Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Werbeblöcke ohne Bild

Werbeblöcke ohne Bild


Plagegeister aller Art und deren Bekämpfung: Werbeblöcke ohne Bild

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 4 von 4 « Erste 23 4
Alt 20.01.2015, 12:37   #1
schrauber
/// the machine
/// TB-Ausbilder
 
Werbeblöcke ohne Bild - Standard

Werbeblöcke ohne Bild


Definier mal bitte "rumgesurft":

Welcher Browser?
Welche Seiten?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.01.2015, 21:14   #2
rossel13
 
Werbeblöcke ohne Bild - Standard

schon wieder das Problem


So jetzt isser wieder da aufm Taskmanager heisst jetzt hxxp://cdn.usersyncads.com/?s=(dann 3,4 oder 5 Zahlen die ständig wechseln) -Intern... mehr sehe ich nicht auf dem Taskmanager.
Ab und zu nennt sich die Seite auch timesherold.com oder cycling.com. Nachwievor auf dem Internetexplorer zu finden und ist nicht zu öffnen oder zu schliessen. Nur auf dem Taskmanager bleibt sie zu finden.
Ich surfe manchmal in einem Erotikforum wo wir angemeldet sind (Joyclub). Ich dachte schon dass dort die Ursache liegen könnte. Allerdings tauchte diese Seite wieder auf ohne dass ich darauf war.
Ich weiss natürlich nicht wo meine beiden pubertierenden Kinder noch draufwaren. Allerdings haben die ihren eigenen PC bzw Laptop.
Was kann ich machen?

Auf em Laptop sind wir eigentlich nur im Firefox. Die Seite im Taskmanager befindet sich aber im InternetExplorer.
__________________
Alt 24.01.2015, 10:41   #3
schrauber
/// the machine
/// TB-Ausbilder
 
Werbeblöcke ohne Bild - Standard

Werbeblöcke ohne Bild


Downloade Dir HitmanProauf Deinen Desktop:

HitmanPro-32 Bit Version
HitmanPro-64 Bit Version
  • Starte die HitmanPro.exe
  • Klicke auf
  • Entferne den Haken bei
  • Klicke auf
    und
  • Akzeptiere die Lizenzbedingungen und klicke auf
  • Klicke auf

    und auf
  • Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
    und speichere die Logdatei auf Deinem Desktop.
  • Schließe HitmanPro und poste mir das Log.
__________________
__________________
Alt 24.01.2015, 20:36   #4
rossel13
 
Werbeblöcke ohne Bild - Standard

Hier kommt die Logdatei


Code:
ATTFilter
HitmanPro 3.7.9.234
www.hitmanpro.com

   Computer name . . . . : LIEBE123
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Liebe123\Liebe
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2015-01-24 20:15:01
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 11m 46s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 2
   Traces  . . . . . . . : 39

   Objects scanned . . . : 1.676.886
   Files scanned . . . . : 40.752
   Remnants scanned  . . : 454.964 files / 1.181.170 keys

Malware _____________________________________________________________________

   C:\Users\Liebe\Downloads\DivX.Web.Player.Installer__8420_i1429783573_il445808.exe
      Size . . . . . . . : 573.632 bytes
      Age  . . . . . . . : 32.0 days (2014-12-23 20:31:46)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : B879B5A332E31CF396D7C9C9C261AE03E22CCEB3511829226D39038ED54F13FE
      Product
      Publisher
      Description
      Version  . . . . . : 1.1.5.90
      Copyright
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.Amonetize.rzi
      Fuzzy  . . . . . . : 104.0

   C:\Users\Liebe\Downloads\DivX.Web.Player.Installer__8420_i1429803366_il451544.exe
      Size . . . . . . . : 573.632 bytes
      Age  . . . . . . . : 32.0 days (2014-12-23 21:00:40)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : B879B5A332E31CF396D7C9C9C261AE03E22CCEB3511829226D39038ED54F13FE
      Product
      Publisher
      Description
      Version  . . . . . : 1.1.5.90
      Copyright
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.Amonetize.rzi
      Fuzzy  . . . . . . : 104.0


Suspicious files ____________________________________________________________

   C:\Users\Liebe\Documents\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2.125.312 bytes
      Age  . . . . . . . : 23.2 days (2015-01-01 15:40:23)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : D42E463907E55EF3A10FA07D446566B3D25BFBDCE6D0F6B9ADDE878F6B4F91F1
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 22.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
      Forensic Cluster
         -13.1s C:\Users\Liebe\AppData\Local\Opera\Opera\cache\turbo\g_0000\opr0001F.tmp
         -13.1s C:\Users\Liebe\AppData\Local\Opera\Opera\cache\turbo\g_0000\opr0001G.tmp
         -13.1s C:\Users\Liebe\AppData\Local\Opera\Opera\cache\turbo\g_0000\opr0001H.tmp
         -13.1s C:\Users\Liebe\AppData\Local\Opera\Opera\cache\turbo\g_0000\opr0001I.tmp
         -11.4s C:\Users\Liebe\AppData\Local\Opera\Opera\cache\turbo\g_0000\opr0001K.tmp
         -11.3s C:\Users\Liebe\AppData\Local\Opera\Opera\cache\turbo\assoc002\g_0000\
         -11.3s C:\Users\Liebe\AppData\Local\Opera\Opera\cache\turbo\assoc002\g_0000\opr0001K.000
         -4.4s C:\Users\Liebe\AppData\Local\Opera\Opera\cache\turbo\g_0000\opr0001L.tmp
         -3.1s C:\Users\Liebe\AppData\Local\Opera\Opera\cache\turbo\g_0000\opr0001M.tmp
         -3.1s C:\Users\Liebe\AppData\Local\Opera\Opera\cache\turbo\g_0000\opr0001N.tmp
         -3.1s C:\Users\Liebe\AppData\Local\Opera\Opera\cache\turbo\g_0000\opr0001O.tmp
         -3.1s C:\Users\Liebe\AppData\Local\Opera\Opera\cache\turbo\g_0000\opr0001Q.tmp
         -3.1s C:\Users\Liebe\AppData\Local\Opera\Opera\cache\turbo\g_0000\opr0001R.tmp
          0.0s C:\Users\Liebe\Documents\FRST-OlderVersion\FRST64.exe

   C:\Users\Liebe\Documents\FRST64.exe
      Size . . . . . . . : 2.126.848 bytes
      Age  . . . . . . . : 6.1 days (2015-01-18 17:50:41)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : A3F75C5E7A0A8BF39D2487BEA78BEF92B8A497F1F4460C0C8E799E26EA9EEFB5
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      References
         HKU\S-1-5-21-2965614916-3253371305-2247639429-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\Liebe\Documents\FRST64.exe
      Forensic Cluster
         -2.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{B88ACF16-6173-4EE3-983F-C94EE66F3993}
          0.0s C:\Users\Liebe\Documents\FRST64.exe
         18.5s C:\Users\Liebe\Documents\FRST.txt

   C:\Users\Liebe\Downloads\FRST.exe
      Size . . . . . . . : 1.114.624 bytes
      Age  . . . . . . . : 27.0 days (2014-12-28 21:19:26)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : FE2D272E9E7468BAB89F4E6B937833A1B52AD0BF5D914450C3E804F94124A824
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 22.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.

   C:\Users\Liebe\Downloads\FRST64(1).exe
      Size . . . . . . . : 2.123.264 bytes
      Age  . . . . . . . : 24.0 days (2014-12-31 19:13:44)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 8CF775131B705B240CA7817194B39F077788FA37405B0449719875FBAA05BB68
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 22.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.

