|
Plagegeister aller Art und deren Bekämpfung: Trovi.com entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
19.09.2014, 20:18 | #1 |
| Trovi.com entfernen Hallo zusammen, ich komm beim Start meines Browsers automatisch auf Trovi.com Kann mir jemand helfen das wieder los zu werden? Vielen Dank im Voraus |
19.09.2014, 21:10 | #2 |
/// TB-Ausbilder | Trovi.com entfernenMein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags: So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
|
19.09.2014, 21:30 | #3 |
| Trovi.com entfernen Vielen Dank, für die schnelle Hilfe.
__________________FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014 Ran by Kakki (administrator) on KAKKI-PC on 19-09-2014 22:19:05 Running from C:\Users\Kakki\Downloads Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-20] (AVAST Software) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: http=127.0.0.1:49647;https=127.0.0.1:49647 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com SearchScopes: HKCU - {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta= BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-18] Chrome: ======= CHR CustomProfile: C:\Users\Kakki\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Kakki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-18] CHR Extension: (Google Drive) - C:\Users\Kakki\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-18] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kakki\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-27] CHR Extension: (YouTube) - C:\Users\Kakki\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-18] CHR Extension: (Google Search) - C:\Users\Kakki\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-18] CHR Extension: (Full Screen Flash) - C:\Users\Kakki\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejijbmhbanhbllpkhfojmimfolkjgdl [2014-06-18] CHR Extension: (avast! Online Security) - C:\Users\Kakki\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-18] CHR Extension: (Google Wallet) - C:\Users\Kakki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-18] CHR Extension: (Gmail) - C:\Users\Kakki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-18] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-19] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-19] (AVAST Software) R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-19] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-19] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-07-19] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-19] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-19] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-19] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-07-19] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-19] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-19] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [15872 2013-02-12] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-19 22:19 - 2014-09-19 22:19 - 00009135 _____ () C:\Users\Kakki\Downloads\FRST.txt 2014-09-19 22:18 - 2014-09-19 22:19 - 00000000 ____D () C:\FRST 2014-09-19 22:17 - 2014-09-19 22:17 - 01097728 _____ (Farbar) C:\Users\Kakki\Downloads\FRST.exe 2014-09-19 16:30 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-19 16:30 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-19 16:30 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-19 16:30 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-19 16:30 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-19 16:30 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-19 16:30 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-19 16:30 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-19 16:30 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-19 16:30 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-19 16:30 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-19 16:30 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-19 16:30 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-19 16:30 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-19 16:30 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-19 16:30 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-19 16:30 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-19 16:30 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-19 16:30 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-19 16:30 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-19 16:30 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-19 16:30 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-19 16:30 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-19 16:30 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-19 16:30 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-19 16:30 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-19 16:30 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-19 16:30 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-19 16:30 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-19 16:30 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-19 16:29 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-19 16:16 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-19 16:16 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-19 16:15 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL 2014-09-19 16:15 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL 2014-09-19 16:15 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL 2014-09-19 16:15 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL 2014-09-19 16:15 - 2014-07-09 03:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL 2014-09-19 16:15 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\system32\locale.nls 2014-09-19 16:15 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-19 16:14 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-19 15:37 - 2014-09-19 16:01 - 00000000 ____D () C:\AdwCleaner 2014-09-19 14:58 - 2014-09-19 21:09 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-19 14:58 - 2014-09-19 14:58 - 00001020 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-19 14:58 - 2014-09-19 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-19 14:57 - 2014-09-19 14:58 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-09-19 14:57 - 2014-09-19 14:57 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-19 14:57 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-09-19 14:57 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-09-19 14:57 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-09-19 14:55 - 2014-09-19 14:56 - 01373475 _____ () C:\Users\Kakki\Downloads\AdwCleaner_3.310.exe 2014-09-19 14:51 - 2014-09-19 14:51 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Kakki\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-19 14:37 - 2014-09-19 14:37 - 00000000 ____D () C:\Users\Kakki\.android 2014-09-19 14:33 - 2014-09-19 14:33 - 00001975 _____ () C:\Users\Public\Desktop\MyPhoneExplorer.lnk 2014-09-19 14:33 - 2014-09-19 14:33 - 00000000 ____D () C:\Users\Kakki\AppData\Roaming\MyPhoneExplorer 2014-09-19 14:33 - 2014-09-19 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer 2014-09-19 14:33 - 2014-09-19 14:33 - 00000000 ____D () C:\Program Files\MyPhoneExplorer 2014-09-19 14:32 - 2014-09-19 14:32 - 00000000 ____D () C:\Program Files\Search Extensions 2014-09-19 14:20 - 2014-09-19 14:21 - 07319280 _____ () C:\Users\Kakki\Downloads\MyPhoneExplorer_Setup_1.8.6.exe 2014-09-18 22:36 - 2014-09-18 22:36 - 210619231 _____ () C:\Windows\MEMORY.DMP 2014-09-18 22:36 - 2014-09-18 22:36 - 00152128 _____ () C:\Windows\Minidump\091814-25334-01.dmp 2014-09-01 23:35 - 2014-09-01 23:35 - 00159432 _____ () C:\Windows\Minidump\090114-27081-01.dmp 2014-09-01 21:42 - 2014-09-01 21:42 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-09-01 21:42 - 2014-09-01 21:42 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-09-01 21:42 - 2014-09-01 21:42 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-09-01 21:42 - 2014-09-01 21:42 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-09-01 21:42 - 2014-09-01 21:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-09-01 21:42 - 2014-09-01 21:42 - 00000000 ____D () C:\Program Files\Java 2014-09-01 21:42 - 2014-09-01 21:42 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-08-31 23:38 - 2014-08-31 23:38 - 00159448 _____ () C:\Windows\Minidump\083114-21777-01.dmp 2014-08-29 22:48 - 2014-08-29 22:48 - 04800466 _____ () C:\Users\Kakki\Desktop\Statement.mp4 2014-08-29 16:44 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-29 16:44 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-27 13:21 - 2014-08-27 23:43 - 00000000 ____D () C:\Users\Kakki\AppData\Roaming\Skype 2014-08-27 13:21 - 2014-08-27 13:21 - 00000000 ____D () C:\Users\Kakki\AppData\Local\Skype 2014-08-27 13:20 - 2014-08-27 13:21 - 00000000 ___RD () C:\Program Files\Skype 2014-08-27 13:20 - 2014-08-27 13:21 - 00000000 ____D () C:\ProgramData\Skype 2014-08-27 13:20 - 2014-08-27 13:20 - 00002505 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-08-27 13:20 - 2014-08-27 13:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-08-27 13:20 - 2014-08-27 13:20 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-08-26 19:34 - 2014-08-26 19:34 - 35596384 _____ (Skype Technologies S.A.) C:\Users\Kakki\Downloads\SkypeSetupFull.exe 2014-08-24 18:23 - 2014-08-24 18:23 - 00159392 _____ () C:\Windows\Minidump\082414-24304-01.dmp 2014-08-22 19:14 - 2014-08-22 19:14 - 00135216 _____ () C:\Windows\Minidump\082214-24382-01.dmp 2014-08-22 17:48 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-08-22 17:48 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-08-22 17:48 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-08-22 17:48 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-08-22 17:48 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-08-22 17:48 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-08-22 17:48 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-08-22 17:22 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-08-22 17:22 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-08-22 17:21 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-08-22 17:21 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-08-22 17:15 - 2014-08-22 17:15 - 00000631 _____ () C:\Users\Kakki\Desktop\Mukke - Verknüpfung.lnk 2014-08-22 17:15 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-08-22 17:15 - 2014-07-14 03:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-08-22 17:15 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-08-22 17:15 - 2014-06-16 03:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-08-22 17:15 - 2014-06-16 03:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2014-08-22 17:15 - 2014-06-16 03:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2014-08-22 17:15 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-08-22 17:15 - 2014-06-03 11:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-08-22 17:15 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-08-22 17:15 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-08-22 17:15 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-08-22 17:15 - 2014-05-30 08:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-08-22 17:10 - 2014-08-22 17:10 - 00000000 ____D () C:\Users\Kakki\Desktop\GEZ 2014-08-22 17:05 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-08-22 17:05 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-08-22 17:05 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-08-22 17:05 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-08-22 17:05 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-08-22 17:05 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-08-22 17:05 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-08-22 17:04 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-08-22 17:04 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-08-20 21:57 - 2014-09-04 14:48 - 00000000 ___RD () C:\Users\Kakki\Dropbox 2014-08-20 21:55 - 2014-08-20 21:55 - 00000000 ____D () C:\Users\Kakki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-08-20 21:54 - 2014-09-04 14:46 - 00000000 ____D () C:\Users\Kakki\AppData\Roaming\Dropbox 2014-08-20 21:29 - 2014-08-23 02:37 - 00000000 ____D () C:\Users\Kakki\Desktop\Witwenmacher 2014-08-20 20:42 - 2014-08-20 20:42 - 00000000 ____D () C:\Users\Kakki\AppData\Roaming\OpenOffice 2014-08-20 20:40 - 2014-08-20 20:40 - 00001074 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk 2014-08-20 20:40 - 2014-08-20 20:40 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0 2014-08-20 20:40 - 2014-08-20 20:40 - 00000000 ____D () C:\Program Files\OpenOffice 4 2014-08-20 19:21 - 2014-08-20 19:26 - 00000000 ____D () C:\Users\Kakki\AppData\Roaming\Garmin 2014-08-20 19:21 - 2014-08-20 19:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2014-08-20 19:21 - 2014-08-20 19:21 - 00000000 ____D () C:\Program Files\Garmin 2014-08-20 19:21 - 2014-08-20 19:21 - 00000000 ____D () C:\Program Files\DIFX 2014-08-20 19:18 - 2014-08-20 19:18 - 11390192 _____ () C:\Users\Kakki\Downloads\WebUpdater_WindowsXPSP3andnewer__256.exe 2014-08-20 18:55 - 2014-08-20 18:55 - 00002007 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-19 22:19 - 2014-09-19 22:19 - 00009135 _____ () C:\Users\Kakki\Downloads\FRST.txt 2014-09-19 22:19 - 2014-09-19 22:18 - 00000000 ____D () C:\FRST 2014-09-19 22:17 - 2014-09-19 22:17 - 01097728 _____ (Farbar) C:\Users\Kakki\Downloads\FRST.exe 2014-09-19 22:11 - 2014-06-18 00:24 - 02093875 _____ () C:\Windows\WindowsUpdate.log 2014-09-19 22:11 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache 2014-09-19 21:56 - 2014-06-18 00:45 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-19 21:09 - 2014-09-19 14:58 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-19 17:16 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-09-19 16:56 - 2014-06-18 00:45 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-19 16:44 - 2009-07-14 06:34 - 00033712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-19 16:44 - 2009-07-14 06:34 - 00033712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-19 16:39 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-19 16:38 - 2009-07-14 06:39 - 00036716 _____ () C:\Windows\setupact.log 2014-09-19 16:29 - 2014-06-19 17:59 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-19 16:24 - 2014-06-19 17:59 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-19 16:18 - 2010-11-20 23:01 - 01591896 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-19 16:01 - 2014-09-19 15:37 - 00000000 ____D () C:\AdwCleaner 2014-09-19 16:01 - 2010-11-20 23:48 - 00081918 _____ () C:\Windows\PFRO.log 2014-09-19 15:18 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\tracing 2014-09-19 14:58 - 2014-09-19 14:58 - 00001020 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-19 14:58 - 2014-09-19 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-19 14:58 - 2014-09-19 14:57 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-09-19 14:57 - 2014-09-19 14:57 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-19 14:56 - 2014-09-19 14:55 - 01373475 _____ () C:\Users\Kakki\Downloads\AdwCleaner_3.310.exe 2014-09-19 14:51 - 2014-09-19 14:51 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Kakki\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-19 14:37 - 2014-09-19 14:37 - 00000000 ____D () C:\Users\Kakki\.android 2014-09-19 14:37 - 2014-06-18 00:38 - 00000000 ____D () C:\Users\Kakki 2014-09-19 14:33 - 2014-09-19 14:33 - 00001975 _____ () C:\Users\Public\Desktop\MyPhoneExplorer.lnk 2014-09-19 14:33 - 2014-09-19 14:33 - 00000000 ____D () C:\Users\Kakki\AppData\Roaming\MyPhoneExplorer 2014-09-19 14:33 - 2014-09-19 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer 2014-09-19 14:33 - 2014-09-19 14:33 - 00000000 ____D () C:\Program Files\MyPhoneExplorer 2014-09-19 14:32 - 2014-09-19 14:32 - 00000000 ____D () C:\Program Files\Search Extensions 2014-09-19 14:21 - 2014-09-19 14:20 - 07319280 _____ () C:\Users\Kakki\Downloads\MyPhoneExplorer_Setup_1.8.6.exe 2014-09-18 22:36 - 2014-09-18 22:36 - 210619231 _____ () C:\Windows\MEMORY.DMP 2014-09-18 22:36 - 2014-09-18 22:36 - 00152128 _____ () C:\Windows\Minidump\091814-25334-01.dmp 2014-09-18 22:36 - 2014-06-18 01:20 - 00000000 ____D () C:\Windows\Minidump 2014-09-18 21:18 - 2014-06-18 02:34 - 00000000 ____D () C:\Users\Kakki\AppData\Roaming\vlc 2014-09-18 20:42 - 2014-06-29 17:00 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-09-04 14:48 - 2014-08-20 21:57 - 00000000 ___RD () C:\Users\Kakki\Dropbox 2014-09-04 14:46 - 2014-08-20 21:54 - 00000000 ____D () C:\Users\Kakki\AppData\Roaming\Dropbox 2014-09-01 23:35 - 2014-09-01 23:35 - 00159432 _____ () C:\Windows\Minidump\090114-27081-01.dmp 2014-09-01 21:42 - 2014-09-01 21:42 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-09-01 21:42 - 2014-09-01 21:42 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-09-01 21:42 - 2014-09-01 21:42 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-09-01 21:42 - 2014-09-01 21:42 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-09-01 21:42 - 2014-09-01 21:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-09-01 21:42 - 2014-09-01 21:42 - 00000000 ____D () C:\Program Files\Java 2014-09-01 21:42 - 2014-09-01 21:42 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-08-31 23:38 - 2014-08-31 23:38 - 00159448 _____ () C:\Windows\Minidump\083114-21777-01.dmp 2014-08-30 15:07 - 2009-07-14 06:33 - 00286616 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-29 22:48 - 2014-08-29 22:48 - 04800466 _____ () C:\Users\Kakki\Desktop\Statement.mp4 2014-08-27 23:43 - 2014-08-27 13:21 - 00000000 ____D () C:\Users\Kakki\AppData\Roaming\Skype 2014-08-27 13:21 - 2014-08-27 13:21 - 00000000 ____D () C:\Users\Kakki\AppData\Local\Skype 2014-08-27 13:21 - 2014-08-27 13:20 - 00000000 ___RD () C:\Program Files\Skype 2014-08-27 13:21 - 2014-08-27 13:20 - 00000000 ____D () C:\ProgramData\Skype 2014-08-27 13:20 - 2014-08-27 13:20 - 00002505 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-08-27 13:20 - 2014-08-27 13:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-08-27 13:20 - 2014-08-27 13:20 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-08-26 19:34 - 2014-08-26 19:34 - 35596384 _____ (Skype Technologies S.A.) C:\Users\Kakki\Downloads\SkypeSetupFull.exe 2014-08-25 06:53 - 2014-06-18 00:47 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-08-24 18:23 - 2014-08-24 18:23 - 00159392 _____ () C:\Windows\Minidump\082414-24304-01.dmp 2014-08-23 03:46 - 2014-08-29 16:44 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-23 02:42 - 2014-08-29 16:44 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-23 02:37 - 2014-08-20 21:29 - 00000000 ____D () C:\Users\Kakki\Desktop\Witwenmacher 2014-08-23 02:19 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Public\Libraries 2014-08-22 19:14 - 2014-08-22 19:14 - 00135216 _____ () C:\Windows\Minidump\082214-24382-01.dmp 2014-08-22 17:50 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE 2014-08-22 17:39 - 2010-11-21 02:47 - 00000000 ____D () C:\Program Files\Windows Journal 2014-08-22 17:15 - 2014-08-22 17:15 - 00000631 _____ () C:\Users\Kakki\Desktop\Mukke - Verknüpfung.lnk 2014-08-22 17:10 - 2014-08-22 17:10 - 00000000 ____D () C:\Users\Kakki\Desktop\GEZ 2014-08-20 21:55 - 2014-08-20 21:55 - 00000000 ____D () C:\Users\Kakki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-08-20 21:31 - 2014-06-18 01:02 - 00064024 _____ () C:\Users\Kakki\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-20 20:42 - 2014-08-20 20:42 - 00000000 ____D () C:\Users\Kakki\AppData\Roaming\OpenOffice 2014-08-20 20:40 - 2014-08-20 20:40 - 00001074 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk 2014-08-20 20:40 - 2014-08-20 20:40 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0 2014-08-20 20:40 - 2014-08-20 20:40 - 00000000 ____D () C:\Program Files\OpenOffice 4 2014-08-20 20:38 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2014-08-20 19:26 - 2014-08-20 19:21 - 00000000 ____D () C:\Users\Kakki\AppData\Roaming\Garmin 2014-08-20 19:21 - 2014-08-20 19:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2014-08-20 19:21 - 2014-08-20 19:21 - 00000000 ____D () C:\Program Files\Garmin 2014-08-20 19:21 - 2014-08-20 19:21 - 00000000 ____D () C:\Program Files\DIFX 2014-08-20 19:18 - 2014-08-20 19:18 - 11390192 _____ () C:\Users\Kakki\Downloads\WebUpdater_WindowsXPSP3andnewer__256.exe 2014-08-20 18:55 - 2014-08-20 18:55 - 00002007 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-08-20 18:55 - 2014-06-18 01:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Some content of TEMP: ==================== C:\Users\Kakki\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4hgmdc.dll C:\Users\Kakki\AppData\Local\Temp\Quarantine.exe C:\Users\Kakki\AppData\Local\Temp\System.Data.SQLite.dll C:\Users\Kakki\AppData\Local\Temp\System.Data.SQLite49541.dll C:\Users\Kakki\AppData\Local\Temp\vlc-2.1.5-win32.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-18 23:06 ==================== End Of Log ============================ --- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014 Ran by Kakki at 2014-09-19 22:20:14 Running from C:\Users\Kakki\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Reader XI (11.0.09) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software) Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.) Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries) Garmin WebUpdater (HKLM\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries) Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.) Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle) Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.6 - F.J. Wechselberger) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation) NVIDIA Grafiktreiber 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden OpenOffice 4.1.0 (HKLM\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation) Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.) VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin) WinRAR 5.10 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3947480951-616114426-3985711355-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Kakki\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3947480951-616114426-3985711355-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kakki\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3947480951-616114426-3985711355-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kakki\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3947480951-616114426-3985711355-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kakki\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3947480951-616114426-3985711355-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kakki\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3947480951-616114426-3985711355-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kakki\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3947480951-616114426-3985711355-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kakki\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3947480951-616114426-3985711355-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kakki\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3947480951-616114426-3985711355-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kakki\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 18-09-2014 21:13:35 Geplanter Prüfpunkt 19-09-2014 14:16:34 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1829911D-743F-49CC-AB85-1BE4C166EFF6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-06-18] (Google Inc.) Task: {20BD669C-A6E6-47B0-9F66-9F03BFD621CA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-06-18] (Google Inc.) Task: {857AB1ED-2974-4288-A493-9D1D76ED8F98} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-19] (AVAST Software) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-07-19 15:11 - 2014-07-19 15:11 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll 2014-09-19 14:01 - 2014-09-19 14:01 - 02864128 _____ () C:\Program Files\AVAST Software\Avast\defs\14091900\algo.dll 2014-09-19 21:09 - 2014-09-19 21:09 - 02864128 _____ () C:\Program Files\AVAST Software\Avast\defs\14091901\algo.dll 2014-06-18 00:51 - 2013-01-31 11:00 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll 2014-07-19 15:11 - 2014-07-19 15:11 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-09-19 14:59 - 2014-09-04 05:01 - 01098056 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\libglesv2.dll 