstall.exe"
sh=AE58E6FF867B9784BF525716022E00D65B0AF0AD ft=1 fh=1d5dd040421ee558 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\SAB LAP\Downloads\TeamViewer - CHIP-Downloader.exe"
sh=9EEDBBFCC0A9F576F1F6E26759CE7F0AD3087568 ft=1 fh=8721c084f4185b37 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\SAB LAP\Downloads\winamp565_full_emusic-7plus_de-de.exe"
sh=9AE68FFAE53C4FC53C5623585D9DCC5BF30CFFD5 ft=1 fh=fc8d0a209d3b7b0c vn="Win32/HackTool.WinActivator.I potenziell unsichere Anwendung" ac=I fn="C:\Users\SAB LAP\Downloads\Windows_Loader_v2.2.1.exe"
sh=3B6BDCA414A53DF7C8C5096B953C4DF87A1091C7 ft=1 fh=55ca6504931631dc vn="Win32/HackTool.WinActivator.I potenziell unsichere Anwendung" ac=I fn="C:\Users\SAB LAP\Downloads\Windows_Loader_v2.2.1\Windows Loader.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=68a5a199c766b241aff23d1e5217940e
# engine=22150
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-26 05:40:10
# local_time=2015-01-26 06:40:10 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 18006 40942695 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 40707675 173923860 0 0
# scanned=175574
# found=12
# cleaned=0
# scan_time=14053
sh=BD4F87271566180D7F6322F27F15323A1DAC4215 ft=1 fh=fcff36e489966752 vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\SAB LAP\AppData\Local\DownloadGuide\Offers\vis.exe.vir"
sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\SABLAP~1\AppData\Local\Temp\OCS\ocs_v71a.exe.vir"
sh=D4B66D63BDB5B1E3B008FCEC0339D4EFEF9ACBC3 ft=1 fh=b8d78b984d4f7d1a vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=E17CAE66109644F591CE5A08EB6BB7D8426E7F61 ft=1 fh=fc2dd634d5b1c6e4 vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\SAB LAP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CODY5D2T\Setup[1].exe"
sh=B2CE135FD5B5CE13607231BBCD2C6598512D231B ft=1 fh=b5de49b1a3280b69 vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\Users\SAB LAP\AppData\Local\Temp\securitascout_3.exe"
sh=B2CE135FD5B5CE13607231BBCD2C6598512D231B ft=1 fh=b5de49b1a3280b69 vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\Users\SAB LAP\AppData\Local\Temp\2c3f58eb53411028bee59d7bce3aff52\securitascout_3.exe"
sh=A836A8346F791EC8A83B51BC78E84B2F6659E6DA ft=1 fh=0a2e45c370149901 vn="Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\SAB LAP\AppData\Local\Temp\is266438442\853437_stp\wajam_validate.exe"
sh=175A8A0C7650EF29B0E1AE7137F5F48FDFCD6588 ft=1 fh=deea2a09617af006 vn="Variante von Win32/AdWare.SpeedingUpMyPC.G Anwendung" ac=I fn="C:\Users\SAB LAP\AppData\Local\Temp\is266438442\853698_stp\PCSpeedMaximizer_AQDE_AFD_PPI.exe"
sh=82FCB8F238714B0CB9CB50A1D233BB876EAE1F8E ft=1 fh=0a28b37f82595fb9 vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\SAB LAP\AppData\Local\Temp\is266438442\853860_stp\whilokii_is.exe"
sh=959F98A3EFDDF93AF186D090F49697BD2F39530E ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="D:\LAPTOP\Backup Set 2011-10-22 083455\Backup Files 2011-10-24 130847\Backup files 1.zip"
sh=0DD0CF8E279607B420AE2F5081D80E19BBEC10DA ft=0 fh=0000000000000000 vn="JS/Kryptik.EN Trojaner" ac=I fn="D:\LAPTOP\Backup Set 2011-10-22 083455\Backup Files 2011-10-30 190002\Backup files 1.zip"
sh=B8A3FF98CFF5D0D19DD965B6411AED40986EF780 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\LAPTOP\Backup Set 2011-10-22 083455\Backup Files 2011-10-30 190002\Backup files 2.zip"

Die gefundenen Bedrohungen habe ich nicht gelöscht, da der Hacken in dem Bild nicht gesetzt war.

Das kam beim SecruityCeck wurde allerdings in Notepad ++ geöffnet!

UNSUPPORTED OPERATING SYSTEM! ABORTED!
FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01

Ran by SAB LAP (administrator) on SABLAP-PC on 26-01-2015 19:07:56

Running from C:\Users\SAB LAP\Desktop

Loaded Profiles: SAB LAP (Available profiles: SAB LAP)

Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe

(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe

(Novell, Inc.) C:\Windows\System32\iprntsrv.exe

() C:\ProgramData\MobileBrServ\mbbService.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe

(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe

(Novell, Inc.) C:\Windows\System32\iprntctl.exe

(Novell, Inc.) C:\Windows\System32\iprntlgn.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\audiodg.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

() C:\Users\SAB LAP\Desktop\SecurityCheck.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)

HKLM\...\Run: [iPrint Tray] => C:\Windows\system32\iprntctl.exe [65816 2013-04-22] (Novell, Inc.)

HKLM\...\Run: [iPrint Event Monitor] => C:\Windows\system32\iprntlgn.exe [70936 2013-04-22] (Novell, Inc.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)

HKU\S-1-5-21-3638818728-868247861-3901511755-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent

HKU\S-1-5-21-3638818728-868247861-3901511755-1000\...\Run: [Facebook Update] => C:\Users\SAB LAP\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-11-15] (Facebook Inc.)

HKU\S-1-5-21-3638818728-868247861-3901511755-1000\...\Policies\Explorer: [DisallowRun] 1

HKU\S-1-5-21-3638818728-868247861-3901511755-1000\...\MountPoints2: {b78769bf-7e05-11e3-b800-74de2b2becdc} - F:\AutoRun.exe

Lsa: [Notification Packages] scecli iPrntWinCredMan

Startup: C:\Users\SAB LAP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\SAB LAP\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\SAB LAP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk

ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-3638818728-868247861-3901511755-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome

HKU\S-1-5-21-3638818728-868247861-3901511755-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome

HKU\S-1-5-21-3638818728-868247861-3901511755-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland ? jetzt mit dem Hotmail Nachfolger Outlook und dem Messenger Nachfolger Skype

HKU\S-1-5-21-3638818728-868247861-3901511755-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = GIGA - Leidenschaft für Technik und Games

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-3638818728-868247861-3901511755-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear

SearchScopes: HKU\S-1-5-21-3638818728-868247861-3901511755-1000 -> {BA93E50F-3206-4A80-B816-175C74684F75} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @novell.com/iPrint -> C:\Windows\SysWOW64 ()

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKU\S-1-5-21-3638818728-868247861-3901511755-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\SAB LAP\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 

Chrome: 

=======

CHR HomePage: Default -> chrome://newtab

CHR Profile: C:\Users\SAB LAP\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\SAB LAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-09]

CHR Extension: (Google Drive) - C:\Users\SAB LAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-09]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\SAB LAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-16]

CHR Extension: (YouTube) - C:\Users\SAB LAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-09]

CHR Extension: (Adblock Plus) - C:\Users\SAB LAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-10-13]

CHR Extension: (Google-Suche) - C:\Users\SAB LAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-09]

CHR Extension: (Avira Browserschutz) - C:\Users\SAB LAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-08]

CHR Extension: (Google Wallet) - C:\Users\SAB LAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-09]

CHR Extension: (Citavi Picker) - C:\Users\SAB LAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2014-11-26]

CHR Extension: (Google Mail) - C:\Users\SAB LAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-09]

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - No Path
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)

S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-11] (Avira Operations GmbH & Co. KG)

R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)

R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-09-11] (Foxit Software Inc.)

R2 iprntsrv; C:\Windows\system32\iprntsrv.exe [55296 2013-04-22] (Novell, Inc.) [File not signed]

R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239696 2013-07-23] ()

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)

R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [128200 2013-06-20] (Qualcomm Atheros Co., Ltd.)

S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-26 19:05 - 2015-01-26 19:05 - 00852504 _____ () C:\Users\SAB LAP\Desktop\SecurityCheck.exe

2015-01-26 14:40 - 2015-01-26 14:40 - 02347384 _____ (ESET) C:\Users\SAB LAP\Desktop\esetsmartinstaller_deu.exe

2015-01-25 16:20 - 2015-01-25 16:20 - 00000000 ____D () C:\Users\SAB LAP\Desktop\FRST-OlderVersion

2015-01-25 16:19 - 2015-01-25 16:19 - 00000623 _____ () C:\Users\SAB LAP\Desktop\JRT.txt

2015-01-25 16:12 - 2015-01-25 16:12 - 00000000 ____D () C:\Windows\ERUNT

2015-01-25 16:11 - 2015-01-25 16:11 - 01707939 _____ (Thisisu) C:\Users\SAB LAP\Desktop\JRT.exe

2015-01-25 16:02 - 2015-01-25 16:06 - 00000000 ____D () C:\AdwCleaner

2015-01-25 16:02 - 2015-01-25 16:02 - 02194432 _____ () C:\Users\SAB LAP\Desktop\AdwCleaner_4.109.exe

2015-01-25 15:56 - 2015-01-25 15:56 - 00791632 _____ () C:\Windows\Minidump\012515-18907-01.dmp

2015-01-22 16:28 - 2015-01-22 16:29 - 00022028 _____ () C:\Users\SAB LAP\Desktop\Addition.txt

2015-01-22 16:26 - 2015-01-26 19:07 - 00013393 _____ () C:\Users\SAB LAP\Desktop\FRST.txt

2015-01-22 16:26 - 2015-01-26 19:07 - 00000000 ____D () C:\FRST

2015-01-22 16:25 - 2015-01-25 16:20 - 02129920 _____ (Farbar) C:\Users\SAB LAP\Desktop\FRST64.exe

2015-01-21 17:20 - 2015-01-21 17:20 - 00001877 _____ () C:\Users\SAB LAP\Desktop\mw.txt

2015-01-21 16:51 - 2015-01-21 17:25 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-01-21 16:51 - 2015-01-21 16:51 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-01-21 16:51 - 2015-01-21 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-01-21 16:50 - 2015-01-21 16:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-01-21 16:50 - 2015-01-21 16:50 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-01-21 16:50 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-01-21 16:50 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-01-21 16:50 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-01-21 16:49 - 2015-01-21 16:49 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\SAB LAP\Desktop\mbam-setup-2.0.4.1028.exe

2015-01-19 16:50 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-01-19 16:50 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-01-19 16:50 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-01-19 16:50 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-01-19 16:50 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-01-19 16:50 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-01-19 16:50 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-01-19 16:50 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

2015-01-19 16:50 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll

2015-01-19 16:50 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

2015-01-14 09:04 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll

2015-01-14 09:04 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2015-01-14 09:04 - 2014-12-11 18:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-26 19:06 - 2014-10-16 12:55 - 00000000 ____D () C:\Users\SAB LAP\AppData\Roaming\Notepad++

2015-01-26 19:04 - 2013-11-15 18:59 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3638818728-868247861-3901511755-1000UA.job

2015-01-26 19:04 - 2013-11-15 18:59 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3638818728-868247861-3901511755-1000Core.job

2015-01-26 19:02 - 2013-10-09 21:39 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-26 19:01 - 2013-10-09 21:21 - 01948337 _____ () C:\Windows\WindowsUpdate.log

2015-01-26 17:36 - 2009-07-14 05:45 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-26 17:36 - 2009-07-14 05:45 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-26 14:48 - 2013-10-09 21:39 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-26 14:42 - 2011-04-12 08:43 - 00699342 _____ () C:\Windows\system32\perfh007.dat

2015-01-26 14:42 - 2011-04-12 08:43 - 00149450 _____ () C:\Windows\system32\perfc007.dat

2015-01-26 14:42 - 2009-07-14 06:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-01-25 16:08 - 2014-12-07 16:29 - 00000000 ___RD () C:\Users\SAB LAP\Dropbox

2015-01-25 16:08 - 2014-12-07 16:13 - 00000000 ____D () C:\Users\SAB LAP\AppData\Roaming\Dropbox

2015-01-25 16:07 - 2013-03-12 22:41 - 00038361 _____ () C:\Windows\setupact.log

2015-01-25 16:07 - 2010-11-21 04:47 - 00017342 _____ () C:\Windows\PFRO.log

2015-01-25 16:07 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-25 15:56 - 2013-12-02 17:37 - 381867232 _____ () C:\Windows\MEMORY.DMP

2015-01-25 15:56 - 2013-12-02 17:37 - 00000000 ____D () C:\Windows\Minidump

2015-01-19 16:55 - 2013-10-09 22:02 - 00000000 ____D () C:\Windows\system32\MRT

2015-01-19 16:41 - 2013-03-12 21:48 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 

Some content of TEMP:

====================

C:\Users\SAB LAP\AppData\Local\Temp\amazonicon_v4.exe

C:\Users\SAB LAP\AppData\Local\Temp\amazoninstallernircmdc.exe

C:\Users\SAB LAP\AppData\Local\Temp\AutoRun.exe

C:\Users\SAB LAP\AppData\Local\Temp\AutoRunGUI.dll

C:\Users\SAB LAP\AppData\Local\Temp\avgnt.exe

C:\Users\SAB LAP\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzd0zmy.dll

C:\Users\SAB LAP\AppData\Local\Temp\Foxit Reader Updater.exe

C:\Users\SAB LAP\AppData\Local\Temp\Foxit Updater.exe

C:\Users\SAB LAP\AppData\Local\Temp\npp.6.7.4.Installer.exe

C:\Users\SAB LAP\AppData\Local\Temp\ose00000.exe

C:\Users\SAB LAP\AppData\Local\Temp\Quarantine.exe

C:\Users\SAB LAP\AppData\Local\Temp\sdanircmdc.exe

C:\Users\SAB LAP\AppData\Local\Temp\sdapskill.exe

C:\Users\SAB LAP\AppData\Local\Temp\sdaspwn.exe

C:\Users\SAB LAP\AppData\Local\Temp\securitascout_3.exe

C:\Users\SAB LAP\AppData\Local\Temp\sqlite3.dll

C:\Users\SAB LAP\AppData\Local\Temp\xmlUpdater.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-01-22 17:16
 

==================== End Of Log ============================

--- --- ---

Nee das sind nur Reste oder Downloads von dir. Download Ordner leeren.

Noch Probleme?

Also er läuft auf jedenfall wieder schneller und das zuverlässig.

Vielen dank für die Hilfe. Der support ist echt super. Ich werde euch weiter empfehlen

Fertig :)

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Sry dass es so lange gedauert hat. Ich hatte viel zu tun und hab den Laptop seid dem nichtmehr verwendet.

Ich habe den DelFix cleaner jetzt drüber laufen lassen.

Ich befolge eigentlich alles was zu den Tips steht, ich klicke auf nichts was ich nicht kenne, ich habe ein aktuelles Antivirenprogramm installiert (freeware) und benutze eben nicht IE sondern Chrome.

Was war das jetzt genau was ich mir da eingefangen habe, und wie kann das passiert sein?

Hier nochmal den Log de DelFix.

# DelFix v10.8 - Datei am 04/03/2015 um 18:58:18 erstellt
# Aktualisiert am 29/07/2014 von Xplode
# Benutzer : SAB LAP - SABLAP-PC
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)

~ Aktiviere die Benutzerkontensteuerung ... OK

~ Entferne die Bereinigungsprogramme ...

Gelöscht : C:\FRST
Gelöscht : C:\AdwCleaner
Gelöscht : C:\Users\SAB LAP\Desktop\AdwCleaner_4.109.exe
Gelöscht : C:\Users\SAB LAP\Desktop\esetsmartinstaller_deu.exe
Gelöscht : C:\Users\SAB LAP\Desktop\FRST64.exe
Gelöscht : C:\Users\SAB LAP\Desktop\JRT.exe
Gelöscht : C:\Users\SAB LAP\Desktop\SecurityCheck.exe
Gelöscht : HKLM\SOFTWARE\AdwCleaner

~ Erstelle ein Backup der Registrierungsdatenbank ... OK

~ Lösche die Wiederherstellungspunkte ...

Gelöscht : RP #79 [Geplanter Prüfpunkt | 02/11/2015 12:58:21]
Gelöscht : RP #80 [Windows Update | 02/11/2015 20:56:58]
Gelöscht : RP #81 [Geplanter Prüfpunkt | 02/19/2015 17:58:16]
Gelöscht : RP #83 [Windows Modules Installer | 02/21/2015 20:17:45]
Gelöscht : RP #84 [Windows Update | 02/25/2015 19:18:32]

Ein neuer Wiederherstellungspunkt wurde erstellt !

~ Stelle die Systemeinstellungen wieder her ... OK

Vielen lieben Dank für die tolle Hilfe,

Sabrina

Adware, und eben viele Hack Tools die man nicht benutzen sollte.