   C:\Users\Liebe\Downloads\FRST64(2).exe
      Size . . . . . . . : 2.123.264 bytes
      Age  . . . . . . . : 23.2 days (2015-01-01 15:48:36)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 5A11CB78DF1AA730175EFF93BD9FA4F5EA5D9D925106EE7803E0DAD29426315F
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 22.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.

   C:\Users\Liebe\Downloads\FRST64(3).exe
      Size . . . . . . . : 2.123.776 bytes
      Age  . . . . . . . : 20.0 days (2015-01-04 19:57:34)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : A693D0EC548FF1E356F6664CD1F5CADE70CDA78455E82AEDE4FA6B4582C2F9AB
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 23.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe
          0.0s C:\Users\Liebe\Downloads\FRST64(3).exe

   C:\Users\Liebe\Downloads\FRST64.exe
      Size . . . . . . . : 2.123.264 bytes
      Age  . . . . . . . : 27.0 days (2014-12-28 21:21:30)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 8CF775131B705B240CA7817194B39F077788FA37405B0449719875FBAA05BB68
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 22.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
      Forensic Cluster
          0.0s C:\Users\Liebe\Downloads\FRST64.exe
         27.8s C:\Users\Liebe\Downloads\FRST.txt
         27.8s C:\Users\Liebe\Downloads\FRST.txt
         27.8s C:\Users\Liebe\Downloads\FRST.txt


Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Clients\StartMenuInternet\Opera\shell\open\command\ (Webssearches)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6A54B56C58C82a4688AFB93F42EA17B\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646\ (AskBar)
   HKLM\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Opera\shell\open\command\ (Webssearches)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}\ (DomalQ)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}\ (DomalQ)
   HKU\.DEFAULT\Software\AskPartnerNetwork\ (AskBar)
   HKU\S-1-5-18\Software\AskPartnerNetwork\ (AskBar)
   HKU\S-1-5-21-2965614916-3253371305-2247639429-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)
   HKU\S-1-5-21-2965614916-3253371305-2247639429-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{98889811-442D-49DD-99D7-DC866BE87DBC} (Claro)

Alt 25.01.2015, 08:48   #5
schrauber
/// the machine
/// TB-Ausbilder
 
Werbeblöcke ohne Bild - Standard

Werbeblöcke ohne Bild


POste jetzt bitte nochmal ein frisches FRST log.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 25.01.2015, 14:36   #6
rossel13
 
Werbeblöcke ohne Bild - Standard

frst log


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Liebe (administrator) on LIEBE123 on 25-01-2015 13:33:00
Running from C:\Users\Liebe\Documents
Loaded Profiles: Liebe (Available profiles: Liebe)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885904 2013-06-03] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2013-06-03] (IDT, Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2013-06-03] (Intel Corporation)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-09-15] (EasyBits Software AS)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Reader Application Helper] => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400 2013-06-25] (Sony Corporation)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2965614916-3253371305-2247639429-1000\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090040 2012-12-21] (Nokia)
HKU\S-1-5-21-2965614916-3253371305-2247639429-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21445248 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2965614916-3253371305-2247639429-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
HKU\S-1-5-21-2965614916-3253371305-2247639429-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-2965614916-3253371305-2247639429-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2965614916-3253371305-2247639429-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-18\...\Run: [MP3 Skype Recorder] => C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe [1975296 2011-11-17] (Alexander Nikiforov)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKLM -> {030DAC61-1C9E-4822-BCA8-35F8DC38A356} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-2965614916-3253371305-2247639429-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Liebe\AppData\Roaming\Mozilla\Firefox\Profiles\r2tcxtg5.default-1421173287440
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2965614916-3253371305-2247639429-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF Extension: Adblock Plus - C:\Users\Liebe\AppData\Roaming\Mozilla\Firefox\Profiles\r2tcxtg5.default-1421173287440\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-13]
StartMenuInternet: Opera - C:\Program Files (x86)\Opera\Opera.exe hxxp://istart.webssearches.com/?type=sc&ts=1419363150&from=cvs4&uid=ST320LT020-9YG142_W045CV0X

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2013-05-23] (Sony Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [258664 2011-09-22] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [21264 2013-06-03] (Synaptics Incorporated)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-25 09:12 - 2015-01-25 09:12 - 04070576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-24 20:34 - 2015-01-24 20:34 - 00046706 _____ () C:\Users\Liebe\Desktop\HitmanPro_20150124_2034.log
2015-01-24 20:14 - 2015-01-24 20:35 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-24 20:13 - 2015-01-24 20:14 - 11225840 _____ (SurfRight B.V.) C:\Users\Liebe\Downloads\HitmanPro_x64.exe
2015-01-18 17:50 - 2015-01-25 13:33 - 00019219 _____ () C:\Users\Liebe\Documents\FRST.txt
2015-01-14 18:00 - 2015-01-22 18:28 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForLiebe
2015-01-14 18:00 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 18:00 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 18:00 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 18:00 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 18:00 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 18:00 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 18:00 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 18:00 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 18:00 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 18:00 - 2014-12-11 18:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 18:00 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 18:00 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 18:00 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 17:59 - 2015-01-23 20:20 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForLiebe.job
2015-01-13 21:27 - 2015-01-13 21:27 - 00000743 _____ () C:\Users\Liebe\Desktop\Start Emsisoft Emergency Kit.lnk
2015-01-13 21:26 - 2015-01-13 21:27 - 00000000 ____D () C:\EEK
2015-01-13 21:21 - 2015-01-13 21:21 - 01179936 _____ () C:\Users\Liebe\Downloads\Emsisoft Emergency Kit - CHIP-Installer.exe
2015-01-13 19:14 - 2015-01-13 19:14 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-13 19:14 - 2015-01-13 19:14 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-13 19:13 - 2015-01-13 19:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-13 19:13 - 2015-01-13 19:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-06 14:54 - 2015-01-06 14:54 - 00003852 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1389550501
2015-01-05 21:34 - 2015-01-05 21:34 - 00001133 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 26.lnk
2015-01-05 21:13 - 2015-01-25 13:32 - 00000000 ____D () C:\Users\Liebe\Documents\FRST-OlderVersion
2015-01-04 19:57 - 2015-01-04 19:57 - 02123776 _____ (Farbar) C:\Users\Liebe\Downloads\FRST64(3).exe
2015-01-01 15:48 - 2015-01-01 15:48 - 02123264 _____ (Farbar) C:\Users\Liebe\Downloads\FRST64(2).exe
2015-01-01 15:42 - 2015-01-19 22:18 - 00039326 _____ () C:\Users\Liebe\Documents\Addition.txt
2015-01-01 15:40 - 2015-01-25 13:32 - 02129920 _____ (Farbar) C:\Users\Liebe\Documents\FRST64.exe
2015-01-01 15:15 - 2015-01-01 15:15 - 00244264 _____ () C:\Users\Liebe\Documents\Firefox Setup Stub 34.0.5.exe
2015-01-01 13:49 - 2015-01-01 13:49 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Liebe\Downloads\revosetup95(1).exe
2014-12-31 19:13 - 2014-12-31 19:13 - 02123264 _____ (Farbar) C:\Users\Liebe\Downloads\FRST64(1).exe
2014-12-31 14:50 - 2014-12-31 14:50 - 00000770 _____ () C:\Users\Liebe\Desktop\JRT.txt
2014-12-31 14:47 - 2014-12-31 14:47 - 01707939 _____ (Thisisu) C:\Users\Liebe\Downloads\JRT(1).exe
2014-12-31 14:42 - 2014-12-31 14:42 - 00001720 _____ () C:\Users\Liebe\Desktop\AdwCleaner[S6].txt
2014-12-31 10:27 - 2014-12-31 10:28 - 02173952 _____ () C:\Users\Liebe\Downloads\AdwCleaner_4.106(3).exe
2014-12-30 20:56 - 2014-12-30 20:56 - 01707939 _____ (Thisisu) C:\Users\Liebe\Downloads\JRT.exe
2014-12-30 20:40 - 2014-12-30 20:40 - 02173952 _____ () C:\Users\Liebe\Downloads\AdwCleaner_4.106(2).exe
2014-12-30 20:07 - 2014-12-30 20:07 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-30 20:05 - 2014-12-30 20:06 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Liebe\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-29 21:40 - 2014-12-29 21:40 - 00023839 _____ () C:\ComboFix.txt
2014-12-29 21:26 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-29 21:26 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-29 21:26 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-29 21:26 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-29 21:26 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-29 21:26 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-29 21:26 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-29 21:26 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-29 21:25 - 2014-12-29 21:40 - 00000000 ____D () C:\ComboFix
2014-12-29 21:22 - 2014-12-29 21:40 - 00000000 ____D () C:\Qoobox
2014-12-29 21:21 - 2014-12-29 21:39 - 00000000 ____D () C:\Windows\erdnt
2014-12-29 21:20 - 2014-12-30 23:19 - 05604036 _____ (Swearware) C:\Users\Liebe\Downloads\ComboFix.exe
2014-12-29 21:11 - 2014-12-29 21:11 - 05603624 _____ (Swearware) C:\Users\Liebe\Desktop\ComboFix.exe
2014-12-29 20:59 - 2015-01-01 13:49 - 00001268 _____ () C:\Users\Liebe\Desktop\Revo Uninstaller.lnk
2014-12-29 20:57 - 2014-12-29 20:57 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Liebe\Downloads\revosetup95.exe
2014-12-28 21:24 - 2015-01-04 20:00 - 00039489 _____ () C:\Users\Liebe\Downloads\Addition.txt
2014-12-28 21:21 - 2015-01-04 20:00 - 00042871 _____ () C:\Users\Liebe\Downloads\FRST.txt
2014-12-28 21:21 - 2014-12-28 21:21 - 02123264 _____ (Farbar) C:\Users\Liebe\Downloads\FRST64.exe
2014-12-28 21:19 - 2014-12-28 21:19 - 01114624 _____ (Farbar) C:\Users\Liebe\Downloads\FRST.exe
2014-12-28 16:48 - 2014-12-28 16:48 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-12-28 16:48 - 2014-12-28 16:48 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-28 16:48 - 2014-12-28 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-28 16:48 - 2014-12-28 16:48 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-28 16:47 - 2014-12-28 16:47 - 04188536 _____ (Piriform Ltd) C:\Users\Liebe\Downloads\ccsetup501_slim.exe
2014-12-27 09:08 - 2014-12-27 09:08 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-25 13:33 - 2013-12-03 18:49 - 00000000 ____D () C:\FRST
2015-01-25 13:27 - 2009-07-14 05:45 - 00031248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-25 13:27 - 2009-07-14 05:45 - 00031248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-25 13:18 - 2013-09-21 18:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-25 13:18 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-25 13:18 - 2009-07-14 05:51 - 00162388 _____ () C:\Windows\setupact.log
2015-01-25 09:53 - 2012-08-24 17:35 - 01724628 _____ () C:\Windows\WindowsUpdate.log
2015-01-25 09:12 - 2013-09-21 18:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-25 09:12 - 2012-02-12 17:35 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 09:12 - 2012-02-12 17:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-25 00:13 - 2012-02-13 01:55 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2015-01-25 00:13 - 2012-02-13 01:55 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2015-01-25 00:13 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-24 21:05 - 2012-08-24 18:48 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C1A25C2E-7CB2-4E63-98A2-8A9ACEED5AFD}
2015-01-20 15:05 - 2012-08-26 20:30 - 00000000 ____D () C:\Users\Liebe\Desktop\Michael
2015-01-19 19:05 - 2012-12-17 09:25 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-19 19:05 - 2012-08-27 08:13 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-01-14 22:00 - 2013-08-14 22:46 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 21:55 - 2012-12-17 09:19 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 21:11 - 2012-09-18 19:57 - 00000000 ____D () C:\Users\Liebe\AppData\Local\CrashDumps
2015-01-14 21:11 - 2012-08-24 20:27 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-01-13 19:21 - 2014-12-23 22:04 - 00000000 ____D () C:\Users\Liebe\Desktop\Alte Firefox-Daten
2015-01-13 19:06 - 2010-11-21 04:47 - 00800102 _____ () C:\Windows\PFRO.log
2015-01-13 18:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-09 17:48 - 2012-08-24 18:36 - 00000000 ____D () C:\Users\Liebe\AppData\Roaming\Skype
2015-01-06 14:54 - 2012-08-26 08:54 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-01-01 15:10 - 2012-09-06 06:43 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-01-01 13:49 - 2013-12-17 07:06 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-31 14:38 - 2013-12-01 20:30 - 00000000 ____D () C:\AdwCleaner
2014-12-31 12:14 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-31 00:00 - 2014-06-09 21:31 - 00001203 _____ () C:\Users\Liebe\Desktop\mbam.txt
2014-12-30 23:56 - 2014-06-09 21:11 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-30 20:30 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\security
2014-12-30 20:07 - 2014-06-09 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-12-30 20:07 - 2014-06-09 21:09 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-29 21:37 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-28 17:01 - 2013-08-18 19:52 - 00000000 ____D () C:\Users\Liebe\AppData\Roaming\Media Player Classic
2014-12-28 16:29 - 2012-08-29 21:47 - 00000000 ____D () C:\Users\Liebe\AppData\Local\Adobe

Some content of TEMP:
====================
C:\Users\Liebe\AppData\Local\Temp\NOSEventMessages.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 15:35

==================== End Of Log ============================
--- --- ---

--- --- ---


Habe einen Neustart gemacht leider ist die Seite immer noch da auf dem Taskmanager.
Als ich den FRST machte erschien kurzerhand das gleiche Bild des FRsT-Scan um augenblicklich wieder zu verschwinden mit ihm öffnete sich ein weiteres Fenster welches auch mitverschwand....
Vielleicht sagt dir ja das etwas.
LG rossel13

Alt 25.01.2015, 16:10   #7
schrauber
/// the machine
/// TB-Ausbilder
 
Werbeblöcke ohne Bild - Standard

Werbeblöcke ohne Bild


Ich würde ja jetzt Daten sichern und neu aufsetzen. Ausser du hast Bock weiter rum zu probieren, dann machen wir weiter.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 25.01.2015, 19:54   #8
rossel13
 
Werbeblöcke ohne Bild - Standard

Werbeblöcke ohne Bild


wie gehe ich denn da vor beim neuaufsetzen?
ich glaube nicht dass ich eine "Discovery-CD" habe.
Kenne mich auch nicht so gut aus wie ich da vorgehen muss ohne Daten zu verlieren bzw. auf was ich achten muss.

Alt 26.01.2015, 09:51   #9
schrauber
/// the machine
/// TB-Ausbilder
 
Werbeblöcke ohne Bild - Standard

Werbeblöcke ohne Bild


Also erstmal speicherst Du jetzt alle wichtigen persönlichen Daten extern, dann meldest Du dich wieder, dann machen wir das
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 28.01.2015, 20:26   #10
rossel13
 
Werbeblöcke ohne Bild - Standard

Werbeblöcke ohne Bild


könnte die malware sich nicht an irgendwelche Daten dranhängen?
Bist du denn jetzt zur Bereit und kannst mich anleiten?
LG rossel13

Alt 29.01.2015, 07:13   #11
schrauber
/// the machine
/// TB-Ausbilder
 
Werbeblöcke ohne Bild - Standard

Werbeblöcke ohne Bild


Nein, du sollst ja nur deine privaten wichtigen Daten wie Bilder, Texte, Musik und Videos speichern. Da passiert nix.

http://www.trojaner-board.de/104197-...anleitung.html
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort
Seite 4 von 4 « Erste 23 4

Themen zu Werbeblöcke ohne Bild
ask toolbar entfernen, askbar, bild, bingbar, canon, ccleaner, ccsetup, device driver, fehlercode 0x80000003, fehlercode 0xc0000005, fehlercode windows, flwsrf entfernen, gemeinde, immer wieder, installmanager.exe, launch, liebe, protectwindowsmanager.exe, tagen, trotz, werbeeinblendungen


« Bedrohung gefunden durch avast - URL:Mal auf Windows 7 | Buchstaben verschwinden beim schreiben keine Wörter möglich »


Ähnliche Themen: Werbeblöcke ohne Bild


  1. Windows 8 ohne Adminrechte & ohne Kontextprogramme
    Log-Analyse und Auswertung - 01.05.2015 (11)
  2. .exe - ungültiges Bild
    Plagegeister aller Art und deren Bekämpfung - 30.03.2015 (20)
  3. Windows7: In Chrome öffnen sich Werbeblöcke, zusätzlich Tabs mit Werbung, PopUps
    Log-Analyse und Auswertung - 03.01.2015 (14)
  4. BKA Trojaner ohne abgesicherten Modus und ohne Repararurinstallation
    Plagegeister aller Art und deren Bekämpfung - 27.10.2014 (3)
  5. YouTube Videos ohne Bild angezeigt! Neuste Version von Flash schon installiert-GoogleChrome
    Plagegeister aller Art und deren Bekämpfung - 26.02.2014 (3)
  6. Werbeblöcke; Popups von http://rvzr-a.akamaihd.net/; Wörter grün unterstrichen; ... Nerviges im Browser
    Plagegeister aller Art und deren Bekämpfung - 23.12.2013 (20)
  7. Hartnäckiger PC-Wurm ohne Namen: Bild anbei
    Alles rund um Windows - 11.11.2013 (2)
  8. Hartnäckiger PC-Wurm ohne Namen: Bild anbei
    Plagegeister aller Art und deren Bekämpfung - 09.11.2013 (1)
  9. Bildschirmanzeige setzt teilweise aus (kein Bild) / Surfen ohne aktualisierten Virenscanner
    Log-Analyse und Auswertung - 25.10.2013 (7)
  10. Weises Bild, beim hochfahren sehe ich nur ganz kurz den Desktop,dann nur noch weises bild.
    Log-Analyse und Auswertung - 22.10.2013 (6)
  11. Neue Verschlüsselung ohne locked und ohne Dateiendung
    Plagegeister aller Art und deren Bekämpfung - 21.05.2012 (2)
  12. Werbung hörbar, ohne Bild oder Prozess!/ NOD32 meldet: JS/Kryptik.AI Trojaner
    Log-Analyse und Auswertung - 17.05.2011 (10)
  13. Pc fährt rauf und runter ohne Vorwahrnung und ohne Fehlermeldung
    Log-Analyse und Auswertung - 23.11.2010 (0)
  14. PC startet ohne Bild
    Netzwerk und Hardware - 22.11.2010 (19)
  15. Alle Handys - Gnstige Handys ohne SIM-Lock, ohne Net-Lock, ohne monatliche Ratenzahlu
    Mülltonne - 21.04.2008 (0)
  16. Alle Handys - Gnstige Handys ohne SIM-Lock, ohne Net-Lock, ohne monatliche Ratenzahlu
    Mülltonne - 21.04.2008 (0)
  17. HILFE - Bekomme Mails ohne Absender - Ohne Betreff - An: keine
    Plagegeister aller Art und deren Bekämpfung - 16.06.2005 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Werbeblöcke ohne Bild - Definier mal bitte "rumgesurft": Welcher Browser? Welche Seiten? - Werbeblöcke ohne Bild...
Archiv
Du betrachtest: Werbeblöcke ohne Bild auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19