| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows 8 öffnet 100 von Browser Fenstern mit dem link 98uji.....Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.08.2014, 22:12
| #1 | |
| |  Windows 8 öffnet 100 von Browser Fenstern mit dem link 98uji..... Hey Liebes Team, ich habe seit gerade eben, ein Problem, dass sich hunderte von Tabs öffnen mit dem link 98uj....... ich kann nichts machen außer meinen Computer neustarten um den Spuck zu beenden, dennoch brauche ich hilfe ich habe nun einen Scan mit Avast gemacht und mit Anti Maleware Anti Maleware Code: Zitat:
|
|
03.08.2014, 22:24
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows 8 öffnet 100 von Browser Fenstern mit dem link 98uji..... Hi und
__________________ Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
03.08.2014, 22:49
| #3 | ||
| | Windows 8 öffnet 100 von Browser Fenstern mit dem link 98uji..... Danke Dir, dass du dich meinem Problem animmst hier die geforderten datein:
__________________AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.302 - Bericht erstellt am 03/08/2014 um 23:28:25
# Aktualisiert 30/07/2014 von Xplode
# Betriebssystem : Windows 8.1 Pro (64 bits)
# Benutzername : Marvin - MARVIN-PC
# Gestartet von : C:\Users\Marvin\Desktop\adwcleaner_3.302.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : IePluginServices
[#] Dienst Gelöscht : Wpm
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files (x86)\MediaBuzzV1
Ordner Gelöscht : C:\Program Files (x86)\RichMediaViewV1
Ordner Gelöscht : C:\Users\Marvin\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Marvin\AppData\Local\Temp\webget
Ordner Gelöscht : C:\Users\Marvin\AppData\Roaming\sweet-page
Datei Gelöscht : C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASMANCS
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\Software\SupDp
Schlüssel Gelöscht : HKLM\Software\SupTab
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\Wpm
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~1.DLL
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~2.DLL
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17126
-\\ Mozilla Firefox v31.0 (x86 de)
[ Datei : C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\2qprc40m.default\prefs.js ]
-\\ Google Chrome v36.0.1985.125
[ Datei : C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Extension] : bopakagnckmlgajfccecajhnimjiiedh
*************************
AdwCleaner[R0].txt - [3401 octets] - [03/08/2014 23:27:02]
AdwCleaner[S0].txt - [3272 octets] - [03/08/2014 23:28:25]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3332 octets] ##########
Zitat:
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014 Ran by Marvin (administrator) on MARVIN-PC on 03-08-2014 23:47:05 Running from C:\Users\Marvin\Downloads Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\livecomm.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHJE.EXE (Spotify Ltd) C:\Users\Marvin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHJE.EXE (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5694640 2013-08-16] (VIA) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.) HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKU\S-1-5-21-1558844064-977152752-1788893837-1001\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-1558844064-977152752-1788893837-1001\...\Run: [Dxtory Update Checker 2.0] => D:\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software) HKU\S-1-5-21-1558844064-977152752-1788893837-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHJE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-1558844064-977152752-1788893837-1001\...\Run: [Spotify] => C:\Users\Marvin\AppData\Roaming\Spotify\Spotify.exe [6162488 2014-07-28] (Spotify Ltd) HKU\S-1-5-21-1558844064-977152752-1788893837-1001\...\Run: [Spotify Web Helper] => C:\Users\Marvin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-28] (Spotify Ltd) HKU\S-1-5-21-1558844064-977152752-1788893837-1001\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHJE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-1558844064-977152752-1788893837-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21648480 2014-07-02] (Skype Technologies S.A.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE7C347E71F72CF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=prc265 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> No File BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\2qprc40m.default FF SearchEngineOrder.1: Yahoo! (Avast) FF Keyword.URL: hxxp://de.yhs4.search.yahoo.com/yhs/search FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF SearchPlugin: C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\2qprc40m.default\searchplugins\yahoo-avast.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Adblock Plus - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\2qprc40m.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-06] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-18] FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR HomePage: CHR StartupUrls: "https://de.yahoo.com?fr=hp-avast&type=avastbcl" CHR DefaultSearchKeyword: www.yahoo.com CHR DefaultNewTabURL: CHR Extension: (Google Docs) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-01] CHR Extension: (Google Drive) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-01] CHR Extension: (YouTube) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-01] CHR Extension: (Google-Suche) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-01] CHR Extension: (Google Wallet) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-01] CHR Extension: (Google Mail) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-01] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-24] CHR HKLM-x32\...\Chrome\Extension: [ldkpceoalofkiebeehmogjchofmanjng] - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode5461\ch\MediaBuzzV1mode5461.crx [2014-07-24] CHR HKLM-x32\...\Chrome\Extension: [mhmfagboamjggejikghpdnogclccoboe] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release7137\ch\RichMediaViewV1release7137.crx [2014-07-24] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-24] (AVAST Software) U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-02-07] () S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed] S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-24] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-24] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-24] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-24] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-24] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-24] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-24] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-24] () S3 h643352; C:\Windows\System32\drivers\h643352.sys [67432 2012-07-11] (Your Corporation) S3 hid3352; C:\Windows\SysWOW64\drivers\hid3352.sys [45672 2012-07-11] (Your Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-03] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] () R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-03 23:47 - 2014-08-03 23:47 - 00019686 _____ () C:\Users\Marvin\Downloads\FRST.txt 2014-08-03 23:46 - 2014-08-03 23:47 - 00000000 ____D () C:\FRST 2014-08-03 23:46 - 2014-08-03 23:46 - 00000845 _____ () C:\Users\Marvin\Desktop\JRT.txt 2014-08-03 23:35 - 2014-08-03 23:35 - 02094080 _____ (Farbar) C:\Users\Marvin\Downloads\FRST64.exe 2014-08-03 23:34 - 2014-08-03 23:34 - 01016261 _____ (Thisisu) C:\Users\Marvin\Downloads\JRT.exe 2014-08-03 23:34 - 2014-08-03 23:34 - 00000000 ____D () C:\Windows\ERUNT 2014-08-03 23:32 - 2014-08-03 23:32 - 00003424 _____ () C:\Users\Marvin\Desktop\AdwCleaner[S0].txt 2014-08-03 23:28 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-08-03 23:26 - 2014-08-03 23:28 - 00000000 ____D () C:\AdwCleaner 2014-08-03 23:26 - 2014-08-03 23:26 - 01361309 _____ () C:\Users\Marvin\Desktop\adwcleaner_3.302.exe 2014-08-03 22:52 - 2014-08-03 23:40 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-03 22:51 - 2014-08-03 22:51 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-03 22:51 - 2014-08-03 22:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-03 22:51 - 2014-08-03 22:51 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-03 22:51 - 2014-08-03 22:51 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-08-03 22:51 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-03 22:51 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-03 22:51 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-08-03 22:48 - 2014-08-03 22:48 - 00826192 _____ (Chip Digital GmbH) C:\Users\Marvin\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe 2014-08-03 19:17 - 2014-08-03 19:17 - 00325807 _____ () C:\Users\Marvin\Downloads\Multiverse-Core-2.4.jar 2014-08-03 19:13 - 2014-08-03 19:13 - 00819871 _____ () C:\Users\Marvin\Downloads\lever-race.zip 2014-08-03 18:47 - 2014-08-03 18:47 - 00900139 _____ () C:\Users\Marvin\Downloads\worldedit-5.6.3.zip 2014-08-03 18:42 - 2014-08-03 18:42 - 00000000 ____D () C:\Users\Marvin\Desktop\Bewerbungen 2014-08-03 17:22 - 2014-08-03 17:22 - 00001558 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk 2014-08-03 01:28 - 2014-08-03 22:10 - 00000000 ____D () C:\Users\Marvin\Desktop\1 Hungerspiele 2014-07-31 12:06 - 2014-07-31 12:06 - 00094229 _____ () C:\Users\Marvin\Downloads\PvPStats.zip 2014-07-30 20:55 - 2014-07-30 20:55 - 00000000 ____D () C:\Users\Marvin\Desktop\FTB_BackUp 2014-07-30 20:54 - 2014-07-30 20:55 - 27896541 _____ () C:\Users\Marvin\Downloads\world.rar 2014-07-30 20:32 - 2014-07-30 20:32 - 27874473 _____ () C:\Users\Marvin\Desktop\FTB_BackUP.rar 2014-07-30 16:45 - 2014-07-30 16:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-29 19:57 - 2014-07-29 19:58 - 06903445 _____ () C:\Users\Marvin\Downloads\CraftillDawn-Starter-Icon-Package-v7.0.zip 2014-07-29 18:54 - 2014-07-29 18:54 - 19972216 _____ () C:\Users\Marvin\Downloads\craftbukkit-1.7.2-R0.3.jar 2014-07-29 18:17 - 2014-07-29 18:17 - 20453584 _____ () C:\Users\Marvin\Downloads\craftbukkit-1.7.9-R0.2(1).jar 2014-07-29 16:07 - 2014-07-29 16:14 - 356222835 _____ () C:\Users\Marvin\Downloads\MB_O530G_O530_O520_FIX.rar 2014-07-29 15:52 - 2014-07-29 15:52 - 04493939 _____ () C:\Users\Marvin\Downloads\AddOn_MAK_MB_O530G_Vestische_SB.rar 2014-07-28 23:00 - 2014-07-29 16:14 - 00000000 ____D () C:\Users\Marvin\Desktop\Omsi 2 2014-07-27 13:17 - 2014-07-27 13:17 - 03678445 _____ () C:\Users\Marvin\Downloads\BP Hacker_ FlynnTrotter123.mp4 2014-07-27 13:03 - 2014-07-27 13:04 - 04619770 _____ () C:\Users\Marvin\Downloads\jman203315 Hacker Report.mp4 2014-07-27 12:09 - 2014-04-14 05:29 - 01018880 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-07-27 12:07 - 2014-07-27 12:07 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-07-26 22:04 - 2014-07-26 22:08 - 00000000 ____D () C:\Users\Marvin\AppData\Local\DayZ 2014-07-26 17:15 - 2014-07-26 17:15 - 00000000 ____D () C:\Windows\USB_Vibration 2014-07-26 17:15 - 2012-07-11 10:57 - 00067432 _____ (Your Corporation) C:\Windows\system32\Drivers\h643352.sys 2014-07-26 17:15 - 2012-07-11 10:57 - 00045672 _____ (Your Corporation) C:\Windows\SysWOW64\Drivers\hid3352.sys 2014-07-26 17:15 - 2012-07-11 10:57 - 00009932 _____ () C:\Windows\SysWOW64\Drivers\hid3352.cat 2014-07-26 17:15 - 2012-05-10 13:54 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\USBMAX.cpl 2014-07-26 17:14 - 2014-07-26 17:14 - 00000000 ____D () C:\Program Files (x86)\USB_Vibration 2014-07-26 16:36 - 2014-07-26 16:36 - 00000000 ____D () C:\Lizenz 2014-07-26 16:28 - 2014-07-26 16:28 - 00510832 _____ () C:\Users\Marvin\Downloads\ujwMr.zip 2014-07-26 00:15 - 2014-07-26 00:15 - 04856320 _____ () C:\Users\Marvin\Downloads\tpl21.tar 2014-07-24 20:54 - 2014-07-24 20:54 - 34103034 _____ () C:\Users\Marvin\Downloads\modpacks^Ultimate^1_1_2^Ultimate_Server.zip 2014-07-24 20:52 - 2014-08-03 14:47 - 00000000 ____D () C:\Users\Marvin\AppData\Local\ftblauncher 2014-07-24 20:52 - 2014-07-24 20:52 - 04980105 _____ () C:\Users\Marvin\Desktop\launcher^FTB_Launcher.exe 2014-07-24 14:08 - 2014-07-24 14:08 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-07-24 14:08 - 2014-07-24 14:08 - 00001982 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-07-24 12:29 - 2014-07-24 12:29 - 00614177 _____ () C:\Users\Marvin\Downloads\hacker TrygOien.mp4 2014-07-24 12:13 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-07-24 12:13 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-07-24 12:13 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-07-24 12:13 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-07-24 12:13 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-07-24 12:13 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-07-24 12:13 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-07-24 12:13 - 2014-06-19 01:46 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-07-24 12:13 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-07-24 12:13 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-07-24 12:13 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-07-24 12:13 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-07-24 12:13 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-07-24 12:13 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-07-24 12:13 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-07-24 12:13 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-07-24 12:13 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-07-24 12:13 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-07-24 12:13 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-07-24 12:13 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-07-24 12:13 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-07-24 12:13 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-07-24 12:13 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-07-24 12:13 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-07-24 12:13 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-07-24 12:13 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-07-24 12:13 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-07-24 12:13 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-07-24 12:13 - 2014-06-17 00:24 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-07-24 12:13 - 2014-06-06 16:20 - 04190720 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-07-24 12:13 - 2014-06-06 15:04 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-07-24 12:13 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-07-24 12:13 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-07-24 12:13 - 2014-05-29 14:02 - 00565576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2014-07-24 12:13 - 2014-05-29 09:55 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-07-24 12:13 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-07-24 12:13 - 2014-05-29 08:37 - 00436224 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2014-07-24 12:13 - 2014-05-29 07:34 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2014-07-24 12:13 - 2014-05-29 07:27 - 01417216 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-07-24 12:12 - 2014-07-01 00:45 - 00688128 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-07-24 12:12 - 2014-06-28 09:48 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-07-24 12:12 - 2014-06-28 09:07 - 00385536 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2014-07-24 12:11 - 2014-05-31 12:07 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-07-24 12:11 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll 2014-07-24 12:11 - 2014-05-31 05:40 - 13287936 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll 2014-07-24 12:11 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2014-07-24 12:11 - 2014-05-31 05:12 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-07-24 12:11 - 2014-05-31 05:06 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-07-24 12:11 - 2014-05-31 05:03 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-07-24 12:11 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-07-24 12:11 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-07-24 12:11 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-07-24 12:11 - 2014-05-31 04:48 - 03463680 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-07-24 12:11 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll 2014-07-24 12:11 - 2014-05-31 04:36 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll 2014-07-24 12:11 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll 2014-07-24 12:11 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll 2014-07-24 12:03 - 2014-07-24 12:03 - 00002533 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-07-24 12:03 - 2014-07-24 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-07-24 12:02 - 2014-07-24 12:02 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Marvin\Downloads\SkypeSetup.exe 2014-07-04 15:39 - 2014-07-04 15:39 - 00000613 _____ () C:\Users\Public\Desktop\Aerosoft Launcher.lnk 2014-07-04 15:39 - 2014-07-04 15:39 - 00000000 ____D () C:\Aerosoft 2014-07-04 15:37 - 2014-07-04 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aerosoft ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-03 23:48 - 2014-02-06 23:06 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Skype 2014-08-03 23:47 - 2014-08-03 23:47 - 00019686 _____ () C:\Users\Marvin\Downloads\FRST.txt 2014-08-03 23:47 - 2014-08-03 23:46 - 00000000 ____D () C:\FRST 2014-08-03 23:47 - 2014-02-06 22:31 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1558844064-977152752-1788893837-1001 2014-08-03 23:46 - 2014-08-03 23:46 - 00000845 _____ () C:\Users\Marvin\Desktop\JRT.txt 2014-08-03 23:41 - 2014-04-01 12:36 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-08-03 23:40 - 2014-08-03 22:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-03 23:40 - 2014-06-02 21:18 - 02082669 _____ () C:\Windows\WindowsUpdate.log 2014-08-03 23:40 - 2014-05-20 13:52 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Spotify 2014-08-03 23:40 - 2014-04-01 12:35 - 00001126 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-03 23:40 - 2014-02-06 22:27 - 00000000 __RDO () C:\Users\Marvin\SkyDrive 2014-08-03 23:39 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-03 23:38 - 2014-02-06 23:22 - 00098312 _____ () C:\Windows\PFRO.log 2014-08-03 23:38 - 2014-02-06 22:48 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-08-03 23:38 - 2013-08-22 15:25 - 00524288 ___SH () C:\Windows\system32\config\BBI 2014-08-03 23:36 - 2014-02-06 22:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-03 23:35 - 2014-08-03 23:35 - 02094080 _____ (Farbar) C:\Users\Marvin\Downloads\FRST64.exe 2014-08-03 23:34 - 2014-08-03 23:34 - 01016261 _____ (Thisisu) C:\Users\Marvin\Downloads\JRT.exe 2014-08-03 23:34 - 2014-08-03 23:34 - 00000000 ____D () C:\Windows\ERUNT 2014-08-03 23:33 - 2014-02-06 22:28 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{4AA0648D-9BA6-4C21-AAB8-012CDCBE1B15} 2014-08-03 23:32 - 2014-08-03 23:32 - 00003424 _____ () C:\Users\Marvin\Desktop\AdwCleaner[S0].txt 2014-08-03 23:30 - 2013-08-22 16:44 - 05189200 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-03 23:29 - 2014-02-06 22:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-08-03 23:29 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Help 2014-08-03 23:28 - 2014-08-03 23:26 - 00000000 ____D () C:\AdwCleaner 2014-08-03 23:26 - 2014-08-03 23:26 - 01361309 _____ () C:\Users\Marvin\Desktop\adwcleaner_3.302.exe 2014-08-03 23:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru 2014-08-03 22:59 - 2014-02-09 23:00 - 01022976 ___SH () C:\Users\Marvin\Downloads\Thumbs.db 2014-08-03 22:51 - 2014-08-03 22:51 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-03 22:51 - 2014-08-03 22:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-03 22:51 - 2014-08-03 22:51 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-03 22:51 - 2014-08-03 22:51 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-08-03 22:50 - 2014-04-01 12:35 - 00001130 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-03 22:48 - 2014-08-03 22:48 - 00826192 _____ (Chip Digital GmbH) C:\Users\Marvin\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe 2014-08-03 22:10 - 2014-08-03 01:28 - 00000000 ____D () C:\Users\Marvin\Desktop\1 Hungerspiele 2014-08-03 22:10 - 2014-06-02 22:52 - 00000000 ____D () C:\Users\Marvin\Desktop\Plugin Verkauf 2014-08-03 21:52 - 2014-04-19 03:23 - 00000600 _____ () C:\Users\Marvin\AppData\Roaming\winscp.rnd 2014-08-03 21:52 - 2014-02-11 20:37 - 00000600 _____ () C:\Users\Marvin\AppData\Local\PUTTY.RND 2014-08-03 21:49 - 2014-02-09 23:56 - 00000132 _____ () C:\Users\Marvin\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen 2014-08-03 20:04 - 2014-05-02 14:30 - 00000000 ____D () C:\Users\Marvin\Desktop\Pics 2014-08-03 19:38 - 2014-02-07 13:51 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\.minecraft 2014-08-03 19:17 - 2014-08-03 19:17 - 00325807 _____ () C:\Users\Marvin\Downloads\Multiverse-Core-2.4.jar 2014-08-03 19:13 - 2014-08-03 19:13 - 00819871 _____ () C:\Users\Marvin\Downloads\lever-race.zip 2014-08-03 18:47 - 2014-08-03 18:47 - 00900139 _____ () C:\Users\Marvin\Downloads\worldedit-5.6.3.zip 2014-08-03 18:42 - 2014-08-03 18:42 - 00000000 ____D () C:\Users\Marvin\Desktop\Bewerbungen 2014-08-03 18:33 - 2014-02-06 22:26 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Adobe 2014-08-03 17:30 - 2014-02-08 19:39 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe 2014-08-03 17:28 - 2014-03-01 22:40 - 00000000 ____D () C:\Users\Marvin\AppData\Local\CrashDumps 2014-08-03 17:26 - 2014-08-03 17:26 - 00001167 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CC.lnk 2014-08-03 17:26 - 2014-08-03 17:23 - 00000000 ____D () C:\Program Files\Adobe 2014-08-03 17:26 - 2014-02-08 19:35 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-08-03 17:25 - 2014-08-03 17:25 - 00001059 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC.lnk 2014-08-03 17:24 - 2014-08-03 17:24 - 00000000 ____D () C:\adobeTemp 2014-08-03 17:23 - 2014-02-08 19:08 - 00000000 ____D () C:\ProgramData\Adobe 2014-08-03 17:22 - 2014-08-03 17:22 - 00001558 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk 2014-08-03 16:56 - 2014-08-03 16:56 - 00000000 ____D () C:\Adobe 2014-08-03 14:47 - 2014-07-24 20:52 - 00000000 ____D () C:\Users\Marvin\AppData\Local\ftblauncher 2014-08-03 14:46 - 2014-04-20 20:55 - 00000000 ____D () C:\FTB 2014-08-03 11:45 - 2014-02-11 19:39 - 00965120 ___SH () C:\Users\Marvin\Desktop\Thumbs.db 2014-08-03 02:00 - 2014-02-08 19:07 - 00000000 ____D () C:\Users\Marvin\AppData\Local\Adobe 2014-08-02 22:52 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness 2014-07-31 23:38 - 2014-02-06 22:33 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-07-31 12:45 - 2014-02-11 18:43 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\FileZilla 2014-07-31 12:06 - 2014-07-31 12:06 - 00094229 _____ () C:\Users\Marvin\Downloads\PvPStats.zip 2014-07-30 20:55 - 2014-07-30 20:55 - 00000000 ____D () C:\Users\Marvin\Desktop\FTB_BackUp 2014-07-30 20:55 - 2014-07-30 20:54 - 27896541 _____ () C:\Users\Marvin\Downloads\world.rar 2014-07-30 20:32 - 2014-07-30 20:32 - 27874473 _____ () C:\Users\Marvin\Desktop\FTB_BackUP.rar 2014-07-30 16:45 - 2014-07-30 16:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-30 15:39 - 2014-05-20 13:54 - 00000000 ____D () C:\Users\Marvin\AppData\Local\Spotify 2014-07-29 19:58 - 2014-07-29 19:57 - 06903445 _____ () C:\Users\Marvin\Downloads\CraftillDawn-Starter-Icon-Package-v7.0.zip 2014-07-29 18:54 - 2014-07-29 18:54 - 19972216 _____ () C:\Users\Marvin\Downloads\craftbukkit-1.7.2-R0.3.jar 2014-07-29 18:17 - 2014-07-29 18:17 - 20453584 _____ () C:\Users\Marvin\Downloads\craftbukkit-1.7.9-R0.2(1).jar 2014-07-29 16:14 - 2014-07-29 16:07 - 356222835 _____ () C:\Users\Marvin\Downloads\MB_O530G_O530_O520_FIX.rar 2014-07-29 16:14 - 2014-07-28 23:00 - 00000000 ____D () C:\Users\Marvin\Desktop\Omsi 2 2014-07-29 15:52 - 2014-07-29 15:52 - 04493939 _____ () C:\Users\Marvin\Downloads\AddOn_MAK_MB_O530G_Vestische_SB.rar 2014-07-28 21:37 - 2014-02-17 23:21 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-07-28 21:36 - 2014-02-17 23:21 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-07-27 23:23 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData 2014-07-27 23:23 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-07-27 23:23 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-07-27 23:23 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore 2014-07-27 23:22 - 2014-02-20 20:16 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\TS3Client 2014-07-27 13:17 - 2014-07-27 13:17 - 03678445 _____ () C:\Users\Marvin\Downloads\BP Hacker_ FlynnTrotter123.mp4 2014-07-27 13:04 - 2014-07-27 13:03 - 04619770 _____ () C:\Users\Marvin\Downloads\jman203315 Hacker Report.mp4 2014-07-27 12:14 - 2014-04-15 17:12 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-07-27 12:14 - 2014-02-06 23:40 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-27 12:14 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp 2014-07-27 12:11 - 2014-02-06 23:39 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-07-27 12:09 - 2014-02-17 23:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-07-27 12:09 - 2013-09-30 05:59 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-27 12:07 - 2014-07-27 12:07 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-07-26 22:08 - 2014-07-26 22:04 - 00000000 ____D () C:\Users\Marvin\AppData\Local\DayZ 2014-07-26 22:08 - 2014-02-06 22:41 - 00000000 ____D () C:\Users\Marvin\Documents\DayZ 2014-07-26 17:15 - 2014-07-26 17:15 - 00000000 ____D () C:\Windows\USB_Vibration 2014-07-26 17:15 - 2014-02-06 22:52 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-07-26 17:14 - 2014-07-26 17:14 - 00000000 ____D () C:\Program Files (x86)\USB_Vibration 2014-07-26 16:36 - 2014-07-26 16:36 - 00000000 ____D () C:\Lizenz 2014-07-26 16:28 - 2014-07-26 16:28 - 00510832 _____ () C:\Users\Marvin\Downloads\ujwMr.zip 2014-07-26 00:15 - 2014-07-26 00:15 - 04856320 _____ () C:\Users\Marvin\Downloads\tpl21.tar 2014-07-24 20:55 - 2014-04-20 20:52 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\ftblauncher 2014-07-24 20:54 - 2014-07-24 20:54 - 34103034 _____ () C:\Users\Marvin\Downloads\modpacks^Ultimate^1_1_2^Ultimate_Server.zip 2014-07-24 20:52 - 2014-07-24 20:52 - 04980105 _____ () C:\Users\Marvin\Desktop\launcher^FTB_Launcher.exe 2014-07-24 14:08 - 2014-07-24 14:08 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-07-24 14:08 - 2014-07-24 14:08 - 00001982 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-07-24 14:08 - 2014-05-18 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast 2014-07-24 14:08 - 2014-05-18 16:26 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2014-07-24 14:08 - 2014-05-18 16:26 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-07-24 14:08 - 2014-05-18 16:26 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-07-24 14:08 - 2014-05-18 16:26 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-07-24 14:08 - 2014-05-18 16:26 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-07-24 14:08 - 2014-05-18 16:26 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-07-24 14:08 - 2014-05-18 16:26 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-07-24 14:08 - 2014-05-18 16:26 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-07-24 14:08 - 2014-05-18 16:26 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-07-24 14:08 - 2014-05-18 16:26 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-07-24 12:36 - 2014-02-06 22:33 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-07-24 12:29 - 2014-07-24 12:29 - 00614177 _____ () C:\Users\Marvin\Downloads\hacker TrygOien.mp4 2014-07-24 12:03 - 2014-07-24 12:03 - 00002533 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-07-24 12:03 - 2014-07-24 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-07-24 12:03 - 2014-02-06 22:36 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-07-24 12:03 - 2014-02-06 22:36 - 00000000 ____D () C:\ProgramData\Skype 2014-07-24 12:02 - 2014-07-24 12:02 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Marvin\Downloads\SkypeSetup.exe 2014-07-04 23:12 - 2014-06-18 14:36 - 00000000 ____D () C:\Users\Marvin\Desktop\MC 2014-07-04 15:59 - 2014-07-04 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aerosoft 2014-07-04 15:39 - 2014-07-04 15:39 - 00000613 _____ () C:\Users\Public\Desktop\Aerosoft Launcher.lnk 2014-07-04 15:39 - 2014-07-04 15:39 - 00000000 ____D () C:\Aerosoft 2014-07-04 15:19 - 2014-03-26 16:40 - 00000000 ____D () C:\Games Some content of TEMP: ==================== C:\Users\Marvin\AppData\Local\Temp\AskPIP_FF_.exe C:\Users\Marvin\AppData\Local\Temp\dotnetfx45_full_setup.exe C:\Users\Marvin\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\Marvin\AppData\Local\Temp\jansi-64-git-Bukkit-1.7.2-R0.3-14-g8f8716c-b3042jnks.dll C:\Users\Marvin\AppData\Local\Temp\jansi-64-git-Bukkit-1.7.2-R0.3-b3020jnks.dll C:\Users\Marvin\AppData\Local\Temp\jansi-64-git-Bukkit-1.7.9-R0.2-1-ga6e0bfd-b3095jnks.dll C:\Users\Marvin\AppData\Local\Temp\npp.6.5.4.Installer.exe C:\Users\Marvin\AppData\Local\Temp\npp.6.5.5.Installer.exe C:\Users\Marvin\AppData\Local\Temp\nv3DVStreaming.dll C:\Users\Marvin\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Marvin\AppData\Local\Temp\nvSCPAPI64.dll C:\Users\Marvin\AppData\Local\Temp\nvStereoApiI.dll C:\Users\Marvin\AppData\Local\Temp\nvStInst.exe C:\Users\Marvin\AppData\Local\Temp\Quarantine.exe C:\Users\Marvin\AppData\Local\Temp\restarter750721907477381351.exe C:\Users\Marvin\AppData\Local\Temp\restarter7840972115023373522.exe C:\Users\Marvin\AppData\Local\Temp\sonarinst.exe C:\Users\Marvin\AppData\Local\Temp\xmlUpdater.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-29 22:44 ==================== End Of Log ============================ --- --- --- --- --- --- Zitat:
Geändert von monat111 (03.08.2014 um 23:15 Uhr) |
|
03.08.2014, 23:26
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 8 öffnet 100 von Browser Fenstern mit dem link 98uji.....Zitat:
 Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html Es geht weiter wenn du alles Illegale entfernt hast. Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
04.08.2014, 10:35
| #5 |
| | Windows 8 öffnet 100 von Browser Fenstern mit dem link 98uji..... o.O ich wusste gar nicht mehr, dass das Programm noch aktiv auf dem rechner läuft da ich längst die Originale version, bzw den Lizenz Key meines Vaters nutze, welchen er von seiner Firma hat. KMSPico wurde deinstalliert ^^  |
|
04.08.2014, 11:08
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 8 öffnet 100 von Browser Fenstern mit dem link 98uji..... Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed]
Hosts: 127.0.0.1 65.52.240.48
Hosts: 127.0.0.1 69.167.144.18
C:\Program Files\KMSpico
C:\Users\Marvin\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\Marvin\AppData\Local\Temp\dotnetfx45_full_setup.exe
C:\Users\Marvin\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Marvin\AppData\Local\Temp\jansi-64-git-Bukkit-1.7.2-R0.3-14-g8f8716c-b3042jnks.dll
C:\Users\Marvin\AppData\Local\Temp\jansi-64-git-Bukkit-1.7.2-R0.3-b3020jnks.dll
C:\Users\Marvin\AppData\Local\Temp\jansi-64-git-Bukkit-1.7.9-R0.2-1-ga6e0bfd-b3095jnks.dll
C:\Users\Marvin\AppData\Local\Temp\npp.6.5.4.Installer.exe
C:\Users\Marvin\AppData\Local\Temp\npp.6.5.5.Installer.exe
C:\Users\Marvin\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Marvin\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Marvin\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Marvin\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Marvin\AppData\Local\Temp\nvStInst.exe
C:\Users\Marvin\AppData\Local\Temp\Quarantine.exe
C:\Users\Marvin\AppData\Local\Temp\restarter750721907477381351.exe
C:\Users\Marvin\AppData\Local\Temp\restarter7840972115023373522.exe
C:\Users\Marvin\AppData\Local\Temp\sonarinst.exe
C:\Users\Marvin\AppData\Local\Temp\xmlUpdater.exe
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ --> Windows 8 öffnet 100 von Browser Fenstern mit dem link 98uji..... |
|
04.08.2014, 11:16
| #7 | |
| | Windows 8 öffnet 100 von Browser Fenstern mit dem link 98uji..... So hier bitte: Zitat:
|
|
04.08.2014, 12:29
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 8 öffnet 100 von Browser Fenstern mit dem link 98uji..... Okay, dann Kontrollscans mit MBAM und ESET bitte: Downloade Dir bitte  Malwarebytes Anti-Malware
ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.08.2014, 20:19
| #9 | ||
| | Windows 8 öffnet 100 von Browser Fenstern mit dem link 98uji..... So nachdem ESET endlich mal fertig geworden ist ;=) Zitat:
Zitat:
|
|
06.08.2014, 00:41
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 8 öffnet 100 von Browser Fenstern mit dem link 98uji..... Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst.exe
C:\Users\Marvin\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.08.2014, 21:34
| #11 | |
| | Windows 8 öffnet 100 von Browser Fenstern mit dem link 98uji.....Zitat:
|
|
06.08.2014, 23:20
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 8 öffnet 100 von Browser Fenstern mit dem link 98uji..... TFC - Temp File Cleaner Lade dir  TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
Sieht soweit ok aus  Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ist aber nur optional. Um Usertracking zu verhindern kann man gut die Firefox-Erweiterung Ghostery verwenden. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Windows 8 öffnet 100 von Browser Fenstern mit dem link 98uji..... |
| avast, beenden, browser, computer, explorer, firefox, ics, installmanager.exe, internet, internet explorer, link, logfile, microsoft, mozilla, neustarten, problem, rootkits, scan, setup, software, system, system32, tabs öffnen, temp, tmp, windows, öffnet |
Linear-Darstellung