2014-09-19 14:59 - 2014-09-04 05:01 - 00174408 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\libegl.dll 2014-09-19 14:59 - 2014-09-04 05:01 - 08577864 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\pdf.dll 2014-09-19 14:59 - 2014-09-04 05:01 - 00331592 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll 2014-09-19 14:59 - 2014-09-04 05:01 - 01660232 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= Name: Microsoft PS/2-Maus Description: Microsoft PS/2-Maus Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Standardtastatur (PS/2) Description: Standardtastatur (PS/2) Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (Standardtastaturen) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (09/19/2014 04:40:15 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/19/2014 04:05:13 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/19/2014 04:02:29 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/19/2014 03:18:45 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/19/2014 02:00:53 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/18/2014 10:37:32 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/18/2014 08:41:59 PM) (Source: MsiInstaller) (EventID: 1024) (User: Kakki-PC) Description: Produkt: Adobe Reader XI (11.0.08) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011009}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127 Error: (09/18/2014 08:40:27 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/04/2014 10:05:10 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/04/2014 01:30:42 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (09/19/2014 04:38:42 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT) Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten. Error: (09/19/2014 04:04:37 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT) Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten. Error: (09/19/2014 04:01:51 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT) Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten. Error: (09/19/2014 03:18:06 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT) Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten. Error: (09/19/2014 02:00:25 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT) Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten. Error: (09/18/2014 10:36:38 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT) Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten. Error: (09/18/2014 10:36:53 PM) (Source: BugCheck) (EventID: 1001) (User: ) Description: 0x0000000a (0x00000001, 0x00000002, 0x00000001, 0x8288f675)C:\Windows\MEMORY.DMP091814-25334-01 Error: (09/18/2014 10:36:50 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 18.09.2014 um 21:59:59 unerwartet heruntergefahren. Error: (09/18/2014 09:23:57 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (09/18/2014 08:39:59 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT) Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten. Microsoft Office Sessions: ========================= Error: (09/19/2014 04:40:15 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/19/2014 04:05:13 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/19/2014 04:02:29 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/19/2014 03:18:45 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/19/2014 02:00:53 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/18/2014 10:37:32 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/18/2014 08:41:59 PM) (Source: MsiInstaller) (EventID: 1024) (User: Kakki-PC) Description: Adobe Reader XI (11.0.08) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL) Error: (09/18/2014 08:40:27 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/04/2014 10:05:10 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/04/2014 01:30:42 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 6000+ Percentage of memory in use: 48% Total physical RAM: 2815.3 MB Available physical RAM: 1449.81 MB Total Pagefile: 5628.9 MB Available Pagefile: 4040.96 MB Total Virtual: 2047.88 MB Available Virtual: 1905.13 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:50 GB) (Free:24.52 GB) NTFS Drive d: (Media) (Fixed) (Total:300 GB) (Free:44.7 GB) NTFS Drive e: (Daten) (Fixed) (Total:115.76 GB) (Free:60.62 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 152.7 GB) (Disk ID: 355FC509) Partition 1: (Not Active) - (Size=3 KB) - (Type=42) Partition 2: (Active) - (Size=152.7 GB) - (Type=42) Partition 3: (Not Active) - (Size=6 MB) - (Type=42) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 0FC00FBF) Partition 1: (Active) - (Size=50 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=415.8 GB) - (Type=OF Extended) ==================== End Of Log ============================ |
20.09.2014, 08:41 | #4 | |
/// TB-Ausbilder | Trovi.com entfernen Zukünftig: Zitat:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind. Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen. Alle Tools bis zum Ende der Bereinigung auf dem Desktop lassen, evtl. benötigen wir manche öfter. Schritt 1 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte Malwarebytes Anti-Malware
Schritt 3 Bitte deaktiviere dein Anti-Viren-Programm, da es das Ergebnis beeinflussen oder ggf. die Bereinigung stören kann. Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/ und speichere die Datei auf deinem Desktop.
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
20.09.2014, 11:08 | #5 |
| Trovi.com entfernenCode:
ATTFilter # AdwCleaner v3.310 - Bericht erstellt am 20/09/2014 um 11:24:41 # Aktualisiert 12/09/2014 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits) # Benutzername : Kakki - KAKKI-PC # Gestartet von : C:\Users\Kakki\Desktop\AdwCleaner_3.310.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** ***** [ Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17280 -\\ Google Chrome v37.0.2062.120 [ Datei : C:\Users\Kakki\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [1457 octets] - [19/09/2014 15:37:38] AdwCleaner[R1].txt - [1517 octets] - [19/09/2014 15:56:32] AdwCleaner[R2].txt - [1009 octets] - [20/09/2014 11:21:20] AdwCleaner[R3].txt - [1069 octets] - [20/09/2014 11:23:09] AdwCleaner[S0].txt - [1578 octets] - [19/09/2014 16:01:03] AdwCleaner[S1].txt - [992 octets] - [20/09/2014 11:24:41] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1051 octets] ########## Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 20.09.2014 Suchlauf-Zeit: 11:33:28 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.09.20.01 Rootkit Datenbank: v2014.09.19.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: Kakki Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 306691 Verstrichene Zeit: 10 Min, 18 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter Zoek.exe v5.0.0.0 Updated 20-September-2014 Tool run by Kakki on 20.09.2014 at 11:50:09,13. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Kakki\Desktop\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 20.09.2014 11:52:21 Zoek.exe System Restore Point Created Succesfully. ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {637D6E3C-DF93-48A5-8362-159A8AC56B11} Google Url="hxxp://www.google.com/search?hl=en&q={searchTerms}&meta=" ==== C:\zoek_backup content ====================== C:\zoek_backup (files=0 folders=0 0 bytes) ==== EOF on 20.09.2014 at 11:52:51,31 ====================== Code:
ATTFilter Zoek.exe v5.0.0.0 Updated 20-September-2014 Tool run by Kakki on 20.09.2014 at 11:50:09,13. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Kakki\Desktop\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 20.09.2014 11:52:21 Zoek.exe System Restore Point Created Succesfully. ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {637D6E3C-DF93-48A5-8362-159A8AC56B11} Google Url="hxxp://www.google.com/search?hl=en&q={searchTerms}&meta=" ==== C:\zoek_backup content ====================== C:\zoek_backup (files=0 folders=0 0 bytes) ==== EOF on 20.09.2014 at 11:52:51,31 ====================== Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014 Ran by Kakki at 2014-09-20 11:56:26 Running from C:\Users\Kakki\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Reader XI (11.0.09) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software) Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.) Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries) Garmin WebUpdater (HKLM\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries) Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.) Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle) Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.6 - F.J. Wechselberger) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation) NVIDIA Grafiktreiber 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden OpenOffice 4.1.0 (HKLM\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation) Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.) VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin) WinRAR 5.10 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3947480951-616114426-3985711355-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Kakki\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3947480951-616114426-3985711355-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kakki\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3947480951-616114426-3985711355-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kakki\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3947480951-616114426-3985711355-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kakki\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3947480951-616114426-3985711355-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kakki\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3947480951-616114426-3985711355-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kakki\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3947480951-616114426-3985711355-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kakki\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3947480951-616114426-3985711355-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kakki\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3947480951-616114426-3985711355-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kakki\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 18-09-2014 21:13:35 Geplanter Prüfpunkt 19-09-2014 14:16:34 Windows Update 20-09-2014 09:51:55 zoek.exe restore point ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1829911D-743F-49CC-AB85-1BE4C166EFF6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-06-18] (Google Inc.) Task: {20BD669C-A6E6-47B0-9F66-9F03BFD621CA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-06-18] (Google Inc.) Task: {857AB1ED-2974-4288-A493-9D1D76ED8F98} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-19] (AVAST Software) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-07-19 15:11 - 2014-07-19 15:11 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll 2014-09-20 11:01 - 2014-09-20 11:01 - 02864640 _____ () C:\Program Files\AVAST Software\Avast\defs\14092000\algo.dll 2014-06-18 00:51 - 2013-01-31 11:00 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll 2014-07-19 15:11 - 2014-07-19 15:11 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= Name: Microsoft PS/2-Maus Description: Microsoft PS/2-Maus Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Standardtastatur (PS/2) Description: Standardtastatur (PS/2) Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (Standardtastaturen) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (09/20/2014 11:26:56 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/20/2014 11:01:39 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/20/2014 00:33:02 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: javaw.exe, Version: 7.0.670.1, Zeitstempel: 0x53d28730 Name des fehlerhaften Moduls: nvd3dum.dll, Version: 9.18.13.783, Zeitstempel: 0x510a1d8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x00533e18 ID des fehlerhaften Prozesses: 0xb64 Startzeit der fehlerhaften Anwendung: 0xjavaw.exe0 Pfad der fehlerhaften Anwendung: javaw.exe1 Pfad des fehlerhaften Moduls: javaw.exe2 Berichtskennung: javaw.exe3 Error: (09/19/2014 04:40:15 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/19/2014 04:05:13 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/19/2014 04:02:29 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/19/2014 03:18:45 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/19/2014 02:00:53 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/18/2014 10:37:32 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/18/2014 08:41:59 PM) (Source: MsiInstaller) (EventID: 1024) (User: Kakki-PC) Description: Produkt: Adobe Reader XI (11.0.08) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011009}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127 System errors: ============= Error: (09/20/2014 11:27:22 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: ) Description: WMPNetworkSvc0x80004005 Error: (09/20/2014 11:26:06 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT) Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten. Error: (09/20/2014 11:00:50 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT) Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten. Error: (09/20/2014 03:13:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (09/20/2014 03:13:42 AM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: Der Dienst "WinHttpAutoProxySvc" konnte sich nicht als "NT AUTHORITY\LocalService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1352 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (09/19/2014 04:38:42 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT) Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten. Error: (09/19/2014 04:04:37 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT) Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten. Error: (09/19/2014 04:01:51 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT) Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten. Error: (09/19/2014 03:18:06 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT) Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten. Error: (09/19/2014 02:00:25 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT) Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten. Microsoft Office Sessions: ========================= Error: (09/20/2014 11:26:56 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/20/2014 11:01:39 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/20/2014 00:33:02 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: javaw.exe7.0.670.153d28730nvd3dum.dll9.18.13.783510a1d8ec000000500533e18b6401cfd44b95797350C:\Program Files\Java\jre7\bin\javaw.exeC:\Windows\system32\nvd3dum.dllea3017b0-404c-11e4-ada8-00196696d3f7 Error: (09/19/2014 04:40:15 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/19/2014 04:05:13 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/19/2014 04:02:29 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/19/2014 03:18:45 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/19/2014 02:00:53 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/18/2014 10:37:32 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/18/2014 08:41:59 PM) (Source: MsiInstaller) (EventID: 1024) (User: Kakki-PC) Description: Adobe Reader XI (11.0.08) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL) ==================== Memory info =========================== Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 6000+ Percentage of memory in use: 30% Total physical RAM: 2815.3 MB Available physical RAM: 1958.41 MB Total Pagefile: 5628.9 MB Available Pagefile: 4613.28 MB Total Virtual: 2047.88 MB Available Virtual: 1920.46 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:50 GB) (Free:24.51 GB) NTFS Drive d: (Media) (Fixed) (Total:300 GB) (Free:44.7 GB) NTFS Drive e: (Daten) (Fixed) (Total:115.76 GB) (Free:75.86 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 152.7 GB) (Disk ID: 355FC509) Partition 1: (Not Active) - (Size=3 KB) - (Type=42) Partition 2: (Active) - (Size=152.7 GB) - (Type=42) Partition 3: (Not Active) - (Size=6 MB) - (Type=42) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 0FC00FBF) Partition 1: (Active) - (Size=50 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=415.8 GB) - (Type=OF Extended) ==================== End Of Log ============================ FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014 Ran by Kakki (administrator) on KAKKI-PC on 20-09-2014 11:55:05 Running from C:\Users\Kakki\Desktop Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-20] (AVAST Software) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: http=127.0.0.1:49647;https=127.0.0.1:49647 SearchScopes: HKCU - {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta= BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-18] Chrome: ======= CHR CustomProfile: C:\Users\Kakki\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Kakki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-18] CHR Extension: (Google Drive) - C:\Users\Kakki\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-18] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kakki\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-27] CHR Extension: (YouTube) - C:\Users\Kakki\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-18] CHR Extension: (Google Search) - C:\Users\Kakki\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-18] CHR Extension: (Full Screen Flash) - C:\Users\Kakki\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejijbmhbanhbllpkhfojmimfolkjgdl [2014-06-18] CHR Extension: (avast! Online Security) - C:\Users\Kakki\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-18] CHR Extension: (Google Wallet) - C:\Users\Kakki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-18] CHR Extension: (Gmail) - C:\Users\Kakki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-18] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-19] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-19] (AVAST Software) R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-19] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-19] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-07-19] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-19] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-19] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-19] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-07-19] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-19] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-20] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [15872 2013-02-12] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-20 11:55 - 2014-09-20 11:55 - 00008712 _____ () C:\Users\Kakki\Desktop\FRST.txt 2014-09-20 11:54 - 2014-09-20 11:54 - 00001431 _____ () C:\Users\Kakki\Desktop\zoek-results.txt 2014-09-20 11:51 - 2014-09-20 11:52 - 00001431 _____ () C:\zoek-results.log 2014-09-20 11:49 - 2014-09-20 11:49 - 00000000 ____D () C:\zoek_backup 2014-09-20 11:47 - 2014-09-20 11:47 - 00001157 _____ () C:\Users\Kakki\Desktop\mbam.txt 2014-09-20 11:32 - 2014-09-20 11:32 - 00001131 _____ () C:\Users\Kakki\Desktop\AdwCleaner[S1].txt 2014-09-20 11:22 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll 2014-09-20 11:17 - 2014-09-20 11:17 - 01290752 _____ () C:\Users\Kakki\Desktop\zoek.exe 2014-09-19 22:18 - 2014-09-20 11:55 - 00000000 ____D () C:\FRST 2014-09-19 22:17 - 2014-09-19 22:17 - 01097728 _____ (Farbar) C:\Users\Kakki\Desktop\FRST.exe 2014-09-19 16:30 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-19 16:30 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-19 16:30 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-19 16:30 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-19 16:30 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-19 16:30 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-19 16:30 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-19 16:30 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-19 16:30 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-19 16:30 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-19 16:30 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-19 16:30 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-19 16:30 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-19 16:30 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-19 16:30 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-19 16:30 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-19 16:30 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-19 16:30 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-19 16:30 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-19 16:30 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-19 16:30 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-19 16:30 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-19 16:30 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-19 16:30 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-19 16:30 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-19 16:30 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-19 16:30 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-19 16:30 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-19 16:30 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-19 16:30 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-19 16:29 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-19 16:16 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-19 16:16 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-19 16:15 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL 2014-09-19 16:15 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL 2014-09-19 16:15 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL 2014-09-19 16:15 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL 2014-09-19 16:15 - 2014-07-09 03:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL 2014-09-19 16:15 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\system32\locale.nls 2014-09-19 16:15 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-19 16:14 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-19 15:37 - 2014-09-20 11:24 - 00000000 ____D () C:\AdwCleaner 2014-09-19 14:58 - 2014-09-20 11:27 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-19 14:58 - 2014-09-19 14:58 - 00001020 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-19 14:58 - 2014-09-19 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-19 14:57 - 2014-09-19 14:58 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-09-19 14:57 - 2014-09-19 14:57 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-19 14:57 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-09-19 14:57 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-09-19 14:57 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-09-19 14:55 - 2014-09-19 14:56 - 01373475 _____ () C:\Users\Kakki\Desktop\AdwCleaner_3.310.exe 2014-09-19 14:51 - 2014-09-19 14:51 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Kakki\Desktop\mbam-setup-2.0.2.1012.exe 2014-09-19 14:37 - 2014-09-19 14:37 - 00000000 ____D () C:\Users\Kakki\.android 2014-09-19 14:33 - 2014-09-19 14:33 - 00001975 _____ () C:\Users\Public\Desktop\MyPhoneExplorer.lnk 2014-09-19 14:33 - 2014-09-19 14:33 - 00000000 ____D () C:\Users\Kakki\AppData\Roaming\MyPhoneExplorer 2014-09-19 14:33 - 2014-09-19 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer 2014-09-19 14:33 - 2014-09-19 14:33 - 00000000 ____D () C:\Program Files\MyPhoneExplorer 2014-09-19 14:32 - 2014-09-19 14:32 - 00000000 ____D () C:\Program Files\Search Extensions 2014-09-19 14:20 - 2014-09-19 14:21 - 07319280 _____ () C:\Users\Kakki\Downloads\MyPhoneExplorer_Setup_1.8.6.exe 2014-09-18 22:36 - 2014-09-18 22:36 - 210619231 _____ () C:\Windows\MEMORY.DMP 2014-09-18 22:36 - 2014-09-18 22:36 - 00152128 _____ () C:\Windows\Minidump\091814-25334-01.dmp 2014-09-01 23:35 - 2014-09-01 23:35 - 00159432 _____ () C:\Windows\Minidump\090114-27081-01.dmp 2014-09-01 21:42 - 2014-09-01 21:42 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-09-01 21:42 - 2014-09-01 21:42 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-09-01 21:42 - 2014-09-01 21:42 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-09-01 21:42 - 2014-09-01 21:42 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-09-01 21:42 - 2014-09-01 21:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-09-01 21:42 - 2014-09-01 21:42 - 00000000 ____D () C:\Program Files\Java 2014-09-01 21:42 - 2014-09-01 21:42 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-08-31 23:38 - 2014-08-31 23:38 - 00159448 _____ () C:\Windows\Minidump\083114-21777-01.dmp 2014-08-29 22:48 - 2014-08-29 22:48 - 04800466 _____ () C:\Users\Kakki\Desktop\Statement.mp4 2014-08-29 16:44 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-29 16:44 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-27 13:21 - 2014-08-27 23:43 - 00000000 ____D () C:\Users\Kakki\AppData\Roaming\Skype 2014-08-27 13:21 - 2014-08-27 13:21 - 00000000 ____D () C:\Users\Kakki\AppData\Local\Skype 2014-08-27 13:20 - 2014-08-27 13:21 - 00000000 ___RD () C:\Program Files\Skype 2014-08-27 13:20 - 2014-08-27 13:21 - 00000000 ____D () C:\ProgramData\Skype 2014-08-27 13:20 - 2014-08-27 13:20 - 00002505 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-08-27 13:20 - 2014-08-27 13:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-08-27 13:20 - 2014-08-27 13:20 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-08-26 19:34 - 2014-08-26 19:34 - 35596384 _____ (Skype Technologies S.A.) C:\Users\Kakki\Downloads\SkypeSetupFull.exe 2014-08-24 18:23 - 2014-08-24 18:23 - 00159392 _____ () C:\Windows\Minidump\082414-24304-01.dmp 2014-08-22 19:14 - 2014-08-22 19:14 - 00135216 _____ () C:\Windows\Minidump\082214-24382-01.dmp 2014-08-22 17:48 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-08-22 17:48 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-08-22 17:48 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-08-22 17:48 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-08-22 17:48 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-08-22 17:48 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-08-22 17:48 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-08-22 17:22 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-08-22 17:22 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-08-22 17:21 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-08-22 17:21 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-08-22 17:15 - 2014-08-22 17:15 - 00000631 _____ () C:\Users\Kakki\Desktop\Mukke - Verknüpfung.lnk 2014-08-22 17:15 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-08-22 17:15 - 2014-07-14 03:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-08-22 17:15 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-08-22 17:15 - 2014-06-16 03:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-08-22 17:15 - 2014-06-16 03:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2014-08-22 17:15 - 2014-06-16 03:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2014-08-22 17:15 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-08-22 17:15 - 2014-06-03 11:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-08-22 17:15 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-08-22 17:15 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-08-22 17:15 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-08-22 17:15 - 2014-05-30 08:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-08-22 17:10 - 2014-08-22 17:10 - 00000000 ____D () C:\Users\Kakki\Desktop\GEZ 2014-08-22 17:05 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-08-22 17:05 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-08-22 17:05 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-08-22 17:05 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-08-22 17:05 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-08-22 17:05 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-08-22 17:05 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-08-22 17:04 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-08-22 17:04 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-20 11:56 - 2014-06-18 00:45 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-20 11:55 - 2014-09-20 11:55 - 00008712 _____ () C:\Users\Kakki\Desktop\FRST.txt 2014-09-20 11:55 - 2014-09-19 22:18 - 00000000 ____D () C:\FRST 2014-09-20 11:54 - 2014-09-20 11:54 - 00001431 _____ () C:\Users\Kakki\Desktop\zoek-results.txt 2014-09-20 11:52 - 2014-09-20 11:51 - 00001431 _____ () C:\zoek-results.log 2014-09-20 11:49 - 2014-09-20 11:49 - 00000000 ____D () C:\zoek_backup 2014-09-20 11:47 - 2014-09-20 11:47 - 00001157 _____ () C:\Users\Kakki\Desktop\mbam.txt 2014-09-20 11:33 - 2009-07-14 06:34 - 00033712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-20 11:33 - 2009-07-14 06:34 - 00033712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-20 11:32 - 2014-09-20 11:32 - 00001131 _____ () C:\Users\Kakki\Desktop\AdwCleaner[S1].txt 2014-09-20 11:29 - 2014-06-18 00:24 - 01054999 _____ () C:\Windows\WindowsUpdate.log 2014-09-20 11:27 - 2014-09-19 14:58 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-20 11:26 - 2014-06-18 00:45 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-20 11:26 - 2010-11-20 23:48 - 00082228 _____ () C:\Windows\PFRO.log 2014-09-20 11:26 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-20 11:26 - 2009-07-14 06:39 - 00036828 _____ () C:\Windows\setupact.log 2014-09-20 11:24 - 2014-09-19 15:37 - 00000000 ____D () C:\AdwCleaner 2014-09-20 11:17 - 2014-09-20 11:17 - 01290752 _____ () C:\Users\Kakki\Desktop\zoek.exe 2014-09-20 11:01 - 2009-07-14 06:33 - 00286616 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-09-19 22:34 - 2010-11-20 23:01 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-19 22:17 - 2014-09-19 22:17 - 01097728 _____ (Farbar) C:\Users\Kakki\Desktop\FRST.exe 2014-09-19 22:11 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache 2014-09-19 17:16 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-09-19 16:29 - 2014-06-19 17:59 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-19 16:24 - 2014-06-19 17:59 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-19 15:18 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\tracing 2014-09-19 14:58 - 2014-09-19 14:58 - 00001020 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-19 14:58 - 2014-09-19 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-19 14:58 - 2014-09-19 14:57 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-09-19 14:57 - 2014-09-19 14:57 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-19 14:56 - 2014-09-19 14:55 - 01373475 _____ () C:\Users\Kakki\Desktop\AdwCleaner_3.310.exe 2014-09-19 14:51 - 2014-09-19 14:51 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Kakki\Desktop\mbam-setup-2.0.2.1012.exe 2014-09-19 14:37 - 2014-09-19 14:37 - 00000000 ____D () C:\Users\Kakki\.android 2014-09-19 14:37 - 2014-06-18 00:38 - 00000000 ____D () C:\Users\Kakki 2014-09-19 14:33 - 2014-09-19 14:33 - 00001975 _____ () C:\Users\Public\Desktop\MyPhoneExplorer.lnk 2014-09-19 14:33 - 2014-09-19 14:33 - 00000000 ____D () C:\Users\Kakki\AppData\Roaming\MyPhoneExplorer 2014-09-19 14:33 - 2014-09-19 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer 2014-09-19 14:33 - 2014-09-19 14:33 - 00000000 ____D () C:\Program Files\MyPhoneExplorer 2014-09-19 14:32 - 2014-09-19 14:32 - 00000000 ____D () C:\Program Files\Search Extensions 2014-09-19 14:21 - 2014-09-19 14:20 - 07319280 _____ () C:\Users\Kakki\Downloads\MyPhoneExplorer_Setup_1.8.6.exe 2014-09-18 22:36 - 2014-09-18 22:36 - 210619231 _____ () C:\Windows\MEMORY.DMP 2014-09-18 22:36 - 2014-09-18 22:36 - 00152128 _____ () C:\Windows\Minidump\091814-25334-01.dmp 2014-09-18 22:36 - 2014-06-18 01:20 - 00000000 ____D () C:\Windows\Minidump 2014-09-18 21:18 - 2014-06-18 02:34 - 00000000 ____D () C:\Users\Kakki\AppData\Roaming\vlc 2014-09-18 20:42 - 2014-06-29 17:00 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-09-04 14:48 - 2014-08-20 21:57 - 00000000 ___RD () C:\Users\Kakki\Dropbox 2014-09-04 14:46 - 2014-08-20 21:54 - 00000000 ____D () C:\Users\Kakki\AppData\Roaming\Dropbox 2014-09-01 23:35 - 2014-09-01 23:35 - 00159432 _____ () C:\Windows\Minidump\090114-27081-01.dmp 2014-09-01 21:42 - 2014-09-01 21:42 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-09-01 21:42 - 2014-09-01 21:42 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-09-01 21:42 - 2014-09-01 21:42 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-09-01 21:42 - 2014-09-01 21:42 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-09-01 21:42 - 2014-09-01 21:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-09-01 21:42 - 2014-09-01 21:42 - 00000000 ____D () C:\Program Files\Java 2014-09-01 21:42 - 2014-09-01 21:42 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-08-31 23:38 - 2014-08-31 23:38 - 00159448 _____ () C:\Windows\Minidump\083114-21777-01.dmp 2014-08-29 22:48 - 2014-08-29 22:48 - 04800466 _____ () C:\Users\Kakki\Desktop\Statement.mp4 2014-08-27 23:43 - 2014-08-27 13:21 - 00000000 ____D () C:\Users\Kakki\AppData\Roaming\Skype 2014-08-27 13:21 - 2014-08-27 13:21 - 00000000 ____D () C:\Users\Kakki\AppData\Local\Skype 2014-08-27 13:21 - 2014-08-27 13:20 - 00000000 ___RD () C:\Program Files\Skype 2014-08-27 13:21 - 2014-08-27 13:20 - 00000000 ____D () C:\ProgramData\Skype 2014-08-27 13:20 - 2014-08-27 13:20 - 00002505 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-08-27 13:20 - 2014-08-27 13:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-08-27 13:20 - 2014-08-27 13:20 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-08-26 19:34 - 2014-08-26 19:34 - 35596384 _____ (Skype Technologies S.A.) C:\Users\Kakki\Downloads\SkypeSetupFull.exe 2014-08-25 06:53 - 2014-06-18 00:47 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-08-24 18:23 - 2014-08-24 18:23 - 00159392 _____ () C:\Windows\Minidump\082414-24304-01.dmp 2014-08-23 03:46 - 2014-08-29 16:44 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-23 02:42 - 2014-08-29 16:44 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-23 02:37 - 2014-08-20 21:29 - 00000000 ____D () C:\Users\Kakki\Desktop\Witwenmacher 2014-08-23 02:19 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Public\Libraries 2014-08-22 19:14 - 2014-08-22 19:14 - 00135216 _____ () C:\Windows\Minidump\082214-24382-01.dmp 2014-08-22 17:50 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE 2014-08-22 17:39 - 2010-11-21 02:47 - 00000000 ____D () C:\Program Files\Windows Journal 2014-08-22 17:15 - 2014-08-22 17:15 - 00000631 _____ () C:\Users\Kakki\Desktop\Mukke - Verknüpfung.lnk 2014-08-22 17:10 - 2014-08-22 17:10 - 00000000 ____D () C:\Users\Kakki\Desktop\GEZ Some content of TEMP: ==================== C:\Users\Kakki\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4hgmdc.dll C:\Users\Kakki\AppData\Local\Temp\Quarantine.exe C:\Users\Kakki\AppData\Local\Temp\System.Data.SQLite.dll C:\Users\Kakki\AppData\Local\Temp\System.Data.SQLite49541.dll C:\Users\Kakki\AppData\Local\Temp\vlc-2.1.5-win32.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-18 23:06 ==================== End Of Log ============================ --- --- --- |
20.09.2014, 12:33 | #6 |
/// TB-Ausbilder | Trovi.com entfernen Servus, gibt es noch Probleme mit Trovi? Wenn ja, in welchem Browser? Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern. Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start CloseProcesses: ProxyServer: http=127.0.0.1:49647;https=127.0.0.1:49647 SearchScopes: HKCU - {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta= EmptyTemp: end Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 ESET Online Scanner
Schritt 3 Downloade Dir bitte SecurityCheck und:
Bitte poste mit deiner nächsten Antwort
|
20.09.2014, 15:04 | #7 |
| Trovi.com entfernen Hallo, Trovi ist leider immer noch da. Benutze Chrome. Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-09-2014 Ran by Kakki at 2014-09-20 13:42:07 Run:1 Running from C:\Users\Kakki\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** start CloseProcesses: ProxyServer: http=127.0.0.1:49647;https=127.0.0.1:49647 SearchScopes: HKCU - {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta= EmptyTemp: end ***************** Processes closed successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{637D6E3C-DF93-48A5-8362-159A8AC56B11}" => Key deleted successfully. "HKCR\CLSID\{637D6E3C-DF93-48A5-8362-159A8AC56B11}" => Key not found. EmptyTemp: => Removed 999.7 MB temporary data. The system needed a reboot. ==== End of Fixlog ==== Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=a11d9ae2566bcd478fb211babc230251 # engine=20235 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2014-09-20 01:34:14 # local_time=2014-09-20 03:34:14 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='avast! Antivirus' # compatibility_mode=783 16777213 100 95 147457 8173841 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 83435 162851245 0 0 # scanned=186653 # found=9 # cleaned=0 # scan_time=5553 sh=935A4540E4B9358A9B2B781C5365453A459554EA ft=1 fh=fd8f0399f21be0d9 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kakki\AppData\Local\Temp\OCS\ocs_v71b.exe.vir" sh=6B75D6A615B532E67C2E62CCFF0443455A6D7C40 ft=1 fh=3e50957fe844d443 vn="Variante von MSIL/Adware.iBryte.F Anwendung" ac=I fn="C:\Program Files\Search Extensions\Client.exe" sh=06A3A61E33E6FC71DD3605857BD5F026875E1024 ft=1 fh=c541a08959be449f vn="Variante von MSIL/Adware.iBryte.G Anwendung" ac=I fn="C:\Program Files\Search Extensions\uninstall.exe" sh=AD7729F2EB8D970B16403F65B78285636C3EA409 ft=1 fh=7d225fa6bc01e97e vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kakki\Downloads\VLC media player 32 Bit - CHIP-Installer.exe" sh=3B6BDCA414A53DF7C8C5096B953C4DF87A1091C7 ft=1 fh=55ca6504931631dc vn="Win32/HackTool.WinActivator.I potenziell unsichere Anwendung" ac=I fn="C:\Windows\Setup\Scripts\Windows Loader.exe" sh=7EF23F2507A448A98C2088AE97192C5E0DD6A1E0 ft=0 fh=0000000000000000 vn="Win32/HackTool.WinActivator.I potenziell unsichere Anwendung" ac=I fn="E:\JDownloader\downloads\Microsoft.Windows.7.x86.5-in-1.Pre-Activated.May.2013.Multi2-MCU\Microsoft.Windows.7.x86.5-in-1.Pre-Activated.May.2013.Multi2-MCU.iso" sh=F1FBFC13A5179F62D0915B92B9F9ACA04F1C1070 ft=1 fh=c701e67311a88e77 vn="Variante von MSIL/HackKMS.C potenziell unsichere Anwendung" ac=I fn="E:\JDownloader\downloads\Win 7 Activator-Sammlung 25\ODIN v.1.2.3\odin.exe" sh=26F035E72F73D020B14466A00342B990EAEC98BF ft=1 fh=e20b7c837cb44342 vn="Variante von Win32/HackKMS.M potenziell unsichere Anwendung" ac=I fn="E:\JDownloader\downloads\Win 7 Activator-Sammlung 25\ODIN v.1.2.3\drivers\oem-drv86.sys" sh=63A504B007B39F120A3561E19F265ACC38FA27DF ft=1 fh=34cf8d34136e04cf vn="Win32/Keygen.II potenziell unsichere Anwendung" ac=I fn="G:\Eigene Dateien\Schule\Fächer\Projektarbeit\C++\Borland C++ 6.0 ENTERPRISE german deutsch (NEU 09.07.02) sha\Borland C++ 6.0 Keygen shared by Atzmo.EXE" Code:
ATTFilter Results of screen317's Security Check version 0.99.87 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 67 Adobe Reader XI Google Chrome 37.0.2062.103 Google Chrome 37.0.2062.120 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast avastui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
20.09.2014, 15:51 | #8 | |
/// TB-Ausbilder | Trovi.com entfernen Servus, Zitat:
Supportunterbrechung Lesestoff: Cracks und Keygens Den Kopierschutz von Software zu umgehen ist nach geltendem Recht illegal. Die Logfiles deuten stark darauf hin, dass du nicht legal erworbene Software einsetzt. Zudem sind Cracks und Patches aus dubioser Quelle sehr oft mit Schädlingen versehen, womit man sich also fast vorsätzlich infiziert. Wir haben uns hier auf dem Board darauf geeinigt, dass wir an dieser Stelle nicht weiter bereinigen, da wir ein solches Vorgehen nicht unterstützen. Hinzu kommt, dass wir dich in unserer Anleitung und auch in diesem Wichtig-Thema unmissverständlich darauf hingewiesen haben, wie wir damit umgehen werden. Saubere, gute Software hat seinen Preis und die Softwarefirmen leben von diesen Einnahmen. Unsere Hilfe beschränkt sich daher nur auf das Neuaufsetzen und Absichern deines Systems. Fragen dazu beantworten wir dir aber weiterhin gerne und zwar in unserem Forum. Erst wenn du deine illegale Software vom Rechner entfernt hast, können wir mit der Bereinigung fortfahren. |
20.09.2014, 23:02 | #9 |
| Trovi.com entfernen Okay.... Ich kenn mich nicht so gut aus und nutze den Rechner nicht allein. Werde mir mal die Zeit nehmen und das Ding formatieren. Vielen Dank für die Hilfe |
21.09.2014, 11:15 | #10 |
/// TB-Ausbilder | Trovi.com entfernen Ich bin froh, dass wir helfen konnten In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest: Lob, Kritik und Wünsche Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |