|
Plagegeister aller Art und deren Bekämpfung: MegaBrowse / Swift Browse Virenmeldung alle 2-3 MinutenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
20.05.2014, 20:21 | #1 |
| MegaBrowse / Swift Browse Virenmeldung alle 2-3 Minuten Edit: Sorry fürs Doppelposting, ich hatte nicht auf dem Schirm, dass man hier eine Stunde Editierzeit hat. Hallo allerseits, seit gerade eben taucht alle 2-3 Minuten beim Surfen die Antivir Fehlermeldung auf, siehe Anhang. Weiß leider nicht, wie ich das in den Text einbinden kann. Ist jetzt seit 30min so, gesurft bin ich nur auf normalen Seiten, fb, soundcloud und so weiter, also nichts verwerfliches (zumindest nicht seitdem die Meldung auftritt). Die Meldung erscheint wie gesagt alle paar Minuten und das nervt ein wenig - habe bei Google nur ein Posting im avira Forum gefunden, das leider nicht hilfreich war. Mag mir jemand helfen? Nervt schon arg. Gruß, P. FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014 Ran by spn (administrator) on SPN-PC on 20-05-2014 21:30:51 Running from C:\Users\spn\Desktop Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe () C:\Program Files (x86)\Mega Browse\bin\utilMegaBrowse.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe () C:\Program Files (x86)\Mega Browse\updateMegaBrowse.exe (Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2821936 2012-03-07] (ELAN Microelectronics Corp.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2011-12-27] (Realtek Semiconductor) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1105488 2012-03-23] (Dritek System Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-20] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1465624499-1118469149-3256503245-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd) HKU\S-1-5-21-1465624499-1118469149-3256503245-1000\...\MountPoints2: {2196341c-a862-11e3-ad08-208984c415a6} - G:\CDLaunch\shelexec.exe \SP1INST.HTM HKU\S-1-5-21-1465624499-1118469149-3256503245-1000\...\MountPoints2: {ab67a5c7-8602-11e3-ad4d-806e6f6e6963} - D:\AutoRun\AutoRunX\AutoRunX.exe Startup: C:\Users\spn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD28A6A847F1ACF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 83.139.104.2 83.139.105.2 FireFox: ======== FF ProfilePath: C:\Users\spn\AppData\Roaming\Mozilla\Firefox\Profiles\fqgnns7d.default FF user.js: detected! => C:\Users\spn\AppData\Roaming\Mozilla\Firefox\Profiles\fqgnns7d.default\user.js FF Homepage: hxxp://bikemarkt.mtb-news.de/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: ProxTube - Unblock YouTube - C:\Users\spn\AppData\Roaming\Mozilla\Firefox\Profiles\fqgnns7d.default\Extensions\ich@maltegoetz.de [2014-01-26] FF Extension: Mega Browse - C:\Users\spn\AppData\Roaming\Mozilla\Firefox\Profiles\fqgnns7d.default\Extensions\{29b136c9-938d-4d3d-8df8-d649d9b74d02}.xpi [2014-03-17] FF Extension: Adblock Plus - C:\Users\spn\AppData\Roaming\Mozilla\Firefox\Profiles\fqgnns7d.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-26] ==================== Services (Whitelisted) ================= S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-02-01] (Adobe Systems) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-20] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-20] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1039952 2014-05-20] (Avira Operations GmbH & Co. KG) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) R2 Update Mega Browse; C:\Program Files (x86)\Mega Browse\updateMegaBrowse.exe [317352 2014-05-20] () R2 Util Mega Browse; C:\Program Files (x86)\Mega Browse\bin\utilMegaBrowse.exe [317352 2014-05-20] () ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-20] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-20] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-12] (Disc Soft Ltd) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-20 21:30 - 2014-05-20 21:31 - 00009864 _____ () C:\Users\spn\Desktop\FRST.txt 2014-05-20 21:30 - 2014-05-20 21:30 - 02067456 _____ (Farbar) C:\Users\spn\Desktop\FRST64.exe 2014-05-20 21:30 - 2014-05-20 21:30 - 00000000 ____D () C:\FRST 2014-05-12 18:14 - 2014-05-12 18:14 - 00000000 ____D () C:\Users\spn\AppData\Roaming\MiKTeX 2014-05-12 18:13 - 2014-05-12 18:13 - 00000000 ____D () C:\Users\spn\AppData\Local\MiKTeX 2014-05-12 18:12 - 2014-05-12 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9 2014-05-12 18:11 - 2014-05-12 18:11 - 00000000 ____D () C:\ProgramData\MiKTeX 2014-05-12 18:09 - 2014-05-12 18:10 - 00000000 ____D () C:\Program Files (x86)\MiKTeX 2.9 2014-05-12 18:00 - 2014-05-12 18:59 - 00000000 ____D () C:\Users\spn\Desktop\TEX 2014-05-12 16:43 - 2014-05-08 21:32 - 00000000 ____D () C:\Users\spn\Desktop\King 2014-05-12 12:43 - 2014-05-12 12:44 - 24414279 _____ () C:\Users\spn\Desktop\Working modell projekt.rar 2014-05-11 13:21 - 2014-05-11 13:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-06 11:32 - 2014-05-06 12:33 - 00000000 ____D () C:\Users\spn\AppData\Roaming\Winamp 2014-05-06 11:32 - 2014-05-06 11:33 - 00000000 ____D () C:\Program Files (x86)\Winamp 2014-05-06 11:32 - 2014-05-06 11:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp 2014-05-06 01:19 - 2014-04-29 12:33 - 00000000 ____D () C:\Users\spn\Desktop\Camulos-Leichenlieder ==================== One Month Modified Files and Folders ======= 2014-05-20 21:31 - 2014-05-20 21:30 - 00009864 _____ () C:\Users\spn\Desktop\FRST.txt 2014-05-20 21:30 - 2014-05-20 21:30 - 02067456 _____ (Farbar) C:\Users\spn\Desktop\FRST64.exe 2014-05-20 21:30 - 2014-05-20 21:30 - 00000000 ____D () C:\FRST 2014-05-20 21:30 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini 2014-05-20 20:47 - 2011-04-12 09:43 - 00643866 _____ () C:\Windows\system32\perfh007.dat 2014-05-20 20:47 - 2011-04-12 09:43 - 00126394 _____ () C:\Windows\system32\perfc007.dat 2014-05-20 20:47 - 2009-07-14 07:13 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-20 20:08 - 2014-01-25 23:10 - 00716053 _____ () C:\Windows\WindowsUpdate.log 2014-05-20 10:10 - 2009-07-14 06:45 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-20 10:10 - 2009-07-14 06:45 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-20 10:08 - 2014-01-26 00:16 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-05-20 10:08 - 2014-01-26 00:16 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-05-20 10:03 - 2009-07-14 06:51 - 00043097 _____ () C:\Windows\setupact.log 2014-05-20 10:02 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-20 00:11 - 2014-01-26 12:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-15 11:52 - 2014-03-03 18:04 - 00000000 ____D () C:\Users\spn\AppData\Roaming\Skype 2014-05-12 18:59 - 2014-05-12 18:00 - 00000000 ____D () C:\Users\spn\Desktop\TEX 2014-05-12 18:14 - 2014-05-12 18:14 - 00000000 ____D () C:\Users\spn\AppData\Roaming\MiKTeX 2014-05-12 18:13 - 2014-05-12 18:13 - 00000000 ____D () C:\Users\spn\AppData\Local\MiKTeX 2014-05-12 18:12 - 2014-05-12 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9 2014-05-12 18:11 - 2014-05-12 18:11 - 00000000 ____D () C:\ProgramData\MiKTeX 2014-05-12 18:10 - 2014-05-12 18:09 - 00000000 ____D () C:\Program Files (x86)\MiKTeX 2.9 2014-05-12 12:44 - 2014-05-12 12:43 - 24414279 _____ () C:\Users\spn\Desktop\Working modell projekt.rar 2014-05-11 13:21 - 2014-05-11 13:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-08 21:32 - 2014-05-12 16:43 - 00000000 ____D () C:\Users\spn\Desktop\King 2014-05-06 12:33 - 2014-05-06 11:32 - 00000000 ____D () C:\Users\spn\AppData\Roaming\Winamp 2014-05-06 11:33 - 2014-05-06 11:32 - 00000000 ____D () C:\Program Files (x86)\Winamp 2014-05-06 11:32 - 2014-05-06 11:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp 2014-05-04 18:58 - 2014-01-26 00:30 - 00000000 ____D () C:\Users\spn\Desktop\parts 2014-05-01 21:20 - 2014-03-18 01:35 - 00000000 ____D () C:\Program Files (x86)\Mega Browse 2014-05-01 20:49 - 2010-11-21 05:47 - 00103800 _____ () C:\Windows\PFRO.log 2014-04-29 12:33 - 2014-05-06 01:19 - 00000000 ____D () C:\Users\spn\Desktop\Camulos-Leichenlieder Some content of TEMP: ==================== C:\Users\Gast\AppData\Local\Temp\avgnt.exe C:\Users\musique\AppData\Local\Temp\avgnt.exe C:\Users\spn\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-20 10:25 ==================== End Of Log ============================ --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2014 Ran by spn at 2014-05-20 21:31:23 Running from C:\Users\spn\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Adobe Bridge 1.0 (x32 Version: 001.000.001 - Adobe Systems) Hidden Adobe Common File Installer (x32 Version: 1.00.001 - Adobe System Incorporated) Hidden Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.43 - Adobe Systems Incorporated) Adobe Help Center 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.) Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden Adobe Photoshop Lightroom 5 64-bit (HKLM\...\{6C1A010F-9108-4162-A26F-9FEC4AC0F0F0}) (Version: 5.0.1 - Adobe) Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Adobe Stock Photos 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira) Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 15.0.7.3 - Broadcom Corporation) Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 15.0.7.1 - Broadcom Corporation) DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd) ETDWare PS/2-X64 10.6.9.9_WHQL (HKLM\...\Elantech) (Version: 10.6.9.9 - ELAN Microelectronic Corp.) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH) Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.15 - Acer Inc.) Mega Browse (HKLM\...\Mega Browse) (Version: 2014.03.17.213545 - Mega Browse) <==== ATTENTION Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org) Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation) Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 3.0 - Qualcomm Atheros) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6543 - Realtek Semiconductor Corp.) Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) ==================== Restore Points ========================= 20-05-2014 08:32:30 Geplanter Prüfpunkt ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= ==================== Loaded Modules (whitelisted) ============= 2014-01-25 23:16 - 2012-03-27 02:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-03-18 13:04 - 2014-05-20 10:06 - 00317352 _____ () C:\Program Files (x86)\Mega Browse\bin\utilMegaBrowse.exe 2014-03-17 23:35 - 2014-05-20 10:39 - 00317352 _____ () C:\Program Files (x86)\Mega Browse\updateMegaBrowse.exe 2014-01-25 23:19 - 2014-01-25 23:19 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b6584c7e1f3d6d28c1a2b189a5d8831f\IsdiInterop.ni.dll 2014-01-25 23:19 - 2012-02-01 17:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2014-01-25 23:20 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2014-05-11 13:21 - 2014-05-11 13:21 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-01-26 19:22 - 2014-01-26 19:22 - 16287624 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (05/20/2014 10:04:18 AM) (Source: MsiInstaller) (EventID: 1024) (User: spn-PC) Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127 Error: (05/20/2014 10:03:21 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/20/2014 00:14:33 AM) (Source: MsiInstaller) (EventID: 1024) (User: spn-PC) Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127 Error: (05/20/2014 00:11:59 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/12/2014 11:36:01 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/11/2014 01:05:58 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/07/2014 11:34:00 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/06/2014 07:52:51 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/04/2014 06:13:41 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/04/2014 01:38:39 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (05/11/2014 09:23:58 PM) (Source: Disk) (EventID: 15) (User: ) Description: Das Gerät \Device\Harddisk1\DR1 ist für den Zugriff noch nicht bereit. Error: (04/06/2014 06:04:03 PM) (Source: Disk) (EventID: 15) (User: ) Description: Das Gerät \Device\Harddisk1\DR2 ist für den Zugriff noch nicht bereit. Error: (03/23/2014 09:55:49 PM) (Source: DCOM) (EventID: 10016) (User: spn-PC) Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}spn-PCGastS-1-5-21-1465624499-1118469149-3256503245-501LocalHost (unter Verwendung von LRPC) Error: (03/23/2014 09:02:29 PM) (Source: DCOM) (EventID: 10016) (User: spn-PC) Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}spn-PCGastS-1-5-21-1465624499-1118469149-3256503245-501LocalHost (unter Verwendung von LRPC) Error: (03/23/2014 09:01:14 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (03/23/2014 09:00:51 PM) (Source: DCOM) (EventID: 10016) (User: spn-PC) Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}spn-PCGastS-1-5-21-1465624499-1118469149-3256503245-501LocalHost (unter Verwendung von LRPC) Error: (03/23/2014 09:00:51 PM) (Source: DCOM) (EventID: 10016) (User: spn-PC) Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}spn-PCGastS-1-5-21-1465624499-1118469149-3256503245-501LocalHost (unter Verwendung von LRPC) Error: (03/23/2014 01:55:59 PM) (Source: DCOM) (EventID: 10016) (User: spn-PC) Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}spn-PCGastS-1-5-21-1465624499-1118469149-3256503245-501LocalHost (unter Verwendung von LRPC) Error: (03/23/2014 01:54:46 PM) (Source: DCOM) (EventID: 10016) (User: spn-PC) Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}spn-PCGastS-1-5-21-1465624499-1118469149-3256503245-501LocalHost (unter Verwendung von LRPC) Error: (03/23/2014 01:54:44 PM) (Source: DCOM) (EventID: 10016) (User: spn-PC) Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}spn-PCGastS-1-5-21-1465624499-1118469149-3256503245-501LocalHost (unter Verwendung von LRPC) Microsoft Office Sessions: ========================= Error: (05/20/2014 10:04:18 AM) (Source: MsiInstaller) (EventID: 1024) (User: spn-PC) Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL) Error: (05/20/2014 10:03:21 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/20/2014 00:14:33 AM) (Source: MsiInstaller) (EventID: 1024) (User: spn-PC) Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL) Error: (05/20/2014 00:11:59 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/12/2014 11:36:01 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/11/2014 01:05:58 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/07/2014 11:34:00 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/06/2014 07:52:51 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/04/2014 06:13:41 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/04/2014 01:38:39 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Percentage of memory in use: 55% Total physical RAM: 3912.36 MB Available physical RAM: 1723.62 MB Total Pagefile: 7822.92 MB Available Pagefile: 5449.31 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:97.56 GB) (Free:62.41 GB) NTFS Drive f: (Daten) (Fixed) (Total:368.1 GB) (Free:310.52 GB) NTFS Drive g: (OFFICE12) (CDROM) (Total:0.5 GB) (Free:0 GB) CDFS Drive i: (CANON_EOS) (Removable) (Total:3.7 GB) (Free:2.97 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: F306FAD9) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=98 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=368 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 4 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================ |
20.05.2014, 22:40 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | MegaBrowse / Swift Browse Virenmeldung alle 2-3 Minuten Hi und
__________________Adware/Junkware/Toolbars entfernen 1. Schritt: Malwarebytes Downloade Dir bitte Malwarebytes Anti-Malware
2. Schritt: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
3. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
4. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
Themen zu MegaBrowse / Swift Browse Virenmeldung alle 2-3 Minuten |
4d36e972-e325-11ce-bfc1-08002be10318, antivir, association, avira, binden, canon, einbinden, erscheint, fehlercode 1, fehlermeldung, forum, gefunde, gesurft, google, launch, meldung, minute, minuten, nervt, nichts, normale, normalen, posting, seitdem, seite, seiten, surfe, surfen, taucht, teredo, wenig |