|
Plagegeister aller Art und deren Bekämpfung: nationzoom lässt sich nicht entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
08.02.2014, 10:59 | #1 |
| nationzoom lässt sich nicht entfernen hallo ich habe wirklich sehr wenig ahnung von pc`s und mein problem ist "nationzoom" welches meine startseite erobert hat das möchte ich ändern . egal wie oft ich google als startseite eingebe es erscheint immer wieder nationzoom. Bitte kann mir jemand weiterhelfen??? Ich habe meinen laptop durchsucht aber ich kann da nichts finden. |
08.02.2014, 11:29 | #2 |
/// the machine /// TB-Ausbilder | nationzoom lässt sich nicht entfernen hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
08.02.2014, 11:48 | #3 |
| nationzoom lässt sich nicht entfernen FRST Logfile:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-02-2014 Ran by Mandy (administrator) on MANDY-ZUHAUSE on 08-02-2014 11:41:52 Running from C:\Users\Mandy\Downloads Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe (Fujitsu Technology Solutions) C:\Program Files\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Updater) C:\ProgramData\Updater\updater.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.exe (Parallel Lines Development, LLC) C:\ProgramData\InternetUpdater\InternetUpdaterService.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe (CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe (WatchDog) C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe (WatchDog) C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe (WatchDog) C:\ProgramData\RHelpers\IeHelper\IeHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1578280 2009-10-09] (Synaptics Incorporated) HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [ConMgr] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe [504208 2009-12-24] (CSR, plc) HKLM\...\Run: [CSRSkype] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe [346512 2009-12-24] (CSR, plc) HKLM\...\Run: [DeskUpdateNotifier] - C:\Program Files\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe [102968 2013-02-26] (Fujitsu Technology Solutions) HKLM\...\Run: [FDM7] - C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [128360 2009-11-26] (FUJITSU LIMITED) HKLM\...\Run: [IndicatorUtility] - C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED) HKLM\...\Run: [LoadBtnHnd] - C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [33640 2009-10-15] (FUJITSU LIMITED) HKLM\...\Run: [LoadFUJ02E3] - C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [36712 2009-10-14] (FUJITSU LIMITED) HKLM\...\Run: [LoadFujitsuQuickTouch] - C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [138088 2009-10-15] (FUJITSU LIMITED) HKLM\...\Run: [PfNet] - C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe [6311424 2010-06-23] (FUJITSU LIMITED) HKLM\...\Run: [PSUTility] - C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [144744 2009-07-27] (FUJITSU LIMITED) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe HKLM\...\Run: [Updater] - C:\ProgramData\Updater\Updater.exe [486264 2013-12-18] (Updater) HKLM\...\Run: [] - [X] HKU\S-1-5-21-3108434708-521570234-33046430-1000\...\Run: [ccleaner] - C:\Program Files\CCleaner\CCleaner.exe [2696512 2011-12-20] (Piriform Ltd) HKU\S-1-5-21-3108434708-521570234-33046430-1000\...\Run: [NextLive] - C:\Windows\system32\rundll32.exe "C:\Users\Mandy\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l HKU\S-1-5-21-3108434708-521570234-33046430-1000\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe [486264 2013-12-18] (Updater) HKU\S-1-5-21-3108434708-521570234-33046430-1000\...\MountPoints2: {60858773-4458-11e1-92ff-4cedde8a3ba8} - "G:\WD SmartWare.exe" autoplay=true ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1B7F3521A887CD01 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1388944963&from=tugs&uid=ST9320325AS_S2W2E364XXXXS2W2E364 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1388944963&from=tugs&uid=ST9320325AS_S2W2E364XXXXS2W2E364&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1388944963&from=tugs&uid=ST9320325AS_S2W2E364XXXXS2W2E364 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1388944963&from=tugs&uid=ST9320325AS_S2W2E364XXXXS2W2E364 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1388944963&from=tugs&uid=ST9320325AS_S2W2E364XXXXS2W2E364&q={searchTerms} URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1388944963&from=tugs&uid=ST9320325AS_S2W2E364XXXXS2W2E364 SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {DFF6D315-9F1B-41A5-8E18-652FC7FE9C02} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=8e58e729-03eb-4c75-842e-b470d01e074e&apn_sauid=9B715BEF-0081-4CB2-83D9-BB4C5A18DC8A BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: iminent Helper Object - {112BA211-334C-4A90-90EC-2AD1CDAB287C} - C:\Program Files\IminentToolbar\1.8.21.26\bh\iminent.dll No File Toolbar: HKLM - Iminent Toolbar - {1FAFD711-ABF9-4F6A-8130-5166C7371427} - C:\Program Files\IminentToolbar\1.8.21.26\iminentTlbr.dll No File DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 09 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\kpgtritv.default FF Homepage: https://www.google.de/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe hxxp://www.nationzoom.com/?type=sc&ts=1388944963&from=tugs&uid=ST9320325AS_S2W2E364XXXXS2W2E364 Chrome: ======= CHR Extension: (Avira Toolbar) - C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl [2012-11-15] CHR Extension: (DVDVideoSoft) - C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-08-24] CHR Extension: (Google Wallet) - C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24] CHR HKLM\...\Chrome\Extension: [aaaaabfjnbeinlpljodiajipidiompfl] - C:\Users\Mandy\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.11.0.crx [2012-11-15] CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-08-24] CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe hxxp://www.nationzoom.com/?type=sc&ts=1388944963&from=tugs&uid=ST9320325AS_S2W2E364XXXXS2W2E364 CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-06] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-17] (Avira Operations GmbH & Co. KG) R2 InternetUpdater; C:\ProgramData\InternetUpdater\InternetUpdaterService.exe [45568 2014-01-15] (Parallel Lines Development, LLC) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.) R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [249344 2010-06-23] (FUJITSU LIMITED) R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [62824 2009-07-27] (FUJITSU LIMITED) R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [111536 2009-12-24] (CSR, plc) S2 ca82e1a5; "C:\Windows\system32\rundll32.exe" "c:\progra~1\optimi~1\OptProCrashSvc.dll",ServiceMain ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-06] (Avira Operations GmbH & Co. KG) R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [5888 2006-11-01] (FUJITSU LIMITED) S3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider) S3 rstescu; C:\Windows\system32\drivers\rstescu.sys [538648 2011-03-25] (Intel Corporation) S3 rstescu1; C:\Windows\system32\drivers\rstescu1.sys [538648 2011-03-25] (Intel Corporation) R0 rstfltr; C:\Windows\System32\drivers\rstfltr.sys [19992 2011-03-25] (Intel Corporation) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-08 11:41 - 2014-02-08 11:42 - 00014008 _____ () C:\Users\Mandy\Downloads\FRST.txt 2014-02-08 11:41 - 2014-02-08 11:41 - 01136640 _____ (Farbar) C:\Users\Mandy\Downloads\FRST.exe 2014-02-08 11:41 - 2014-02-08 11:41 - 00000000 ____D () C:\FRST 2014-02-08 11:38 - 2014-02-08 11:38 - 01431792 _____ (iMesh Inc) C:\Users\Mandy\Downloads\iMeshSetup-r1487-w-bf.exe 2014-02-08 11:38 - 2014-02-08 11:38 - 00000000 ____D () C:\Program Files\iMesh Applications 2014-02-08 09:38 - 2014-02-08 11:25 - 00011233 _____ () C:\Windows\WindowsUpdate.log 2014-02-08 09:28 - 2014-02-08 09:28 - 00000000 ____D () C:\Users\Mandy\Downloads\AdwCleaner_TSV43TE60 2014-02-08 09:26 - 2014-02-08 09:27 - 00657824 _____ (Conduit) C:\Users\Mandy\Downloads\AdwCleaner_TSV43TE60.exe 2014-01-29 14:39 - 2014-01-29 14:39 - 01166132 _____ () C:\Users\Mandy\Desktop\adwcleaner.exe 2014-01-21 21:05 - 2014-01-21 21:05 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-01-18 16:14 - 2014-01-18 16:14 - 00000000 ____D () C:\Firefox 2014-01-18 16:12 - 2014-01-21 20:59 - 00000000 ____D () C:\ProgramData\InternetUpdater 2014-01-18 16:11 - 2014-02-08 09:53 - 00000000 ____D () C:\AdwCleaner 2014-01-18 16:01 - 2014-01-18 16:01 - 00000000 ____D () C:\ProgramData\Updater 2014-01-18 16:01 - 2014-01-18 16:01 - 00000000 ____D () C:\ProgramData\RHelpers 2014-01-16 18:04 - 2014-01-16 18:04 - 00465272 _____ () C:\Users\Mandy\Downloads\JFileManager.exe 2014-01-16 18:03 - 2014-01-16 18:03 - 05028760 _____ (Systweak Inc ) C:\Users\Mandy\Downloads\rcpsetup_chip_de_chip_de(1).exe 2014-01-16 18:02 - 2014-01-16 18:02 - 05028760 _____ (Systweak Inc ) C:\Users\Mandy\Downloads\rcpsetup_chip_de_chip_de.exe 2014-01-16 17:25 - 2014-01-16 17:25 - 00458656 _____ () C:\Users\Mandy\Downloads\Setup.exe 2014-01-16 16:54 - 2013-11-27 02:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-01-16 16:54 - 2013-11-27 02:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-01-16 16:54 - 2013-11-27 02:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-01-16 16:54 - 2013-11-27 02:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-01-16 16:54 - 2013-11-27 02:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-01-16 16:54 - 2013-11-27 02:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-01-16 16:54 - 2013-11-27 02:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-01-16 16:54 - 2013-11-26 12:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-01-16 16:54 - 2013-11-26 11:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys ==================== One Month Modified Files and Folders ======= 2014-02-08 11:42 - 2014-02-08 11:41 - 00014008 _____ () C:\Users\Mandy\Downloads\FRST.txt 2014-02-08 11:41 - 2014-02-08 11:41 - 01136640 _____ (Farbar) C:\Users\Mandy\Downloads\FRST.exe 2014-02-08 11:41 - 2014-02-08 11:41 - 00000000 ____D () C:\FRST 2014-02-08 11:38 - 2014-02-08 11:38 - 01431792 _____ (iMesh Inc) C:\Users\Mandy\Downloads\iMeshSetup-r1487-w-bf.exe 2014-02-08 11:38 - 2014-02-08 11:38 - 00000000 ____D () C:\Program Files\iMesh Applications 2014-02-08 11:25 - 2014-02-08 09:38 - 00011233 _____ () C:\Windows\WindowsUpdate.log 2014-02-08 10:48 - 2013-11-28 22:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-02-08 10:45 - 2011-12-24 22:04 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-02-08 