|
Plagegeister aller Art und deren Bekämpfung: Vaudix AdsWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
20.01.2015, 22:02 | #1 |
| Vaudix Ads Hallo, ich habe mir seit langem mal wieder was eingefangen. Bei einem Download scheine ich mir die omiga-plus toolbar eingefangen. Die habe ich mittlerweile entfernen können. Nun im Anschluss kommt noch Vaudix ins Spiel. Das bekomme ich leider nicht los. Bitte helft mir ich bin die Werbung leid!! Danke schonmal im vorraus. Liebe Grüße Tobi |
20.01.2015, 22:27 | #2 |
/// the machine /// TB-Ausbilder | Vaudix Ads hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
20.01.2015, 22:35 | #3 |
| Vaudix AdsFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015 Ran by Tobi (administrator) on TOBI-PC on 20-01-2015 22:33:36 Running from C:\Users\Tobi\Downloads Loaded Profiles: Tobi (Available profiles: Tobi) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Turtle Entertainment GmbH) H:\Programme\EslWire\wire.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe () H:\Programme\EslWire\service\WireHelperSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe () C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\Download (1).exe (Malwarebytes Corporation) H:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Malwarebytes Corporation) H:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) H:\Programme\ Malwarebytes Anti-Malware \mbam.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe (Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe (Razer, Inc.) C:\Users\Tobi\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7611608 2014-05-27] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-17] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.) HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-07] (BlueStack Systems, Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKU\S-1-5-21-1247221106-465103080-481791032-1000\...\Run: [ESL Wire] => H:\Programme\EslWire\wire.exe [3771904 2014-12-09] (Turtle Entertainment GmbH) HKU\S-1-5-21-1247221106-465103080-481791032-1000\...\MountPoints2: {3e4b4d6e-579a-11e4-b1a3-806e6f6e6963} - D:\Setup.exe Startup: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download (1).lnk ShortcutTarget: Download (1).lnk -> C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\Download (1).exe () Startup: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP ENVY 4500 series.lnk ShortcutTarget: Tintenwarnungen überwachen - HP ENVY 4500 series.lnk -> C:\Program Files\HP\HP ENVY 4500 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Tcpip\Parameters: [DhcpNameServer] 217.68.161.141 217.68.161.171 FireFox: ======== FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR DefaultSearchKeyword: Default -> 66BDAEADE98EDC3356B789E6ED77674DAD506A9A605E861C5802E59ED79C6DC9 CHR DefaultSearchURL: Default -> E211984B217D9EB92449B5231BB746E7E74945700D008ADBA83F129A942CDD33 CHR Profile: C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Präsentationen) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-19] CHR Extension: (Google Docs) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-19] CHR Extension: (Google Drive) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-19] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-19] CHR Extension: (YouTube) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-19] CHR Extension: (Google-Suche) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-19] CHR Extension: (Google Tabellen) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-19] CHR Extension: (AdBlock) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-19] CHR Extension: (AntiGameOrigin) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldbahlcmhmlpomdepooifmhnalokdhgm [2015-01-04] CHR Extension: (Instagram for Chrome Tabs Instatabs) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mipnjnddbpbdmbpjafflemfdefjlibod [2015-01-19] CHR Extension: (Google Wallet) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-19] CHR Extension: (Google Mail) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-19] CHR Extension: (Voauedix) - C:\ProgramData\pnkaiaejddfgepbbllfamkjefojllcoi\ [2014-10-19] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.) S2 d65a1a66; c:\Program Files (x86)\TampaGeneration\TampaGeneration.dll [3329536 2015-01-19] () [File not signed] R2 EslWireHelper; H:\Programme\EslWire\service\WireHelperSvc.exe [663056 2014-01-28] () R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-17] (NVIDIA Corporation) R2 MBAMScheduler; H:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; H:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-17] (NVIDIA Corporation) R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-10-31] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems) S3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [67584 2014-11-10] (Eugene V. Muzychenko) [File not signed] R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-20] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-17] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation) S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [33448 2014-09-05] (Razer Inc) R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-09-05] (Razer Inc) R3 rzp1endpt; C:\Windows\System32\DRIVERS\rzp1endpt.sys [40104 2014-09-05] (Razer Inc) R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.) R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.) S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [31912 2014-09-05] (Razer Inc) R3 rzvmouse; C:\Windows\System32\DRIVERS\rzvmouse.sys [31912 2014-09-05] (Razer Inc) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-20 22:33 - 2015-01-20 22:33 - 02126848 _____ (Farbar) C:\Users\Tobi\Downloads\FRST64.exe 2015-01-20 22:33 - 2015-01-20 22:33 - 00014815 _____ () C:\Users\Tobi\Downloads\FRST.txt 2015-01-20 22:33 - 2015-01-20 22:33 - 00000000 ____D () C:\FRST 2015-01-20 21:42 - 2015-01-20 21:42 - 00000922 _____ () C:\Users\Tobi\Desktop\JRT.txt 2015-01-20 21:24 - 2015-01-20 21:24 - 00852504 _____ () C:\Users\Tobi\Downloads\SecurityCheck.exe 2015-01-20 21:11 - 2015-01-20 21:11 - 00001790 _____ () C:\sc-cleaner.txt 2015-01-20 21:11 - 2015-01-20 21:11 - 00000000 ____D () C:\Windows\ERUNT 2015-01-20 21:10 - 2015-01-20 21:11 - 02186752 _____ () C:\Users\Tobi\Downloads\AdwCleaner_4.108.exe 2015-01-20 21:10 - 2015-01-20 21:11 - 01707939 _____ (Thisisu) C:\Users\Tobi\Downloads\JRT.exe 2015-01-20 21:10 - 2015-01-20 21:11 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\Tobi\Downloads\sc-cleaner.exe 2015-01-20 14:28 - 2015-01-20 14:28 - 00037888 _____ () C:\Users\Tobi\Downloads\tempDownload_1bcb678d-b7a1-4a25-9688-fb0a367ca006_1412572857279 2015-01-19 21:28 - 2015-01-19 21:28 - 00000000 ____D () C:\Program Files (x86)\TampaGeneration 2015-01-19 21:28 - 2015-01-19 21:28 - 00000000 ____D () C:\Program Files (x86)\Instagram for Chrome Tabs Instatabs 2015-01-19 21:27 - 2015-01-19 21:27 - 00000000 ____D () C:\ProgramData\pnkaiaejddfgepbbllfamkjefojllcoi 2015-01-19 21:27 - 2015-01-19 21:27 - 00000000 ____D () C:\Program Files (x86)\Voauedix 2015-01-19 21:26 - 2015-01-19 22:22 - 00000000 ____D () C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0} 2015-01-19 21:26 - 2015-01-19 21:26 - 01347584 _____ () C:\Users\Tobi\Downloads\Download (1).exe 2015-01-19 17:35 - 2015-01-19 17:35 - 00085412 _____ () C:\Users\Tobi\Downloads\Download 2015-01-11 22:33 - 2015-01-20 21:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-11 22:33 - 2015-01-14 03:05 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-11 22:33 - 2015-01-14 03:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-11 22:33 - 2015-01-14 03:05 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-11 22:33 - 2015-01-11 22:35 - 00000000 ____D () C:\Users\Tobi\AppData\Local\Adobe 2015-01-11 22:33 - 2015-01-11 22:33 - 00000000 ____D () C:\Windows\SysWOW64\Macromed 2015-01-11 22:33 - 2015-01-11 22:33 - 00000000 ____D () C:\Windows\system32\Macromed 2015-01-11 21:04 - 2015-01-20 21:54 - 00000000 ____D () C:\Users\Tobi\AppData\Local\ESL Wire Game Client 2015-01-11 21:04 - 2015-01-11 21:05 - 00000645 _____ () C:\Users\Public\Desktop\ESL Wire.lnk 2015-01-11 21:04 - 2015-01-11 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESL Wire 2015-01-11 21:04 - 2015-01-11 21:04 - 00000000 ____D () C:\ProgramData\ESL Wire 2015-01-08 22:06 - 2015-01-20 21:25 - 00000000 ____D () C:\AdwCleaner 2015-01-08 22:05 - 2015-01-08 22:05 - 02191360 _____ () C:\Users\Tobi\Downloads\AdwCleaner_4.107.exe 2015-01-08 22:02 - 2015-01-20 22:33 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-08 22:01 - 2015-01-08 22:01 - 00000737 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-08 22:01 - 2015-01-08 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-08 22:01 - 2015-01-08 22:01 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-08 22:01 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-08 22:01 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-08 22:01 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-01-08 22:00 - 2015-01-08 22:01 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Tobi\Downloads\mbam-setup-2.0.4.1028.exe 2015-01-08 21:52 - 2015-01-08 21:54 - 00002192 _____ () C:\Users\Tobi\Desktop\chrome.lnk 2015-01-08 21:49 - 2015-01-08 22:06 - 00000000 ____D () C:\Program Files (x86)\20f6461b-1317-4e61-b54a-f33a5f69df90 2015-01-08 21:35 - 2015-01-08 21:48 - 00000000 ___HD () C:\Users\Public\Temp 2015-01-08 21:34 - 2015-01-08 22:06 - 00000000 ____D () C:\Users\Tobi\AppData\Local\com 2015-01-08 21:33 - 2015-01-20 21:54 - 00001330 _____ () C:\Windows\Tasks\VTAP.job 2015-01-08 21:33 - 2015-01-20 21:54 - 00001330 _____ () C:\Windows\Tasks\USTV.job 2015-01-08 21:33 - 2015-01-08 21:33 - 00004352 _____ () C:\Windows\System32\Tasks\VTAP 2015-01-08 21:33 - 2015-01-08 21:33 - 00004352 _____ () C:\Windows\System32\Tasks\USTV 2015-01-07 21:53 - 2015-01-07 21:53 - 00004456 _____ () C:\Users\Tobi\Downloads\zonixx-CFG+video+DMcfg.zip ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-20 22:01 - 2009-07-14 05:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-20 22:01 - 2009-07-14 05:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-20 22:00 - 2011-04-12 08:43 - 00691940 _____ () C:\Windows\system32\perfh007.dat 2015-01-20 22:00 - 2011-04-12 08:43 - 00145538 _____ () C:\Windows\system32\perfc007.dat 2015-01-20 22:00 - 2009-07-14 06:13 - 01599026 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-20 21:57 - 2014-10-19 15:18 - 01837051 _____ () C:\Windows\WindowsUpdate.log 2015-01-20 21:54 - 2014-11-12 15:43 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-20 21:54 - 2014-10-19 16:02 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-01-20 21:54 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-20 21:54 - 2009-07-14 05:51 - 00051343 _____ () C:\Windows\setupact.log 2015-01-20 21:48 - 2014-11-12 15:43 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-20 21:15 - 2010-11-21 04:47 - 00077744 _____ () C:\Windows\PFRO.log 2015-01-20 20:25 - 2014-10-19 16:18 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\TS3Client 2015-01-20 15:09 - 2014-10-19 16:01 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-01-20 15:02 - 2014-10-19 19:51 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\vlc 2015-01-20 14:28 - 2011-04-12 08:54 - 00000000 ___RD () C:\Users\Public\Recorded TV 2015-01-19 22:21 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\DigitalLocker 2015-01-09 07:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources 2015-01-08 22:06 - 2014-10-19 16:02 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies 2015-01-08 21:50 - 2014-11-05 13:18 - 00000000 ____D () C:\Program Files (x86)\BlueStacks 2015-01-08 21:40 - 2014-10-19 15:18 - 00001439 _____ () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-01-08 21:40 - 2014-10-19 15:18 - 00001405 _____ () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2015-01-04 05:02 - 2014-10-22 18:03 - 00000000 ____D () C:\Users\Tobi\Desktop\Tattoo 2014-12-31 12:14 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== Files in the root of some directories ======= 2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Tobi\AppData\Roaming\USTV 2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Tobi\AppData\Roaming\VTAP 2014-11-20 21:48 - 2014-11-20 21:48 - 0000057 _____ () C:\ProgramData\Ament.ini 2014-10-19 15:51 - 2014-10-19 15:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some content of TEMP: ==================== C:\Users\Tobi\AppData\Local\Temp\47603A90-A7B2-8D93-2DAF-C44F1FA767F3.exe C:\Users\Tobi\AppData\Local\Temp\6F3a8bf3.exe C:\Users\Tobi\AppData\Local\Temp\BD832039-85D4-DA55-8955-89E4DB237898.dll C:\Users\Tobi\AppData\Local\Temp\BD832039-85D4-DA55-8955-89E4DB237898.exe C:\Users\Tobi\AppData\Local\Temp\eCBFb7.exe C:\Users\Tobi\AppData\Local\Temp\EslWireSetup-1.18.0.8085-x64.exe C:\Users\Tobi\AppData\Local\Temp\EslWireSetup-1.18.0.8101-x64.exe C:\Users\Tobi\AppData\Local\Temp\optprosetup.exe C:\Users\Tobi\AppData\Local\Temp\PrefJsonCpp.exe C:\Users\Tobi\AppData\Local\Temp\Quarantine.exe C:\Users\Tobi\AppData\Local\Temp\sqlite3.dll C:\Users\Tobi\AppData\Local\Temp\sqlite3.exe C:\Users\Tobi\AppData\Local\Temp\supoptsetup.exe C:\Users\Tobi\AppData\Local\Temp\vcredist_x64.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-14 06:17 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015 Ran by Tobi at 2015-01-20 22:33:52 Running from C:\Users\Tobi\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1} AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated) BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.4.4078 - BlueStack Systems, Inc.) BlueStacks Notification Center (HKLM-x32\...\{152E0B21-19D5-4772-9EF8-8E76074B0C0A}) (Version: 0.9.4.4078 - BlueStack Systems, Inc.) ESL Wire 1.18.0 (HKLM\...\ESL Wire_is1) (Version: - Turtle Entertainment GmbH) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden HP ENVY 4500 series - Grundlegende Software für das Gerät (HKLM\...\{7A564D11-817E-48B1-9830-91420BF6E339}) (Version: 32.2.188.47710 - Hewlett-Packard Co.) HP ENVY 4500 series Hilfe (HKLM-x32\...\{6767CCD2-B939-4542-BF08-015B5496D4EC}) (Version: 30.0.0 - Hewlett Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) Instagram for Chrome Tabs Instatabs (HKLM-x32\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version: - ) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation) Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.17 - Intel(R) Corporation) Hidden Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) NVIDIA 3D Vision Controller-Treiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.11 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.11 - NVIDIA Corporation) NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation) NVIDIA Grafiktreiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation) Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.18.23036 - Razer Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7255 - Realtek Semiconductor Corp.) Schoener Fernsehen 0.0.0.2c (HKLM-x32\...\Schoener Fernsehen) (Version: 0.0.0.2c - © schoener-fernsehen.com) SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) Studie zur Verbesserung von HP ENVY 4500 series (HKLM\...\{36E08FE6-D9FF-44EE-8AD3-EC723390DE00}) (Version: 32.2.188.47710 - Hewlett-Packard Co.) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) Virtual Audio Cable 4.9 (HKLM\...\Virtual Audio Cable 4.9) (Version: - ) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {58569F12-E725-4CD9-BABA-281C4FB17733} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-12] (Google Inc.) Task: {65DF6440-4CC5-4A21-A1B2-83299C34F39F} - System32\Tasks\VTAP => C:\Users\Tobi\AppData\Roaming\VTAP.exe <==== ATTENTION Task: {A9D49734-F015-4545-932F-9D013D006C70} - System32\Tasks\HPCustParticipation HP ENVY 4500 series => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.) Task: {AE7B5F0C-949C-4DAB-A8C3-42C38F01CB46} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-12] (Google Inc.) Task: {C332FAF2-2A22-4F75-AA6E-58855F505205} - System32\Tasks\USTV => C:\Users\Tobi\AppData\Roaming\USTV.exe <==== ATTENTION Task: {CEE49596-31DF-47F2-984F-D31E48E627B6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\USTV.job => C:\Users\Tobi\AppData\Roaming\USTV.exe <==== ATTENTION Task: C:\Windows\Tasks\VTAP.job => C:\Users\Tobi\AppData\Roaming\VTAP.exe <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2014-10-19 16:02 - 2014-09-13 22:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-01-11 21:04 - 2014-12-09 11:24 - 08871424 _____ () H:\Programme\EslWire\WireCore.dll 2015-01-11 21:04 - 2014-10-09 15:22 - 00214016 _____ () H:\Programme\EslWire\NocIPC64.dll 2015-01-11 21:04 - 2014-12-09 11:22 - 00454656 _____ () H:\Programme\EslWire\Linesman.dll 2015-01-11 21:04 - 2014-10-09 15:23 - 00310272 _____ () H:\Programme\EslWire\laginspect\laginspect.dll 2015-01-11 21:04 - 2014-01-28 11:40 - 00663056 _____ () H:\Programme\EslWire\service\WireHelperSvc.exe 2015-01-11 21:04 - 2014-10-09 15:22 - 00214016 _____ () H:\Programme\EslWire\service\NocIPC64.dll 2014-01-19 21:26 - 2014-01-19 21:26 - 01347584 _____ () C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\Download (1).exe 2014-10-31 23:27 - 2014-10-31 23:27 - 00183488 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe 2014-11-20 09:23 - 2014-11-20 09:23 - 00289792 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe 2015-01-15 02:52 - 2015-01-09 01:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll 2015-01-15 02:52 - 2015-01-09 01:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll 2015-01-15 02:52 - 2015-01-09 01:35 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll 2015-01-15 02:52 - 2015-01-09 01:35 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll 2015-01-15 02:52 - 2015-01-09 01:35 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll 2014-11-16 15:27 - 2014-01-04 01:20 - 34755072 _____ () C:\Users\Tobi\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll 2014-11-20 07:02 - 2014-11-20 07:02 - 00193024 _____ () C:\ProgramData\Razer\Synapse\RzStats\RigWrapper.dll 2014-11-16 15:27 - 2014-01-04 01:20 - 00970240 _____ () C:\Users\Tobi\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-1247221106-465103080-481791032-500 - Administrator - Disabled) Gast (S-1-5-21-1247221106-465103080-481791032-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1247221106-465103080-481791032-1002 - Limited - Enabled) Tobi (S-1-5-21-1247221106-465103080-481791032-1000 - Administrator - Enabled) => C:\Users\Tobi ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: PCI-Kommunikationscontroller (einfach) Description: PCI-Kommunikationscontroller (einfach) Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (01/20/2015 09:56:02 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/20/2015 09:54:15 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcNvVAD initialization failed [6] Error: (01/20/2015 09:54:15 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0] Error: (01/20/2015 09:54:15 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcNvVAD endpoint registration failed [0] System errors: ============= Microsoft Office Sessions: ========================= Error: (01/20/2015 09:56:02 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/20/2015 09:54:15 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcNvVAD initialization failed [6] Error: (01/20/2015 09:54:15 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0] Error: (01/20/2015 09:54:15 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcNvVAD endpoint registration failed [0] CodeIntegrity Errors: =================================== Date: 2015-01-20 21:54:07.368 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-01-20 21:54:07.368 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-01-20 21:15:14.493 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-01-20 21:15:14.478 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-01-19 22:21:59.103 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-01-19 22:21:59.103 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-01-18 16:46:46.134 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-01-18 16:46:46.119 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-01-15 13:05:49.072 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-01-15 13:05:49.056 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz Percentage of memory in use: 45% Total physical RAM: 8133.97 MB Available physical RAM: 4435.94 MB Total Pagefile: 16266.14 MB Available Pagefile: 11965.54 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:55.68 GB) (Free:4.37 GB) NTFS Drive d: (HP EN4500) (CDROM) (Total:0.57 GB) (Free:0 GB) CDFS Drive h: (Volume) (Fixed) (Total:1862.89 GB) (Free:1843.01 GB) NTFS Drive i: (Transcend) (Removable) (Total:30.45 GB) (Free:9.96 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ======================================================== Disk: 1 (Size: 55.9 GB) (Disk ID: A81101F2) Partition: GPT Partition Type. ======================================================== Disk: 5 (MBR Code: Windows XP) (Size: 30.5 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=30.5 GB) - (Type=0C) ==================== End Of Log ============================ |
21.01.2015, 11:28 | #4 |
/// the machine /// TB-Ausbilder | Vaudix Ads hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
21.01.2015, 15:46 | #5 |
| Vaudix AdsCode:
ATTFilter ComboFix 15-01-18.01 - Tobi 21.01.2015 15:42:02.1.8 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8134.5458 [GMT 1:00] ausgeführt von:: c:\users\Tobi\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1} SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\20f6461b-1317-4e61-b54a-f33a5f69df90\aeb6e1a6-5f91-48f5-995c-2900619d0921.dll c:\program files (x86)\AGEIA Technologies\20f6461b-1317-4e61-b54a-f33a5f69df90.dll c:\users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mipnjnddbpbdmbpjafflemfdefjlibod c:\users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mipnjnddbpbdmbpjafflemfdefjlibod\107\background.html c:\users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mipnjnddbpbdmbpjafflemfdefjlibod\107\content.js c:\users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mipnjnddbpbdmbpjafflemfdefjlibod\107\lsdb.js c:\users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mipnjnddbpbdmbpjafflemfdefjlibod\107\manifest.json c:\users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mipnjnddbpbdmbpjafflemfdefjlibod\107\x.js c:\users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mipnjnddbpbdmbpjafflemfdefjlibod\CURRENT c:\users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mipnjnddbpbdmbpjafflemfdefjlibod\LOG.old c:\users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlmeailenhgbmejohmhdjhhnjhdcpeob\CURRENT c:\users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mipnjnddbpbdmbpjafflemfdefjlibod_0.localstorage-journal c:\users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Preferences . . ((((((((((((((((((((((( Dateien erstellt von 2014-12-21 bis 2015-01-21 )))))))))))))))))))))))))))))) . . 2015-01-21 14:43 . 2015-01-21 14:43 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-01-20 21:33 . 2015-01-20 21:34 -------- d-----w- C:\FRST 2015-01-20 20:27 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{78BC052D-A221-4993-B423-C7B0B3AC603B}\mpengine.dll 2015-01-20 20:11 . 2015-01-20 20:11 -------- d-----w- c:\windows\ERUNT 2015-01-20 14:31 . 2015-01-20 14:31 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2015-01-20 14:31 . 2015-01-20 14:31 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2015-01-20 13:30 . 2015-01-20 13:30 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2015-01-19 20:28 . 2015-01-19 20:28 -------- d-----w- c:\program files (x86)\TampaGeneration 2015-01-19 20:28 . 2015-01-19 20:28 -------- d-----w- c:\program files (x86)\Instagram for Chrome Tabs Instatabs 2015-01-19 20:27 . 2015-01-19 20:27 -------- d-----w- c:\program files (x86)\Voauedix 2015-01-19 20:27 . 2015-01-19 20:27 -------- d-----w- c:\programdata\pnkaiaejddfgepbbllfamkjefojllcoi 2015-01-19 20:26 . 2015-01-19 21:22 -------- d-----w- c:\programdata\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0} 2015-01-19 18:14 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2015-01-16 12:17 . 2014-10-21 19:09 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C44FFB50-0449-45EF-B824-A1238B6BC91E}\gapaengine.dll 2015-01-11 21:33 . 2015-01-14 02:05 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2015-01-11 21:33 . 2015-01-14 02:05 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2015-01-11 21:33 . 2015-01-11 21:33 -------- d-----w- c:\windows\SysWow64\Macromed 2015-01-11 21:33 . 2015-01-11 21:33 -------- d-----w- c:\windows\system32\Macromed 2015-01-11 21:33 . 2015-01-11 21:35 -------- d-----w- c:\users\Tobi\AppData\Local\Adobe 2015-01-11 20:04 . 2015-01-20 20:54 -------- d-----w- c:\users\Tobi\AppData\Local\ESL Wire Game Client 2015-01-11 20:04 . 2015-01-11 20:04 -------- d-----w- c:\programdata\ESL Wire 2015-01-08 21:06 . 2015-01-20 20:25 -------- d-----w- C:\AdwCleaner 2015-01-08 21:02 . 2015-01-21 14:34 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-01-08 21:01 . 2015-01-08 21:01 -------- d-----w- c:\programdata\Malwarebytes 2015-01-08 21:01 . 2014-11-21 05:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2015-01-08 21:01 . 2014-11-21 05:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2015-01-08 21:01 . 2014-11-21 05:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2015-01-08 20:49 . 2015-01-21 14:43 -------- d-----w- c:\program files (x86)\20f6461b-1317-4e61-b54a-f33a5f69df90 2015-01-08 20:35 . 2015-01-08 20:48 -------- d--h--w- c:\users\Public\Temp 2015-01-08 20:34 . 2015-01-08 21:06 -------- d-----w- c:\users\Tobi\AppData\Local\com 2015-01-08 20:32 . 2015-01-08 20:32 -------- d-----w- c:\users\Tobi\AppData\Local\Programs . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-12-31 11:14 . 2010-11-21 03:27 298120 ------w- c:\windows\system32\MpSigStub.exe 2014-11-20 08:23 . 2014-11-20 08:23 9728 ----a-w- c:\windows\SysWow64\RzStats.IPC.dll 2014-11-10 17:11 . 2014-11-10 17:11 67584 ----a-w- c:\windows\system32\drivers\vrtaucbl.sys 2014-10-31 22:27 . 2014-11-16 14:27 37184 ----a-w- c:\windows\system32\drivers\rzpmgrk.sys 2014-10-23 20:05 . 2014-11-16 14:27 129600 ----a-w- c:\windows\system32\drivers\rzpnk.sys . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ESL Wire"="h:\programme\EslWire\wire.exe" [2014-12-09 3771904] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-02-21 292848] "Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2014-11-03 585536] "BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2014-10-07 843480] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056] . c:\users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Download (1).lnk - c:\programdata\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\Download (1).exe --startup=1 [2014-1-19 1347584] Tintenwarnungen überwachen - HP ENVY 4500 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP ENVY 4500 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN47G142BW060D;CONNECTION=USB;MONITOR=1; [2009-7-14 45568] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 d65a1a66;TampaGeneration;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x] R2 MBAMScheduler;MBAMScheduler;h:\programme\ Malwarebytes Anti-Malware \mbamscheduler.exe;h:\programme\ Malwarebytes Anti-Malware \mbamscheduler.exe [x] R2 MBAMService;MBAMService;h:\programme\ Malwarebytes Anti-Malware \mbamservice.exe;h:\programme\ Malwarebytes Anti-Malware \mbamservice.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys;c:\windows\SYSNATIVE\DRIVERS\vrtaucbl.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] R3 rzdaendpt;Razer DeathAdder end point;c:\windows\system32\DRIVERS\rzdaendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzdaendpt.sys [x] R3 rzvkeyboard;Razer Virtual Keyboard Driver;c:\windows\system32\DRIVERS\rzvkeyboard.sys;c:\windows\SYSNATIVE\DRIVERS\rzvkeyboard.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x] S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x] S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x] S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x] S2 EslWireHelper;ESL Wire Helper Service;h:\programme\EslWire\service\WireHelperSvc.exe;h:\programme\EslWire\service\WireHelperSvc.exe [x] S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x] S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x] S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x] S2 Razer Game Scanner Service;Razer Game Scanner;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [x] S2 rzpmgrk;rzpmgrk;c:\windows\system32\drivers\rzpmgrk.sys;c:\windows\SYSNATIVE\drivers\rzpmgrk.sys [x] S2 rzpnk;rzpnk;c:\windows\system32\drivers\rzpnk.sys;c:\windows\SYSNATIVE\drivers\rzpnk.sys [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x] S3 rzp1endpt;Razer platform 1 end point;c:\windows\system32\DRIVERS\rzp1endpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzp1endpt.sys [x] S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x] S3 rzvmouse;Razer Virtual Mouse;c:\windows\system32\DRIVERS\rzvmouse.sys;c:\windows\SYSNATIVE\DRIVERS\rzvmouse.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2015-01-15 01:52 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.99\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2015-01-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-11 02:05] . 2015-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-12 14:43] . 2015-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-12 14:43] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2014-05-27 7611608] "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-09-17 2461504] "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-09-17 2799784] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = www.google.com mDefault_Search_URL = www.google.com mDefault_Page_URL = www.google.com mStart Page = www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm mSearch Page = www.google.com TCP: DhcpNameServer = 217.68.161.141 217.68.161.171 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.16" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2015-01-21 15:44:58 ComboFix-quarantined-files.txt 2015-01-21 14:44 . Vor Suchlauf: 4.226.965.504 Bytes frei Nach Suchlauf: 7.130.746.880 Bytes frei . - - End Of File - - 5A78AF585DBB1348BC5375516866A1EA A36C5E4F47E84449FF07ED3517B43A31 |
21.01.2015, 17:45 | #6 |
/// the machine /// TB-Ausbilder | Vaudix Ads Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Vaudix Ads |
21.01.2015, 18:42 | #7 |
| Vaudix AdsCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 21.01.2015 Suchlauf-Zeit: 18:03:13 Logdatei: mbab.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.01.21.07 Rootkit Datenbank: v2015.01.14.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Tobi Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 335615 Verstrichene Zeit: 2 Min, 33 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 1 PUP.Optional.TampaGeneration.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\d65a1a66, In Quarantäne, [38d317e367222a0c2f47b1c3946f49b7], Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 1 PUP.Optional.TampaGeneration.A, C:\Program Files (x86)\TampaGeneration, In Quarantäne, [3ccf09f18306a3935027c6aeb350e11f], Dateien: 1 PUP.Optional.TampaGeneration.A, C:\Program Files (x86)\TampaGeneration\TampaGeneration.dll, In Quarantäne, [3ccf09f18306a3935027c6aeb350e11f], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.108 - Bericht erstellt am 21/01/2015 um 18:31:34 # Aktualisiert 17/01/2015 von Xplode # Database : 2015-01-18.1 [Live] # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzername : Tobi - TOBI-PC # Gestartet von : C:\Users\Tobi\Downloads\AdwCleaner_4.108.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Datei Gelöscht : C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage Datei Gelöscht : C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal Datei Gelöscht : C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage Datei Gelöscht : C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal ***** [ Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} ***** [ Browser ] ***** -\\ Internet Explorer v8.0.7601.17514 -\\ Google Chrome v39.0.2171.99 -\\ Opera v0.0.0.0 ************************* AdwCleaner[R0].txt - [9201 octets] - [08/01/2015 22:06:37] AdwCleaner[R1].txt - [2163 octets] - [20/01/2015 21:13:45] AdwCleaner[R2].txt - [1651 octets] - [20/01/2015 21:25:12] AdwCleaner[R3].txt - [1711 octets] - [21/01/2015 18:13:26] AdwCleaner[S0].txt - [8621 octets] - [08/01/2015 22:07:16] AdwCleaner[S1].txt - [2224 octets] - [20/01/2015 21:14:34] AdwCleaner[S2].txt - [1632 octets] - [21/01/2015 18:31:34] ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1692 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.1 (12.28.2014:1) OS: Windows 7 Professional x64 Ran by Tobi on 21.01.2015 at 18:39:40,05 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] "C:\Users\Tobi\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage" Successfully deleted: [File] "C:\Users\Tobi\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal" ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 21.01.2015 at 18:40:49,18 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015 Ran by Tobi (administrator) on TOBI-PC on 21-01-2015 18:41:32 Running from C:\Users\Tobi\Downloads Loaded Profiles: Tobi (Available profiles: Tobi) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 8 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe () H:\Programme\EslWire\service\WireHelperSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Malwarebytes Corporation) H:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) H:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) H:\Programme\ Malwarebytes Anti-Malware \mbam.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Turtle Entertainment GmbH) H:\Programme\EslWire\wire.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe () C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\Download (1).exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe (Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe (Razer, Inc.) C:\Users\Tobi\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7611608 2014-05-27] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-17] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.) HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-07] (BlueStack Systems, Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKU\S-1-5-21-1247221106-465103080-481791032-1000\...\Run: [ESL Wire] => H:\Programme\EslWire\wire.exe [3771904 2014-12-09] (Turtle Entertainment GmbH) Startup: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download (1).lnk ShortcutTarget: Download (1).lnk -> C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\Download (1).exe () Startup: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP ENVY 4500 series.lnk ShortcutTarget: Tintenwarnungen überwachen - HP ENVY 4500 series.lnk -> C:\Program Files\HP\HP ENVY 4500 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1247221106-465103080-481791032-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1247221106-465103080-481791032-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Tcpip\Parameters: [DhcpNameServer] 217.68.161.141 217.68.161.171 FireFox: ======== FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR DefaultSearchKeyword: Default -> 66BDAEADE98EDC3356B789E6ED77674DAD506A9A605E861C5802E59ED79C6DC9 CHR DefaultSearchURL: Default -> E211984B217D9EB92449B5231BB746E7E74945700D008ADBA83F129A942CDD33 CHR Profile: C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Präsentationen) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-19] CHR Extension: (Google Docs) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-19] CHR Extension: (Google Drive) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-19] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-19] CHR Extension: (YouTube) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-19] CHR Extension: (Google-Suche) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-19] CHR Extension: (Google Tabellen) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-19] CHR Extension: (AdBlock) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-19] CHR Extension: (AntiGameOrigin) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldbahlcmhmlpomdepooifmhnalokdhgm [2015-01-04] CHR Extension: (Google Wallet) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-19] CHR Extension: (Google Mail) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-19] CHR Extension: (Voauedix) - C:\ProgramData\pnkaiaejddfgepbbllfamkjefojllcoi\ [2014-10-19] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.) R2 EslWireHelper; H:\Programme\EslWire\service\WireHelperSvc.exe [663056 2014-01-28] () R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-17] (NVIDIA Corporation) R2 MBAMScheduler; H:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; H:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-17] (NVIDIA Corporation) R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-10-31] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems) S3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [67584 2014-11-10] (Eugene V. Muzychenko) [File not signed] R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-21] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-17] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation) S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [33448 2014-09-05] (Razer Inc) R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-09-05] (Razer Inc) R3 rzp1endpt; C:\Windows\System32\DRIVERS\rzp1endpt.sys [40104 2014-09-05] (Razer Inc) R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.) R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.) S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [31912 2014-09-05] (Razer Inc) R3 rzvmouse; C:\Windows\System32\DRIVERS\rzvmouse.sys [31912 2014-09-05] (Razer Inc) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-21 18:40 - 2015-01-21 18:40 - 00000922 _____ () C:\Users\Tobi\Desktop\JRT.txt 2015-01-21 18:39 - 2015-01-21 18:39 - 01707939 _____ (Thisisu) C:\Users\Tobi\Downloads\JRT (1).exe 2015-01-21 18:37 - 2015-01-21 18:37 - 00001772 _____ () C:\Users\Tobi\Desktop\AdwCleaner[S2].txt 2015-01-21 18:06 - 2015-01-21 18:06 - 00001492 _____ () C:\Users\Tobi\Desktop\mbam.txt 2015-01-21 17:52 - 2015-01-21 18:13 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\mIRC 2015-01-21 17:52 - 2015-01-21 17:52 - 02471776 _____ (mIRC Co. Ltd.) C:\Users\Tobi\Downloads\mirc738.exe 2015-01-21 17:52 - 2015-01-21 17:52 - 00000628 _____ () C:\Users\Public\Desktop\mIRC.lnk 2015-01-21 17:52 - 2015-01-21 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC 2015-01-21 15:44 - 2015-01-21 15:44 - 00019856 _____ () C:\ComboFix.txt 2015-01-21 15:41 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-01-21 15:41 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-01-21 15:41 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-01-21 15:41 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-01-21 15:41 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-01-21 15:41 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-01-21 15:41 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-01-21 15:41 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-01-21 15:39 - 2015-01-21 15:45 - 00000000 ____D () C:\Qoobox 2015-01-21 15:39 - 2015-01-21 15:44 - 00000000 ____D () C:\Windows\erdnt 2015-01-21 15:35 - 2015-01-21 15:35 - 05608785 ____R (Swearware) C:\Users\Tobi\Downloads\ComboFix.exe 2015-01-20 22:33 - 2015-01-21 18:41 - 00014669 _____ () C:\Users\Tobi\Downloads\FRST.txt 2015-01-20 22:33 - 2015-01-21 18:41 - 00000000 ____D () C:\FRST 2015-01-20 22:33 - 2015-01-20 22:34 - 00019780 _____ () C:\Users\Tobi\Downloads\Addition.txt 2015-01-20 22:33 - 2015-01-20 22:33 - 02126848 _____ (Farbar) C:\Users\Tobi\Downloads\FRST64.exe 2015-01-20 21:24 - 2015-01-20 21:24 - 00852504 _____ () C:\Users\Tobi\Downloads\SecurityCheck.exe 2015-01-20 21:11 - 2015-01-20 21:11 - 00001790 _____ () C:\sc-cleaner.txt 2015-01-20 21:11 - 2015-01-20 21:11 - 00000000 ____D () C:\Windows\ERUNT 2015-01-20 21:10 - 2015-01-20 21:11 - 02186752 _____ () C:\Users\Tobi\Downloads\AdwCleaner_4.108.exe 2015-01-20 21:10 - 2015-01-20 21:11 - 01707939 _____ (Thisisu) C:\Users\Tobi\Downloads\JRT.exe 2015-01-20 21:10 - 2015-01-20 21:11 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\Tobi\Downloads\sc-cleaner.exe 2015-01-20 14:28 - 2015-01-20 14:28 - 00037888 _____ () C:\Users\Tobi\Downloads\tempDownload_1bcb678d-b7a1-4a25-9688-fb0a367ca006_1412572857279 2015-01-19 21:28 - 2015-01-19 21:28 - 00000000 ____D () C:\Program Files (x86)\Instagram for Chrome Tabs Instatabs 2015-01-19 21:27 - 2015-01-19 21:27 - 00000000 ____D () C:\ProgramData\pnkaiaejddfgepbbllfamkjefojllcoi 2015-01-19 21:27 - 2015-01-19 21:27 - 00000000 ____D () C:\Program Files (x86)\Voauedix 2015-01-19 21:26 - 2015-01-19 22:22 - 00000000 ____D () C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0} 2015-01-19 21:26 - 2015-01-19 21:26 - 01347584 _____ () C:\Users\Tobi\Downloads\Download (1).exe 2015-01-19 17:35 - 2015-01-19 17:35 - 00085412 _____ () C:\Users\Tobi\Downloads\Download 2015-01-11 22:33 - 2015-01-21 18:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-11 22:33 - 2015-01-14 03:05 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-11 22:33 - 2015-01-14 03:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-11 22:33 - 2015-01-14 03:05 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-11 22:33 - 2015-01-11 22:35 - 00000000 ____D () C:\Users\Tobi\AppData\Local\Adobe 2015-01-11 22:33 - 2015-01-11 22:33 - 00000000 ____D () C:\Windows\SysWOW64\Macromed 2015-01-11 22:33 - 2015-01-11 22:33 - 00000000 ____D () C:\Windows\system32\Macromed 2015-01-11 21:04 - 2015-01-21 18:32 - 00000000 ____D () C:\Users\Tobi\AppData\Local\ESL Wire Game Client 2015-01-11 21:04 - 2015-01-11 21:05 - 00000645 _____ () C:\Users\Public\Desktop\ESL Wire.lnk 2015-01-11 21:04 - 2015-01-11 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESL Wire 2015-01-11 21:04 - 2015-01-11 21:04 - 00000000 ____D () C:\ProgramData\ESL Wire 2015-01-08 22:06 - 2015-01-21 18:31 - 00000000 ____D () C:\AdwCleaner 2015-01-08 22:05 - 2015-01-08 22:05 - 02191360 _____ () C:\Users\Tobi\Downloads\AdwCleaner_4.107.exe 2015-01-08 22:02 - 2015-01-21 18:32 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-08 22:01 - 2015-01-08 22:01 - 00000737 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-08 22:01 - 2015-01-08 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-08 22:01 - 2015-01-08 22:01 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-08 22:01 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-08 22:01 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-08 22:01 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-01-08 22:00 - 2015-01-08 22:01 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Tobi\Downloads\mbam-setup-2.0.4.1028.exe 2015-01-08 21:52 - 2015-01-08 21:54 - 00002192 _____ () C:\Users\Tobi\Desktop\chrome.lnk 2015-01-08 21:49 - 2015-01-21 15:43 - 00000000 ____D () C:\Program Files (x86)\20f6461b-1317-4e61-b54a-f33a5f69df90 2015-01-08 21:35 - 2015-01-08 21:48 - 00000000 ___HD () C:\Users\Public\Temp 2015-01-08 21:34 - 2015-01-08 22:06 - 00000000 ____D () C:\Users\Tobi\AppData\Local\com 2015-01-07 21:53 - 2015-01-07 21:53 - 00004456 _____ () C:\Users\Tobi\Downloads\zonixx-CFG+video+DMcfg.zip ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-21 18:39 - 2009-07-14 05:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-21 18:39 - 2009-07-14 05:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-21 18:38 - 2011-04-12 08:43 - 00691940 _____ () C:\Windows\system32\perfh007.dat 2015-01-21 18:38 - 2011-04-12 08:43 - 00145538 _____ () C:\Windows\system32\perfc007.dat 2015-01-21 18:38 - 2009-07-14 06:13 - 01599026 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-21 18:32 - 2014-11-12 15:43 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-21 18:32 - 2014-10-19 16:02 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-01-21 18:32 - 2010-11-21 04:47 - 00078968 _____ () C:\Windows\PFRO.log 2015-01-21 18:32 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-21 18:32 - 2009-07-14 05:51 - 00051511 _____ () C:\Windows\setupact.log 2015-01-21 18:31 - 2014-10-19 15:18 - 01966098 _____ () C:\Windows\WindowsUpdate.log 2015-01-21 18:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\LiveKernelReports 2015-01-21 17:48 - 2014-11-12 15:43 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-21 16:53 - 2014-10-19 16:18 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\TS3Client 2015-01-21 15:44 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default 2015-01-21 15:44 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2015-01-21 15:43 - 2014-10-19 16:02 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies 2015-01-20 15:09 - 2014-10-19 16:01 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-01-20 15:02 - 2014-10-19 19:51 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\vlc 2015-01-20 14:28 - 2011-04-12 08:54 - 00000000 ___RD () C:\Users\Public\Recorded TV 2015-01-19 22:21 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\DigitalLocker 2015-01-09 07:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources 2015-01-08 21:50 - 2014-11-05 13:18 - 00000000 ____D () C:\Program Files (x86)\BlueStacks 2015-01-08 21:40 - 2014-10-19 15:18 - 00001439 _____ () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-01-08 21:40 - 2014-10-19 15:18 - 00001405 _____ () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2015-01-04 05:02 - 2014-10-22 18:03 - 00000000 ____D () C:\Users\Tobi\Desktop\Tattoo 2014-12-31 12:14 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== Files in the root of some directories ======= 2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Tobi\AppData\Roaming\USTV 2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Tobi\AppData\Roaming\VTAP 2014-11-20 21:48 - 2014-11-20 21:48 - 0000057 _____ () C:\ProgramData\Ament.ini 2014-10-19 15:51 - 2014-10-19 15:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some content of TEMP: ==================== C:\Users\Tobi\AppData\Local\Temp\mirc738.exe C:\Users\Tobi\AppData\Local\Temp\Quarantine.exe C:\Users\Tobi\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-14 06:17 ==================== End Of Log ============================ |
22.01.2015, 12:55 | #8 |
/// the machine /// TB-Ausbilder | Vaudix AdsESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
22.01.2015, 18:45 | #9 |
| Vaudix AdsCode:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=6f6366e0417a3047be745d821c5bad48 # engine=22097 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-01-22 05:14:19 # local_time=2015-01-22 06:14:19 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 8028497 44930853 0 0 # scanned=133278 # found=17 # cleaned=0 # scan_time=1860 sh=E978937AC7FAAC9A69609B2A4A3B8E2D43466DF9 ft=1 fh=b7b8c96c17c22525 vn="Win32/Patched.NFQ Trojaner" ac=I fn="C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome.dll" sh=D55D56AFF6519D4409C8347096A219CB96F987CE ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL Trojaner" ac=I fn="C:\ProgramData\pnkaiaejddfgepbbllfamkjefojllcoi\OtI.js" sh=8BD0B914E8D2EF691BE987D70CA819761A687D1C ft=1 fh=c71c001166f4e188 vn="Variante von Win32/Adware.MultiPlug.ED Anwendung" ac=I fn="C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\Download (1).exe" sh=21A094C91EDB2F2A3DDB54AFEED438E3A16039AC ft=1 fh=59c9d2c7b010900a vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\20f6461b-1317-4e61-b54a-f33a5f69df90\aeb6e1a6-5f91-48f5-995c-2900619d0921.dll.vir" sh=21A094C91EDB2F2A3DDB54AFEED438E3A16039AC ft=1 fh=59c9d2c7b010900a vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\AGEIA Technologies\20f6461b-1317-4e61-b54a-f33a5f69df90.dll.vir" sh=6F8FE1A0F528E8B8E27FF778FF4D6864F64E36CE ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mipnjnddbpbdmbpjafflemfdefjlibod\107\x.js.vir" sh=D55D56AFF6519D4409C8347096A219CB96F987CE ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL Trojaner" ac=I fn="C:\Users\All Users\pnkaiaejddfgepbbllfamkjefojllcoi\OtI.js" sh=8BD0B914E8D2EF691BE987D70CA819761A687D1C ft=1 fh=c71c001166f4e188 vn="Variante von Win32/Adware.MultiPlug.ED Anwendung" ac=I fn="C:\Users\All Users\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\Download (1).exe" sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobi\AppData\Roaming\USTV" sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobi\AppData\Roaming\VTAP" sh=D6EB15ADEFE8BE7E36D184AD86DE9CA457095C7E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobi\AppData\Roaming\Opera Software\Opera Stable\Extensions\dimfohdigjaffdaanhmbocfkpolglnjk\1.26.88_0\extensionData\plugins\91.js" sh=5DD4EBBF5FC3179CA01912B6454B022681A8D254 ft=1 fh=9db60c754dc31509 vn="Variante von Win32/InstallCore.UE evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobi\Downloads\BlueStacks-SplitInstaller_native_CB-DL-Manager.exe" sh=8BD0B914E8D2EF691BE987D70CA819761A687D1C ft=1 fh=c71c001166f4e188 vn="Variante von Win32/Adware.MultiPlug.ED Anwendung" ac=I fn="C:\Users\Tobi\Downloads\Download (1).exe" sh=0D7ED6BAFEBF6B7F5CC1680CAC02428F62A35612 ft=1 fh=742db127c3faaf99 vn="Variante von Win32/Adware.MultiPlug.DP Anwendung" ac=I fn="C:\Users\Tobi\Downloads\Download.exe" sh=F67D88584F3F2F9513D1A102F64DB8A21996E726 ft=1 fh=6d4effb5e0baec6a vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobi\Downloads\Virtual Audio Cable - CHIP-Installer.exe" sh=C1CC73B99E66C936041706413ED28B9DCD897867 ft=1 fh=7805ddc9e3baadcc vn="NSIS/StartPage.CC Trojaner" ac=I fn="C:\Users\Tobi\Downloads\vlc-2.1.5-win32.exe" sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Variante von Win32/Adware.MultiPlug.ED Anwendung" ac=I fn="${Memory}" Code:
ATTFilter Results of screen317's Security Check version 0.99.93 Windows 7 Service Pack 1 x64 (UAC is enabled) ``````````````Antivirus/Firewall Check:`````````````` Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Google Chrome (39.0.2171.95) Google Chrome (39.0.2171.99) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015 Ran by Tobi (administrator) on TOBI-PC on 22-01-2015 18:40:29 Running from C:\Users\Tobi\Downloads Loaded Profiles: Tobi (Available profiles: Tobi) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 8 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe () H:\Programme\EslWire\service\WireHelperSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Turtle Entertainment GmbH) H:\Programme\EslWire\wire.exe () C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\Download (1).exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe (Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe (Razer, Inc.) C:\Users\Tobi\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7611608 2014-05-27] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-17] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.) HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-07] (BlueStack Systems, Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKU\S-1-5-21-1247221106-465103080-481791032-1000\...\Run: [ESL Wire] => H:\Programme\EslWire\wire.exe [3771904 2014-12-09] (Turtle Entertainment GmbH) Startup: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download (1).lnk ShortcutTarget: Download (1).lnk -> C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\Download (1).exe () Startup: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP ENVY 4500 series.lnk ShortcutTarget: Tintenwarnungen überwachen - HP ENVY 4500 series.lnk -> C:\Program Files\HP\HP ENVY 4500 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1247221106-465103080-481791032-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1247221106-465103080-481791032-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Tcpip\Parameters: [DhcpNameServer] 217.68.161.141 217.68.161.171 FireFox: ======== FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR DefaultSearchKeyword: Default -> 66BDAEADE98EDC3356B789E6ED77674DAD506A9A605E861C5802E59ED79C6DC9 CHR DefaultSearchURL: Default -> E211984B217D9EB92449B5231BB746E7E74945700D008ADBA83F129A942CDD33 CHR Profile: C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Präsentationen) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-19] CHR Extension: (Google Docs) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-19] CHR Extension: (Google Drive) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-19] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-19] CHR Extension: (YouTube) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-19] CHR Extension: (Google-Suche) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-19] CHR Extension: (Google Tabellen) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-19] CHR Extension: (AdBlock) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-19] CHR Extension: (AntiGameOrigin) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldbahlcmhmlpomdepooifmhnalokdhgm [2015-01-04] CHR Extension: (Google Wallet) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-19] CHR Extension: (Google Mail) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-19] CHR Extension: (Voauedix) - C:\ProgramData\pnkaiaejddfgepbbllfamkjefojllcoi\ [2014-10-19] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.) R2 EslWireHelper; H:\Programme\EslWire\service\WireHelperSvc.exe [663056 2014-01-28] () R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-17] (NVIDIA Corporation) S2 MBAMScheduler; H:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) S2 MBAMService; H:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-17] (NVIDIA Corporation) R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-10-31] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems) S3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [67584 2014-11-10] (Eugene V. Muzychenko) [File not signed] S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-17] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation) S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [33448 2014-09-05] (Razer Inc) R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-09-05] (Razer Inc) R3 rzp1endpt; C:\Windows\System32\DRIVERS\rzp1endpt.sys [40104 2014-09-05] (Razer Inc) R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.) R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.) S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [31912 2014-09-05] (Razer Inc) R3 rzvmouse; C:\Windows\System32\DRIVERS\rzvmouse.sys [31912 2014-09-05] (Razer Inc) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-22 17:41 - 2015-01-22 17:41 - 00852504 _____ () C:\Users\Tobi\Downloads\SecurityCheck (1).exe 2015-01-22 17:40 - 2015-01-22 17:40 - 02347384 _____ (ESET) C:\Users\Tobi\Downloads\esetsmartinstaller_deu.exe 2015-01-22 17:40 - 2015-01-22 17:40 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-01-21 18:40 - 2015-01-21 18:40 - 00000922 _____ () C:\Users\Tobi\Desktop\JRT.txt 2015-01-21 18:39 - 2015-01-21 18:39 - 01707939 _____ (Thisisu) C:\Users\Tobi\Downloads\JRT (1).exe 2015-01-21 18:37 - 2015-01-21 18:37 - 00001772 _____ () C:\Users\Tobi\Desktop\AdwCleaner[S2].txt 2015-01-21 18:06 - 2015-01-21 18:06 - 00001492 _____ () C:\Users\Tobi\Desktop\mbam.txt 2015-01-21 17:52 - 2015-01-21 18:13 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\mIRC 2015-01-21 17:52 - 2015-01-21 17:52 - 02471776 _____ (mIRC Co. Ltd.) C:\Users\Tobi\Downloads\mirc738.exe 2015-01-21 17:52 - 2015-01-21 17:52 - 00000628 _____ () C:\Users\Public\Desktop\mIRC.lnk 2015-01-21 17:52 - 2015-01-21 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC 2015-01-21 15:44 - 2015-01-21 15:44 - 00019856 _____ () C:\ComboFix.txt 2015-01-21 15:41 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-01-21 15:41 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-01-21 15:41 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-01-21 15:41 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-01-21 15:41 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-01-21 15:41 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-01-21 15:41 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-01-21 15:41 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-01-21 15:39 - 2015-01-21 15:45 - 00000000 ____D () C:\Qoobox 2015-01-21 15:39 - 2015-01-21 15:44 - 00000000 ____D () C:\Windows\erdnt 2015-01-21 15:35 - 2015-01-21 15:35 - 05608785 ____R (Swearware) C:\Users\Tobi\Downloads\ComboFix.exe 2015-01-20 22:33 - 2015-01-22 18:40 - 00014785 _____ () C:\Users\Tobi\Downloads\FRST.txt 2015-01-20 22:33 - 2015-01-22 18:40 - 00000000 ____D () C:\FRST 2015-01-20 22:33 - 2015-01-20 22:34 - 00019780 _____ () C:\Users\Tobi\Downloads\Addition.txt 2015-01-20 22:33 - 2015-01-20 22:33 - 02126848 _____ (Farbar) C:\Users\Tobi\Downloads\FRST64.exe 2015-01-20 21:24 - 2015-01-20 21:24 - 00852504 _____ () C:\Users\Tobi\Downloads\SecurityCheck.exe 2015-01-20 21:11 - 2015-01-20 21:11 - 00001790 _____ () C:\sc-cleaner.txt 2015-01-20 21:11 - 2015-01-20 21:11 - 00000000 ____D () C:\Windows\ERUNT 2015-01-20 21:10 - 2015-01-20 21:11 - 02186752 _____ () C:\Users\Tobi\Downloads\AdwCleaner_4.108.exe 2015-01-20 21:10 - 2015-01-20 21:11 - 01707939 _____ (Thisisu) C:\Users\Tobi\Downloads\JRT.exe 2015-01-20 21:10 - 2015-01-20 21:11 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\Tobi\Downloads\sc-cleaner.exe 2015-01-20 14:28 - 2015-01-20 14:28 - 00037888 _____ () C:\Users\Tobi\Downloads\tempDownload_1bcb678d-b7a1-4a25-9688-fb0a367ca006_1412572857279 2015-01-19 21:28 - 2015-01-19 21:28 - 00000000 ____D () C:\Program Files (x86)\Instagram for Chrome Tabs Instatabs 2015-01-19 21:27 - 2015-01-19 21:27 - 00000000 ____D () C:\ProgramData\pnkaiaejddfgepbbllfamkjefojllcoi 2015-01-19 21:27 - 2015-01-19 21:27 - 00000000 ____D () C:\Program Files (x86)\Voauedix 2015-01-19 21:26 - 2015-01-19 22:22 - 00000000 ____D () C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0} 2015-01-19 21:26 - 2015-01-19 21:26 - 01347584 _____ () C:\Users\Tobi\Downloads\Download (1).exe 2015-01-19 17:35 - 2015-01-19 17:35 - 00085412 _____ () C:\Users\Tobi\Downloads\Download 2015-01-11 22:33 - 2015-01-22 18:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-11 22:33 - 2015-01-14 03:05 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-11 22:33 - 2015-01-14 03:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-11 22:33 - 2015-01-14 03:05 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-11 22:33 - 2015-01-11 22:35 - 00000000 ____D () C:\Users\Tobi\AppData\Local\Adobe 2015-01-11 22:33 - 2015-01-11 22:33 - 00000000 ____D () C:\Windows\SysWOW64\Macromed 2015-01-11 22:33 - 2015-01-11 22:33 - 00000000 ____D () C:\Windows\system32\Macromed 2015-01-11 21:04 - 2015-01-21 22:07 - 00000000 ____D () C:\Users\Tobi\AppData\Local\ESL Wire Game Client 2015-01-11 21:04 - 2015-01-11 21:05 - 00000645 _____ () C:\Users\Public\Desktop\ESL Wire.lnk 2015-01-11 21:04 - 2015-01-11 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESL Wire 2015-01-11 21:04 - 2015-01-11 21:04 - 00000000 ____D () C:\ProgramData\ESL Wire 2015-01-08 22:06 - 2015-01-21 18:31 - 00000000 ____D () C:\AdwCleaner 2015-01-08 22:05 - 2015-01-08 22:05 - 02191360 _____ () C:\Users\Tobi\Downloads\AdwCleaner_4.107.exe 2015-01-08 22:02 - 2015-01-22 14:42 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-08 22:01 - 2015-01-08 22:01 - 00000737 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-08 22:01 - 2015-01-08 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-08 22:01 - 2015-01-08 22:01 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-08 22:01 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-08 22:01 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-08 22:01 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-01-08 22:00 - 2015-01-08 22:01 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Tobi\Downloads\mbam-setup-2.0.4.1028.exe 2015-01-08 21:52 - 2015-01-08 21:54 - 00002192 _____ () C:\Users\Tobi\Desktop\chrome.lnk 2015-01-08 21:49 - 2015-01-21 15:43 - 00000000 ____D () C:\Program Files (x86)\20f6461b-1317-4e61-b54a-f33a5f69df90 2015-01-08 21:35 - 2015-01-08 21:48 - 00000000 ___HD () C:\Users\Public\Temp 2015-01-08 21:34 - 2015-01-08 22:06 - 00000000 ____D () C:\Users\Tobi\AppData\Local\com 2015-01-07 21:53 - 2015-01-07 21:53 - 00004456 _____ () C:\Users\Tobi\Downloads\zonixx-CFG+video+DMcfg.zip ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-22 17:48 - 2014-11-12 15:43 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-22 16:47 - 2014-10-19 15:18 - 01226182 _____ () C:\Windows\WindowsUpdate.log 2015-01-22 15:48 - 2014-11-12 15:43 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-21 22:16 - 2009-07-14 05:51 - 00051735 _____ () C:\Windows\setupact.log 2015-01-21 22:14 - 2009-07-14 05:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-21 22:14 - 2009-07-14 05:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-21 22:13 - 2011-04-12 08:43 - 00691940 _____ () C:\Windows\system32\perfh007.dat 2015-01-21 22:13 - 2011-04-12 08:43 - 00145538 _____ () C:\Windows\system32\perfc007.dat 2015-01-21 22:13 - 2009-07-14 06:13 - 01599026 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-21 22:07 - 2014-10-19 16:02 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-01-21 22:07 - 2010-11-21 04:47 - 00079318 _____ () C:\Windows\PFRO.log 2015-01-21 22:07 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-21 21:58 - 2014-10-19 16:18 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\TS3Client 2015-01-21 21:02 - 2014-10-19 16:01 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-01-21 20:58 - 2014-10-19 19:51 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\vlc 2015-01-21 18:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\LiveKernelReports 2015-01-21 15:44 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default 2015-01-21 15:44 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2015-01-21 15:43 - 2014-10-19 16:02 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies 2015-01-20 14:28 - 2011-04-12 08:54 - 00000000 ___RD () C:\Users\Public\Recorded TV 2015-01-19 22:21 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\DigitalLocker 2015-01-09 07:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources 2015-01-08 21:50 - 2014-11-05 13:18 - 00000000 ____D () C:\Program Files (x86)\BlueStacks 2015-01-08 21:40 - 2014-10-19 15:18 - 00001439 _____ () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-01-08 21:40 - 2014-10-19 15:18 - 00001405 _____ () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2015-01-04 05:02 - 2014-10-22 18:03 - 00000000 ____D () C:\Users\Tobi\Desktop\Tattoo 2014-12-31 12:14 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== Files in the root of some directories ======= 2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Tobi\AppData\Roaming\USTV 2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Tobi\AppData\Roaming\VTAP 2014-11-20 21:48 - 2014-11-20 21:48 - 0000057 _____ () C:\ProgramData\Ament.ini 2014-10-19 15:51 - 2014-10-19 15:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some content of TEMP: ==================== C:\Users\Tobi\AppData\Local\Temp\mirc738.exe C:\Users\Tobi\AppData\Local\Temp\Quarantine.exe C:\Users\Tobi\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-14 06:17 ==================== End Of Log ============================ Die Werbung ist weg. Danke! Hab eben nur unter C:/Programme(x86) einen Ordner Voauedix entdeckt. Darin ist eine .exe und eine .dat Datei entdeckt. Kann ich diesen Ordner jetzt einfach löschen? |
23.01.2015, 12:13 | #10 | |
/// the machine /// TB-Ausbilder | Vaudix AdsZitat:
Revo Uninstaller - Download - Filepony damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.google.com/chrome/answer/3296214?hl=de Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome.dll C:\ProgramData\pnkaiaejddfgepbbllfamkjefojllcoi C:\Users\Tobi\AppData\Roaming\USTV C:\Users\Tobi\AppData\Roaming\VTAP C:\Users\Tobi\AppData\Roaming\Opera Software\Opera Stable\Extensions\dimfohdigjaffdaanhmbocfkpolglnjk\1.26.88_0\extensionData\plugins\91.js C:\Users\Tobi\Downloads\BlueStacks-SplitInstaller_native_CB-DL-Manager.exe C:\Users\Tobi\Downloads\Download (1).exe C:\Users\Tobi\Downloads\Download.exe C:\Users\Tobi\Downloads\Virtual Audio Cable - CHIP-Installer.exe C:\Users\Tobi\Downloads\vlc-2.1.5-win32.exe Startup: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download (1).lnk ShortcutTarget: Download (1).lnk -> C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\Download (1).exe () C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0} CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKU\S-1-5-21-1247221106-465103080-481791032-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION CHR Extension: (Voauedix) - C:\ProgramData\pnkaiaejddfgepbbllfamkjefojllcoi\ [2014-10-19] 2015-01-19 21:27 - 2015-01-19 21:27 - 00000000 ____D () C:\ProgramData\pnkaiaejddfgepbbllfamkjefojllcoi 2015-01-19 21:27 - 2015-01-19 21:27 - 00000000 ____D () C:\Program Files (x86)\Voauedix 2015-01-19 21:26 - 2015-01-19 22:22 - 00000000 ____D () C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0} 2015-01-19 21:26 - 2015-01-19 21:26 - 01347584 _____ () C:\Users\Tobi\Downloads\Download (1).exe 2015-01-19 17:35 - 2015-01-19 17:35 - 00085412 _____ () C:\Users\Tobi\Downloads\Download Emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
23.01.2015, 14:34 | #11 |
| Vaudix AdsCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015 Ran by Tobi at 2015-01-23 14:29:16 Run:1 Running from C:\Users\Tobi\Downloads Loaded Profiles: Tobi (Available profiles: Tobi) Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome.dll C:\ProgramData\pnkaiaejddfgepbbllfamkjefojllcoi C:\Users\Tobi\AppData\Roaming\USTV C:\Users\Tobi\AppData\Roaming\VTAP C:\Users\Tobi\AppData\Roaming\Opera Software\Opera Stable\Extensions\dimfohdigjaffdaanhmbocfkpolglnjk\1.26.88_0\extensionData\plugins\91.js C:\Users\Tobi\Downloads\BlueStacks-SplitInstaller_native_CB-DL-Manager.exe C:\Users\Tobi\Downloads\Download (1).exe C:\Users\Tobi\Downloads\Download.exe C:\Users\Tobi\Downloads\Virtual Audio Cable - CHIP-Installer.exe C:\Users\Tobi\Downloads\vlc-2.1.5-win32.exe Startup: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download (1).lnk ShortcutTarget: Download (1).lnk -> C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\Download (1).exe () C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0} CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKU\S-1-5-21-1247221106-465103080-481791032-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION CHR Extension: (Voauedix) - C:\ProgramData\pnkaiaejddfgepbbllfamkjefojllcoi\ [2014-10-19] 2015-01-19 21:27 - 2015-01-19 21:27 - 00000000 ____D () C:\ProgramData\pnkaiaejddfgepbbllfamkjefojllcoi 2015-01-19 21:27 - 2015-01-19 21:27 - 00000000 ____D () C:\Program Files (x86)\Voauedix 2015-01-19 21:26 - 2015-01-19 22:22 - 00000000 ____D () C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0} 2015-01-19 21:26 - 2015-01-19 21:26 - 01347584 _____ () C:\Users\Tobi\Downloads\Download (1).exe 2015-01-19 17:35 - 2015-01-19 17:35 - 00085412 _____ () C:\Users\Tobi\Downloads\Download Emptytemp: ***************** "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome.dll" => File/Directory not found. C:\ProgramData\pnkaiaejddfgepbbllfamkjefojllcoi => Moved successfully. C:\Users\Tobi\AppData\Roaming\USTV => Moved successfully. C:\Users\Tobi\AppData\Roaming\VTAP => Moved successfully. C:\Users\Tobi\AppData\Roaming\Opera Software\Opera Stable\Extensions\dimfohdigjaffdaanhmbocfkpolglnjk\1.26.88_0\extensionData\plugins\91.js => Moved successfully. C:\Users\Tobi\Downloads\BlueStacks-SplitInstaller_native_CB-DL-Manager.exe => Moved successfully. C:\Users\Tobi\Downloads\Download (1).exe => Moved successfully. C:\Users\Tobi\Downloads\Download.exe => Moved successfully. C:\Users\Tobi\Downloads\Virtual Audio Cable - CHIP-Installer.exe => Moved successfully. C:\Users\Tobi\Downloads\vlc-2.1.5-win32.exe => Moved successfully. C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download (1).lnk => Moved successfully. C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\Download (1).exe => Moved successfully. "C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}" directory move: C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\5d7f2dabbaffce09 => Moved successfully. Could not move "C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\90828bfe9d2b29dd" => Scheduled to move on reboot. C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\Download (1).dat => Moved successfully. Could not move "C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}" directory. => Scheduled to move on reboot. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. "HKU\S-1-5-21-1247221106-465103080-481791032-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. C:\ProgramData\pnkaiaejddfgepbbllfamkjefojllcoi\ directory not found. "C:\ProgramData\pnkaiaejddfgepbbllfamkjefojllcoi" => File/Directory not found. C:\Program Files (x86)\Voauedix => Moved successfully. "C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}" directory move: Could not move "C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\90828bfe9d2b29dd" => Scheduled to move on reboot. Could not move "C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}" directory. => Scheduled to move on reboot. "C:\Users\Tobi\Downloads\Download (1).exe" => File/Directory not found. C:\Users\Tobi\Downloads\Download => Moved successfully. EmptyTemp: => Removed 847.3 MB temporary data. => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-01-23 14:31:33)<= C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\90828bfe9d2b29dd => Is moved successfully. C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0} => Is moved successfully. C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\90828bfe9d2b29dd => Is moved successfully. C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0} => Is moved successfully. ==== End of Fixlog 14:31:33 ==== FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015 Ran by Tobi (administrator) on TOBI-PC on 23-01-2015 14:32:01 Running from C:\Users\Tobi\Downloads Loaded Profiles: Tobi & (Available profiles: Tobi) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe () H:\Programme\EslWire\service\WireHelperSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Malwarebytes Corporation) H:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) H:\Programme\ Malwarebytes Anti-Malware \mbam.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Turtle Entertainment GmbH) H:\Programme\EslWire\wire.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe (Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe (Razer, Inc.) C:\Users\Tobi\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7611608 2014-05-27] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-17] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.) HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-07] (BlueStack Systems, Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKU\S-1-5-21-1247221106-465103080-481791032-1000\...\Run: [ESL Wire] => H:\Programme\EslWire\wire.exe [3771904 2014-12-09] (Turtle Entertainment GmbH) HKU\S-1-5-21-1247221106-465103080-481791032-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ESL Wire] => H:\Programme\EslWire\wire.exe [3771904 2014-12-09] (Turtle Entertainment GmbH) Startup: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP ENVY 4500 series.lnk ShortcutTarget: Tintenwarnungen überwachen - HP ENVY 4500 series.lnk -> C:\Program Files\HP\HP ENVY 4500 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1247221106-465103080-481791032-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1247221106-465103080-481791032-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Tcpip\Parameters: [DhcpNameServer] 217.68.161.141 217.68.161.171 FireFox: ======== FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) Chrome: ======= CHR HomePage: Default -> hxxp://www.google.de/ CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT2625848&SearchSource=48" CHR Profile: C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Präsentationen) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-23] CHR Extension: (Google Docs) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-23] CHR Extension: (Google Drive) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-23] CHR Extension: (YouTube) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-23] CHR Extension: (Google-Suche) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-23] CHR Extension: (Google Tabellen) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-23] CHR Extension: (Google Wallet) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-23] CHR Extension: (Google Mail) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-23] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.) R2 EslWireHelper; H:\Programme\EslWire\service\WireHelperSvc.exe [663056 2014-01-28] () R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-17] (NVIDIA Corporation) R2 MBAMScheduler; H:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) S2 MBAMService; H:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-17] (NVIDIA Corporation) R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-10-31] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems) S3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [67584 2014-11-10] (Eugene V. Muzychenko) [File not signed] R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-23] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-17] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation) S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [33448 2014-09-05] (Razer Inc) R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-09-05] (Razer Inc) R3 rzp1endpt; C:\Windows\System32\DRIVERS\rzp1endpt.sys [40104 2014-09-05] (Razer Inc) R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.) R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.) S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [31912 2014-09-05] (Razer Inc) R3 rzvmouse; C:\Windows\System32\DRIVERS\rzvmouse.sys [31912 2014-09-05] (Razer Inc) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-23 14:28 - 2015-01-23 14:17 - 00001704 _____ () C:\fixlist.txt 2015-01-23 14:23 - 2015-01-23 14:23 - 00002247 _____ () C:\Users\Tobi\Desktop\Google Chrome.lnk 2015-01-23 14:23 - 2015-01-23 14:23 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-01-23 14:18 - 2015-01-23 14:18 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Tobi\Downloads\revosetup95.exe 2015-01-23 14:18 - 2015-01-23 14:18 - 00000729 _____ () C:\Users\Tobi\Desktop\Revo Uninstaller.lnk 2015-01-23 14:17 - 2015-01-23 14:17 - 00001704 _____ () C:\Users\Tobi\Desktop\Fixlist.txt 2015-01-22 17:41 - 2015-01-22 17:41 - 00852504 _____ () C:\Users\Tobi\Downloads\SecurityCheck (1).exe 2015-01-22 17:40 - 2015-01-22 17:40 - 02347384 _____ (ESET) C:\Users\Tobi\Downloads\esetsmartinstaller_deu.exe 2015-01-22 17:40 - 2015-01-22 17:40 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-01-21 18:40 - 2015-01-21 18:40 - 00000922 _____ () C:\Users\Tobi\Desktop\JRT.txt 2015-01-21 18:39 - 2015-01-21 18:39 - 01707939 _____ (Thisisu) C:\Users\Tobi\Downloads\JRT (1).exe 2015-01-21 18:37 - 2015-01-21 18:37 - 00001772 _____ () C:\Users\Tobi\Desktop\AdwCleaner[S2].txt 2015-01-21 18:06 - 2015-01-21 18:06 - 00001492 _____ () C:\Users\Tobi\Desktop\mbam.txt 2015-01-21 17:52 - 2015-01-21 18:13 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\mIRC 2015-01-21 17:52 - 2015-01-21 17:52 - 02471776 _____ (mIRC Co. Ltd.) C:\Users\Tobi\Downloads\mirc738.exe 2015-01-21 17:52 - 2015-01-21 17:52 - 00000628 _____ () C:\Users\Public\Desktop\mIRC.lnk 2015-01-21 17:52 - 2015-01-21 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC 2015-01-21 15:41 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-01-21 15:41 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-01-21 15:41 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-01-21 15:41 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-01-21 15:41 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-01-21 15:41 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-01-21 15:41 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-01-21 15:41 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-01-21 15:39 - 2015-01-21 15:45 - 00000000 ____D () C:\Qoobox 2015-01-21 15:39 - 2015-01-21 15:44 - 00000000 ____D () C:\Windows\erdnt 2015-01-21 15:35 - 2015-01-21 15:35 - 05608785 ____R (Swearware) C:\Users\Tobi\Downloads\ComboFix.exe 2015-01-20 22:33 - 2015-01-23 14:32 - 00013574 _____ () C:\Users\Tobi\Downloads\FRST.txt 2015-01-20 22:33 - 2015-01-23 14:32 - 00000000 ____D () C:\FRST 2015-01-20 22:33 - 2015-01-20 22:34 - 00019780 _____ () C:\Users\Tobi\Downloads\Addition.txt 2015-01-20 22:33 - 2015-01-20 22:33 - 02126848 _____ (Farbar) C:\Users\Tobi\Downloads\FRST64.exe 2015-01-20 21:24 - 2015-01-20 21:24 - 00852504 _____ () C:\Users\Tobi\Downloads\SecurityCheck.exe 2015-01-20 21:11 - 2015-01-20 21:11 - 00000000 ____D () C:\Windows\ERUNT 2015-01-20 21:10 - 2015-01-20 21:11 - 02186752 _____ () C:\Users\Tobi\Downloads\AdwCleaner_4.108.exe 2015-01-20 21:10 - 2015-01-20 21:11 - 01707939 _____ (Thisisu) C:\Users\Tobi\Downloads\JRT.exe 2015-01-20 21:10 - 2015-01-20 21:11 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\Tobi\Downloads\sc-cleaner.exe 2015-01-20 14:28 - 2015-01-20 14:28 - 00037888 _____ () C:\Users\Tobi\Downloads\tempDownload_1bcb678d-b7a1-4a25-9688-fb0a367ca006_1412572857279 2015-01-19 21:28 - 2015-01-19 21:28 - 00000000 ____D () C:\Program Files (x86)\Instagram for Chrome Tabs Instatabs 2015-01-11 22:33 - 2015-01-23 13:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-11 22:33 - 2015-01-22 21:35 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-11 22:33 - 2015-01-22 21:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-11 22:33 - 2015-01-22 21:35 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-11 22:33 - 2015-01-11 22:35 - 00000000 ____D () C:\Users\Tobi\AppData\Local\Adobe 2015-01-11 22:33 - 2015-01-11 22:33 - 00000000 ____D () C:\Windows\SysWOW64\Macromed 2015-01-11 22:33 - 2015-01-11 22:33 - 00000000 ____D () C:\Windows\system32\Macromed 2015-01-11 21:04 - 2015-01-23 14:31 - 00000000 ____D () C:\Users\Tobi\AppData\Local\ESL Wire Game Client 2015-01-11 21:04 - 2015-01-11 21:05 - 00000645 _____ () C:\Users\Public\Desktop\ESL Wire.lnk 2015-01-11 21:04 - 2015-01-11 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESL Wire 2015-01-11 21:04 - 2015-01-11 21:04 - 00000000 ____D () C:\ProgramData\ESL Wire 2015-01-08 22:06 - 2015-01-21 18:31 - 00000000 ____D () C:\AdwCleaner 2015-01-08 22:05 - 2015-01-08 22:05 - 02191360 _____ () C:\Users\Tobi\Downloads\AdwCleaner_4.107.exe 2015-01-08 22:02 - 2015-01-23 14:31 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-08 22:01 - 2015-01-08 22:01 - 00000737 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-08 22:01 - 2015-01-08 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-08 22:01 - 2015-01-08 22:01 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-08 22:01 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-08 22:01 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-08 22:01 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-01-08 22:00 - 2015-01-08 22:01 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Tobi\Downloads\mbam-setup-2.0.4.1028.exe 2015-01-08 21:52 - 2015-01-08 21:54 - 00002192 _____ () C:\Users\Tobi\Desktop\chrome.lnk 2015-01-08 21:49 - 2015-01-21 15:43 - 00000000 ____D () C:\Program Files (x86)\20f6461b-1317-4e61-b54a-f33a5f69df90 2015-01-08 21:35 - 2015-01-08 21:48 - 00000000 ___HD () C:\Users\Public\Temp 2015-01-08 21:34 - 2015-01-08 22:06 - 00000000 ____D () C:\Users\Tobi\AppData\Local\com 2015-01-07 21:53 - 2015-01-07 21:53 - 00004456 _____ () C:\Users\Tobi\Downloads\zonixx-CFG+video+DMcfg.zip ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-23 14:30 - 2014-11-12 15:43 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-23 14:30 - 2014-10-19 16:02 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-01-23 14:30 - 2014-10-19 15:18 - 01470963 _____ () C:\Windows\WindowsUpdate.log 2015-01-23 14:30 - 2010-11-21 04:47 - 00080492 _____ () C:\Windows\PFRO.log 2015-01-23 14:30 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-23 14:30 - 2009-07-14 05:51 - 00052015 _____ () C:\Windows\setupact.log 2015-01-23 13:48 - 2014-11-12 15:43 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-22 19:51 - 2014-10-19 16:18 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\TS3Client 2015-01-22 19:06 - 2014-10-19 16:01 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-01-21 22:14 - 2009-07-14 05:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-21 22:14 - 2009-07-14 05:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-21 22:13 - 2011-04-12 08:43 - 00691940 _____ () C:\Windows\system32\perfh007.dat 2015-01-21 22:13 - 2011-04-12 08:43 - 00145538 _____ () C:\Windows\system32\perfc007.dat 2015-01-21 22:13 - 2009-07-14 06:13 - 01599026 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-21 20:58 - 2014-10-19 19:51 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\vlc 2015-01-21 18:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\LiveKernelReports 2015-01-21 15:44 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default 2015-01-21 15:44 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2015-01-21 15:43 - 2014-10-19 16:02 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies 2015-01-20 14:28 - 2011-04-12 08:54 - 00000000 ___RD () C:\Users\Public\Recorded TV 2015-01-19 22:21 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\DigitalLocker 2015-01-09 07:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources 2015-01-08 21:50 - 2014-11-05 13:18 - 00000000 ____D () C:\Program Files (x86)\BlueStacks 2015-01-08 21:40 - 2014-10-19 15:18 - 00001439 _____ () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-01-08 21:40 - 2014-10-19 15:18 - 00001405 _____ () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2015-01-04 05:02 - 2014-10-22 18:03 - 00000000 ____D () C:\Users\Tobi\Desktop\Tattoo 2014-12-31 12:14 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== Files in the root of some directories ======= 2014-11-20 21:48 - 2014-11-20 21:48 - 0000057 _____ () C:\ProgramData\Ament.ini 2014-10-19 15:51 - 2014-10-19 15:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-14 06:17 ==================== End Of Log ============================ |
23.01.2015, 17:13 | #12 |
/// the machine /// TB-Ausbilder | Vaudix Ads Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Vaudix Ads |
ads, anschluss, download, entferne, entfernen, helft, omiga-plus, schei, schonmal, toolbar, vaudix, vaudix ads, vaudix ads entfernen, werbung |