Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Internetbrowser sehr langsam, Downloads noch schlimmer, Windows öffnet selbst Fenster

Internetbrowser sehr langsam, Downloads noch schlimmer, Windows öffnet selbst Fenster


Plagegeister aller Art und deren Bekämpfung: Internetbrowser sehr langsam, Downloads noch schlimmer, Windows öffnet selbst Fenster

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 24.09.2014, 18:50   #1
phoenixaz
 
Internetbrowser sehr langsam, Downloads noch schlimmer, Windows öffnet selbst Fenster - Standard

Internetbrowser sehr langsam, Downloads noch schlimmer, Windows öffnet selbst Fenster


Guten Abend ihr Retter,

ich habe das Laptop einer Bekannten erhalten mit der Bitte um Hilfe. Sie denkt, sie hat sich einen Schädling eingefangen. Es ist ein Intel I-5 2430M 2.4 Ghz, 4 GB RAM, 64 bit Windows 7 home.

Internetseiten öffnen sich langsam, Downloads sind eine Katastrophe. Angeblich gehen plötzlich Fenster mit kryptischen Zeichen auf und der PC braucht für alles eine Ewigkeit - die "Sanduhr" treibt meine Bekannte in den Wahn.

Es wurden schon Scans mit Malwarebytes, ESET und Stinger etc. durchgeführt, das Gefundene wurde bereinigt. Ich verfüge über einige Logs, die gespeichert wurden. Leider nicht von Malwarebytes. Da habe ich nur eine .dat Datei.

Könntet ihr mir bitte helfen, das System zu prüfen und evtl. zu bereinigen?

Ich habe den CCleaner benutzt, aber NICHT für die Registry (allerdings ein Held vor mir schon). Browser (sie hat IE und Firefox) manuell bereinigt und alles zurückgesetzt. Hat schon etwas geholfen; zumindest Seitenaufbau deutlich schneller.

Ach ja: Es waren mehrere Windows-Updates nicht installiert. Das habe ich geändert. Ich habe nach Updates gesucht - mehrfach. Jetzt ist alles up to date.

Hier die Logs. Erst Stinger:

Code:
ATTFilter
McAfee Stinger Scan Resultsfile:///C:/Users/Lena/AppData/Local/Temp/Stinger_23092014_194924...

AV Engine version v5700.7147 for Windows. Virus data file v1000.0 created on Sep 19, 2014 Ready to scan for 6364 viruses, trojans and variants.
Rootkit scan result : Clean.
Summary Report on C: File(s) TotalFiles:............965650
Trojan Remover:

Code:
ATTFilter
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.9.1.2931. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 13:06:46 24 Sep 2014
Using Database v8496
Operating System:  Windows 7 x64 Home Premium (SP1) [Build: 6.1.7601]
File System:       NTFS
UAC is ENABLED [default level]
UserData directory: C:\Users\Lena\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory:  C:\Users\Lena\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory:  C:\Program Files (x86)\Trojan Remover\
Running with Administrator privileges

************************************************************
13:06:51: ----- Checking Default File Associations -----
No modified default file associations detected

************************************************************
13:06:51: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
13:06:52: Scanning ----- Windows Registry -----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [explorer.exe]
File: C:\Windows\Explorer.exe
C:\Windows\Explorer.exe
2871808 bytes
Created:  31.10.2011 21:06
Modified: 25.02.2011 08:19
Company:  Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\Windows\system32\userinit.exe,]
File: C:\Windows\system32\userinit.exe
C:\Windows\System32\userinit.exe
30720 bytes
Created:  02.11.2011 20:41
Modified: 20.11.2010 15:25
Company:  Microsoft Corporation
----------
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: [ATKOSD2]
Value Data: [C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe]
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
5732992 bytes
Created:  17.08.2010 15:55
Modified: 17.08.2010 15:55
Company:  ASUS
--------------------
Value Name: [ATKMEDIA]
Value Data: [C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe]
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
170624 bytes
Created:  07.10.2010 15:05
Modified: 07.10.2010 15:05
Company:  ASUS
--------------------
Value Name: [HControlUser]
Value Data: [C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe]
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
105016 bytes
Created:  19.06.2009 11:29
Modified: 19.06.2009 11:29
Company:  ASUS
--------------------
Value Name: [Avira Systray]
Value Data: [C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe]
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
164656 bytes
Created:  17.09.2014 13:31
Modified: 17.09.2014 13:31
Company:  Avira Operations GmbH & Co. KG
--------------------
Value Name: [avgnt]
Value Data: ["C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min]
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
751184 bytes
Created:  23.09.2014 23:33
Modified: 15.08.2014 10:30
Company:  Avira Operations GmbH & Co. KG
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: [EPLTarget\P0000000000000000]
Value Data: [C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus Office BX535WD" /EF "HKCU"]
C:\Windows\SysWoW64\spool\DRIVERS\x64\3\E_YATIHTU.EXE
239488 bytes
Created:  17.03.2012 16:14
Modified: 24.04.2011 23:01
Company:  SEIKO EPSON CORPORATION
--------------------
Value Name: [EPLTarget\P0000000000000001]
Value Data: [C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE /EPT "EPLTarget\P0000000000000001" /M "Epson Stylus Office BX535WD" /EF "HKCU"]
C:\Windows\SysWoW64\spool\DRIVERS\x64\3\E_YATIHTU.EXE
239488 bytes
Created:  17.03.2012 16:14
Modified: 24.04.2011 23:01
Company:  SEIKO EPSON CORPORATION
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty

************************************************************
13:06:58: Scanning ----- Windows 64-Bit Registry -----
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: [AmIcoSinglun64]
Value Data: [C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe]
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
324096 bytes
Created:  11.08.2010 15:21
Modified: 11.08.2010 15:21
Company:  Alcor Micro Corp.
--------------------
Value Name: [ETDCtrl]
Value Data: [%ProgramFiles%\Elantech\ETDCtrl.exe]
C:\Program Files\Elantech\ETDCtrl.exe
2587944 bytes
Created:  13.12.2010 22:12
Modified: 13.12.2010 22:12
Company:  ELAN Microelectronics Corp.
--------------------
Value Name: [IgfxTray]
Value Data: ["C:\Windows\system32\igfxtray.exe"]
C:\Windows\System32\igfxtray.exe
171992 bytes
Created:  29.01.2014 23:02
Modified: 29.01.2014 23:02
Company:  Intel Corporation
--------------------
Value Name: [HotKeysCmds]
Value Data: ["C:\Windows\system32\hkcmd.exe"]
C:\Windows\System32\hkcmd.exe
399832 bytes
Created:  29.01.2014 23:02
Modified: 29.01.2014 23:02
Company:  Intel Corporation
--------------------
Value Name: [Persistence]
Value Data: ["C:\Windows\system32\igfxpers.exe"]
C:\Windows\System32\igfxpers.exe
442328 bytes
Created:  29.01.2014 23:02
Modified: 29.01.2014 23:02
Company:  Intel Corporation
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty

************************************************************
13:07:01: Scanning -----SHELLEXECUTEHOOKS-----
ShellExecuteHooks key is empty

************************************************************
13:07:01: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
13:07:01: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
13:07:01: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key:  {2D46B6DC-2207-486B-B523-A557E6D54B47}
Path: C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
C:\Windows\SysWoW64\ie4uinit.exe - [file not found to scan]
----------

************************************************************
13:07:02: Scanning ----- SERVICEDLL REGISTRY KEYS -----

************************************************************
13:07:14: Scanning ----- SERVICES REGISTRY KEYS -----
Key:       03e661da
ImagePath: "C:\Windows\system32\rundll32.exe" "c:\progra~3\winfil~1\WinFilterSvc.dll",service
c:\progra~3\winfil~1\WinFilterSvc.dll - [file not found to scan]
----------

************************************************************
13:07:41: Scanning -----VXD ENTRIES-----

************************************************************
13:07:41: Scanning ----- ContextMenuHandlers -----

************************************************************
13:07:41: Scanning ----- Folder\ColumnHandlers -----

************************************************************
13:07:41: Scanning ----- 64-Bit ContextMenuHandlers -----
Key:   Shell Extension for Malware scanning
CLSID: {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
Path:  C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll
C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll
2591824 bytes
Created:  23.09.2014 23:33
Modified: 15.08.2014 10:30
Company:  Avira Operations GmbH & Co. KG
----------

************************************************************
13:07:42: Scanning ----- 64-Bit Folder\ColumnHandlers -----

************************************************************
13:07:42: Scanning ----- Browser Helper Objects -----
Key: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01}
BHO: C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
96128 bytes
Created:  09.04.2014 15:12
Modified: 09.04.2014 15:12
Company:  McAfee, Inc.
----------
Key: {B4F3A835-0E21-4959-BA22-42B3008E02FF}
BHO: C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
562904 bytes
Created:  06.03.2013 08:37
Modified: 06.03.2013 08:37
Company:  Microsoft Corporation
----------

************************************************************
13:07:43: Scanning ----- 64-Bit Browser Helper Objects -----
Key: {B4F3A835-0E21-4959-BA22-42B3008E02FF}
BHO: C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
690392 bytes
Created:  06.03.2013 08:39
Modified: 06.03.2013 08:39
Company:  Microsoft Corporation
----------

************************************************************
13:07:43: Scanning ----- ShellServiceObjectDelayLoad Entries -----

************************************************************
13:07:43: Scanning ----- 64-Bit ShellServiceObjectDelayLoad Entries -----

************************************************************
13:07:43: Scanning ----- ShellServiceObjects -----

************************************************************
13:07:55: Scanning ----- 64-Bit ShellServiceObjects -----

************************************************************
13:08:05: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
No SharedTaskScheduler entries found to scan

************************************************************
13:08:05: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
13:08:05: Scanning ----- APPINIT_DLLS -----
AppInitDLLs entry = [c:\windows\syswow64\nvinit.dll,C:\Windows\SysWOW64\nvinit.dll]
File: c:\windows\syswow64\nvinit.dll
c:\windows\syswow64\nvinit.dll
201576 bytes
Created:  31.10.2011 20:47
Modified: 08.04.2013 13:32
Company:  NVIDIA Corporation
----------
File: C:\Windows\SysWOW64\nvinit.dll
C:\Windows\SysWOW64\nvinit.dll
201576 bytes
Created:  31.10.2011 20:47
Modified: 08.04.2013 13:32
Company:  NVIDIA Corporation
----------

************************************************************
13:08:06: Scanning ----- 64-Bit APPINIT_DLLS -----
AppInitDLLs entry = [C:\Windows\system32\nvinitx.dll]
File: C:\Windows\system32\nvinitx.dll
C:\Windows\System32\nvinitx.dll
245872 bytes
Created:  31.10.2011 20:47
Modified: 08.04.2013 13:32
Company:  NVIDIA Corporation
----------

************************************************************
13:08:06: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
13:08:06: Scanning ----- CREDENTIAL PROVIDERS -----

************************************************************
13:08:08: Scanning ------ COMMON STARTUP GROUP ------
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created:  14.07.2009 06:54
Modified: 14.07.2009 06:54
Company:  [no info]
--------------------
McAfee Security Scan Plus.lnk - links to C:\PROGRA~1\MCAFEE~1\385C9A~1.150\SSSCHE~1.EXE
C:\PROGRA~1\MCAFEE~1\385C9A~1.150\SSSCHE~1.EXE
332016 bytes
Created:  09.04.2014 15:14
Modified: 09.04.2014 15:14
Company:  McAfee, Inc.
--------------------

************************************************************
13:08:08: Scanning ----- USER STARTUP GROUPS -----
Checking Startup Group for: Lena
[C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created:  31.10.2011 20:00
Modified: 25.08.2014 20:08
Company:  [no info]
----------
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - links to C:\PROGRA~2\MICROS~2\Office14\ONENOTEM.EXE
C:\PROGRA~2\MICROS~2\Office14\ONENOTEM.EXE
228552 bytes
Created:  25.06.2013 21:48
Modified: 25.06.2013 21:48
Company:  Microsoft Corporation
----------
--------------------

************************************************************
13:08:08: Scanning ----- SCHEDULED TASKS -----
Taskname:      Adobe Flash Player Updater
File:          C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
267440 bytes
Created:  03.10.2012 10:37
Modified: 21.09.2014 14:40
Company:  Adobe Systems Incorporated
Schedule:      At 01:43:00 every day
Next Run Time: 24.09.2014 13:43:00
Status:        Ready
Creator:       Adobe Systems Incorporated
Comments:      Mit diesem Task ist Ihre Flash Player-Installation immer aktuell und verwendet die neuesten Verbesserungen und Sicherheits-Fixes. Wenn dieser Task deaktiviert oder entfernt wird, kann Adobe Flash Player Ihren Computer nicht automatisch mit den neuesten Sicherheits-Fixes sichern.
----------
Taskname:      ATKOSD2
File:          C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
5732992 bytes
Created:  17.08.2010 15:55
Modified: 17.08.2010 15:55
Company:  ASUS
Schedule:      At logon
Next Run Time: 
Status:        Running
Creator:       SSD, ASUSTek
Comments:      
----------

************************************************************
13:08:09: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
13:08:09: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: msacm.l3acm
File:  C:\Windows\SysWOW64\l3codeca.acm
C:\Windows\SysWOW64\l3codeca.acm
64000 bytes
Created:  14.07.2009 02:07
Modified: 14.07.2009 03:14
Company:  Fraunhofer Institut Integrierte Schaltungen IIS
----------

************************************************************
13:08:10: ----- ADDITIONAL CHECKS -----
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
642987 bytes
Created:  31.10.2011 20:00
Modified: 31.10.2011 20:00
Company:  [no info]
----------
Web Desktop Wallpaper entry is blank
----------
Checks for rogue DNS NameServers completed
----------
Checks for Backdoor.ZeroAccess completed
----------
Safe Mode checks completed
----------
Additional checks completed

************************************************************
13:08:11: Scanning ----- RUNNING PROCESSES -----

C:\Windows\System32\smss.exe
112640 bytes
Created:  15.09.2013 19:14
Modified: 02.08.2013 02:59
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\csrss.exe
7680 bytes
Created:  14.07.2009 01:19
Modified: 14.07.2009 03:39
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\wininit.exe
129024 bytes
Created:  14.07.2009 01:52
Modified: 14.07.2009 03:39
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\services.exe
328704 bytes
Created:  14.07.2009 01:19
Modified: 14.07.2009 03:39
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\winlogon.exe
455168 bytes
Created:  23.05.2014 21:50
Modified: 04.03.2014 11:43
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\lsass.exe
31232 bytes
Created:  23.05.2014 21:50
Modified: 12.04.2014 04:19
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\lsm.exe
343040 bytes
Created:  02.11.2011 20:41
Modified: 20.11.2010 15:24
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\svchost.exe
27136 bytes
Created:  14.07.2009 01:31
Modified: 14.07.2009 03:39
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\nvvsvc.exe
884512 bytes
Created:  28.01.2011 18:34
Modified: 14.03.2013 08:28
Company:  NVIDIA Corporation
--------------------
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
1134880 bytes
Created:  28.01.2011 18:33
Modified: 14.03.2013 08:29
Company:  NVIDIA Corporation
--------------------
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
84536 bytes
Created:  15.06.2009 18:30
Modified: 15.06.2009 18:30
Company:  ASUS
--------------------
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
96896 bytes
Created:  15.12.2009 11:39
Modified: 15.12.2009 11:39
Company:  ASUS
--------------------
C:\Windows\System32\spoolsv.exe
559104 bytes
Created:  15.08.2012 11:53
Modified: 11.02.2012 08:36
Company:  Microsoft Corporation
--------------------
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
430160 bytes
Created:  23.09.2014 23:33
Modified: 15.08.2014 10:30
Company:  Avira Operations GmbH & Co. KG
--------------------
C:\Windows\System32\taskhost.exe
68608 bytes
Created:  13.01.2013 12:25
Modified: 23.11.2012 05:13
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\dwm.exe
120320 bytes
Created:  14.07.2009 01:37
Modified: 14.07.2009 03:39
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE
239488 bytes
Created:  17.03.2012 16:14
Modified: 24.04.2011 23:01
Company:  SEIKO EPSON CORPORATION
--------------------
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
332016 bytes
Created:  09.04.2014 15:14
Modified: 09.04.2014 15:14
Company:  McAfee, Inc.
--------------------
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
228552 bytes
Created:  25.06.2013 21:48
Modified: 25.06.2013 21:48
Company:  Microsoft Corporation
--------------------
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
2450208 bytes
Created:  28.01.2011 18:34
Modified: 14.03.2013 08:29
Company:  NVIDIA Corporation
--------------------
C:\Windows\System32\taskeng.exe
464384 bytes
Created:  02.11.2011 20:42
Modified: 20.11.2010 15:25
Company:  Microsoft Corporation
--------------------
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
166528 bytes
Created:  25.01.2011 12:32
Modified: 25.01.2011 12:32
Company:  ASUS
--------------------
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
430160 bytes
Created:  23.09.2014 23:33
Modified: 15.08.2014 10:30
Company:  Avira Operations GmbH & Co. KG
--------------------
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
136576 bytes
Created:  17.03.2012 16:15
Modified: 24.04.2011 23:00
Company:  SEIKO EPSON CORPORATION
--------------------
C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
1809720 bytes
Created:  23.09.2014 22:53
Modified: 12.05.2014 07:24
Company:  Malwarebytes Corporation
--------------------
C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
860472 bytes
Created:  23.09.2014 22:53
Modified: 12.05.2014 07:24
Company:  Malwarebytes Corporation
--------------------
C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
6970168 bytes
Created:  23.09.2014 22:53
Modified: 12.05.2014 07:24
Company:  Malwarebytes Corporation
--------------------
C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
161016 bytes
Created:  17.09.2014 13:31
Modified: 17.09.2014 13:31
Company:  Avira Operations GmbH & Co. KG
--------------------
C:\Windows\System32\wbem\WmiPrvSE.exe
372736 bytes
Created:  02.11.2011 20:42
Modified: 20.11.2010 15:25
Company:  Microsoft Corporation
--------------------
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
2488888 bytes
Created:  19.06.2009 11:29
Modified: 19.06.2009 11:29
Company:  ASUS
--------------------
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
174648 bytes
Created:  22.12.2008 18:15
Modified: 22.12.2008 18:15
Company:  ASUS
--------------------
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
624432 bytes
Created:  23.09.2014 23:33
Modified: 15.08.2014 10:30
Company:  Avira Operations GmbH & Co. KG
--------------------
C:\Windows\System32\SearchIndexer.exe
591872 bytes
Created:  31.10.2011 21:06
Modified: 04.05.2011 07:19
Company:  Microsoft Corporation
--------------------
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
1260320 bytes
Created:  24.09.2014 00:02
Modified: 08.04.2013 13:32
Company:  NVIDIA Corporation
--------------------
C:\Windows\System32\SearchProtocolHost.exe
249856 bytes
Created:  31.10.2011 21:06
Modified: 04.05.2011 07:19
Company:  Microsoft Corporation
--------------------
C:\Program Files\Windows Media Player\wmpnetwk.exe
1525248 bytes
Created:  02.11.2011 20:42
Modified: 20.11.2010 15:25
Company:  Microsoft Corporation
--------------------
C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe
FileSize:          5468008
[This is a Trojan Remover component]
--------------------
--------------------
C:\Windows\System32\SearchFilterHost.exe
113664 bytes
Created:  31.10.2011 21:06
Modified: 04.05.2011 07:19
Company:  Microsoft Corporation
--------------------