09:53 - 2014-01-18 16:11 - 00000000 ____D () C:\AdwCleaner 2014-02-08 09:43 - 2009-07-14 05:34 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-08 09:43 - 2009-07-14 05:34 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-08 09:35 - 2014-01-05 19:03 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\newnext.me 2014-02-08 09:35 - 2011-12-24 22:04 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-02-08 09:35 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-08 09:28 - 2014-02-08 09:28 - 00000000 ____D () C:\Users\Mandy\Downloads\AdwCleaner_TSV43TE60 2014-02-08 09:27 - 2014-02-08 09:26 - 00657824 _____ (Conduit) C:\Users\Mandy\Downloads\AdwCleaner_TSV43TE60.exe 2014-02-06 19:48 - 2012-03-30 20:46 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-02-06 19:48 - 2011-11-14 14:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-02-03 17:11 - 2012-01-15 12:39 - 00000000 ____D () C:\Users\Mandy\AppData\Local\Adobe 2014-01-29 14:39 - 2014-01-29 14:39 - 01166132 _____ () C:\Users\Mandy\Desktop\adwcleaner.exe 2014-01-21 21:45 - 2014-01-05 19:02 - 00000000 ____D () C:\ProgramData\WPM 2014-01-21 21:05 - 2014-01-21 21:05 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-01-21 20:59 - 2014-01-18 16:12 - 00000000 ____D () C:\ProgramData\InternetUpdater 2014-01-21 19:31 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-01-18 17:06 - 2013-08-24 11:33 - 00000862 _____ () C:\Windows\system32\InstallUtil.InstallLog 2014-01-18 16:14 - 2014-01-18 16:14 - 00000000 ____D () C:\Firefox 2014-01-18 16:01 - 2014-01-18 16:01 - 00000000 ____D () C:\ProgramData\Updater 2014-01-18 16:01 - 2014-01-18 16:01 - 00000000 ____D () C:\ProgramData\RHelpers 2014-01-16 21:01 - 2009-07-14 05:33 - 00268272 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-01-16 20:58 - 2009-07-14 05:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-01-16 18:49 - 2013-08-15 18:05 - 00000000 ____D () C:\Windows\system32\MRT 2014-01-16 18:47 - 2012-11-18 19:03 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-01-16 18:04 - 2014-01-16 18:04 - 00465272 _____ () C:\Users\Mandy\Downloads\JFileManager.exe 2014-01-16 18:03 - 2014-01-16 18:03 - 05028760 _____ (Systweak Inc ) C:\Users\Mandy\Downloads\rcpsetup_chip_de_chip_de(1).exe 2014-01-16 18:02 - 2014-01-16 18:02 - 05028760 _____ (Systweak Inc ) C:\Users\Mandy\Downloads\rcpsetup_chip_de_chip_de.exe 2014-01-16 17:25 - 2014-01-16 17:25 - 00458656 _____ () C:\Users\Mandy\Downloads\Setup.exe 2014-01-16 17:21 - 2012-11-18 18:50 - 00000000 ____D () C:\Users\Mandy\AppData\Local\DoNotTrackPlus 2014-01-10 19:50 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache Some content of TEMP: ==================== C:\Users\Mandy\AppData\Local\Temp\avgnt.exe C:\Users\Mandy\AppData\Local\Temp\nse8A2C.exe C:\Users\Mandy\AppData\Local\Temp\nsj2CB0.exe C:\Users\Mandy\AppData\Local\Temp\nsj3143.exe C:\Users\Mandy\AppData\Local\Temp\nsj8CFB.exe C:\Users\Mandy\AppData\Local\Temp\nsj9056.exe C:\Users\Mandy\AppData\Local\Temp\nst28F7.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-10 19:42 ==================== End Of Log ============================ --- --- --- ist das richtig und nun?? Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-02-2014 Ran by Mandy at 2014-02-08 11:42:31 Running from C:\Users\Mandy\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Adobe Flash Player 12 ActiveX (Version: 12.0.0.44 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (Version: 12.0.0.44 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) - Deutsch (Version: 11.0.06 - Adobe Systems Incorporated) Avira Free Antivirus (Version: 14.0.2.286 - Avira) Bluetooth Feature Pack 5.0 (Version: 5.0.14 - CSR Plc.) Canon MP550 series MP Drivers (Version: - ) CCleaner (Version: 3.14 - Piriform) DeskUpdate (Version: 4.14.0118 - Fujitsu Technology Solutions) FileParade bundle uninstaller (Version: 1.0.0.0 - FileParade) Free YouTube to MP3 Converter version 3.12.11.812 (Version: 3.12.11.812 - DVDVideoSoft Ltd.) Fujitsu Display Manager (Version: 7.00.20.210 - Ihr Firmenname) Fujitsu Display Manager (Version: 7.00.20.210 - Ihr Firmenname) Hidden Fujitsu Hotkey Utility (Version: 3.60.1.0 - FUJITSU LIMITED) Fujitsu Hotkey Utility (Version: 3.60.1.0 - FUJITSU LIMITED) Hidden Fujitsu MobilityCenter Extension Utility (Version: 3.00.00.000 - Ihr Firmenname) Fujitsu MobilityCenter Extension Utility (Version: 3.00.00.000 - Ihr Firmenname) Hidden Fujitsu System Extension Utility (Version: 3.1.1.0 - FUJITSU LIMITED) Fujitsu System Extension Utility (Version: 3.1.1.0 - FUJITSU LIMITED) Hidden Google Chrome (Version: 31.0.1650.63 - Google Inc.) Google Earth (Version: 7.1.2.2041 - Google) Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden Internet Updater (Version: 2.6.57 - Parallel Lines Development, LLC) <==== ATTENTION LG Internet Kit (Version: 4.2.1 - LG Electronics) LG USB Modem Drivers (Version: 4.9.7 - LG Electronics) LifeBook Application Panel (Version: 8.1.0.0 - FUJITSU LIMITED) LifeBook Application Panel (Version: 8.1.0.0 - FUJITSU LIMITED) Hidden McAfee Security Scan Plus (Version: 3.8.130.10 - McAfee, Inc.) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: - ) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Microsoft Silverlight (Version: 4.0.60310.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla) Mozilla Maintenance Service (Version: 26.0 - Mozilla) Plugfree NETWORK (Version: 5.3.0.1 - FUJITSU LIMITED) Plugfree NETWORK (Version: 5.3.001 - FUJITSU LIMITED) Hidden Power Saving Utility (Version: 31.00.11.013 - FUJITSU LIMITED) Power Saving Utility (Version: 31.00.11.013 - FUJITSU LIMITED) Hidden Synaptics Pointing Device Driver (Version: 14.0.10.0 - Synaptics Incorporated) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation) Updater (Version: 2.6.53 - Creative Island Media, LLC) <==== ATTENTION VLC media player 1.3.0-git-20111225-0102 (Version: 1.3.0-git-20111225-0102 - VideoLAN) ==================== Restore Points ========================= ==================== Hosts content: ========================== 2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {25BDF437-F6A5-4947-A6B7-BB693CD4B2B5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-12-24] (Google Inc.) Task: {3F6A04A3-538F-420A-BB2F-67A79C518057} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe Task: {BC5BAC85-9992-4A7B-93F9-48BC2D8E4E9B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-12-24] (Google Inc.) Task: {BDD0B16B-84A3-436F-9AAD-C2DD4556B1F2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-06] (Adobe Systems Incorporated) Task: {D7D35595-F521-41A0-9346-2E690CC6F33A} - System32\Tasks\Fujitsu\DeskUpdate => C:\Program Files\Fujitsu\DeskUpdate\ducmd.exe [2013-02-26] (Fujitsu Technology Solutions) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2011-08-31 19:13 - 2011-08-31 19:13 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll 2013-12-21 13:28 - 2013-12-21 13:28 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:373E1720 ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/08/2014 09:36:45 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/08/2014 09:20:59 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/07/2014 11:51:47 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/06/2014 07:12:31 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/06/2014 09:40:23 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 26.0.0.5087, Zeitstempel: 0x52a0d273 Name des fehlerhaften Moduls: xul.dll, Version: 26.0.0.5087, Zeitstempel: 0x52a0d20a Ausnahmecode: 0xc0000005 Fehleroffset: 0x0014e1a8 ID des fehlerhaften Prozesses: 0xc94 Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0 Pfad der fehlerhaften Anwendung: firefox.exe1 Pfad des fehlerhaften Moduls: firefox.exe2 Berichtskennung: firefox.exe3 Error: (02/06/2014 09:18:05 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/06/2014 08:27:45 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/05/2014 09:09:07 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/03/2014 06:58:30 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/03/2014 04:52:03 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (02/08/2014 09:35:39 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Optimizer Pro Crash Monitor erreicht. Error: (02/07/2014 11:52:44 AM) (Source: DCOM) (User: ) Description: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (01/24/2014 06:13:07 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht. Error: (01/18/2014 03:26:44 PM) (Source: DCOM) (User: ) Description: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5} Error: (01/17/2014 08:47:56 PM) (Source: DCOM) (User: ) Description: {FE9617F6-E606-42AA-BECC-0E9CDA246D63} Error: (01/16/2014 09:06:45 PM) (Source: volsnap) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (01/16/2014 08:59:09 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT) Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007045b Error: (01/16/2014 06:47:02 PM) (Source: DCOM) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (01/10/2014 07:58:11 PM) (Source: volsnap) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (01/05/2014 10:13:26 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Microsoft Office Sessions: ========================= Error: (02/08/2014 09:36:45 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/08/2014 09:20:59 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/07/2014 11:51:47 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/06/2014 07:12:31 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/06/2014 09:40:23 AM) (Source: Application Error)(User: ) Description: firefox.exe26.0.0.508752a0d273xul.dll26.0.0.508752a0d20ac00000050014e1a8c9401cf2313caf9dbb1C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll51265674-8f0a-11e3-a187-4cedde8a3ba8 Error: (02/06/2014 09:18:05 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/06/2014 08:27:45 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/05/2014 09:09:07 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/03/2014 06:58:30 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/03/2014 04:52:03 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Percentage of memory in use: 57% Total physical RAM: 1908.55 MB Available physical RAM: 819.98 MB Total Pagefile: 3817.11 MB Available Pagefile: 2168.61 MB Total Virtual: 2047.88 MB Available Virtual: 1904.09 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:40 GB) (Free:7.99 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (ADDON_01) (Fixed) (Total:7 GB) (Free:2.03 GB) NTFS Drive e: (DRIVERS) (Fixed) (Total:9.77 GB) (Free:7.1 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 0832DE2D) Partition 1: (Active) - (Size=2 GB) - (Type=27) Partition 2: (Not Active) - (Size=40 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=7 GB) - (Type=OF Extended) ==================== End Of Log ============================ so und hier ist der rest und was mache ich jetzt |
09.02.2014, 08:49 | #4 |
/// the machine /// TB-Ausbilder | nationzoom lässt sich nicht entfernenSo funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Downloade dir bitte Shortcut Cleaner (by Grinler) auf deinen Desktop.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
10.02.2014, 16:37 | #5 |
| nationzoom lässt sich nicht entfernenFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-02-2014 03 Ran by Mandy (administrator) on MANDY-ZUHAUSE on 10-02-2014 16:28:42 Running from C:\Users\Mandy\Downloads Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe (Fujitsu Technology Solutions) C:\Program Files\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Updater) C:\ProgramData\Updater\updater.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.EXE (FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.EXE (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Parallel Lines Development, LLC) C:\ProgramData\InternetUpdater\InternetUpdaterService.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe (CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (WatchDog) C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe (WatchDog) C:\ProgramData\RHelpers\FireFoxHelper\FireFoxHelper.exe (WatchDog) C:\ProgramData\RHelpers\IEHelper\IeHelper.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1578280 2009-10-09] (Synaptics Incorporated) HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [ConMgr] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe [504208 2009-12-24] (CSR, plc) HKLM\...\Run: [CSRSkype] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe [346512 2009-12-24] (CSR, plc) HKLM\...\Run: [DeskUpdateNotifier] - C:\Program Files\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe [102968 2013-02-26] (Fujitsu Technology Solutions) HKLM\...\Run: [FDM7] - C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [128360 2009-11-26] (FUJITSU LIMITED) HKLM\...\Run: [IndicatorUtility] - C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED) HKLM\...\Run: [LoadBtnHnd] - C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [33640 2009-10-15] (FUJITSU LIMITED) HKLM\...\Run: [LoadFUJ02E3] - C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [36712 2009-10-14] (FUJITSU LIMITED) HKLM\...\Run: [LoadFujitsuQuickTouch] - C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [138088 2009-10-15] (FUJITSU LIMITED) HKLM\...\Run: [PfNet] - C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe [6311424 2010-06-23] (FUJITSU LIMITED) HKLM\...\Run: [PSUTility] - C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [144744 2009-07-27] (FUJITSU LIMITED) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe HKLM\...\Run: [Updater] - C:\ProgramData\Updater\Updater.exe [486264 2013-12-18] (Updater) HKLM\...\Run: [] - [X] HKU\S-1-5-21-3108434708-521570234-33046430-1000\...\Run: [ccleaner] - C:\Program Files\CCleaner\CCleaner.exe [2696512 2011-12-20] (Piriform Ltd) HKU\S-1-5-21-3108434708-521570234-33046430-1000\...\Run: [NextLive] - C:\Windows\system32\rundll32.exe "C:\Users\Mandy\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l HKU\S-1-5-21-3108434708-521570234-33046430-1000\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe [486264 2013-12-18] (Updater) HKU\S-1-5-21-3108434708-521570234-33046430-1000\...\MountPoints2: {60858773-4458-11e1-92ff-4cedde8a3ba8} - "G:\WD SmartWare.exe" autoplay=true ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1B7F3521A887CD01 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1388944963&from=tugs&uid=ST9320325AS_S2W2E364XXXXS2W2E364 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1388944963&from=tugs&uid=ST9320325AS_S2W2E364XXXXS2W2E364&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1388944963&from=tugs&uid=ST9320325AS_S2W2E364XXXXS2W2E364 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1388944963&from=tugs&uid=ST9320325AS_S2W2E364XXXXS2W2E364 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1388944963&from=tugs&uid=ST9320325AS_S2W2E364XXXXS2W2E364&q={searchTerms} URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1388944963&from=tugs&uid=ST9320325AS_S2W2E364XXXXS2W2E364 SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {DFF6D315-9F1B-41A5-8E18-652FC7FE9C02} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=8e58e729-03eb-4c75-842e-b470d01e074e&apn_sauid=9B715BEF-0081-4CB2-83D9-BB4C5A18DC8A BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: iminent Helper Object - {112BA211-334C-4A90-90EC-2AD1CDAB287C} - C:\Program Files\IminentToolbar\1.8.21.26\bh\iminent.dll No File Toolbar: HKLM - Iminent Toolbar - {1FAFD711-ABF9-4F6A-8130-5166C7371427} - C:\Program Files\IminentToolbar\1.8.21.26\iminentTlbr.dll No File DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 09 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\kpgtritv.default FF Homepage: https://www.google.de/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe hxxp://www.nationzoom.com/?type=sc&ts=1388944963&from=tugs&uid=ST9320325AS_S2W2E364XXXXS2W2E364 Chrome: ======= CHR Extension: (Avira Toolbar) - C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl [2012-11-15] CHR Extension: (DVDVideoSoft) - C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-08-24] CHR Extension: (Google Wallet) - C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24] CHR HKLM\...\Chrome\Extension: [aaaaabfjnbeinlpljodiajipidiompfl] - C:\Users\Mandy\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.11.0.crx [2012-11-15] CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-08-24] CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe hxxp://www.nationzoom.com/?type=sc&ts=1388944963&from=tugs&uid=ST9320325AS_S2W2E364XXXXS2W2E364 CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-06] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-17] (Avira Operations GmbH & Co. KG) R2 InternetUpdater; C:\ProgramData\InternetUpdater\InternetUpdaterService.exe [45568 2014-01-15] (Parallel Lines Development, LLC) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.) R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [249344 2010-06-23] (FUJITSU LIMITED) R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [62824 2009-07-27] (FUJITSU LIMITED) R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [111536 2009-12-24] (CSR, plc) S2 ca82e1a5; "C:\Windows\system32\rundll32.exe" "c:\progra~1\optimi~1\OptProCrashSvc.dll",ServiceMain ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-06] (Avira Operations GmbH & Co. KG) R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [5888 2006-11-01] (FUJITSU LIMITED) S3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider) S3 rstescu; C:\Windows\system32\drivers\rstescu.sys [538648 2011-03-25] (Intel Corporation) S3 rstescu1; C:\Windows\system32\drivers\rstescu1.sys [538648 2011-03-25] (Intel Corporation) R0 rstfltr; C:\Windows\System32\drivers\rstfltr.sys [19992 2011-03-25] (Intel Corporation) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-10 16:28 - 2014-02-10 16:28 - 00000000 ____D () C:\Users\Mandy\Downloads\FRST-OlderVersion 2014-02-10 16:07 - 2014-02-10 16:19 - 00003960 _____ () C:\Windows\setupact.log 2014-02-10 16:07 - 2014-02-10 16:07 - 00000000 _____ () C:\Windows\setuperr.log 2014-02-09 21:20 - 2014-02-10 16:18 - 00028195 _____ () C:\Windows\WindowsUpdate.log 2014-02-08 21:06 - 2014-02-08 21:06 - 00000000 ____D () C:\ProgramData\Websteroids 2014-02-08 11:42 - 2014-02-08 11:44 - 00014445 _____ () C:\Users\Mandy\Downloads\Addition.txt 2014-02-08 11:41 - 2014-02-10 16:28 - 01138688 _____ (Farbar) C:\Users\Mandy\Downloads\FRST.exe 2014-02-08 11:41 - 2014-02-10 16:28 - 00014266 _____ () C:\Users\Mandy\Downloads\FRST.txt 2014-02-08 11:41 - 2014-02-10 16:28 - 00000000 ____D () C:\FRST 2014-02-08 09:28 - 2014-02-08 09:28 - 00000000 ____D () C:\Users\Mandy\Downloads\AdwCleaner_TSV43TE60 2014-02-08 09:26 - 2014-02-08 09:27 - 00657824 _____ (Conduit) C:\Users\Mandy\Downloads\AdwCleaner_TSV43TE60.exe 2014-01-29 14:39 - 2014-01-29 14:39 - 01166132 _____ () C:\Users\Mandy\Desktop\adwcleaner.exe 2014-01-21 21:05 - 2014-01-21 21:05 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-01-18 16:14 - 2014-01-18 16:14 - 00000000 ____D () C:\Firefox 2014-01-18 16:12 - 2014-01-21 20:59 - 00000000 ____D () C:\ProgramData\InternetUpdater 2014-01-18 16:11 - 2014-02-10 16:18 - 00000000 ____D () C:\AdwCleaner 2014-01-18 16:01 - 2014-01-18 16:01 - 00000000 ____D () C:\ProgramData\Updater 2014-01-18 16:01 - 2014-01-18 16:01 - 00000000 ____D () C:\ProgramData\RHelpers 2014-01-16 18:04 - 2014-01-16 18:04 - 00465272 _____ () C:\Users\Mandy\Downloads\JFileManager.exe 2014-01-16 18:03 - 2014-01-16 18:03 - 05028760 _____ (Systweak Inc ) C:\Users\Mandy\Downloads\rcpsetup_chip_de_chip_de(1).exe 2014-01-16 18:02 - 2014-01-16 18:02 - 05028760 _____ (Systweak Inc ) C:\Users\Mandy\Downloads\rcpsetup_chip_de_chip_de.exe 2014-01-16 17:25 - 2014-01-16 17:25 - 00458656 _____ () C:\Users\Mandy\Downloads\Setup.exe 2014-01-16 16:54 - 2013-11-27 02:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-01-16 16:54 - 2013-11-27 02:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-01-16 16:54 - 2013-11-27 02:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-01-16 16:54 - 2013-11-27 02:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-01-16 16:54 - 2013-11-27 02:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-01-16 16:54 - 2013-11-27 02:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-01-16 16:54 - 2013-11-27 02:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-01-16 16:54 - 2013-11-26 12:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-01-16 16:54 - 2013-11-26 11:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys ==================== One Month Modified Files and Folders ======= 2014-02-10 16:29 - 2014-02-08 11:41 - 00014266 _____ () C:\Users\Mandy\Downloads\FRST.txt 2014-02-10 16:28 - 2014-02-10 16:28 - 00000000 ____D () C:\Users\Mandy\Downloads\FRST-OlderVersion 2014-02-10 16:28 - 2014-02-08 11:41 - 01138688 _____ (Farbar) C:\Users\Mandy\Downloads\FRST.exe 2014-02-10 16:28 - 2014-02-08 11:41 - 00000000 ____D () C:\FRST 2014-02-10 16:27 - 2009-07-14 05:34 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-10 16:27 - 2009-07-14 05:34 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-10 16:23 - 2014-02-09 21:20 - 00028195 _____ () C:\Windows\WindowsUpdate.log 2014-02-10 16:20 - 2014-01-05 19:03 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\newnext.me 2014-02-10 16:19 - 2014-02-10 16:07 - 00003960 _____ () C:\Windows\setupact.log 2014-02-10 16:19 - 2011-12-24 22:04 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-02-10 16:19 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-10 16:18 - 2014-01-18 16:11 - 00000000 ____D () C:\AdwCleaner 2014-02-10 16:07 - 2014-02-10 16:07 - 00000000 _____ () C:\Windows\setuperr.log 2014-02-09 21:48 - 2013-11-28 22:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-02-09 21:45 - 2011-12-24 22:04 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-02-08 21:06 - 2014-02-08 21:06 - 00000000 ____D () C:\ProgramData\Websteroids 2014-02-08 11:44 - 2014-02-08 11:42 - 00014445 _____ () C:\Users\Mandy\Downloads\Addition.txt 2014-02-08 09:28 - 2014-02-08 09:28 - 00000000 ____D () C:\Users\Mandy\Downloads\AdwCleaner_TSV43TE60 2014-02-08 09:27 - 2014-02-08 09:26 - 00657824 _____ (Conduit) C:\Users\Mandy\Downloads\AdwCleaner_TSV43TE60.exe 2014-02-06 19:48 - 2012-03-30 20:46 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-02-06 19:48 - 2011-11-14 14:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-02-03 17:11 - 2012-01-15 12:39 - 00000000 ____D () C:\Users\Mandy\AppData\Local\Adobe 2014-01-29 14:39 - 2014-01-29 14:39 - 01166132 _____ () C:\Users\Mandy\Desktop\adwcleaner.exe 2014-01-21 21:45 - 2014-01-05 19:02 - 00000000 ____D () C:\ProgramData\WPM 2014-01-21 21:05 - 2014-01-21 21:05 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-01-21 20:59 - 2014-01-18 16:12 - 00000000 ____D () C:\ProgramData\InternetUpdater 2014-01-21 19:31 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-01-18 17:06 - 2013-08-24 11:33 - 00000862 _____ () C:\Windows\system32\InstallUtil.InstallLog 2014-01-18 16:14 - 2014-01-18 16:14 - 00000000 ____D () C:\Firefox 2014-01-18 16:01 - 2014-01-18 16:01 - 00000000 ____D () C:\ProgramData\Updater 2014-01-18 16:01 - 2014-01-18 16:01 - 00000000 ____D () C:\ProgramData\RHelpers 2014-01-16 21:01 - 2009-07-14 05:33 - 00268272 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-01-16 20:58 - 2009-07-14 05:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-01-16 18:49 - 2013-08-15 18:05 - 00000000 ____D () C:\Windows\system32\MRT 2014-01-16 18:47 - 2012-11-18 19:03 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-01-16 18:04 - 2014-01-16 18:04 - 00465272 _____ () C:\Users\Mandy\Downloads\JFileManager.exe 2014-01-16 18:03 - 2014-01-16 18:03 - 05028760 _____ (Systweak Inc ) C:\Users\Mandy\Downloads\rcpsetup_chip_de_chip_de(1).exe 2014-01-16 18:02 - 2014-01-16 18:02 - 05028760 _____ (Systweak Inc ) C:\Users\Mandy\Downloads\rcpsetup_chip_de_chip_de.exe 2014-01-16 17:25 - 2014-01-16 17:25 - 00458656 _____ () C:\Users\Mandy\Downloads\Setup.exe 2014-01-16 17:21 - 2012-11-18 18:50 - 00000000 ____D () C:\Users\Mandy\AppData\Local\DoNotTrackPlus Some content of TEMP: ==================== C:\Users\Mandy\AppData\Local\Temp\avgnt.exe C:\Users\Mandy\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-10 19:42 ==================== End Of Log ============================ Lieber schrauber ich habe keine anhnung ob das jetzt richtig ist ?? und du etwas damit anfangen kannst lg |
11.02.2014, 11:29 | #6 |
/// the machine /// TB-Ausbilder | nationzoom lässt sich nicht entfernen Hast Du alle obigen Programme abgearbeitet?
__________________ --> nationzoom lässt sich nicht entfernen |
11.02.2014, 18:22 | #7 |
| nationzoom lässt sich nicht entfernen Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.02.11.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 11.0.9600.16476 Mandy :: MANDY-ZUHAUSE [Administrator] Schutz: Aktiviert 11.02.2014 17:20:44 mbam-log-2014-02-11 (17-20-44).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 189491 Laufzeit: 8 Minute(n), 15 Sekunde(n) Infizierte Speicherprozesse: 5 C:\ProgramData\InternetUpdater\InternetUpdaterService.exe (PUP.Optional.InternetUpdaterService.A) -> 3168 -> Löschen bei Neustart. C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe (PUP.Optional.SearchDonkey.A) -> 3964 -> Löschen bei Neustart. C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe (PUP.Optional.SearchDonkey.A) -> 4092 -> Löschen bei Neustart. C:\ProgramData\RHelpers\IeHelper\IeHelper.exe (PUP.Optional.SearchDonkey.A) -> 2500 -> Löschen bei Neustart. C:\ProgramData\Updater\updater.exe (Trojan.Agent) -> 2312 -> Löschen bei Neustart. Infizierte Speichermodule: 1 C:\Users\Mandy\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Löschen bei Neustart. Infizierte Registrierungsschlüssel: 13 HKLM\SYSTEM\CurrentControlSet\Services\InternetUpdater (PUP.Optional.InternetUpdaterService.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\AppID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{112BA211-334C-4A90-90EC-2AD1CDAB287C} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{112BA211-334C-4A90-90EC-2AD1CDAB287C} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{112BA211-334C-4A90-90EC-2AD1CDAB287C} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{112BA211-334C-4A90-90EC-2AD1CDAB287C} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1FAFD711-ABF9-4F6A-8130-5166C7371427} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{1FAFD711-ABF9-4F6A-8130-5166C7371427} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1FAFD711-ABF9-4F6A-8130-5166C7371427} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetUpdater (PUP.Optional.InternetUpdater.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\nationzoomSoftware (PUP.Optional.NationZoom.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Speedchecker Limited\PC Speed Up (PUP.Optional.PCSpeedUp.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SYSTEM\CurrentControlSet\Services\ca82e1a5 (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 6 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Daten: C:\Windows\system32\rundll32.exe "C:\Users\Mandy\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{1FAFD711-ABF9-4F6A-8130-5166C7371427} (PUP.Optional.Iminent.A) -> Daten: Iminent Toolbar -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{1FAFD711-ABF9-4F6A-8130-5166C7371427} (PUP.Optional.Iminent.A) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Updater (Trojan.Agent) -> Daten: C:\ProgramData\Updater\updater.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Updater (Trojan.Agent) -> Daten: C:\ProgramData\Updater\Updater.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SYSTEM\CurrentControlSet\Services\InternetUpdater|ImagePath (PUP.Optional.InternetUpdater.A) -> Daten: "C:\ProgramData\InternetUpdater\InternetUpdaterService.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 8 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.NationZoom.A) -> Bösartig: (hxxp://www.nationzoom.com/?type=hp&ts=1388944963&from=tugs&uid=ST9320325AS_S2W2E364XXXXS2W2E364) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command| (PUP.Optional.NationZoom.A) -> Bösartig: ("C:\Program Files\Mozilla Firefox\firefox.exe" hxxp://www.nationzoom.com/?type=sc&ts=1388944963&from=tugs&uid=ST9320325AS_S2W2E364XXXXS2W2E364) Gut: (firefox.exe) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command| (PUP.Optional.NationZoom.A) -> Bösartig: ("C:\Program Files\Google\Chrome\Application\chrome.exe" hxxp://www.nationzoom.com/?type=sc&ts=1388944963&from=tugs&uid=ST9320325AS_S2W2E364XXXXS2W2E364) Gut: (Chrome.exe) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (PUP.Optional.NationZoom.A) -> Bösartig: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1388944963&from=tugs&uid=ST9320325AS_S2W2E364XXXXS2W2E364) Gut: (iexplore.exe) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (PUP.Optional.NationZoom.A) -> Bösartig: (hxxp://www.nationzoom.com/web/?type=ds&ts=1388944963&from=tugs&uid=ST9320325AS_S2W2E364XXXXS2W2E364&q={searchTerms}) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.NationZoom.A) -> Bösartig: (hxxp://www.nationzoom.com/?type=hp&ts=1388944963&from=tugs&uid=ST9320325AS_S2W2E364XXXXS2W2E364) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\Software\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.NationZoom.A) -> Bösartig: (hxxp://www.nationzoom.com/?type=hp&ts=1388944963&from=tugs&uid=ST9320325AS_S2W2E364XXXXS2W2E364) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\Software\Microsoft\Internet Explorer\Main|Search Page (PUP.Optional.NationZoom) -> Bösartig: (hxxp://www.nationzoom.com/web/?type=ds&ts=1388944963&from=tugs&uid=ST9320325AS_S2W2E364XXXXS2W2E364&q={searchTerms}) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 7 C:\ProgramData\InternetUpdater (PUP.Optional.InternetUpdater.A) -> Löschen bei Neustart. C:\ProgramData\RHelpers (PUP.Optional.Searchagent) -> Löschen bei Neustart. C:\ProgramData\RHelpers\ChromeHelper (PUP.Optional.Searchagent) -> Löschen bei Neustart. C:\ProgramData\RHelpers\FirefoxHelper (PUP.Optional.Searchagent) -> Löschen bei Neustart. C:\ProgramData\RHelpers\IeHelper (PUP.Optional.Searchagent) -> Löschen bei Neustart. C:\Users\Mandy\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Mandy\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 25 C:\Users\Mandy\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Löschen bei Neustart. C:\ProgramData\InternetUpdater\InternetUpdaterService.exe (PUP.Optional.InternetUpdaterService.A) -> Löschen bei Neustart. C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe (PUP.Optional.SearchDonkey.A) -> Löschen bei Neustart. C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe (PUP.Optional.SearchDonkey.A) -> Löschen bei Neustart. C:\ProgramData\RHelpers\IeHelper\IeHelper.exe (PUP.Optional.SearchDonkey.A) -> Löschen bei Neustart. C:\Users\Mandy\Desktop\FreeYouTubeToMP3Converter-3-.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Mandy\Desktop\rcpsetup_softonic_sd_new.exe (PUP.Optional.RegCleanerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Mandy\Downloads\AdwCleaner_TSV43TE60.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Mandy\Downloads\COMPUTER_BILD_Download_Manager_fuer_free-youtube-to-mp3-converter.exe (PUP.Optional.Softonic) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Mandy\Downloads\FreeYouTubeDownload.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Mandy\Downloads\Java.exe (PUP.Optional.BundleInstaller.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Mandy\Downloads\JFileManager.exe (PUP.Optional.BundleInstaller.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Mandy\Downloads\rcpsetup_chip_de_chip_de(1).exe (PUP.Optional.RegCleanPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Mandy\Downloads\rcpsetup_chip_de_chip_de.exe (PUP.Optional.RegCleanPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Mandy\Downloads\Setup.exe (PUP.Optional.BundleInstaller.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Mandy\AppData\Local\genienext\nengine.dll (PUP.Optional.NextLive.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx (PUP.Optional.NewTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\InternetUpdater\InternetUpdater.ico (PUP.Optional.InternetUpdater.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\InternetUpdater\app.dat (PUP.Optional.InternetUpdater.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\InternetUpdater\data.dat (PUP.Optional.InternetUpdater.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\InternetUpdater\InternetUpdaterService.exe.config (PUP.Optional.InternetUpdater.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\InternetUpdater\Uninstall.exe (PUP.Optional.InternetUpdater.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Updater\updater.exe (Trojan.Agent) -> Löschen bei Neustart. C:\Users\Mandy\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Mandy\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Hallo schrauber hier ist mein erster bericht ich hoffe das ist richtig ? AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.018 - Bericht erstellt am 11/02/2014 um 17:47:34 # Updated 28/01/2014 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits) # Benutzername : Mandy - MANDY-ZUHAUSE # Gestartet von : C:\Users\Mandy\Desktop\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DynConIE ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.16428 -\\ Mozilla Firefox v26.0 (de) [ Datei : C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\kpgtritv.default\prefs.js ] -\\ Google Chrome v31.0.1650.63 [ Datei : C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [79439 octets] - [18/01/2014 16:11:58] AdwCleaner[R10].txt - [1802 octets] - [10/02/2014 16:17:31] AdwCleaner[R11].txt - [1845 octets] - [11/02/2014 17:47:07] AdwCleaner[R1].txt - [79319 octets] - [18/01/2014 16:35:10] AdwCleaner[R2].txt - [47569 octets] - [21/01/2014 21:10:29] AdwCleaner[R3].txt - [47569 octets] - [21/01/2014 21:17:55] AdwCleaner[R4].txt - [47569 octets] - [21/01/2014 21:25:30] AdwCleaner[R5].txt - [47569 octets] - [21/01/2014 21:27:42] AdwCleaner[R6].txt - [42189 octets] - [08/02/2014 09:32:20] AdwCleaner[R7].txt - [1933 octets] - [08/02/2014 09:41:59] AdwCleaner[R8].txt - [1993 octets] - [08/02/2014 09:53:17] AdwCleaner[R9].txt - [1734 octets] - [08/02/2014 21:14:42] AdwCleaner[S0].txt - [41227 octets] - [08/02/2014 09:32:59] AdwCleaner[S1].txt - [1797 octets] - [08/02/2014 21:15:34] AdwCleaner[S2].txt - [1863 octets] - [10/02/2014 16:18:27] AdwCleaner[S3].txt - [1766 octets] - [11/02/2014 17:47:34] ########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1826 octets] ########## hier ist der nächste bericht lg ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.1 (02.04.2014:1) OS: Windows 7 Professional x86 Ran by Mandy on 11.02.2014 at 18:00:05,45 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3108434708-521570234-33046430-1000\Software\sweetim Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9 Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DFF6D315-9F1B-41A5-8E18-652FC7FE9C02} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\Mandy\appdata\local\apn" ~~~ FireFox Successfully deleted the following from C:\Users\Mandy\AppData\Roaming\mozilla\firefox\profiles\kpgtritv.default\prefs.js user_pref("extensions.iminent.admin", false); user_pref("extensions.iminent.aflt", "orgnl"); user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}"); user_pref("extensions.iminent.autoRvrt", "false"); user_pref("extensions.iminent.dfltLng", ""); user_pref("extensions.iminent.excTlbr", false); user_pref("extensions.iminent.ffxUnstlRst", false); user_pref("extensions.iminent.id", "5c9571210000000000004cedde8a3ba8"); user_pref("extensions.iminent.instlDay", "15941"); user_pref("extensions.iminent.instlRef", ""); user_pref("extensions.iminent.newTab", false); user_pref("extensions.iminent.prdct", "iminent"); user_pref("extensions.iminent.prtnrId", "iminent"); user_pref("extensions.iminent.rvrt", "false"); user_pref("extensions.iminent.smplGrp", "none"); user_pref("extensions.iminent.tlbrId", "base"); user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q="); user_pref("extensions.iminent.vrsn", "1.8.21.26"); user_pref("extensions.iminent.vrsnTs", "1.8.21.2612:33:48"); user_pref("extensions.iminent.vrsni", "1.8.21.26"); Emptied folder: C:\Users\Mandy\AppData\Roaming\mozilla\firefox\profiles\kpgtritv.default\minidumps [298 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 11.02.2014 at 18:03:17,25 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ so und der nächste ich mache jetzt meinen schutz wieder an ok ? Shortcut Cleaner 1.2.8 by Lawrence Abrams (Grinler) hxxp://www.bleepingcomputer.com/ Copyright 2008-2014 BleepingComputer.com More Information about Shortcut Cleaner can be found at this link: hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/ Windows Version: Windows 7 Professional Service Pack 1 Program started at: 02/11/2014 06:13:45 PM. Scanning for registry hijacks: * No issues found in the Registry. Searching for Hijacked Shortcuts: Searching C:\Users\Mandy\AppData\Roaming\Microsoft\Windows\Start Menu\ * Shortcut Cleaned: C:\Users\Mandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1388944963&from=tugs&uid=ST9320325AS_S2W2E364XXXXS2W2E364 * Shortcut Cleaned: C:\Users\Mandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1388944963&from=tugs&uid=ST9320325AS_S2W2E364XXXXS2W2E364 Searching C:\ProgramData\Microsoft\Windows\Start Menu\ * Shortcut Cleaned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk => C:\Program Files\Google\Chrome\Application\chrome.exe hxxp://www.nationzoom.com/?type=sc&ts=1388944963&from=tugs&uid=ST9320325AS_S2W2E364XXXXS2W2E364 * Shortcut Cleaned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => C:\Program Files\Mozilla Firefox\firefox.exe hxxp://www.nationzoom.com/?type=sc&ts=1388944963&from=tugs&uid=ST9320325AS_S2W2E364XXXXS2W2E364 Searching C:\Users\Mandy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ * Shortcut Cleaned: C:\Users\Mandy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => C:\Program Files\Google\Chrome\Application\chrome.exe hxxp://www.nationzoom.com/?type=sc&ts=1388944963&from=tugs&uid=ST9320325AS_S2W2E364XXXXS2W2E364 * Shortcut Cleaned: C:\Users\Mandy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1388944963&from=tugs&uid=ST9320325AS_S2W2E364XXXXS2W2E364 * Shortcut Cleaned: C:\Users\Mandy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk => C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1388944963&from=tugs&uid=ST9320325AS_S2W2E364XXXXS2W2E364 * Shortcut Cleaned: C:\Users\Mandy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk => C:\Program Files\Mozilla Firefox\firefox.exe hxxp://www.nationzoom.com/?type=sc&ts=1388944963&from=tugs&uid=ST9320325AS_S2W2E364XXXXS2W2E364 Searching C:\Users\Public\Desktop\ * Shortcut Cleaned: C:\Users\Public\Desktop\Google Chrome.lnk => C:\Program Files\Google\Chrome\Application\chrome.exe hxxp://www.nationzoom.com/?type=sc&ts=1388944963&from=tugs&uid=ST9320325AS_S2W2E364XXXXS2W2E364 * Shortcut Cleaned: C:\Users\Public\Desktop\Mozilla Firefox.lnk => C:\Program Files\Mozilla Firefox\firefox.exe hxxp://www.nationzoom.com/?type=sc&ts=1388944963&from=tugs&uid=ST9320325AS_S2W2E364XXXXS2W2E364 Searching C:\Users\Mandy\Desktop 10 bad shortcuts found. Program finished at: 02/11/2014 06:13:47 PM Execution time: 0 hours(s), 0 minute(s), and 2 seconds(s) FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-02-2014 01 Ran by Mandy (administrator) on MANDY-ZUHAUSE on 11-02-2014 18:17:29 Running from C:\Users\Mandy\Downloads Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe (CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe (Fujitsu Technology Solutions) C:\Program Files\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.EXE (FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.EXE (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avcenter.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1578280 2009-10-09] (Synaptics Incorporated) HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [ConMgr] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe [504208 2009-12-24] (CSR, plc) HKLM\...\Run: [CSRSkype] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe [346512 2009-12-24] (CSR, plc) HKLM\...\Run: [DeskUpdateNotifier] - C:\Program Files\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe [102968 2013-02-26] (Fujitsu Technology Solutions) HKLM\...\Run: [FDM7] - C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [128360 2009-11-26] (FUJITSU LIMITED) HKLM\...\Run: [IndicatorUtility] - C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED) HKLM\...\Run: [LoadBtnHnd] - C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [33640 2009-10-15] (FUJITSU LIMITED) HKLM\...\Run: [LoadFUJ02E3] - C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [36712 2009-10-14] (FUJITSU LIMITED) HKLM\...\Run: [LoadFujitsuQuickTouch] - C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [138088 2009-10-15] (FUJITSU LIMITED) HKLM\...\Run: [PfNet] - C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe [6311424 2010-06-23] (FUJITSU LIMITED) HKLM\...\Run: [PSUTility] - C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [144744 2009-07-27] (FUJITSU LIMITED) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe HKLM\...\Run: [] - [X] HKU\S-1-5-21-3108434708-521570234-33046430-1000\...\Run: [ccleaner] - C:\Program Files\CCleaner\CCleaner.exe [2696512 2011-12-20] (Piriform Ltd) HKU\S-1-5-21-3108434708-521570234-33046430-1000\...\MountPoints2: {60858773-4458-11e1-92ff-4cedde8a3ba8} - "G:\WD SmartWare.exe" autoplay=true ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1B7F3521A887CD01 URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - DefaultScope value is missing. BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 09 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\kpgtritv.default FF Homepage: https://www.google.de/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR Extension: (Avira Toolbar) - C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl [2012-11-15] CHR Extension: (DVDVideoSoft) - C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-08-24] CHR Extension: (Google Wallet) - C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24] CHR HKLM\...\Chrome\Extension: [aaaaabfjnbeinlpljodiajipidiompfl] - C:\Users\Mandy\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.11.0.crx [2013-08-24] CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-08-24] CHR StartMenuInternet: Google Chrome - Chrome.exe CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-06] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-17] (Avira Operations GmbH & Co. KG) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.) R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [249344 2010-06-23] (FUJITSU LIMITED) R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [62824 2009-07-27] (FUJITSU LIMITED) R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [111536 2009-12-24] (CSR, plc) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-06] (Avira Operations GmbH & Co. KG) R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [5888 2006-11-01] (FUJITSU LIMITED) S3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) S3 rstescu; C:\Windows\system32\drivers\rstescu.sys [538648 2011-03-25] (Intel Corporation) S3 rstescu1; C:\Windows\system32\drivers\rstescu1.sys [538648 2011-03-25] (Intel Corporation) R0 rstfltr; C:\Windows\System32\drivers\rstfltr.sys [19992 2011-03-25] (Intel Corporation) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-11 18:13 - 2014-02-11 18:13 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Mandy\Downloads\sc-cleaner(1).exe 2014-02-11 18:13 - 2014-02-11 18:13 - 00007034 _____ () C:\sc-cleaner.txt 2014-02-11 18:12 - 2014-02-11 18:13 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Mandy\Downloads\sc-cleaner.exe 2014-02-11 18:03 - 2014-02-11 18:03 - 00002520 _____ () C:\Users\Mandy\Desktop\JRT.txt 2014-02-11 18:00 - 2014-02-11 18:00 - 00000000 ____D () C:\Windows\ERUNT 2014-02-11 17:58 - 2014-02-11 17:58 - 01037530 _____ (Thisisu) C:\Users\Mandy\Downloads\JRT.exe 2014-02-11 17:55 - 2014-02-11 17:56 - 04892480 _____ (WinZip International LLC ) C:\Users\Mandy\Downloads\wzmp_8(1).exe 2014-02-11 17:48 - 2014-02-11 17:48 - 00001980 _____ () C:\Windows\setupact.log 2014-02-11 17:48 - 2014-02-11 17:48 - 00000000 _____ () C:\Windows\setuperr.log 2014-02-11 17:44 - 2014-02-11 17:47 - 00018745 _____ () C:\Windows\WindowsUpdate.log 2014-02-11 17:10 - 2014-02-11 17:10 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\Malwarebytes 2014-02-11 17:09 - 2014-02-11 17:09 - 00001069 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-11 17:09 - 2014-02-11 17:09 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-11 17:09 - 2014-02-11 17:09 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-02-11 17:09 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-02-11 17:07 - 2014-02-11 17:07 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Mandy\Downloads\mbam-setup-1.75.0.1300.exe 2014-02-10 16:40 - 2014-02-10 16:57 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\Nico Mak Computing 2014-02-10 16:39 - 2014-02-10 16:39 - 04892480 _____ (WinZip International LLC ) C:\Users\Mandy\Downloads\wzmp_8.exe 2014-02-10 16:28 - 2014-02-11 18:17 - 00000000 ____D () C:\Users\Mandy\Downloads\FRST-OlderVersion 2014-02-08 21:06 - 2014-02-08 21:06 - 00000000 ____D () C:\ProgramData\Websteroids 2014-02-08 11:42 - 2014-02-08 11:44 - 00014445 _____ () C:\Users\Mandy\Downloads\Addition.txt 2014-02-08 11:41 - 2014-02-11 18:17 - 01139712 _____ (Farbar) C:\Users\Mandy\Downloads\FRST.exe 2014-02-08 11:41 - 2014-02-11 18:17 - 00011922 _____ () C:\Users\Mandy\Downloads\FRST.txt 2014-02-08 11:41 - 2014-02-11 18:17 - 00000000 ____D () C:\FRST 2014-02-08 09:28 - 2014-02-08 09:28 - 00000000 ____D () C:\Users\Mandy\Downloads\AdwCleaner_TSV43TE60 2014-01-29 14:39 - 2014-01-29 14:39 - 01166132 _____ () C:\Users\Mandy\Desktop\adwcleaner.exe 2014-01-21 21:05 - 2014-01-21 21:05 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-01-18 16:14 - 2014-01-18 16:14 - 00000000 ____D () C:\Firefox 2014-01-18 16:11 - 2014-02-11 17:47 - 00000000 ____D () C:\AdwCleaner 2014-01-18 16:01 - 2014-02-11 17:41 - 00000000 ____D () C:\ProgramData\Updater 2014-01-16 16:54 - 2013-11-27 02:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-01-16 16:54 - 2013-11-27 02:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-01-16 16:54 - 2013-11-27 02:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-01-16 16:54 - 2013-11-27 02:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-01-16 16:54 - 2013-11-27 02:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-01-16 16:54 - 2013-11-27 02:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-01-16 16:54 - 2013-11-27 02:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-01-16 16:54 - 2013-11-26 12:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-01-16 16:54 - 2013-11-26 11:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys ==================== One Month Modified Files and Folders ======= 2014-02-11 18:17 - 2014-02-10 16:28 - 00000000 ____D () C:\Users\Mandy\Downloads\FRST-OlderVersion 2014-02-11 18:17 - 2014-02-08 11:41 - 01139712 _____ (Farbar) C:\Users\Mandy\Downloads\FRST.exe 2014-02-11 18:17 - 2014-02-08 11:41 - 00011922 _____ () C:\Users\Mandy\Downloads\FRST.txt 2014-02-11 18:17 - 2014-02-08 11:41 - 00000000 ____D () C:\FRST 2014-02-11 18:13 - 2014-02-11 18:13 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Mandy\Downloads\sc-cleaner(1).exe 2014-02-11 18:13 - 2014-02-11 18:13 - 00007034 _____ () C:\sc-cleaner.txt 2014-02-11 18:13 - 2014-02-11 18:12 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Mandy\Downloads\sc-cleaner.exe 2014-02-11 18:13 - 2012-11-18 11:16 - 00001107 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-02-11 18:13 - 2012-11-17 20:27 - 00001411 _____ () C:\Users\Mandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-02-11 18:13 - 2012-09-02 12:35 - 00002127 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-02-11 18:03 - 2014-02-11 18:03 - 00002520 _____ () C:\Users\Mandy\Desktop\JRT.txt 2014-02-11 18:00 - 2014-02-11 18:00 - 00000000 ____D () C:\Windows\ERUNT 2014-02-11 17:58 - 2014-02-11 17:58 - 01037530 _____ (Thisisu) C:\Users\Mandy\Downloads\JRT.exe 2014-02-11 17:57 - 2009-07-14 05:34 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-11 17:57 - 2009-07-14 05:34 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-11 17:56 - 2014-02-11 17:55 - 04892480 _____ (WinZip International LLC ) C:\Users\Mandy\Downloads\wzmp_8(1).exe 2014-02-11 17:53 - 2014-02-11 17:44 - 00018745 _____ () C:\Windows\WindowsUpdate.log 2014-02-11 17:48 - 2014-02-11 17:48 - 00001980 _____ () C:\Windows\setupact.log 2014-02-11 17:48 - 2014-02-11 17:48 - 00000000 _____ () C:\Windows\setuperr.log 2014-02-11 17:48 - 2013-11-28 22:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-02-11 17:48 - 2011-12-24 22:04 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-02-11 17:48 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-11 17:47 - 2014-01-18 16:11 - 00000000 ____D () C:\AdwCleaner 2014-02-11 17:45 - 2011-12-24 22:04 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-02-11 17:41 - 2014-01-18 16:01 - 00000000 ____D () C:\ProgramData\Updater 2014-02-11 17:31 - 2014-01-05 19:03 - 00000000 ____D () C:\Users\Mandy\AppData\Local\genienext 2014-02-11 17:10 - 2014-02-11 17:10 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\Malwarebytes 2014-02-11 17:09 - 2014-02-11 17:09 - 00001069 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-11 17:09 - 2014-02-11 17:09 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-11 17:09 - 2014-02-11 17:09 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-02-11 17:07 - 2014-02-11 17:07 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Mandy\Downloads\mbam-setup-1.75.0.1300.exe 2014-02-10 16:57 - 2014-02-10 16:40 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\Nico Mak Computing 2014-02-10 16:39 - 2014-02-10 16:39 - 04892480 _____ (WinZip International LLC ) C:\Users\Mandy\Downloads\wzmp_8.exe 2014-02-08 21:06 - 2014-02-08 21:06 - 00000000 ____D () C:\ProgramData\Websteroids 2014-02-08 11:44 - 2014-02-08 11:42 - 00014445 _____ () C:\Users\Mandy\Downloads\Addition.txt 2014-02-08 09:28 - 2014-02-08 09:28 - 00000000 ____D () C:\Users\Mandy\Downloads\AdwCleaner_TSV43TE60 2014-02-06 19:48 - 2012-03-30 20:46 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-02-06 19:48 - 2011-11-14 14:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-02-03 17:11 - 2012-01-15 12:39 - 00000000 ____D () C:\Users\Mandy\AppData\Local\Adobe 2014-01-29 14:39 - 2014-01-29 14:39 - 01166132 _____ () C:\Users\Mandy\Desktop\adwcleaner.exe 2014-01-21 21:45 - 2014-01-05 19:02 - 00000000 ____D () C:\ProgramData\WPM 2014-01-21 21:05 - 2014-01-21 21:05 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-01-21 19:31 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-01-18 17:06 - 2013-08-24 11:33 - 00000862 _____ () C:\Windows\system32\InstallUtil.InstallLog 2014-01-18 16:14 - 2014-01-18 16:14 - 00000000 ____D () C:\Firefox 2014-01-16 21:01 - 2009-07-14 05:33 - 00268272 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-01-16 20:58 - 2009-07-14 05:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-01-16 18:49 - 2013-08-15 18:05 - 00000000 ____D () C:\Windows\system32\MRT 2014-01-16 18:47 - 2012-11-18 19:03 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-01-16 17:21 - 2012-11-18 18:50 - 00000000 ____D () C:\Users\Mandy\AppData\Local\DoNotTrackPlus Some content of TEMP: ==================== C:\Users\Mandy\AppData\Local\Temp\avgnt.exe C:\Users\Mandy\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-10 19:42 ==================== End Of Log ============================ --- --- --- |
12.02.2014, 17:46 | #8 |
/// the machine /// TB-Ausbilder | nationzoom lässt sich nicht entfernenESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
13.02.2014, 20:21 | #9 |
| nationzoom lässt sich nicht entfernen hallo schrauber hier der logfile von eset und mein pc macht jetzt schon keinen ärger mehr ich bin ssoooo froh darüber danke danke danke lg mandy so das andere mache ich morgen lg ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=9a867ae7d19e734aa11f60d06106dbd2 # engine=17048 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-02-12 08:51:27 # local_time=2014-02-12 09:51:27 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1799 16775165 100 95 27113 4886312 19860 0 # compatibility_mode=5893 16776573 100 94 28885 143869478 0 0 # scanned=235558 # found=3 # cleaned=0 # scan_time=5136 sh=9ABE489AF3684ABB96AB39F112768F69C83D0F8E ft=1 fh=f7fcd12f54d4e5cc vn="a variant of Win32/SpeedingUpMyPC application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\optimizer pro\OptimizerPro.exe.vir" sh=2F367F244D08950211E4C05FB8EF8E0959BB773A ft=1 fh=20d3e0bbdedcd685 vn="a variant of Win32/AdWare.SpeedingUpMyPC.D application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\optimizer pro\OptProLauncher.exe.vir" sh=E5DB01AF8C7541396D4C619A55B7B664281A5375 ft=1 fh=97edb4dad52fbf6e vn="a variant of Win32/Adware.SpeedingUpMyPC.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\optimizer pro\OptProSmartScan.exe.vir" Results of screen317's Security Check version 0.99.79 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 CCleaner Adobe Flash Player 12.0.0.44 Adobe Reader XI Mozilla Firefox (26.0) Google Chrome 31.0.1650.57 Google Chrome 31.0.1650.63 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2014 Ran by Mandy (administrator) on MANDY-ZUHAUSE on 13-02-2014 20:19:57 Running from C:\Users\Mandy\Downloads Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe (CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe (Fujitsu Technology Solutions) C:\Program Files\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.EXE (FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.EXE (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe () C:\Users\Mandy\Downloads\SecurityCheck.exe (Microsoft Corporation) C:\Windows\system32\cmd.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1578280 2009-10-09] (Synaptics Incorporated) HKLM\...\Run: [ConMgr] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe [504208 2009-12-24] (CSR, plc) HKLM\...\Run: [CSRSkype] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe [346512 2009-12-24] (CSR, plc) HKLM\...\Run: [DeskUpdateNotifier] - C:\Program Files\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe [102968 2013-02-26] (Fujitsu Technology Solutions) HKLM\...\Run: [FDM7] - C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [128360 2009-11-26] (FUJITSU LIMITED) HKLM\...\Run: [IndicatorUtility] - C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED) HKLM\...\Run: [LoadBtnHnd] - C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [33640 2009-10-15] (FUJITSU LIMITED) HKLM\...\Run: [LoadFUJ02E3] - C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [36712 2009-10-14] (FUJITSU LIMITED) HKLM\...\Run: [LoadFujitsuQuickTouch] - C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [138088 2009-10-15] (FUJITSU LIMITED) HKLM\...\Run: [PfNet] - C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe [6311424 2010-06-23] (FUJITSU LIMITED) HKLM\...\Run: [PSUTility] - C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [144744 2009-07-27] (FUJITSU LIMITED) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe HKLM\...\Run: [] - [X] HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-3108434708-521570234-33046430-1000\...\Run: [ccleaner] - C:\Program Files\CCleaner\CCleaner.exe [2696512 2011-12-20] (Piriform Ltd) HKU\S-1-5-21-3108434708-521570234-33046430-1000\...\MountPoints2: {60858773-4458-11e1-92ff-4cedde8a3ba8} - "G:\WD SmartWare.exe" autoplay=true ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1B7F3521A887CD01 URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - DefaultScope value is missing. BHO: Avira Savings Advisor BHO - {A18A516C-AA41-46A9-92DB-60208917E442} - C:\Program Files\avira\Internet Explorer\avira32.dll () DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\kpgtritv.default FF Homepage: https://www.google.de/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Avira Savings Advisor - C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\kpgtritv.default\Extensions\ciuvo-extension@avira.de [2014-02-11] FF StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR Extension: (Avira Sparberater) - C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cojnmaaohncijldefpkpkkakjonfmgeb [2014-02-11] CHR Extension: (DVDVideoSoft) - C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-08-24] CHR Extension: (Google Wallet) - C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24] CHR HKLM\...\Chrome\Extension: [aaaaabfjnbeinlpljodiajipidiompfl] - C:\Users\Mandy\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.11.0.crx [2013-08-24] CHR HKLM\...\Chrome\Extension: [cojnmaaohncijldefpkpkkakjonfmgeb] - C:\Program Files\avira\Chrome\avira-1.5.14.crx [2013-12-11] CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-08-24] CHR StartMenuInternet: Google Chrome - Chrome.exe CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [249344 2010-06-23] (FUJITSU LIMITED) R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [62824 2009-07-27] (FUJITSU LIMITED) R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [111536 2009-12-24] (CSR, plc) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-18] (Avira Operations GmbH & Co. KG) R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [5888 2006-11-01] (FUJITSU LIMITED) S3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) S3 rstescu; C:\Windows\system32\drivers\rstescu.sys [538648 2011-03-25] (Intel Corporation) S3 rstescu1; C:\Windows\system32\drivers\rstescu1.sys [538648 2011-03-25] (Intel Corporation) R0 rstfltr; C:\Windows\System32\drivers\rstfltr.sys [19992 2011-03-25] (Intel Corporation) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-12-18] (Avira GmbH) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-13 20:18 - 2014-02-13 20:18 - 00013356 _____ () C:\Users\Mandy\Desktop\SecurityCheck - Verknüpfung.lnk 2014-02-13 20:12 - 2014-02-13 20:13 - 00987425 _____ () C:\Users\Mandy\Downloads\SecurityCheck.exe 2014-02-13 19:58 - 2014-02-13 19:58 - 00017917 _____ () C:\Windows\WindowsUpdate.log 2014-02-12 20:17 - 2014-02-12 20:17 - 02347384 _____ (ESET) C:\Users\Mandy\Downloads\esetsmartinstaller_enu.exe 2014-02-12 18:00 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-12 18:00 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-12 18:00 - 2014-02-06 11:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-02-12 18:00 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-02-12 18:00 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-02-12 18:00 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-12 18:00 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-12 18:00 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-02-12 18:00 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-12 18:00 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-12 18:00 - 2014-02-06 10:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-02-12 18:00 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-02-12 18:00 - 2014-02-06 10:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-02-12 18:00 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-12 18:00 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-02-12 18:00 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-12 18:00 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-12 18:00 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-12 18:00 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-12 18:00 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-12 18:00 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-02-12 17:50 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-12 14:52 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\system32\locale.nls 2014-02-12 14:52 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-02-12 14:52 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-02-12 14:52 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-02-12 14:52 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2014-02-12 14:52 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2014-02-12 14:52 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2014-02-12 14:52 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2014-02-12 14:52 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-02-12 14:52 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2014-02-12 14:52 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2014-02-12 14:52 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2014-02-12 14:52 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2014-02-12 14:52 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2014-02-11 21:06 - 2014-02-11 21:04 - 00000426 _____ () C:\AVScanner.ini 2014-02-11 18:44 - 2014-02-11 18:44 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\Avira 2014-02-11 18:43 - 2014-02-11 18:43 - 00002014 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-02-11 18:42 - 2014-02-11 18:44 - 00000000 ____D () C:\Program Files\Avira 2014-02-11 18:42 - 2013-12-18 09:32 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-02-11 18:42 - 2013-12-18 09:32 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-02-11 18:42 - 2013-12-18 09:32 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-02-11 18:42 - 2013-12-18 09:32 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys 2014-02-11 18:38 - 2014-02-11 18:41 - 130658432 _____ () C:\Users\Mandy\Downloads\avira_free_antivirus_de(1).exe 2014-02-11 18:13 - 2014-02-11 18:13 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Mandy\Downloads\sc-cleaner(1).exe 2014-02-11 18:13 - 2014-02-11 18:13 - 00007034 _____ () C:\sc-cleaner.txt 2014-02-11 18:12 - 2014-02-11 18:13 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Mandy\Downloads\sc-cleaner.exe 2014-02-11 18:03 - 2014-02-11 18:03 - 00002520 _____ () C:\Users\Mandy\Desktop\JRT.txt 2014-02-11 18:00 - 2014-02-11 18:00 - 00000000 ____D () C:\Windows\ERUNT 2014-02-11 17:58 - 2014-02-11 17:58 - 01037530 _____ (Thisisu) C:\Users\Mandy\Downloads\JRT.exe 2014-02-11 17:55 - 2014-02-11 17:56 - 04892480 _____ (WinZip International LLC ) C:\Users\Mandy\Downloads\wzmp_8(1).exe 2014-02-11 17:10 - 2014-02-11 17:10 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\Malwarebytes 2014-02-11 17:09 - 2014-02-11 17:09 - 00001069 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-11 17:09 - 2014-02-11 17:09 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-11 17:09 - 2014-02-11 17:09 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-02-11 17:09 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-02-11 17:07 - 2014-02-11 17:07 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Mandy\Downloads\mbam-setup-1.75.0.1300.exe 2014-02-10 16:40 - 2014-02-10 16:57 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\Nico Mak Computing 2014-02-10 16:39 - 2014-02-10 16:39 - 04892480 _____ (WinZip International LLC ) C:\Users\Mandy\Downloads\wzmp_8.exe 2014-02-10 16:28 - 2014-02-13 20:19 - 00000000 ____D () C:\Users\Mandy\Downloads\FRST-OlderVersion 2014-02-08 21:06 - 2014-02-08 21:06 - 00000000 ____D () C:\ProgramData\Websteroids 2014-02-08 11:42 - 2014-02-08 11:44 - 00014445 _____ () C:\Users\Mandy\Downloads\Addition.txt 2014-02-08 11:41 - 2014-02-13 20:19 - 01141248 _____ (Farbar) C:\Users\Mandy\Downloads\FRST.exe 2014-02-08 11:41 - 2014-02-13 20:19 - 00010749 _____ () C:\Users\Mandy\Downloads\FRST.txt 2014-02-08 11:41 - 2014-02-13 20:19 - 00000000 ____D () C:\FRST 2014-02-08 09:28 - 2014-02-08 09:28 - 00000000 ____D () C:\Users\Mandy\Downloads\AdwCleaner_TSV43TE60 2014-01-29 14:39 - 2014-01-29 14:39 - 01166132 _____ () C:\Users\Mandy\Desktop\adwcleaner.exe 2014-01-21 21:05 - 2014-01-21 21:05 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-01-18 16:14 - 2014-01-18 16:14 - 00000000 ____D () C:\Firefox 2014-01-18 16:11 - 2014-02-11 17:47 - 00000000 ____D () C:\AdwCleaner 2014-01-18 16:01 - 2014-02-11 17:41 - 00000000 ____D () C:\ProgramData\Updater 2014-01-16 16:54 - 2013-11-27 02:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-01-16 16:54 - 2013-11-27 02:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-01-16 16:54 - 2013-11-27 02:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-01-16 16:54 - 2013-11-27 02:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-01-16 16:54 - 2013-11-27 02:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-01-16 16:54 - 2013-11-27 02:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-01-16 16:54 - 2013-11-27 02:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-01-16 16:54 - 2013-11-26 12:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-01-16 16:54 - 2013-11-26 11:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-01-16 01:40 - 2014-01-16 01:40 - 00487016 _____ (McAfee, Inc.) C:\SecurityScanner.dll ==================== One Month Modified Files and Folders ======= 2014-02-13 20:20 - 2014-02-08 11:41 - 00010749 _____ () C:\Users\Mandy\Downloads\FRST.txt 2014-02-13 20:19 - 2014-02-10 16:28 - 00000000 ____D () C:\Users\Mandy\Downloads\FRST-OlderVersion 2014-02-13 20:19 - 2014-02-08 11:41 - 01141248 _____ (Farbar) C:\Users\Mandy\Downloads\FRST.exe 2014-02-13 20:19 - 2014-02-08 11:41 - 00000000 ____D () C:\FRST 2014-02-13 20:18 - 2014-02-13 20:18 - 00013356 _____ () C:\Users\Mandy\Desktop\SecurityCheck - Verknüpfung.lnk 2014-02-13 20:13 - 2014-02-13 20:12 - 00987425 _____ () C:\Users\Mandy\Downloads\SecurityCheck.exe 2014-02-13 20:03 - 2009-07-14 05:34 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-13 20:03 - 2009-07-14 05:34 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-13 20:00 - 2014-02-13 19:58 - 00017917 _____ () C:\Windows\WindowsUpdate.log 2014-02-13 19:55 - 2011-12-24 22:04 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-02-13 19:55 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-12 21:48 - 2013-11-28 22:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-02-12 21:45 - 2011-12-24 22:04 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-02-12 21:43 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-02-12 20:17 - 2014-02-12 20:17 - 02347384 _____ (ESET) C:\Users\Mandy\Downloads\esetsmartinstaller_enu.exe 2014-02-12 17:58 - 2010-11-20 22:01 - 01519874 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-12 17:56 - 2013-08-15 18:05 - 00000000 ____D () C:\Windows\system32\MRT 2014-02-12 17:54 - 2012-11-18 19:03 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-02-12 17:49 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE 2014-02-11 21:13 - 2012-11-18 04:53 - 00000000 ____D () C:\Windows\system32\Drivers\de-DE 2014-02-11 21:04 - 2014-02-11 21:06 - 00000426 _____ () C:\AVScanner.ini 2014-02-11 18:44 - 2014-02-11 18:44 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\Avira 2014-02-11 18:44 - 2014-02-11 18:42 - 00000000 ____D () C:\Program Files\Avira 2014-02-11 18:43 - 2014-02-11 18:43 - 00002014 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-02-11 18:42 - 2012-11-15 10:02 - 00000000 ____D () C:\ProgramData\Avira 2014-02-11 18:41 - 2014-02-11 18:38 - 130658432 _____ () C:\Users\Mandy\Downloads\avira_free_antivirus_de(1).exe 2014-02-11 18:13 - 2014-02-11 18:13 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Mandy\Downloads\sc-cleaner(1).exe 2014-02-11 18:13 - 2014-02-11 18:13 - 00007034 _____ () C:\sc-cleaner.txt 2014-02-11 18:13 - 2014-02-11 18:12 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Mandy\Downloads\sc-cleaner.exe 2014-02-11 18:13 - 2012-11-18 11:16 - 00001107 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-02-11 18:13 - 2012-11-17 20:27 - 00001411 _____ () C:\Users\Mandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-02-11 18:13 - 2012-09-02 12:35 - 00002127 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-02-11 18:03 - 2014-02-11 18:03 - 00002520 _____ () C:\Users\Mandy\Desktop\JRT.txt 2014-02-11 18:00 - 2014-02-11 18:00 - 00000000 ____D () C:\Windows\ERUNT 2014-02-11 17:58 - 2014-02-11 17:58 - 01037530 _____ (Thisisu) C:\Users\Mandy\Downloads\JRT.exe 2014-02-11 17:56 - 2014-02-11 17:55 - 04892480 _____ (WinZip International LLC ) C:\Users\Mandy\Downloads\wzmp_8(1).exe 2014-02-11 17:47 - 2014-01-18 16:11 - 00000000 ____D () C:\AdwCleaner 2014-02-11 17:41 - 2014-01-18 16:01 - 00000000 ____D () C:\ProgramData\Updater 2014-02-11 17:31 - 2014-01-05 19:03 - 00000000 ____D () C:\Users\Mandy\AppData\Local\genienext 2014-02-11 17:10 - 2014-02-11 17:10 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\Malwarebytes 2014-02-11 17:09 - 2014-02-11 17:09 - 00001069 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-11 17:09 - 2014-02-11 17:09 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-11 17:09 - 2014-02-11 17:09 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-02-11 17:07 - 2014-02-11 17:07 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Mandy\Downloads\mbam-setup-1.75.0.1300.exe 2014-02-10 16:57 - 2014-02-10 16:40 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\Nico Mak Computing 2014-02-10 16:39 - 2014-02-10 16:39 - 04892480 _____ (WinZip International LLC ) C:\Users\Mandy\Downloads\wzmp_8.exe 2014-02-08 21:06 - 2014-02-08 21:06 - 00000000 ____D () C:\ProgramData\Websteroids 2014-02-08 11:44 - 2014-02-08 11:42 - 00014445 _____ () C:\Users\Mandy\Downloads\Addition.txt 2014-02-08 09:28 - 2014-02-08 09:28 - 00000000 ____D () C:\Users\Mandy\Downloads\AdwCleaner_TSV43TE60 2014-02-06 19:48 - 2012-03-30 20:46 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-02-06 19:48 - 2011-11-14 14:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-02-06 11:38 - 2014-02-12 18:00 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-06 11:20 - 2014-02-12 18:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-06 11:19 - 2014-02-12 18:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-02-06 11:01 - 2014-02-12 18:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-02-06 11:00 - 2014-02-12 18:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-02-06 10:57 - 2014-02-12 18:00 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-06 10:52 - 2014-02-12 18:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-06 10:52 - 2014-02-12 18:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-02-06 10:49 - 2014-02-12 18:00 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-06 10:47 - 2014-02-12 18:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-06 10:47 - 2014-02-12 18:00 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-02-06 10:46 - 2014-02-12 18:00 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-02-06 10:34 - 2014-02-12 18:00 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-02-06 10:25 - 2014-02-12 18:00 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-06 10:25 - 2014-02-12 18:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-02-06 10:13 - 2014-02-12 18:00 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-06 10:09 - 2014-02-12 18:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-06 10:03 - 2014-02-12 18:00 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-06 09:41 - 2014-02-12 18:00 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-06 09:36 - 2014-02-12 18:00 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-06 09:34 - 2014-02-12 18:00 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-02-03 17:11 - 2012-01-15 12:39 - 00000000 ____D () C:\Users\Mandy\AppData\Local\Adobe 2014-01-29 14:39 - 2014-01-29 14:39 - 01166132 _____ () C:\Users\Mandy\Desktop\adwcleaner.exe 2014-01-21 21:45 - 2014-01-05 19:02 - 00000000 ____D () C:\ProgramData\WPM 2014-01-21 21:05 - 2014-01-21 21:05 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-01-21 19:31 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-01-18 17:06 - 2013-08-24 11:33 - 00000862 _____ () C:\Windows\system32\InstallUtil.InstallLog 2014-01-18 16:14 - 2014-01-18 16:14 - 00000000 ____D () C:\Firefox 2014-01-16 21:01 - 2009-07-14 05:33 - 00268272 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-01-16 20:58 - 2009-07-14 05:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-01-16 17:21 - 2012-11-18 18:50 - 00000000 ____D () C:\Users\Mandy\AppData\Local\DoNotTrackPlus 2014-01-16 01:40 - 2014-01-16 01:40 - 00487016 _____ (McAfee, Inc.) C:\SecurityScanner.dll Some content of TEMP: ==================== C:\Users\Mandy\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-11 19:19 ==================== End Of Log ============================ --- --- --- |
14.02.2014, 15:56 | #10 |
/// the machine /// TB-Ausbilder | nationzoom lässt sich nicht entfernen Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
14.02.2014, 18:40 | #11 |
| nationzoom lässt sich nicht entfernen Hallo Schrauber vielen lieben dank noch mal für alles mein rechner läuft als hätte ich ihn neu gekauft . bisher habe ich null plan von meinem pc gehabt jetzt weiß ich ein kleines bischen mehr dank deinen gut beschriebenen anweisungen. eins habe ich noch ich wollte mir wot runter laden aber da alles in einer anderen sprache ist habe ich mir das nicht getraut viele liebe grüße mandy ich werde jederzeit gerne auf dich zurück kommen wenn es mal wieder probleme gibt bis bald |
15.02.2014, 17:53 | #12 |
/// the machine /// TB-Ausbilder | nationzoom lässt sich nicht entfernen Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |