|
Log-Analyse und Auswertung: Windows 8 Laptop-Sehr viel Werbung in BrowsernWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
23.11.2013, 15:21 | #1 |
| Windows 8 Laptop-Sehr viel Werbung in Browsern Hallo liebes Trojaner-board Team! Ich besitze einen Laptop mit Windows 8. In den letzten drei Wochen etwa habe ich das Problem, das in meinen Browsern(Chrome und Firefox) extrem viel Webung auftaucht.Häufig in Form von Pop-Up-Fenstern, aber auch auf allen Seiten tauchen immer blinkende Werbebanner in sehr starkem Maße auf, das hatte ich früher nie. Ich habe Antivir deinstalliert, da ich was wegen der Toolbar gelesen habe und habe dann Avast installiert. Ich habe einen Suchdurchlauf mit Malewarebytes durchlaufen lassen und dabei wurden drei infizierte Dateien gefunden, die ich sofort gelöscht habe. Das Problem besteht weiterhin. Ich bin ein PC-Anfänger also wäre ich für jede Hilfe sehr dankbar! Hier noch der Log von Malewarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.11.23.05 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16721 Admin :: *****-PC [Administrator] 23.11.2013 13:45:08 MBAM-log-2013-11-23 (14-01-07).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 252638 Laufzeit: 6 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|OMESupervisor (PUP.Optional.OfferMosquito.A) -> Daten: C:\Users\Admin\AppData\Local\omesuperv.exe -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\Admin\AppData\Local\omesuperv.exe (PUP.Optional.OfferMosquito.A) -> Keine Aktion durchgeführt. C:\Users\Admin\Downloads\SoftonicDownloader_fuer_faststone-image-viewer.exe (PUP.Optional.Softonic) -> Keine Aktion durchgeführt. (Ende) |
23.11.2013, 15:37 | #2 |
/// the machine /// TB-Ausbilder | Windows 8 Laptop-Sehr viel Werbung in Browsern hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
24.11.2013, 02:49 | #3 |
| Windows 8 Laptop-Sehr viel Werbung in Browsern Hallo,
__________________danke für die schnelle Antwort! Hier der FRST-Log FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2013 02 Ran by Admin (administrator) on *****-PC on 23-11-2013 17:15:20 Running from C:\Users\Admin\Desktop Windows 8 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (Dritek System INC.) C:\Windows\RfBtnSvc64.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (Dritek System Inc.) C:\Program Files (x86)\RadioController\RfBtnHelper.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2965816 2012-10-19] (Synaptics Incorporated) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKCU\...\Run: [SSync] - C:\Users\Admin\AppData\Roaming\SSync\SSync.exe [36864 2013-04-09] () HKCU\...\Run: [DataMgr] - C:\Users\Admin\AppData\Roaming\DataMgr\DataMgr.exe [168848 2013-06-26] (HTTO Group, Ltd.) HKCU\...\Run: [SCheck] - C:\Users\Admin\AppData\Roaming\SCheck\SCheck.exe [36864 2013-04-09] () HKCU\...\Run: [Snoozer] - C:\Users\Admin\AppData\Roaming\Snz\Snz.exe [1226843 2013-10-10] () HKCU\...\Run: [Intermediate] - C:\Users\Admin\AppData\Roaming\Intermediate\Intermediate.exe [36864 2013-04-09] () HKLM-x32\...\Run: [LManager] - [x] HKLM-x32\...\Run: [RadioController] - C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2012-12-09] (Dritek System Inc.) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.) HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-23] (AVAST Software) HKU\Default\...\RunOnce: [RegAutoPlay] - C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe [1845392 2012-08-21] (Acer Incorporated) HKU\Default User\...\RunOnce: [RegAutoPlay] - C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe [1845392 2012-08-21] (Acer Incorporated) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com SearchScopes: HKLM - DefaultScope {EE79DC48-B883-414D-91DE-43224F19CBD1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKLM - {EE79DC48-B883-414D-91DE-43224F19CBD1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKLM-x32 - DefaultScope {EE79DC48-B883-414D-91DE-43224F19CBD1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKLM-x32 - {EE79DC48-B883-414D-91DE-43224F19CBD1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKCU - DefaultScope {EE79DC48-B883-414D-91DE-43224F19CBD1} URL = SearchScopes: HKCU - {EE79DC48-B883-414D-91DE-43224F19CBD1} URL = BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\31.0.1650.57\npchrome_frame.dll (Google Inc.) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - No File Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\31.0.1650.57\npchrome_frame.dll (Google Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rry0rf7z.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: om - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rry0rf7z.default\Extensions\om@offermosquito.com.xpi FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll () CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (OfferMosquito) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\0.9_0 CHR Extension: (avast! Online Security) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0 CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0 CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-23] (AVAST Software) R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.) R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated) S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-23] (NTI Corporation) R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2012-12-09] (Dritek System INC.) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-11-23] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-11-23] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-23] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-23] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-11-23] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-11-23] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-11-23] () R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4273192 2012-08-11] (Intel Corporation) S3 phiccidxp; C:\Windows\system32\DRIVERS\xccidwdm.sys [34184 2010-10-29] (Xiring) R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-12-09] (Dritek System Inc.) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-19] (Synaptics Incorporated) S3 xiringcciddrv3; C:\Windows\system32\DRIVERS\xccid3wdm.sys [37024 2011-10-05] (Xiring) S3 athr; \SystemRoot\system32\DRIVERS\athrx.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-23 17:15 - 2013-11-23 17:16 - 00014815 _____ C:\Users\Admin\Desktop\FRST.txt 2013-11-23 15:44 - 2013-11-23 15:44 - 00009680 _____ C:\Users\Admin\Downloads\FRST.txt 2013-11-23 15:44 - 2013-11-23 15:44 - 00000000 ____D C:\FRST 2013-11-23 15:42 - 2013-11-23 15:42 - 01958234 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe 2013-11-23 13:43 - 2013-11-23 13:43 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-11-23 13:43 - 2013-11-23 13:43 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes 2013-11-23 13:43 - 2013-11-23 13:43 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-11-23 13:43 - 2013-11-23 13:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-11-23 13:43 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-11-23 13:42 - 2013-11-23 13:42 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-1.75.0.1300.exe 2013-11-23 13:16 - 2013-11-23 13:16 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2013-11-23 13:16 - 2013-11-23 13:16 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2013-11-23 13:16 - 2013-11-23 13:16 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2013-11-23 13:16 - 2013-11-23 13:16 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys 2013-11-23 13:16 - 2013-11-23 13:16 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2013-11-23 13:16 - 2013-11-23 13:16 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2013-11-23 13:16 - 2013-11-23 13:16 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys 2013-11-23 13:16 - 2013-11-23 13:16 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2013-11-23 13:16 - 2013-11-23 13:16 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys 2013-11-23 13:16 - 2013-11-23 13:16 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2013-11-23 13:16 - 2013-11-23 13:16 - 00001970 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-11-23 13:16 - 2013-11-23 13:16 - 00000000 ____D C:\Users\Admin\AppData\Roaming\AVAST Software 2013-11-23 13:10 - 2013-11-23 13:10 - 00000000 ____D C:\Program Files\AVAST Software 2013-11-23 13:07 - 2013-11-23 13:07 - 04733496 _____ (AVAST Software) C:\Users\Admin\Downloads\avast_free_antivirus_setup_online_fdi-c (1).exe 2013-11-23 13:06 - 2013-11-23 13:06 - 00000000 ____D C:\ProgramData\AVAST Software 2013-11-23 13:05 - 2013-11-23 13:06 - 04733496 _____ (AVAST Software) C:\Users\Admin\Downloads\avast_free_antivirus_setup_online_fdi-c.exe 2013-11-11 22:21 - 2013-11-11 22:23 - 00000000 ____D C:\Users\Admin\Documents\Scannen 2013-11-11 22:20 - 2013-11-11 22:20 - 00000000 ____D C:\Users\Admin\AppData\Local\SSScan 2013-11-11 22:19 - 2013-11-11 22:19 - 00000000 ____D C:\Program Files (x86)\Scan Assistant 2013-11-11 22:18 - 2013-11-11 22:18 - 13868264 _____ (Samsung Electronics Co., Ltd.) C:\Users\Admin\Downloads\ScanAssistant_1.05.07.exe 2013-11-11 22:18 - 2013-11-11 22:18 - 00000000 ____D C:\Windows\twain_64 2013-11-11 22:18 - 2013-10-04 06:31 - 00579072 _____ C:\Windows\system32\SNWIAUI.dll 2013-11-11 22:18 - 2013-10-04 05:53 - 00734720 _____ C:\Windows\system32\SnMinDrv.dll 2013-11-11 22:18 - 2013-10-04 05:53 - 00155136 _____ C:\Windows\system32\SnImgFlt.dll 2013-11-11 22:18 - 2013-10-04 05:52 - 00068096 _____ C:\Windows\system32\SnErHdlr.dll 2013-11-11 22:18 - 2013-09-02 03:57 - 00155696 _____ C:\Windows\wiainst64.exe 2013-11-11 22:18 - 2012-12-10 03:09 - 00120846 _____ C:\Windows\system32\WIAEXSTR.loc 2013-11-11 22:18 - 2012-03-14 00:58 - 00166640 _____ (TWAIN Working Group) C:\Windows\system32\TWAINDSM.dll 2013-11-11 22:18 - 2012-03-14 00:58 - 00148728 _____ (TWAIN Working Group) C:\Windows\SysWOW64\TWAINDSM.dll 2013-11-11 22:18 - 2012-02-09 08:20 - 00355840 _____ (Samsung Electronics) C:\Windows\system32\snWIAMUI.dll 2013-11-11 22:17 - 2013-11-11 22:17 - 23580208 _____ C:\Users\Admin\Downloads\UniversalScanDriver_V1.02.19.exe ==================== One Month Modified Files and Folders ======= 2013-11-23 17:16 - 2013-11-23 17:15 - 00014815 _____ C:\Users\Admin\Desktop\FRST.txt 2013-11-23 17:01 - 2013-04-19 12:40 - 01644010 _____ C:\Windows\WindowsUpdate.log 2013-11-23 17:01 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent 2013-11-23 17:00 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru 2013-11-23 16:28 - 2013-04-19 13:02 - 00001126 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-11-23 16:21 - 2013-04-19 22:41 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-11-23 15:44 - 2013-11-23 15:44 - 00009680 _____ C:\Users\Admin\Downloads\FRST.txt 2013-11-23 15:44 - 2013-11-23 15:44 - 00000000 ____D C:\FRST 2013-11-23 15:42 - 2013-11-23 15:42 - 01958234 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe 2013-11-23 14:05 - 2013-04-19 13:02 - 00001122 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-11-23 14:05 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-11-23 14:04 - 2012-10-25 04:55 - 00222454 _____ C:\Windows\PFRO.log 2013-11-23 13:52 - 2013-04-19 12:48 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3602819622-969200579-1080763390-1001 2013-11-23 13:43 - 2013-11-23 13:43 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-11-23 13:43 - 2013-11-23 13:43 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes 2013-11-23 13:43 - 2013-11-23 13:43 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-11-23 13:43 - 2013-11-23 13:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-11-23 13:42 - 2013-11-23 13:42 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-1.75.0.1300.exe 2013-11-23 13:16 - 2013-11-23 13:16 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2013-11-23 13:16 - 2013-11-23 13:16 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2013-11-23 13:16 - 2013-11-23 13:16 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2013-11-23 13:16 - 2013-11-23 13:16 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys 2013-11-23 13:16 - 2013-11-23 13:16 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2013-11-23 13:16 - 2013-11-23 13:16 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2013-11-23 13:16 - 2013-11-23 13:16 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys 2013-11-23 13:16 - 2013-11-23 13:16 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2013-11-23 13:16 - 2013-11-23 13:16 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys 2013-11-23 13:16 - 2013-11-23 13:16 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2013-11-23 13:16 - 2013-11-23 13:16 - 00001970 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-11-23 13:16 - 2013-11-23 13:16 - 00000000 ____D C:\Users\Admin\AppData\Roaming\AVAST Software 2013-11-23 13:10 - 2013-11-23 13:10 - 00000000 ____D C:\Program Files\AVAST Software 2013-11-23 13:07 - 2013-11-23 13:07 - 04733496 _____ (AVAST Software) C:\Users\Admin\Downloads\avast_free_antivirus_setup_online_fdi-c (1).exe 2013-11-23 13:06 - 2013-11-23 13:06 - 00000000 ____D C:\ProgramData\AVAST Software 2013-11-23 13:06 - 2013-11-23 13:05 - 04733496 _____ (AVAST Software) C:\Users\Admin\Downloads\avast_free_antivirus_setup_online_fdi-c.exe 2013-11-22 17:44 - 2013-08-24 11:11 - 00109568 ___SH C:\Users\Admin\Desktop\Thumbs.db 2013-11-19 17:38 - 2013-10-21 20:21 - 00000099 _____ C:\Users\Public\LMDebug.log 2013-11-18 13:14 - 2012-07-26 06:26 - 00524288 ___SH C:\Windows\system32\config\BBI 2013-11-18 12:59 - 2012-12-09 08:40 - 00753134 _____ C:\Windows\system32\perfh007.dat 2013-11-18 12:59 - 2012-12-09 08:40 - 00155826 _____ C:\Windows\system32\perfc007.dat 2013-11-18 12:59 - 2012-07-26 08:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI 2013-11-14 22:30 - 2013-04-19 13:04 - 00002179 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-11-11 22:23 - 2013-11-11 22:21 - 00000000 ____D C:\Users\Admin\Documents\Scannen 2013-11-11 22:20 - 2013-11-11 22:20 - 00000000 ____D C:\Users\Admin\AppData\Local\SSScan 2013-11-11 22:19 - 2013-11-11 22:19 - 00000000 ____D C:\Program Files (x86)\Scan Assistant 2013-11-11 22:18 - 2013-11-11 22:18 - 13868264 _____ (Samsung Electronics Co., Ltd.) C:\Users\Admin\Downloads\ScanAssistant_1.05.07.exe 2013-11-11 22:18 - 2013-11-11 22:18 - 00000000 ____D C:\Windows\twain_64 2013-11-11 22:18 - 2013-10-21 20:04 - 00000000 ____D C:\Program Files (x86)\Samsung 2013-11-11 22:17 - 2013-11-11 22:17 - 23580208 _____ C:\Users\Admin\Downloads\UniversalScanDriver_V1.02.19.exe 2013-11-07 19:53 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\NDF Some content of TEMP: ==================== C:\Users\Admin\AppData\Local\Temp\COMAP.EXE ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-11-09 19:21 ==================== End Of Log ============================ --- --- --- und hier der addition log Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2013 02 Ran by Admin at 2013-11-23 17:16:27 Running from C:\Users\Admin\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== clear.fi SDK - Video 2 (x32 Version: 2.1.1925) clear.fi SDK- Movie 2 (x32 Version: 2.1.2008) Acer Backup Manager (x32 Version: 4.0.0.0059) Acer Device Fast-lane (Version: 1.00.3007) Acer Power Management (Version: 7.00.3006) Acer Recovery Management (Version: 6.00.3011) AcerCloud (x32 Version: 2.01.3115) AcerCloud Docs (x32 Version: 1.00.3201) Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117) Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05) Aloha TriPeaks (x32 Version: 2.2.0.98) Apple Application Support (x32 Version: 2.3.4) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (x32 Version: 2.1.3.127) avast! Free Antivirus (x32 Version: 9.0.2008) Backup Manager v4 (x32 Version: 4.0.0.0059) Bejeweled 3 (x32 Version: 2.2.0.98) Bonjour (Version: 3.0.0.10) Broadcom Card Reader Driver Installer (Version: 15.4.7.1) clear.fi Media (x32 Version: 2.01.3108) clear.fi Photo (x32 Version: 2.01.3108) CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3103_44819) Dritek Radio Controller (x32 Version: 2.02.2001.0803) eBay Worldwide (x32 Version: 2.3.0630) Google Chrome (x32 Version: 31.0.1650.57) Google Chrome Frame (x32 Version: 65.107.16500) Google Update Helper (x32 Version: 1.3.21.165) Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110) Identity Card (x32 Version: 2.00.3004) Intel(R) Management Engine Components (x32 Version: 8.1.0.1252) Intel(R) Processor Graphics (x32 Version: 9.17.10.2867) Intel(R) Rapid Storage Technology (x32 Version: 11.5.4.1001) Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149) Intel® Trusted Connect Service Client (Version: 1.24.388.1) Island Tribe (x32 Version: 2.2.0.98) iTunes (Version: 11.0.3.42) John Deere Drive Green (x32 Version: 2.2.0.95) Launch Manager (x32 Version: 7.0.7) Live Updater (x32 Version: 2.00.3004) Magic Academy (x32 Version: 2.2.0.98) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) Microsoft Office (x32 Version: 14.0.6120.5004) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0) Mozilla Firefox 21.0 (x86 de) (x32 Version: 21.0) Mozilla Maintenance Service (x32 Version: 21.0) MyWinLocker (Version: 4.0.14.35) MyWinLocker 4 (x32 Version: 4.0.14.35) MyWinLocker Suite (x32 Version: 4.0.14.24) NTI Media Maker 9 (x32 Version: 9.0.2.9008) Office Addin (x32 Version: 2.01.3200) Office Addin 2003 (x32 Version: 2.01.3200) OpenOffice 4.0.0 (x32 Version: 4.00.9702) OpenSC (x32 Version: 0.13.0.0) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6657) Samsung Scan Assistant (x32 Version: 1.05.07 (20.07.2012)) Samsung Universal Print Driver 2 (x32 Version: 2.50.02.00) Samsung Universal Scan Driver (x32 Version: 1.2.19.0) Shared C Run-time for x64 (Version: 10.0.0) Shredder (Version: 2.0.8.9) Shredder (x32 Version: 2.0.8.9) Spotify (x32 Version: 0.8.4.99.ga249b5f1) Synaptics Pointing Device Driver (Version: 16.2.19.52) Update Installer for WildTangent Games App (x32) Visual Studio 2005 Tools for Office Second Edition Runtime (x32) Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729) Visual Studio Tools for the Office system 3.0 Runtime (x32) Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (x32 Version: 1) WildTangent Games (x32 Version: 1.0.3.0) WildTangent Games App (x32 Version: 4.0.10.16) Windows-Treiberpaket - XIRING (phiccidxp) SmartCardReader (09/17/2010 3.0.0.0) (Version: 09/17/2010 3.0.0.0) ==================== Restore Points ========================= 15-10-2013 19:33:59 Windows Update 23-11-2013 12:09:44 avast! antivirus system restore point ==================== Hosts content: ========================== 2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {1C56FD5E-D85C-41E5-9224-C897114D1757} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PmmUpdate.exe [2012-07-12] (Egis Technology Inc.) Task: {496E7BE5-48B0-453D-A3DC-E2319F3115E9} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\System32\NotificationUI.exe [2013-08-16] (Microsoft Corporation) Task: {499E211F-9AB6-4510-87F4-BD691A0B4BAA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-19] (Google Inc.) Task: {4FDC2660-5A51-47D4-B069-9C6D8B536BD6} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2012-07-31] (Acer Incorporated) Task: {52EF4DF8-76E9-4CC4-AA1D-F6AE1AB61497} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] () Task: {5CC96094-35C5-4BE2-BF41-00EB21ACA557} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink) Task: {8EFFB6B2-C6B9-4BD7-8732-92C1FA201EBD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-11-23] (AVAST Software) Task: {93347DF4-5F18-4248-AEE6-D871894B8294} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-08-30] () Task: {A2D5D65D-E8A4-4817-9EC3-CA8FD66CF735} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-10] (Adobe Systems Incorporated) Task: {C01E1A2E-ABF6-404C-A1F6-D2CFE755EC49} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-19] (Google Inc.) Task: {E1D23CED-73F2-4F1E-BFC1-9C85740BE070} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-22] (Acer Incorporated) Task: {FBA71317-EB0D-4719-A075-715EE0EA0F86} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-06-22 02:12 - 2012-06-22 02:12 - 01407568 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll 2012-10-29 06:33 - 2012-10-23 19:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2013-11-23 13:16 - 2013-11-22 11:15 - 02147840 _____ () C:\Program Files\AVAST Software\Avast\defs\13112200\algo.dll 2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2012-08-23 07:26 - 2012-08-23 07:26 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll 2012-08-23 07:25 - 2012-08-23 07:25 - 00125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll 2012-08-23 07:26 - 2012-08-23 07:26 - 00155712 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll 2012-08-23 07:25 - 2012-08-23 07:25 - 00118336 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll 2012-08-23 07:25 - 2012-08-23 07:25 - 01081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll 2012-08-23 07:25 - 2012-08-23 07:25 - 00052288 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll 2012-08-23 07:26 - 2012-08-23 07:26 - 00727616 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll 2013-11-23 13:15 - 2013-11-23 13:15 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2012-12-08 23:55 - 2012-06-25 18:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2013-06-11 15:40 - 2013-06-11 15:40 - 03128728 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/23/2013 05:14:22 PM) (Source: Application Hang) (User: ) Description: Programm FRST64.exe, Version 3.3.8.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: bec Startzeit: 01cee85a5ab11f7c Endzeit: 4294967295 Anwendungspfad: C:\Users\Admin\Downloads\FRST64.exe Berichts-ID: 4fbb6279-545a-11e3-bef0-2089844d4441 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (11/22/2013 04:15:06 PM) (Source: Customer Experience Improvement Program) (User: ) Description: 80070005 Error: (11/20/2013 06:37:09 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4047 Error: (11/20/2013 06:37:09 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 4047 Error: (11/20/2013 06:37:09 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (11/20/2013 06:37:07 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2047 Error: (11/20/2013 06:37:07 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2047 Error: (11/20/2013 06:37:07 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (11/20/2013 02:34:31 PM) (Source: Customer Experience Improvement Program) (User: ) Description: 80070005 Error: (11/19/2013 07:39:02 PM) (Source: Customer Experience Improvement Program) (User: ) Description: 80070005 System errors: ============= Error: (11/23/2013 02:04:35 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT) Description: 0xc000014d0 Error: (11/23/2013 01:19:42 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT) Description: 0xc000014d0 Error: (11/23/2013 01:16:06 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "avast! Antivirus" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error: (11/23/2013 01:07:46 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "atalahrn" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (11/23/2013 01:06:16 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "ggmwsbul" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (11/20/2013 03:23:44 PM) (Source: DCOM) (User: ****-PC) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}****-PCAdminS-1-5-21-3602819622-969200579-1080763390-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (11/20/2013 03:23:44 PM) (Source: DCOM) (User: ****-PC) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}*****-PCAdminS-1-5-21-3602819622-969200579-1080763390-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (11/20/2013 03:23:44 PM) (Source: DCOM) (User: *****-PC) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}****-PCAdminS-1-5-21-3602819622-969200579-1080763390-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (11/20/2013 03:23:44 PM) (Source: DCOM) (User: *****-PC) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}*****-PCAdminS-1-5-21-3602819622-969200579-1080763390-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (11/20/2013 03:23:43 PM) (Source: DCOM) (User: Jäger-PC) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}*****-PCAdminS-1-5-21-3602819622-969200579-1080763390-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Microsoft Office Sessions: ========================= Error: (11/23/2013 05:14:22 PM) (Source: Application Hang)(User: ) Description: FRST64.exe3.3.8.1bec01cee85a5ab11f7c4294967295C:\Users\Admin\Downloads\FRST64.exe4fbb6279-545a-11e3-bef0-2089844d4441 Error: (11/22/2013 04:15:06 PM) (Source: Customer Experience Improvement Program)(User: ) Description: 80070005 Error: (11/20/2013 06:37:09 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4047 Error: (11/20/2013 06:37:09 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 4047 Error: (11/20/2013 06:37:09 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (11/20/2013 06:37:07 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2047 Error: (11/20/2013 06:37:07 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2047 Error: (11/20/2013 06:37:07 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (11/20/2013 02:34:31 PM) (Source: Customer Experience Improvement Program)(User: ) Description: 80070005 Error: (11/19/2013 07:39:02 PM) (Source: Customer Experience Improvement Program)(User: ) Description: 80070005 ==================== Memory info =========================== Percentage of memory in use: 29% Total physical RAM: 8005.27 MB Available physical RAM: 5616.04 MB Total Pagefile: 9221.27 MB Available Pagefile: 6934.45 MB Total Virtual: 8192 MB Available Virtual: 8191.77 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:447.69 GB) (Free:388.3 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 1EB4888C) Partition: GPT Partition Type ==================== End Of Log ============================ Liebe Grüße Hallo nochmal, Ich habe den Laptop dann kurzerhand doch neu aufgesetzt. Bis jetzt habe ich nur Firefox installiert und das läuft weitestgehend ohne Werbung. Kann ich davon ausgehen, dass die Malware von meinem Laptop runter ist? Liebe grüße |
24.11.2013, 08:59 | #4 |
/// the machine /// TB-Ausbilder | Windows 8 Laptop-Sehr viel Werbung in Browsern Wenn Du formatiert hast klar
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Windows 8 Laptop-Sehr viel Werbung in Browsern |
administrator, anti-malware, antivir, appdata, autostart, avast, bli, browser, code, dateien, explorer, firefox, gelöscht, infizierte, laptop, log, malwarebytes, microsoft, problem, seite, seiten, software, speicher, viel werbung, werbung, windows |