************************************************************
13:08:23: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
13:08:23: Checking ----- ROGUE BROWSER MODIFICATIONS -----

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
about:blank
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 13:08:24 24 Sep 2014
Total Scan time: 00:01:37
************************************************************


======================================
[INCOMPLETE SCAN LOG RECOVERED]
======================================
***** DRIVE/DIRECTORY SCAN *****
Trojan Remover Ver 6.9.1.2931. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 10:31:25 24 Sep 2014
Using Database v8496
Operating System:  Windows 7 x64 Home Premium (SP1) [Build: 6.1.7601]
File System:       NTFS
UAC is ENABLED [default level]
UserData directory: C:\Users\Lena\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory:  C:\Users\Lena\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory:  C:\Program Files (x86)\Trojan Remover\
Running with Administrator privileges

************************************************************
Carrying out scan on C:\
(including subdirectories)
Archive files will be INCLUDED.
The scan will also include files already renamed by Trojan Remover.
------------------------------
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[INCOMPLETE SCAN LOG RECOVERED]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.9.1.2931. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 10:29:04 24 Sep 2014
Using Database v8496
Operating System:  Windows 7 x64 Home Premium (SP1) [Build: 6.1.7601]
File System:       NTFS
UAC is ENABLED [default level]
UserData directory: C:\Users\Lena\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory:  C:\Users\Lena\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory:  C:\Program Files (x86)\Trojan Remover\
Running with Administrator privileges

************************************************************
10:29:07: ----- Checking Default File Associations -----
No modified default file associations detected

************************************************************
10:29:07: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
10:29:07: Scanning ----- Windows Registry -----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [explorer.exe]
File: C:\Windows\Explorer.exe
C:\Windows\Explorer.exe
2871808 bytes
Created:  31.10.2011 21:06
Modified: 25.02.2011 08:19
Company:  Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\Windows\system32\userinit.exe,]
File: C:\Windows\system32\userinit.exe
C:\Windows\System32\userinit.exe
30720 bytes
Created:  02.11.2011 20:41
Modified: 20.11.2010 15:25
Company:  Microsoft Corporation
----------
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: [ATKOSD2]
Value Data: [C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe]
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
5732992 bytes
Created:  17.08.2010 15:55
Modified: 17.08.2010 15:55
Company:  ASUS
--------------------
Value Name: [ATKMEDIA]
Value Data: [C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe]
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
170624 bytes
Created:  07.10.2010 15:05
Modified: 07.10.2010 15:05
Company:  ASUS
--------------------
Value Name: [HControlUser]
Value Data: [C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe]
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
105016 bytes
Created:  19.06.2009 11:29
Modified: 19.06.2009 11:29
Company:  ASUS
--------------------
Value Name: [Avira Systray]
Value Data: [C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe]
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
164656 bytes
Created:  17.09.2014 13:31
Modified: 17.09.2014 13:31
Company:  Avira Operations GmbH & Co. KG
--------------------
Value Name: [avgnt]
Value Data: ["C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min]
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
751184 bytes
Created:  23.09.2014 23:33
Modified: 15.08.2014 10:30
Company:  Avira Operations GmbH & Co. KG
--------------------
Value Name: [TrojanScanner]
Value Data: [C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot]
C:\Program Files (x86)\Trojan Remover\Trjscan.exe
1666432 bytes
Created:  24.09.2014 10:13
Modified: 22.05.2014 19:53
Company:  Simply Super Software
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: [EPLTarget\P0000000000000000]
Value Data: [C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus Office BX535WD" /EF "HKCU"]
C:\Windows\SysWoW64\spool\DRIVERS\x64\3\E_YATIHTU.EXE
239488 bytes
Created:  17.03.2012 16:14
Modified: 24.04.2011 23:01
Company:  SEIKO EPSON CORPORATION
--------------------
Value Name: [EPLTarget\P0000000000000001]
Value Data: [C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE /EPT "EPLTarget\P0000000000000001" /M "Epson Stylus Office BX535WD" /EF "HKCU"]
C:\Windows\SysWoW64\spool\DRIVERS\x64\3\E_YATIHTU.EXE
239488 bytes
Created:  17.03.2012 16:14
Modified: 24.04.2011 23:01
Company:  SEIKO EPSON CORPORATION
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty

************************************************************
10:29:13: Scanning ----- Windows 64-Bit Registry -----
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: [AmIcoSinglun64]
Value Data: [C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe]
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
324096 bytes
Created:  11.08.2010 15:21
Modified: 11.08.2010 15:21
Company:  Alcor Micro Corp.
--------------------
Value Name: [ETDCtrl]
Value Data: [%ProgramFiles%\Elantech\ETDCtrl.exe]
C:\Program Files\Elantech\ETDCtrl.exe
2587944 bytes
Created:  13.12.2010 22:12
Modified: 13.12.2010 22:12
Company:  ELAN Microelectronics Corp.
--------------------
Value Name: [IgfxTray]
Value Data: ["C:\Windows\system32\igfxtray.exe"]
C:\Windows\System32\igfxtray.exe
171992 bytes
Created:  29.01.2014 23:02
Modified: 29.01.2014 23:02
Company:  Intel Corporation
--------------------
Value Name: [HotKeysCmds]
Value Data: ["C:\Windows\system32\hkcmd.exe"]
C:\Windows\System32\hkcmd.exe
399832 bytes
Created:  29.01.2014 23:02
Modified: 29.01.2014 23:02
Company:  Intel Corporation
--------------------
Value Name: [Persistence]
Value Data: ["C:\Windows\system32\igfxpers.exe"]
C:\Windows\System32\igfxpers.exe
442328 bytes
Created:  29.01.2014 23:02
Modified: 29.01.2014 23:02
Company:  Intel Corporation
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty

************************************************************
10:29:16: Scanning -----SHELLEXECUTEHOOKS-----
ShellExecuteHooks key is empty

************************************************************
10:29:16: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
10:29:16: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
10:29:16: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key:  {2D46B6DC-2207-486B-B523-A557E6D54B47}
Path: C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
C:\Windows\SysWoW64\ie4uinit.exe - [file not found to scan]
----------

************************************************************
10:29:16: Scanning ----- SERVICEDLL REGISTRY KEYS -----

************************************************************
10:29:28: Scanning ----- SERVICES REGISTRY KEYS -----
Key:       03e661da
ImagePath: "C:\Windows\system32\rundll32.exe" "c:\progra~3\winfil~1\WinFilterSvc.dll",service
c:\progra~3\winfil~1\WinFilterSvc.dll - [file not found to scan]
----------

************************************************************
10:29:56: Scanning -----VXD ENTRIES-----

************************************************************
10:29:56: Scanning ----- ContextMenuHandlers -----

************************************************************
10:29:56: Scanning ----- Folder\ColumnHandlers -----

************************************************************
10:29:56: Scanning ----- 64-Bit ContextMenuHandlers -----
Key:   Shell Extension for Malware scanning
CLSID: {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
Path:  C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll
C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll
2591824 bytes
Created:  23.09.2014 23:33
Modified: 15.08.2014 10:30
Company:  Avira Operations GmbH & Co. KG
----------

************************************************************
10:29:56: Scanning ----- 64-Bit Folder\ColumnHandlers -----

************************************************************
10:29:56: Scanning ----- Browser Helper Objects -----
Key: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01}
BHO: C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
96128 bytes
Created:  09.04.2014 15:12
Modified: 09.04.2014 15:12
Company:  McAfee, Inc.
----------
Key: {B4F3A835-0E21-4959-BA22-42B3008E02FF}
BHO: C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
562904 bytes
Created:  06.03.2013 08:37
Modified: 06.03.2013 08:37
Company:  Microsoft Corporation
----------

************************************************************
10:29:57: Scanning ----- 64-Bit Browser Helper Objects -----
Key: {B4F3A835-0E21-4959-BA22-42B3008E02FF}
BHO: C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
690392 bytes
Created:  06.03.2013 08:39
Modified: 06.03.2013 08:39
Company:  Microsoft Corporation
----------

************************************************************
10:29:58: Scanning ----- ShellServiceObjectDelayLoad Entries -----

************************************************************
10:29:58: Scanning ----- 64-Bit ShellServiceObjectDelayLoad Entries -----

************************************************************
10:29:58: Scanning ----- ShellServiceObjects -----

************************************************************
10:30:10: Scanning ----- 64-Bit ShellServiceObjects -----

************************************************************
10:30:21: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
No SharedTaskScheduler entries found to scan

************************************************************
10:30:21: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
10:30:21: Scanning ----- APPINIT_DLLS -----
AppInitDLLs entry = [c:\windows\syswow64\nvinit.dll,C:\Windows\SysWOW64\nvinit.dll]
File: c:\windows\syswow64\nvinit.dll
c:\windows\syswow64\nvinit.dll
201576 bytes
Created:  31.10.2011 20:47
Modified: 08.04.2013 13:32
Company:  NVIDIA Corporation
----------
File: C:\Windows\SysWOW64\nvinit.dll
C:\Windows\SysWOW64\nvinit.dll
201576 bytes
Created:  31.10.2011 20:47
Modified: 08.04.2013 13:32
Company:  NVIDIA Corporation
----------

************************************************************
10:30:22: Scanning ----- 64-Bit APPINIT_DLLS -----
AppInitDLLs entry = [C:\Windows\system32\nvinitx.dll]
File: C:\Windows\system32\nvinitx.dll
C:\Windows\System32\nvinitx.dll
245872 bytes
Created:  31.10.2011 20:47
Modified: 08.04.2013 13:32
Company:  NVIDIA Corporation
----------

************************************************************
10:30:22: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
10:30:22: Scanning ----- CREDENTIAL PROVIDERS -----

************************************************************
10:30:27: Scanning ------ COMMON STARTUP GROUP ------
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created:  14.07.2009 06:54
Modified: 14.07.2009 06:54
Company:  [no info]
--------------------
McAfee Security Scan Plus.lnk - links to C:\PROGRA~1\MCAFEE~1\385C9A~1.150\SSSCHE~1.EXE
C:\PROGRA~1\MCAFEE~1\385C9A~1.150\SSSCHE~1.EXE
332016 bytes
Created:  09.04.2014 15:14
Modified: 09.04.2014 15:14
Company:  McAfee, Inc.
--------------------

************************************************************
10:30:28: Scanning ----- USER STARTUP GROUPS -----
Checking Startup Group for: Lena
[C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created:  31.10.2011 20:00
Modified: 25.08.2014 20:08
Company:  [no info]
----------
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - links to C:\PROGRA~2\MICROS~2\Office14\ONENOTEM.EXE
C:\PROGRA~2\MICROS~2\Office14\ONENOTEM.EXE
228552 bytes
Created:  25.06.2013 21:48
Modified: 25.06.2013 21:48
Company:  Microsoft Corporation
----------
--------------------

************************************************************
10:30:29: Scanning ----- SCHEDULED TASKS -----
Taskname:      Adobe Flash Player Updater
File:          C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
267440 bytes
Created:  03.10.2012 10:37
Modified: 21.09.2014 14:40
Company:  Adobe Systems Incorporated
Schedule:      At 01:43:00 every day
Next Run Time: 24.09.2014 10:43:00
Status:        Ready
Creator:       Adobe Systems Incorporated
Comments:      Mit diesem Task ist Ihre Flash Player-Installation immer aktuell und verwendet die neuesten Verbesserungen und Sicherheits-Fixes. Wenn dieser Task deaktiviert oder entfernt wird, kann Adobe Flash Player Ihren Computer nicht automatisch mit den neuesten Sicherheits-Fixes sichern.
----------
Taskname:      ATKOSD2
File:          C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
5732992 bytes
Created:  17.08.2010 15:55
Modified: 17.08.2010 15:55
Company:  ASUS
Schedule:      At logon
Next Run Time: 
Status:        Running
Creator:       SSD, ASUSTek
Comments:      
----------

************************************************************
10:30:31: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
10:30:31: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: msacm.l3acm
File:  C:\Windows\SysWOW64\l3codeca.acm
C:\Windows\SysWOW64\l3codeca.acm
64000 bytes
Created:  14.07.2009 02:07
Modified: 14.07.2009 03:14
Company:  Fraunhofer Institut Integrierte Schaltungen IIS
----------

************************************************************
10:30:32: ----- ADDITIONAL CHECKS -----
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
642987 bytes
Created:  31.10.2011 20:00
Modified: 31.10.2011 20:00
Company:  [no info]
----------
Web Desktop Wallpaper entry is blank
----------
Checks for rogue DNS NameServers completed
----------
Checks for Backdoor.ZeroAccess completed
----------
Safe Mode checks completed
----------
Additional checks completed

************************************************************
10:30:33: Scanning ----- RUNNING PROCESSES -----

C:\Windows\System32\smss.exe
112640 bytes
Created:  15.09.2013 19:14
Modified: 02.08.2013 02:59
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\csrss.exe
7680 bytes
Created:  14.07.2009 01:19
Modified: 14.07.2009 03:39
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\wininit.exe
129024 bytes
Created:  14.07.2009 01:52
Modified: 14.07.2009 03:39
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\services.exe
328704 bytes
Created:  14.07.2009 01:19
Modified: 14.07.2009 03:39
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\winlogon.exe
455168 bytes
Created:  23.05.2014 21:50
Modified: 04.03.2014 11:43
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\lsass.exe
31232 bytes
Created:  23.05.2014 21:50
Modified: 12.04.2014 04:19
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\lsm.exe
343040 bytes
Created:  02.11.2011 20:41
Modified: 20.11.2010 15:24
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\svchost.exe
27136 bytes
Created:  14.07.2009 01:31
Modified: 14.07.2009 03:39
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\nvvsvc.exe
884512 bytes
Created:  28.01.2011 18:34
Modified: 14.03.2013 08:28
Company:  NVIDIA Corporation
--------------------
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
1134880 bytes
Created:  28.01.2011 18:33
Modified: 14.03.2013 08:29
Company:  NVIDIA Corporation
--------------------
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
84536 bytes
Created:  15.06.2009 18:30
Modified: 15.06.2009 18:30
Company:  ASUS
--------------------
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
96896 bytes
Created:  15.12.2009 11:39
Modified: 15.12.2009 11:39
Company:  ASUS
--------------------
C:\Windows\System32\spoolsv.exe
559104 bytes
Created:  15.08.2012 11:53
Modified: 11.02.2012 08:36
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\dwm.exe
120320 bytes
Created:  14.07.2009 01:37
Modified: 14.07.2009 03:39
Company:  Microsoft Corporation
--------------------
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
430160 bytes
Created:  23.09.2014 23:33
Modified: 15.08.2014 10:30
Company:  Avira Operations GmbH & Co. KG
--------------------
C:\Windows\System32\taskhost.exe
68608 bytes
Created:  13.01.2013 12:25
Modified: 23.11.2012 05:13
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE
239488 bytes
Created:  17.03.2012 16:14
Modified: 24.04.2011 23:01
Company:  SEIKO EPSON CORPORATION
--------------------
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
332016 bytes
Created:  09.04.2014 15:14
Modified: 09.04.2014 15:14
Company:  McAfee, Inc.
--------------------
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
2450208 bytes
Created:  28.01.2011 18:34
Modified: 14.03.2013 08:29
Company:  NVIDIA Corporation
--------------------
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
228552 bytes
Created:  25.06.2013 21:48
Modified: 25.06.2013 21:48
Company:  Microsoft Corporation
--------------------
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
166528 bytes
Created:  25.01.2011 12:32
Modified: 25.01.2011 12:32
Company:  ASUS
--------------------
C:\Windows\System32\taskeng.exe
464384 bytes
Created:  02.11.2011 20:42
Modified: 20.11.2010 15:25
Company:  Microsoft Corporation
--------------------
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
430160 bytes
Created:  23.09.2014 23:33
Modified: 15.08.2014 10:30
Company:  Avira Operations GmbH & Co. KG
--------------------
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
136576 bytes
Created:  17.03.2012 16:15
Modified: 24.04.2011 23:00
Company:  SEIKO EPSON CORPORATION
--------------------
C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
1809720 bytes
Created:  23.09.2014 22:53
Modified: 12.05.2014 07:24
Company:  Malwarebytes Corporation
--------------------
C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
860472 bytes
Created:  23.09.2014 22:53
Modified: 12.05.2014 07:24
Company:  Malwarebytes Corporation
--------------------
C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
161016 bytes
Created:  17.09.2014 13:31
Modified: 17.09.2014 13:31
Company:  Avira Operations GmbH & Co. KG
--------------------
C:\Windows\System32\wbem\WmiPrvSE.exe
372736 bytes
Created:  02.11.2011 20:42
Modified: 20.11.2010 15:25
Company:  Microsoft Corporation
--------------------
C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
6970168 bytes
Created:  23.09.2014 22:53
Modified: 12.05.2014 07:24
Company:  Malwarebytes Corporation
--------------------
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
2488888 bytes
Created:  19.06.2009 11:29
Modified: 19.06.2009 11:29
Company:  ASUS
--------------------
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
174648 bytes
Created:  22.12.2008 18:15
Modified: 22.12.2008 18:15
Company:  ASUS
--------------------
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
624432 bytes
Created:  23.09.2014 23:33
Modified: 15.08.2014 10:30
Company:  Avira Operations GmbH & Co. KG
--------------------
C:\Windows\System32\SearchIndexer.exe
591872 bytes
Created:  31.10.2011 21:06
Modified: 04.05.2011 07:19
Company:  Microsoft Corporation
--------------------
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
1260320 bytes
Created:  24.09.2014 00:02
Modified: 08.04.2013 13:32
Company:  NVIDIA Corporation
--------------------
C:\Program Files\Windows Media Player\wmpnetwk.exe
1525248 bytes
Created:  02.11.2011 20:42
Modified: 20.11.2010 15:25
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\SearchProtocolHost.exe
249856 bytes
Created:  31.10.2011 21:06
Modified: 04.05.2011 07:19
Company:  Microsoft Corporation
--------------------
C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe
FileSize:          5468008
[This is a Trojan Remover component]
--------------------
--------------------
C:\Program Files\Windows Defender\MpCmdRun.exe
190976 bytes
Created:  14.07.2009 01:53
Modified: 14.07.2009 03:39
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\SearchFilterHost.exe
113664 bytes
Created:  31.10.2011 21:06
Modified: 04.05.2011 07:19
Company:  Microsoft Corporation
--------------------

************************************************************
10:30:50: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
10:30:50: Checking ----- ROGUE BROWSER MODIFICATIONS -----

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
about:blank
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 10:30:50 24 Sep 2014
Total Scan time: 00:01:45
************************************************************


***** WINDOWS HOSTS FILE RESET *****
Trojan Remover Ver 6.9.1.2931. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 10:28:43 24 Sep 2014
Using Database v8496
Operating System:  Windows 7 x64 Home Premium (SP1) [Build: 6.1.7601]
File System:       NTFS
UAC is ENABLED [default level]
UserData directory: C:\Users\Lena\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory:  C:\Users\Lena\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory:  C:\Program Files (x86)\Trojan Remover\
Running with Administrator privileges

************************************************************
The original HOSTS file has been backed up to C:\Windows\system32\Drivers\etc\hosts.trb
The HOSTS file has been reset to the default supplied by Microsoft
************************************************************


***** WINDOWS EXPLORER POLICIES RESET *****
Trojan Remover Ver 6.9.1.2931. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 10:28:28 24 Sep 2014
Using Database v8496
Operating System:  Windows 7 x64 Home Premium (SP1) [Build: 6.1.7601]
File System:       NTFS
UAC is ENABLED [default level]
UserData directory: C:\Users\Lena\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory:  C:\Users\Lena\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory:  C:\Program Files (x86)\Trojan Remover\
Running with Administrator privileges

************************************************************
Checking for HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
 - no action required on this key as it does not exist
----------
Checking for HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
 - no action required on this key as it does not exist
Checking for HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
 - no action required: value either does not exist or is set to False
Checking for HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{450D8FBA-AD25-11D0-98A8-0800361B1103}
 - no action required: value either does not exist or is set to False
----------
Checking for HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
 - no action required on this key as it does not exist
----------
Checking Values in:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
 - no values to check [key does not exist]
----------
Checking Values in:
HKCU\Control Panel\Desktop
Value: WallpaperOriginX - value has been removed
Value: WallpaperOriginY - value has been removed
----------
Checking HKCU ActiveDesktop Policies:
----------
Checking HKCU Add/Remove Programs Policies:
----------
Checking for HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
 - no action required on this key as it does not exist
----------
Checking Values in:
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Value: DisallowRun            - value does not exist, no action required
Value: NoActiveDesktopChanges - value has been removed
Value: NoActiveDesktop        - value has been removed
Value: NoFileMenu             - value does not exist, no action required
Value: NoClose                - value does not exist, no action required
Value: NoDesktop              - value does not exist, no action required
Value: NoDrives               - value does not exist, no action required
Value: NoFind                 - value does not exist, no action required
Value: NoFolderOptions        - value does not exist, no action required
Value: NoRun                  - value does not exist, no action required
Value: NoFavoritesMenu        - value does not exist, no action required
Value: NoSetFolders           - value does not exist, no action required
Value: NoControlPanel         - value does not exist, no action required
Value: ForceActiveDesktopOn   - value has been removed
----------
Checking HKLM ActiveDesktop Policies:
Value: NoComponents                   - value has been removed
Value: NoAddingComponents             - value has been removed
----------
Checking HKLM Add/Remove Programs Policies:
----------
************************************************************


***** LAYERED SERVICE PROVIDER CHECKS *****
Trojan Remover Ver 6.9.1.2931. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 10:28:19 24 Sep 2014
Using Database v8496
Operating System:  Windows 7 x64 Home Premium (SP1) [Build: 6.1.7601]
File System:       NTFS
UAC is ENABLED [default level]
UserData directory: C:\Users\Lena\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory:  C:\Users\Lena\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory:  C:\Program Files (x86)\Trojan Remover\
Running with Administrator privileges

************************************************************
No errors were located in the Layered Service Provider Registry entries.
No action was taken.
************************************************************


***** INTERNET EXPLORER HOME/START/SEARCH PAGE AND POLICY RESTRICTIONS RESET ****
Trojan Remover Ver 6.9.1.2931. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 10:27:57 24 Sep 2014
Using Database v8496
Operating System:  Windows 7 x64 Home Premium (SP1) [Build: 6.1.7601]
File System:       NTFS
UAC is ENABLED [default level]
UserData directory: C:\Users\Lena\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory:  C:\Users\Lena\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory:  C:\Program Files (x86)\Trojan Remover\
Running with Administrator privileges

************************************************************
Existing Home/Start/Search Page settings are as follows:
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\SysWOW64\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
hxxp://www.google.com
These settings will now be reset to their defaults:
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoToolbarCustomize" policy reset to default
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoBandCustomize" policy reset to default
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL" has been reset
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL" has been reset
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page" has been reset
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes\"www" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes\"ftp" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes\"gopher" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes\"home" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes\"mosaic" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Local Page" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_FullURL" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_ToolBar" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_URLToolBar" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_StatusBar" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_URLinStatusBar" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Window_Placement" has been reset
--------------------
************************************************************

aswMBR

Code:
ATTFilter
aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-09-23 22:24:43
-----------------------------
22:24:43.304    OS Version: Windows x64 6.1.7601 Service Pack 1
22:24:43.304    Number of processors: 4 586 0x2A07
22:24:43.304    ComputerName: LENA-PC  UserName: Lena
22:24:45.098    Initialize success
22:24:45.160    VM: initialized successfully
22:24:45.207    VM: Intel CPU supported 
22:24:50.444    VM: supported disk I/O ataport.SYS
22:25:07.234    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:25:07.249    Disk 0 Vendor: ST9500325AS 0003SDM1 Size: 476940MB BusType: 11
22:25:07.405    VM: Disk 0 MBR read successfully
22:25:07.405    Disk 0 MBR scan
22:25:07.405    Disk 0 Windows 7 default MBR code
22:25:07.436    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
22:25:07.452    Disk 0 default boot code
22:25:07.468    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       476838 MB offset 206848
22:25:07.577    Disk 0 scanning C:\Windows\system32\drivers
22:25:15.704    Service scanning
22:25:35.064    Modules scanning
22:25:35.594    Disk 0 trace - called modules:
22:25:35.672    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
22:25:35.672    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800511f060]
22:25:35.688    3 CLASSPNP.SYS[fffff880015cb43f] -> nt!IofCallDriver -> [0xfffffa8004ad7520]
22:25:35.704    5 ACPI.sys[fffff88000ef27a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004ad6680]
22:25:35.719    Scan finished successfully
22:26:24.157    Disk 0 MBR has been saved successfully to "C:\Users\Lena\Documents\MBR.dat"
22:26:24.282    The log file has been saved successfully to "C:\Users\Lena\Documents\aswMBR.txt"

Ich hoffe, ich habe jetzt nichts falsch gemacht. Bitte um Nachsicht!

Viele Grüße

phoenixaz

 

Themen zu Internetbrowser sehr langsam, Downloads noch schlimmer, Windows öffnet selbst Fenster
classpnp.sys, device driver, fehlercode 0x5, fehlercode 0x80070490, fehlercode 22, fehlercode windows, hal.dll, mobogenie, mobogenie entfernen, nodrives, registry key, required, super, this device is disabled. (code 22), win32/adware.multiplug.h, win32/bundled.toolbar.ask, win32/bundled.toolbar.google.e, win32/toolbar.perion.a, win64/sprotector.a


« Android malware! | Proxyserverproblem - Haken Interneteinstellungen kehrt immer wieder zurück - Virus? »


Ähnliche Themen: Internetbrowser sehr langsam, Downloads noch schlimmer, Windows öffnet selbst Fenster


  1. Windows 7: booten dauert sehr lange, Firefox öffnet Werbung/Fenster
    Log-Analyse und Auswertung - 30.08.2014 (13)
  2. Windows 7 Firefox läuft nur noch sehr langsam
    Log-Analyse und Auswertung - 28.08.2014 (7)
  3. Windows 8: Internetbrowser öffnet neues Tab mit Werbung automatisch
    Log-Analyse und Auswertung - 28.08.2014 (17)
  4. Trojaner? Firefox öffnet selbst Fenster
    Plagegeister aller Art und deren Bekämpfung - 31.05.2014 (11)
  5. Desktop ist gesperrt, Windows 7 startet sehr langsam, Downloads werden nicht gespeichert
    Log-Analyse und Auswertung - 25.03.2014 (4)
  6. Windows 7 PC startet nur noch sehr langsam
    Log-Analyse und Auswertung - 09.01.2014 (7)
  7. Windows 7 PC startet nur noch sehr langsam
    Alles rund um Windows - 08.01.2014 (7)
  8. Windows 7: Sponsorship-Fenster öffnen sich + PC sehr langsam
    Log-Analyse und Auswertung - 19.09.2013 (11)
  9. Downloads wie Flash, Java oder Firefox Updates laden sehr langsam. Unbekannte Downloads laden jedoch schnell.
    Plagegeister aller Art und deren Bekämpfung - 19.01.2013 (7)
  10. Alle Internetbrowser sehr langsam!
    Log-Analyse und Auswertung - 13.11.2012 (5)
  11. Cmd Fenster öffnet sich nach dem Start, danach ist der PC sehr langsam.
    Plagegeister aller Art und deren Bekämpfung - 11.06.2012 (17)
  12. Virus? WinXP Dos Fenster öffnet sich kurz, dann Internet sehr langsam!
    Plagegeister aller Art und deren Bekämpfung - 21.02.2012 (1)
  13. [crossposting/keygen] Acer / Internetbrowser sehr langsam ....
    Mülltonne - 11.10.2011 (7)
  14. Internetbrowser sehr langsam
    Plagegeister aller Art und deren Bekämpfung - 13.05.2011 (5)
  15. Dauert sehr lange bis sich mein Internetbrowser öffnet
    Log-Analyse und Auswertung - 14.03.2011 (68)
  16. IExplorer öffnet von selbst fenster mit werbung
    Log-Analyse und Auswertung - 20.06.2010 (2)
  17. Explorer Fenster öffnet sich ständig von selbst
    Log-Analyse und Auswertung - 09.11.2008 (8)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Internetbrowser sehr langsam, Downloads noch schlimmer, Windows öffnet selbst Fenster - Guten Abend ihr Retter, ich habe das Laptop einer Bekannten erhalten mit der Bitte um Hilfe. Sie denkt, sie hat sich einen Schädling eingefangen. Es ist ein Intel I-5 2430M - Internetbrowser sehr langsam, Downloads noch schlimmer, Windows öffnet selbst Fenster...
Archiv
Du betrachtest: Internetbrowser sehr langsam, Downloads noch schlimmer, Windows öffnet selbst Fenster auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19