Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Vaudix Ads

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 20.01.2015, 22:02   #1
tob11
 
Vaudix Ads - Standard

Vaudix Ads



Hallo,

ich habe mir seit langem mal wieder was eingefangen.
Bei einem Download scheine ich mir die omiga-plus toolbar eingefangen. Die habe ich mittlerweile entfernen können.
Nun im Anschluss kommt noch Vaudix ins Spiel. Das bekomme ich leider nicht los. Bitte helft mir ich bin die Werbung leid!!

Danke schonmal im vorraus.

Liebe Grüße

Tobi

Alt 20.01.2015, 22:27   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Vaudix Ads - Standard

Vaudix Ads



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 20.01.2015, 22:35   #3
tob11
 
Vaudix Ads - Standard

Vaudix Ads




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Tobi (administrator) on TOBI-PC on 20-01-2015 22:33:36
Running from C:\Users\Tobi\Downloads
Loaded Profiles: Tobi (Available profiles: Tobi)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Turtle Entertainment GmbH) H:\Programme\EslWire\wire.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() H:\Programme\EslWire\service\WireHelperSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\Download (1).exe
(Malwarebytes Corporation) H:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Malwarebytes Corporation) H:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) H:\Programme\ Malwarebytes Anti-Malware \mbam.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Tobi\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7611608 2014-05-27] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-07] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKU\S-1-5-21-1247221106-465103080-481791032-1000\...\Run: [ESL Wire] => H:\Programme\EslWire\wire.exe [3771904 2014-12-09] (Turtle Entertainment GmbH)
HKU\S-1-5-21-1247221106-465103080-481791032-1000\...\MountPoints2: {3e4b4d6e-579a-11e4-b1a3-806e6f6e6963} - D:\Setup.exe
Startup: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download (1).lnk
ShortcutTarget: Download (1).lnk -> C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\Download (1).exe ()
Startup: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP ENVY 4500 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP ENVY 4500 series.lnk -> C:\Program Files\HP\HP ENVY 4500 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Tcpip\Parameters: [DhcpNameServer] 217.68.161.141 217.68.161.171

FireFox:
========
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR DefaultSearchKeyword: Default -> 66BDAEADE98EDC3356B789E6ED77674DAD506A9A605E861C5802E59ED79C6DC9
CHR DefaultSearchURL: Default -> E211984B217D9EB92449B5231BB746E7E74945700D008ADBA83F129A942CDD33
CHR Profile: C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-19]
CHR Extension: (Google Docs) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-19]
CHR Extension: (Google Drive) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-19]
CHR Extension: (YouTube) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-19]
CHR Extension: (Google-Suche) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-19]
CHR Extension: (Google Tabellen) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-19]
CHR Extension: (AdBlock) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-19]
CHR Extension: (AntiGameOrigin) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldbahlcmhmlpomdepooifmhnalokdhgm [2015-01-04]
CHR Extension: (Instagram for Chrome Tabs  Instatabs) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mipnjnddbpbdmbpjafflemfdefjlibod [2015-01-19]
CHR Extension: (Google Wallet) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-19]
CHR Extension: (Google Mail) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-19]
CHR Extension: (Voauedix) - C:\ProgramData\pnkaiaejddfgepbbllfamkjefojllcoi\ [2014-10-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.)
S2 d65a1a66; c:\Program Files (x86)\TampaGeneration\TampaGeneration.dll [3329536 2015-01-19] () [File not signed]
R2 EslWireHelper; H:\Programme\EslWire\service\WireHelperSvc.exe [663056 2014-01-28] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-17] (NVIDIA Corporation)
R2 MBAMScheduler; H:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; H:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-17] (NVIDIA Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-10-31] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems)
S3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [67584 2014-11-10] (Eugene V. Muzychenko) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [33448 2014-09-05] (Razer Inc)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-09-05] (Razer Inc)
R3 rzp1endpt; C:\Windows\System32\DRIVERS\rzp1endpt.sys [40104 2014-09-05] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.)
S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [31912 2014-09-05] (Razer Inc)
R3 rzvmouse; C:\Windows\System32\DRIVERS\rzvmouse.sys [31912 2014-09-05] (Razer Inc)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-20 22:33 - 2015-01-20 22:33 - 02126848 _____ (Farbar) C:\Users\Tobi\Downloads\FRST64.exe
2015-01-20 22:33 - 2015-01-20 22:33 - 00014815 _____ () C:\Users\Tobi\Downloads\FRST.txt
2015-01-20 22:33 - 2015-01-20 22:33 - 00000000 ____D () C:\FRST
2015-01-20 21:42 - 2015-01-20 21:42 - 00000922 _____ () C:\Users\Tobi\Desktop\JRT.txt
2015-01-20 21:24 - 2015-01-20 21:24 - 00852504 _____ () C:\Users\Tobi\Downloads\SecurityCheck.exe
2015-01-20 21:11 - 2015-01-20 21:11 - 00001790 _____ () C:\sc-cleaner.txt
2015-01-20 21:11 - 2015-01-20 21:11 - 00000000 ____D () C:\Windows\ERUNT
2015-01-20 21:10 - 2015-01-20 21:11 - 02186752 _____ () C:\Users\Tobi\Downloads\AdwCleaner_4.108.exe
2015-01-20 21:10 - 2015-01-20 21:11 - 01707939 _____ (Thisisu) C:\Users\Tobi\Downloads\JRT.exe
2015-01-20 21:10 - 2015-01-20 21:11 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\Tobi\Downloads\sc-cleaner.exe
2015-01-20 14:28 - 2015-01-20 14:28 - 00037888 _____ () C:\Users\Tobi\Downloads\tempDownload_1bcb678d-b7a1-4a25-9688-fb0a367ca006_1412572857279
2015-01-19 21:28 - 2015-01-19 21:28 - 00000000 ____D () C:\Program Files (x86)\TampaGeneration
2015-01-19 21:28 - 2015-01-19 21:28 - 00000000 ____D () C:\Program Files (x86)\Instagram for Chrome Tabs  Instatabs
2015-01-19 21:27 - 2015-01-19 21:27 - 00000000 ____D () C:\ProgramData\pnkaiaejddfgepbbllfamkjefojllcoi
2015-01-19 21:27 - 2015-01-19 21:27 - 00000000 ____D () C:\Program Files (x86)\Voauedix
2015-01-19 21:26 - 2015-01-19 22:22 - 00000000 ____D () C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}
2015-01-19 21:26 - 2015-01-19 21:26 - 01347584 _____ () C:\Users\Tobi\Downloads\Download (1).exe
2015-01-19 17:35 - 2015-01-19 17:35 - 00085412 _____ () C:\Users\Tobi\Downloads\Download
2015-01-11 22:33 - 2015-01-20 21:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-11 22:33 - 2015-01-14 03:05 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-11 22:33 - 2015-01-14 03:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-11 22:33 - 2015-01-14 03:05 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-11 22:33 - 2015-01-11 22:35 - 00000000 ____D () C:\Users\Tobi\AppData\Local\Adobe
2015-01-11 22:33 - 2015-01-11 22:33 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-01-11 22:33 - 2015-01-11 22:33 - 00000000 ____D () C:\Windows\system32\Macromed
2015-01-11 21:04 - 2015-01-20 21:54 - 00000000 ____D () C:\Users\Tobi\AppData\Local\ESL Wire Game Client
2015-01-11 21:04 - 2015-01-11 21:05 - 00000645 _____ () C:\Users\Public\Desktop\ESL Wire.lnk
2015-01-11 21:04 - 2015-01-11 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESL Wire
2015-01-11 21:04 - 2015-01-11 21:04 - 00000000 ____D () C:\ProgramData\ESL Wire
2015-01-08 22:06 - 2015-01-20 21:25 - 00000000 ____D () C:\AdwCleaner
2015-01-08 22:05 - 2015-01-08 22:05 - 02191360 _____ () C:\Users\Tobi\Downloads\AdwCleaner_4.107.exe
2015-01-08 22:02 - 2015-01-20 22:33 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-08 22:01 - 2015-01-08 22:01 - 00000737 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-08 22:01 - 2015-01-08 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-08 22:01 - 2015-01-08 22:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-08 22:01 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-08 22:01 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-08 22:01 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-08 22:00 - 2015-01-08 22:01 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Tobi\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-08 21:52 - 2015-01-08 21:54 - 00002192 _____ () C:\Users\Tobi\Desktop\chrome.lnk
2015-01-08 21:49 - 2015-01-08 22:06 - 00000000 ____D () C:\Program Files (x86)\20f6461b-1317-4e61-b54a-f33a5f69df90
2015-01-08 21:35 - 2015-01-08 21:48 - 00000000 ___HD () C:\Users\Public\Temp
2015-01-08 21:34 - 2015-01-08 22:06 - 00000000 ____D () C:\Users\Tobi\AppData\Local\com
2015-01-08 21:33 - 2015-01-20 21:54 - 00001330 _____ () C:\Windows\Tasks\VTAP.job
2015-01-08 21:33 - 2015-01-20 21:54 - 00001330 _____ () C:\Windows\Tasks\USTV.job
2015-01-08 21:33 - 2015-01-08 21:33 - 00004352 _____ () C:\Windows\System32\Tasks\VTAP
2015-01-08 21:33 - 2015-01-08 21:33 - 00004352 _____ () C:\Windows\System32\Tasks\USTV
2015-01-07 21:53 - 2015-01-07 21:53 - 00004456 _____ () C:\Users\Tobi\Downloads\zonixx-CFG+video+DMcfg.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-20 22:01 - 2009-07-14 05:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-20 22:01 - 2009-07-14 05:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-20 22:00 - 2011-04-12 08:43 - 00691940 _____ () C:\Windows\system32\perfh007.dat
2015-01-20 22:00 - 2011-04-12 08:43 - 00145538 _____ () C:\Windows\system32\perfc007.dat
2015-01-20 22:00 - 2009-07-14 06:13 - 01599026 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-20 21:57 - 2014-10-19 15:18 - 01837051 _____ () C:\Windows\WindowsUpdate.log
2015-01-20 21:54 - 2014-11-12 15:43 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-20 21:54 - 2014-10-19 16:02 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-20 21:54 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-20 21:54 - 2009-07-14 05:51 - 00051343 _____ () C:\Windows\setupact.log
2015-01-20 21:48 - 2014-11-12 15:43 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-20 21:15 - 2010-11-21 04:47 - 00077744 _____ () C:\Windows\PFRO.log
2015-01-20 20:25 - 2014-10-19 16:18 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\TS3Client
2015-01-20 15:09 - 2014-10-19 16:01 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-20 15:02 - 2014-10-19 19:51 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\vlc
2015-01-20 14:28 - 2011-04-12 08:54 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-19 22:21 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\DigitalLocker
2015-01-09 07:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources
2015-01-08 22:06 - 2014-10-19 16:02 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-01-08 21:50 - 2014-11-05 13:18 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2015-01-08 21:40 - 2014-10-19 15:18 - 00001439 _____ () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-08 21:40 - 2014-10-19 15:18 - 00001405 _____ () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-01-04 05:02 - 2014-10-22 18:03 - 00000000 ____D () C:\Users\Tobi\Desktop\Tattoo
2014-12-31 12:14 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======
2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Tobi\AppData\Roaming\USTV
2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Tobi\AppData\Roaming\VTAP
2014-11-20 21:48 - 2014-11-20 21:48 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-10-19 15:51 - 2014-10-19 15:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Tobi\AppData\Local\Temp\47603A90-A7B2-8D93-2DAF-C44F1FA767F3.exe
C:\Users\Tobi\AppData\Local\Temp\6F3a8bf3.exe
C:\Users\Tobi\AppData\Local\Temp\BD832039-85D4-DA55-8955-89E4DB237898.dll
C:\Users\Tobi\AppData\Local\Temp\BD832039-85D4-DA55-8955-89E4DB237898.exe
C:\Users\Tobi\AppData\Local\Temp\eCBFb7.exe
C:\Users\Tobi\AppData\Local\Temp\EslWireSetup-1.18.0.8085-x64.exe
C:\Users\Tobi\AppData\Local\Temp\EslWireSetup-1.18.0.8101-x64.exe
C:\Users\Tobi\AppData\Local\Temp\optprosetup.exe
C:\Users\Tobi\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\Tobi\AppData\Local\Temp\Quarantine.exe
C:\Users\Tobi\AppData\Local\Temp\sqlite3.dll
C:\Users\Tobi\AppData\Local\Temp\sqlite3.exe
C:\Users\Tobi\AppData\Local\Temp\supoptsetup.exe
C:\Users\Tobi\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 06:17

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Tobi at 2015-01-20 22:33:52
Running from C:\Users\Tobi\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{152E0B21-19D5-4772-9EF8-8E76074B0C0A}) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
ESL Wire 1.18.0 (HKLM\...\ESL Wire_is1) (Version:  - Turtle Entertainment GmbH)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HP ENVY 4500 series - Grundlegende Software für das Gerät (HKLM\...\{7A564D11-817E-48B1-9830-91420BF6E339}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP ENVY 4500 series Hilfe (HKLM-x32\...\{6767CCD2-B939-4542-BF08-015B5496D4EC}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Instagram for Chrome Tabs  Instatabs (HKLM-x32\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version:  - )
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.17 - Intel(R) Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.11 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.11 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.18.23036 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7255 - Realtek Semiconductor Corp.)
Schoener Fernsehen 0.0.0.2c (HKLM-x32\...\Schoener Fernsehen) (Version: 0.0.0.2c - © schoener-fernsehen.com)
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Studie zur Verbesserung von HP ENVY 4500 series (HKLM\...\{36E08FE6-D9FF-44EE-8AD3-EC723390DE00}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Virtual Audio Cable 4.9 (HKLM\...\Virtual Audio Cable 4.9) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {58569F12-E725-4CD9-BABA-281C4FB17733} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-12] (Google Inc.)
Task: {65DF6440-4CC5-4A21-A1B2-83299C34F39F} - System32\Tasks\VTAP => C:\Users\Tobi\AppData\Roaming\VTAP.exe <==== ATTENTION
Task: {A9D49734-F015-4545-932F-9D013D006C70} - System32\Tasks\HPCustParticipation HP ENVY 4500 series => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {AE7B5F0C-949C-4DAB-A8C3-42C38F01CB46} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-12] (Google Inc.)
Task: {C332FAF2-2A22-4F75-AA6E-58855F505205} - System32\Tasks\USTV => C:\Users\Tobi\AppData\Roaming\USTV.exe <==== ATTENTION
Task: {CEE49596-31DF-47F2-984F-D31E48E627B6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\USTV.job => C:\Users\Tobi\AppData\Roaming\USTV.exe <==== ATTENTION
Task: C:\Windows\Tasks\VTAP.job => C:\Users\Tobi\AppData\Roaming\VTAP.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-10-19 16:02 - 2014-09-13 22:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-11 21:04 - 2014-12-09 11:24 - 08871424 _____ () H:\Programme\EslWire\WireCore.dll
2015-01-11 21:04 - 2014-10-09 15:22 - 00214016 _____ () H:\Programme\EslWire\NocIPC64.dll
2015-01-11 21:04 - 2014-12-09 11:22 - 00454656 _____ () H:\Programme\EslWire\Linesman.dll
2015-01-11 21:04 - 2014-10-09 15:23 - 00310272 _____ () H:\Programme\EslWire\laginspect\laginspect.dll
2015-01-11 21:04 - 2014-01-28 11:40 - 00663056 _____ () H:\Programme\EslWire\service\WireHelperSvc.exe
2015-01-11 21:04 - 2014-10-09 15:22 - 00214016 _____ () H:\Programme\EslWire\service\NocIPC64.dll
2014-01-19 21:26 - 2014-01-19 21:26 - 01347584 _____ () C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\Download (1).exe
2014-10-31 23:27 - 2014-10-31 23:27 - 00183488 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2014-11-20 09:23 - 2014-11-20 09:23 - 00289792 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2015-01-15 02:52 - 2015-01-09 01:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
2015-01-15 02:52 - 2015-01-09 01:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll
2015-01-15 02:52 - 2015-01-09 01:35 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll
2015-01-15 02:52 - 2015-01-09 01:35 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
2015-01-15 02:52 - 2015-01-09 01:35 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll
2014-11-16 15:27 - 2014-01-04 01:20 - 34755072 _____ () C:\Users\Tobi\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2014-11-20 07:02 - 2014-11-20 07:02 - 00193024 _____ () C:\ProgramData\Razer\Synapse\RzStats\RigWrapper.dll
2014-11-16 15:27 - 2014-01-04 01:20 - 00970240 _____ () C:\Users\Tobi\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1247221106-465103080-481791032-500 - Administrator - Disabled)
Gast (S-1-5-21-1247221106-465103080-481791032-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1247221106-465103080-481791032-1002 - Limited - Enabled)
Tobi (S-1-5-21-1247221106-465103080-481791032-1000 - Administrator - Enabled) => C:\Users\Tobi

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI-Kommunikationscontroller (einfach)
Description: PCI-Kommunikationscontroller (einfach)
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/20/2015 09:56:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/20/2015 09:54:15 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (01/20/2015 09:54:15 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (01/20/2015 09:54:15 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (01/20/2015 09:56:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/20/2015 09:54:15 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (01/20/2015 09:54:15 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (01/20/2015 09:54:15 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]


CodeIntegrity Errors:
===================================
  Date: 2015-01-20 21:54:07.368
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-20 21:54:07.368
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-20 21:15:14.493
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-20 21:15:14.478
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-19 22:21:59.103
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-19 22:21:59.103
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-18 16:46:46.134
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-18 16:46:46.119
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-15 13:05:49.072
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-15 13:05:49.056
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 45%
Total physical RAM: 8133.97 MB
Available physical RAM: 4435.94 MB
Total Pagefile: 16266.14 MB
Available Pagefile: 11965.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:55.68 GB) (Free:4.37 GB) NTFS
Drive d: (HP EN4500) (CDROM) (Total:0.57 GB) (Free:0 GB) CDFS
Drive h: (Volume) (Fixed) (Total:1862.89 GB) (Free:1843.01 GB) NTFS
Drive i: (Transcend) (Removable) (Total:30.45 GB) (Free:9.96 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 55.9 GB) (Disk ID: A81101F2)

Partition: GPT Partition Type.

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 30.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=30.5 GB) - (Type=0C)

==================== End Of Log ============================
         
__________________

Alt 21.01.2015, 11:28   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Vaudix Ads - Standard

Vaudix Ads



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 21.01.2015, 15:46   #5
tob11
 
Vaudix Ads - Standard

Vaudix Ads



Code:
ATTFilter
ComboFix 15-01-18.01 - Tobi 21.01.2015  15:42:02.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8134.5458 [GMT 1:00]
ausgeführt von:: c:\users\Tobi\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\20f6461b-1317-4e61-b54a-f33a5f69df90\aeb6e1a6-5f91-48f5-995c-2900619d0921.dll
c:\program files (x86)\AGEIA Technologies\20f6461b-1317-4e61-b54a-f33a5f69df90.dll
c:\users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mipnjnddbpbdmbpjafflemfdefjlibod
c:\users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mipnjnddbpbdmbpjafflemfdefjlibod\107\background.html
c:\users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mipnjnddbpbdmbpjafflemfdefjlibod\107\content.js
c:\users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mipnjnddbpbdmbpjafflemfdefjlibod\107\lsdb.js
c:\users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mipnjnddbpbdmbpjafflemfdefjlibod\107\manifest.json
c:\users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mipnjnddbpbdmbpjafflemfdefjlibod\107\x.js
c:\users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mipnjnddbpbdmbpjafflemfdefjlibod\CURRENT
c:\users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mipnjnddbpbdmbpjafflemfdefjlibod\LOG.old
c:\users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlmeailenhgbmejohmhdjhhnjhdcpeob\CURRENT
c:\users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mipnjnddbpbdmbpjafflemfdefjlibod_0.localstorage-journal
c:\users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Preferences
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-12-21 bis 2015-01-21  ))))))))))))))))))))))))))))))
.
.
2015-01-21 14:43 . 2015-01-21 14:43	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-01-20 21:33 . 2015-01-20 21:34	--------	d-----w-	C:\FRST
2015-01-20 20:27 . 2014-12-02 10:26	11870360	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{78BC052D-A221-4993-B423-C7B0B3AC603B}\mpengine.dll
2015-01-20 20:11 . 2015-01-20 20:11	--------	d-----w-	c:\windows\ERUNT
2015-01-20 14:31 . 2015-01-20 14:31	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2015-01-20 14:31 . 2015-01-20 14:31	42168	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2015-01-20 13:30 . 2015-01-20 13:30	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2015-01-19 20:28 . 2015-01-19 20:28	--------	d-----w-	c:\program files (x86)\TampaGeneration
2015-01-19 20:28 . 2015-01-19 20:28	--------	d-----w-	c:\program files (x86)\Instagram for Chrome Tabs  Instatabs
2015-01-19 20:27 . 2015-01-19 20:27	--------	d-----w-	c:\program files (x86)\Voauedix
2015-01-19 20:27 . 2015-01-19 20:27	--------	d-----w-	c:\programdata\pnkaiaejddfgepbbllfamkjefojllcoi
2015-01-19 20:26 . 2015-01-19 21:22	--------	d-----w-	c:\programdata\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}
2015-01-19 18:14 . 2014-12-02 10:26	11870360	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-01-16 12:17 . 2014-10-21 19:09	1188440	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C44FFB50-0449-45EF-B824-A1238B6BC91E}\gapaengine.dll
2015-01-11 21:33 . 2015-01-14 02:05	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-11 21:33 . 2015-01-14 02:05	701616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-11 21:33 . 2015-01-11 21:33	--------	d-----w-	c:\windows\SysWow64\Macromed
2015-01-11 21:33 . 2015-01-11 21:33	--------	d-----w-	c:\windows\system32\Macromed
2015-01-11 21:33 . 2015-01-11 21:35	--------	d-----w-	c:\users\Tobi\AppData\Local\Adobe
2015-01-11 20:04 . 2015-01-20 20:54	--------	d-----w-	c:\users\Tobi\AppData\Local\ESL Wire Game Client
2015-01-11 20:04 . 2015-01-11 20:04	--------	d-----w-	c:\programdata\ESL Wire
2015-01-08 21:06 . 2015-01-20 20:25	--------	d-----w-	C:\AdwCleaner
2015-01-08 21:02 . 2015-01-21 14:34	129752	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-08 21:01 . 2015-01-08 21:01	--------	d-----w-	c:\programdata\Malwarebytes
2015-01-08 21:01 . 2014-11-21 05:14	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-01-08 21:01 . 2014-11-21 05:14	93400	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-01-08 21:01 . 2014-11-21 05:14	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-01-08 20:49 . 2015-01-21 14:43	--------	d-----w-	c:\program files (x86)\20f6461b-1317-4e61-b54a-f33a5f69df90
2015-01-08 20:35 . 2015-01-08 20:48	--------	d--h--w-	c:\users\Public\Temp
2015-01-08 20:34 . 2015-01-08 21:06	--------	d-----w-	c:\users\Tobi\AppData\Local\com
2015-01-08 20:32 . 2015-01-08 20:32	--------	d-----w-	c:\users\Tobi\AppData\Local\Programs
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-31 11:14 . 2010-11-21 03:27	298120	------w-	c:\windows\system32\MpSigStub.exe
2014-11-20 08:23 . 2014-11-20 08:23	9728	----a-w-	c:\windows\SysWow64\RzStats.IPC.dll
2014-11-10 17:11 . 2014-11-10 17:11	67584	----a-w-	c:\windows\system32\drivers\vrtaucbl.sys
2014-10-31 22:27 . 2014-11-16 14:27	37184	----a-w-	c:\windows\system32\drivers\rzpmgrk.sys
2014-10-23 20:05 . 2014-11-16 14:27	129600	----a-w-	c:\windows\system32\drivers\rzpnk.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ESL Wire"="h:\programme\EslWire\wire.exe" [2014-12-09 3771904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-02-21 292848]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2014-11-03 585536]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2014-10-07 843480]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
.
c:\users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Download (1).lnk - c:\programdata\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\Download (1).exe --startup=1 [2014-1-19 1347584]
Tintenwarnungen überwachen - HP ENVY 4500 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP ENVY 4500 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN47G142BW060D;CONNECTION=USB;MONITOR=1; [2009-7-14 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 d65a1a66;TampaGeneration;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R2 MBAMScheduler;MBAMScheduler;h:\programme\ Malwarebytes Anti-Malware \mbamscheduler.exe;h:\programme\ Malwarebytes Anti-Malware \mbamscheduler.exe [x]
R2 MBAMService;MBAMService;h:\programme\ Malwarebytes Anti-Malware \mbamservice.exe;h:\programme\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys;c:\windows\SYSNATIVE\DRIVERS\vrtaucbl.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 rzdaendpt;Razer DeathAdder end point;c:\windows\system32\DRIVERS\rzdaendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzdaendpt.sys [x]
R3 rzvkeyboard;Razer Virtual Keyboard Driver;c:\windows\system32\DRIVERS\rzvkeyboard.sys;c:\windows\SYSNATIVE\DRIVERS\rzvkeyboard.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
S2 EslWireHelper;ESL Wire Helper Service;h:\programme\EslWire\service\WireHelperSvc.exe;h:\programme\EslWire\service\WireHelperSvc.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Razer Game Scanner Service;Razer Game Scanner;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [x]
S2 rzpmgrk;rzpmgrk;c:\windows\system32\drivers\rzpmgrk.sys;c:\windows\SYSNATIVE\drivers\rzpmgrk.sys [x]
S2 rzpnk;rzpnk;c:\windows\system32\drivers\rzpnk.sys;c:\windows\SYSNATIVE\drivers\rzpnk.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x]
S3 rzp1endpt;Razer platform 1 end point;c:\windows\system32\DRIVERS\rzp1endpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzp1endpt.sys [x]
S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
S3 rzvmouse;Razer Virtual Mouse;c:\windows\system32\DRIVERS\rzvmouse.sys;c:\windows\SYSNATIVE\DRIVERS\rzvmouse.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-01-15 01:52	1087816	----a-w-	c:\program files (x86)\Google\Chrome\Application\39.0.2171.99\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-11 02:05]
.
2015-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-12 14:43]
.
2015-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-12 14:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2014-05-27 7611608]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-09-17 2461504]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-09-17 2799784]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
TCP: DhcpNameServer = 217.68.161.141 217.68.161.171
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-01-21  15:44:58
ComboFix-quarantined-files.txt  2015-01-21 14:44
.
Vor Suchlauf: 4.226.965.504 Bytes frei
Nach Suchlauf: 7.130.746.880 Bytes frei
.
- - End Of File - - 5A78AF585DBB1348BC5375516866A1EA
A36C5E4F47E84449FF07ED3517B43A31
         


Alt 21.01.2015, 17:45   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Vaudix Ads - Standard

Vaudix Ads



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Vaudix Ads

Alt 21.01.2015, 18:42   #7
tob11
 
Vaudix Ads - Standard

Vaudix Ads



Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 21.01.2015
Suchlauf-Zeit: 18:03:13
Logdatei: mbab.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.21.07
Rootkit Datenbank: v2015.01.14.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Tobi

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 335615
Verstrichene Zeit: 2 Min, 33 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 1
PUP.Optional.TampaGeneration.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\d65a1a66, In Quarantäne, [38d317e367222a0c2f47b1c3946f49b7], 

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 1
PUP.Optional.TampaGeneration.A, C:\Program Files (x86)\TampaGeneration, In Quarantäne, [3ccf09f18306a3935027c6aeb350e11f], 

Dateien: 1
PUP.Optional.TampaGeneration.A, C:\Program Files (x86)\TampaGeneration\TampaGeneration.dll, In Quarantäne, [3ccf09f18306a3935027c6aeb350e11f], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
Code:
ATTFilter
# AdwCleaner v4.108 - Bericht erstellt am 21/01/2015 um 18:31:34
# Aktualisiert 17/01/2015 von Xplode
# Database : 2015-01-18.1 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Tobi - TOBI-PC
# Gestartet von : C:\Users\Tobi\Downloads\AdwCleaner_4.108.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

***** [ Browser ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Google Chrome v39.0.2171.99


-\\ Opera v0.0.0.0


*************************

AdwCleaner[R0].txt - [9201 octets] - [08/01/2015 22:06:37]
AdwCleaner[R1].txt - [2163 octets] - [20/01/2015 21:13:45]
AdwCleaner[R2].txt - [1651 octets] - [20/01/2015 21:25:12]
AdwCleaner[R3].txt - [1711 octets] - [21/01/2015 18:13:26]
AdwCleaner[S0].txt - [8621 octets] - [08/01/2015 22:07:16]
AdwCleaner[S1].txt - [2224 octets] - [20/01/2015 21:14:34]
AdwCleaner[S2].txt - [1632 octets] - [21/01/2015 18:31:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1692 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Professional x64
Ran by Tobi on 21.01.2015 at 18:39:40,05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Users\Tobi\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Tobi\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.01.2015 at 18:40:49,18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Tobi (administrator) on TOBI-PC on 21-01-2015 18:41:32
Running from C:\Users\Tobi\Downloads
Loaded Profiles: Tobi (Available profiles: Tobi)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
() H:\Programme\EslWire\service\WireHelperSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes Corporation) H:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) H:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) H:\Programme\ Malwarebytes Anti-Malware \mbam.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Turtle Entertainment GmbH) H:\Programme\EslWire\wire.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\Download (1).exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Tobi\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7611608 2014-05-27] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-07] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKU\S-1-5-21-1247221106-465103080-481791032-1000\...\Run: [ESL Wire] => H:\Programme\EslWire\wire.exe [3771904 2014-12-09] (Turtle Entertainment GmbH)
Startup: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download (1).lnk
ShortcutTarget: Download (1).lnk -> C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\Download (1).exe ()
Startup: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP ENVY 4500 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP ENVY 4500 series.lnk -> C:\Program Files\HP\HP ENVY 4500 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1247221106-465103080-481791032-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1247221106-465103080-481791032-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Tcpip\Parameters: [DhcpNameServer] 217.68.161.141 217.68.161.171

FireFox:
========
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR DefaultSearchKeyword: Default -> 66BDAEADE98EDC3356B789E6ED77674DAD506A9A605E861C5802E59ED79C6DC9
CHR DefaultSearchURL: Default -> E211984B217D9EB92449B5231BB746E7E74945700D008ADBA83F129A942CDD33
CHR Profile: C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-19]
CHR Extension: (Google Docs) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-19]
CHR Extension: (Google Drive) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-19]
CHR Extension: (YouTube) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-19]
CHR Extension: (Google-Suche) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-19]
CHR Extension: (Google Tabellen) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-19]
CHR Extension: (AdBlock) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-19]
CHR Extension: (AntiGameOrigin) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldbahlcmhmlpomdepooifmhnalokdhgm [2015-01-04]
CHR Extension: (Google Wallet) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-19]
CHR Extension: (Google Mail) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-19]
CHR Extension: (Voauedix) - C:\ProgramData\pnkaiaejddfgepbbllfamkjefojllcoi\ [2014-10-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.)
R2 EslWireHelper; H:\Programme\EslWire\service\WireHelperSvc.exe [663056 2014-01-28] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-17] (NVIDIA Corporation)
R2 MBAMScheduler; H:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; H:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-17] (NVIDIA Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-10-31] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems)
S3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [67584 2014-11-10] (Eugene V. Muzychenko) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [33448 2014-09-05] (Razer Inc)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-09-05] (Razer Inc)
R3 rzp1endpt; C:\Windows\System32\DRIVERS\rzp1endpt.sys [40104 2014-09-05] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.)
S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [31912 2014-09-05] (Razer Inc)
R3 rzvmouse; C:\Windows\System32\DRIVERS\rzvmouse.sys [31912 2014-09-05] (Razer Inc)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-21 18:40 - 2015-01-21 18:40 - 00000922 _____ () C:\Users\Tobi\Desktop\JRT.txt
2015-01-21 18:39 - 2015-01-21 18:39 - 01707939 _____ (Thisisu) C:\Users\Tobi\Downloads\JRT (1).exe
2015-01-21 18:37 - 2015-01-21 18:37 - 00001772 _____ () C:\Users\Tobi\Desktop\AdwCleaner[S2].txt
2015-01-21 18:06 - 2015-01-21 18:06 - 00001492 _____ () C:\Users\Tobi\Desktop\mbam.txt
2015-01-21 17:52 - 2015-01-21 18:13 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\mIRC
2015-01-21 17:52 - 2015-01-21 17:52 - 02471776 _____ (mIRC Co. Ltd.) C:\Users\Tobi\Downloads\mirc738.exe
2015-01-21 17:52 - 2015-01-21 17:52 - 00000628 _____ () C:\Users\Public\Desktop\mIRC.lnk
2015-01-21 17:52 - 2015-01-21 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
2015-01-21 15:44 - 2015-01-21 15:44 - 00019856 _____ () C:\ComboFix.txt
2015-01-21 15:41 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-21 15:41 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-21 15:41 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-21 15:41 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-21 15:41 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-21 15:41 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-21 15:41 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-21 15:41 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-21 15:39 - 2015-01-21 15:45 - 00000000 ____D () C:\Qoobox
2015-01-21 15:39 - 2015-01-21 15:44 - 00000000 ____D () C:\Windows\erdnt
2015-01-21 15:35 - 2015-01-21 15:35 - 05608785 ____R (Swearware) C:\Users\Tobi\Downloads\ComboFix.exe
2015-01-20 22:33 - 2015-01-21 18:41 - 00014669 _____ () C:\Users\Tobi\Downloads\FRST.txt
2015-01-20 22:33 - 2015-01-21 18:41 - 00000000 ____D () C:\FRST
2015-01-20 22:33 - 2015-01-20 22:34 - 00019780 _____ () C:\Users\Tobi\Downloads\Addition.txt
2015-01-20 22:33 - 2015-01-20 22:33 - 02126848 _____ (Farbar) C:\Users\Tobi\Downloads\FRST64.exe
2015-01-20 21:24 - 2015-01-20 21:24 - 00852504 _____ () C:\Users\Tobi\Downloads\SecurityCheck.exe
2015-01-20 21:11 - 2015-01-20 21:11 - 00001790 _____ () C:\sc-cleaner.txt
2015-01-20 21:11 - 2015-01-20 21:11 - 00000000 ____D () C:\Windows\ERUNT
2015-01-20 21:10 - 2015-01-20 21:11 - 02186752 _____ () C:\Users\Tobi\Downloads\AdwCleaner_4.108.exe
2015-01-20 21:10 - 2015-01-20 21:11 - 01707939 _____ (Thisisu) C:\Users\Tobi\Downloads\JRT.exe
2015-01-20 21:10 - 2015-01-20 21:11 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\Tobi\Downloads\sc-cleaner.exe
2015-01-20 14:28 - 2015-01-20 14:28 - 00037888 _____ () C:\Users\Tobi\Downloads\tempDownload_1bcb678d-b7a1-4a25-9688-fb0a367ca006_1412572857279
2015-01-19 21:28 - 2015-01-19 21:28 - 00000000 ____D () C:\Program Files (x86)\Instagram for Chrome Tabs  Instatabs
2015-01-19 21:27 - 2015-01-19 21:27 - 00000000 ____D () C:\ProgramData\pnkaiaejddfgepbbllfamkjefojllcoi
2015-01-19 21:27 - 2015-01-19 21:27 - 00000000 ____D () C:\Program Files (x86)\Voauedix
2015-01-19 21:26 - 2015-01-19 22:22 - 00000000 ____D () C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}
2015-01-19 21:26 - 2015-01-19 21:26 - 01347584 _____ () C:\Users\Tobi\Downloads\Download (1).exe
2015-01-19 17:35 - 2015-01-19 17:35 - 00085412 _____ () C:\Users\Tobi\Downloads\Download
2015-01-11 22:33 - 2015-01-21 18:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-11 22:33 - 2015-01-14 03:05 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-11 22:33 - 2015-01-14 03:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-11 22:33 - 2015-01-14 03:05 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-11 22:33 - 2015-01-11 22:35 - 00000000 ____D () C:\Users\Tobi\AppData\Local\Adobe
2015-01-11 22:33 - 2015-01-11 22:33 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-01-11 22:33 - 2015-01-11 22:33 - 00000000 ____D () C:\Windows\system32\Macromed
2015-01-11 21:04 - 2015-01-21 18:32 - 00000000 ____D () C:\Users\Tobi\AppData\Local\ESL Wire Game Client
2015-01-11 21:04 - 2015-01-11 21:05 - 00000645 _____ () C:\Users\Public\Desktop\ESL Wire.lnk
2015-01-11 21:04 - 2015-01-11 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESL Wire
2015-01-11 21:04 - 2015-01-11 21:04 - 00000000 ____D () C:\ProgramData\ESL Wire
2015-01-08 22:06 - 2015-01-21 18:31 - 00000000 ____D () C:\AdwCleaner
2015-01-08 22:05 - 2015-01-08 22:05 - 02191360 _____ () C:\Users\Tobi\Downloads\AdwCleaner_4.107.exe
2015-01-08 22:02 - 2015-01-21 18:32 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-08 22:01 - 2015-01-08 22:01 - 00000737 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-08 22:01 - 2015-01-08 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-08 22:01 - 2015-01-08 22:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-08 22:01 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-08 22:01 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-08 22:01 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-08 22:00 - 2015-01-08 22:01 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Tobi\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-08 21:52 - 2015-01-08 21:54 - 00002192 _____ () C:\Users\Tobi\Desktop\chrome.lnk
2015-01-08 21:49 - 2015-01-21 15:43 - 00000000 ____D () C:\Program Files (x86)\20f6461b-1317-4e61-b54a-f33a5f69df90
2015-01-08 21:35 - 2015-01-08 21:48 - 00000000 ___HD () C:\Users\Public\Temp
2015-01-08 21:34 - 2015-01-08 22:06 - 00000000 ____D () C:\Users\Tobi\AppData\Local\com
2015-01-07 21:53 - 2015-01-07 21:53 - 00004456 _____ () C:\Users\Tobi\Downloads\zonixx-CFG+video+DMcfg.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-21 18:39 - 2009-07-14 05:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-21 18:39 - 2009-07-14 05:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-21 18:38 - 2011-04-12 08:43 - 00691940 _____ () C:\Windows\system32\perfh007.dat
2015-01-21 18:38 - 2011-04-12 08:43 - 00145538 _____ () C:\Windows\system32\perfc007.dat
2015-01-21 18:38 - 2009-07-14 06:13 - 01599026 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-21 18:32 - 2014-11-12 15:43 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-21 18:32 - 2014-10-19 16:02 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-21 18:32 - 2010-11-21 04:47 - 00078968 _____ () C:\Windows\PFRO.log
2015-01-21 18:32 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-21 18:32 - 2009-07-14 05:51 - 00051511 _____ () C:\Windows\setupact.log
2015-01-21 18:31 - 2014-10-19 15:18 - 01966098 _____ () C:\Windows\WindowsUpdate.log
2015-01-21 18:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-01-21 17:48 - 2014-11-12 15:43 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-21 16:53 - 2014-10-19 16:18 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\TS3Client
2015-01-21 15:44 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-01-21 15:44 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-21 15:43 - 2014-10-19 16:02 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-01-20 15:09 - 2014-10-19 16:01 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-20 15:02 - 2014-10-19 19:51 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\vlc
2015-01-20 14:28 - 2011-04-12 08:54 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-19 22:21 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\DigitalLocker
2015-01-09 07:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources
2015-01-08 21:50 - 2014-11-05 13:18 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2015-01-08 21:40 - 2014-10-19 15:18 - 00001439 _____ () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-08 21:40 - 2014-10-19 15:18 - 00001405 _____ () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-01-04 05:02 - 2014-10-22 18:03 - 00000000 ____D () C:\Users\Tobi\Desktop\Tattoo
2014-12-31 12:14 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======
2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Tobi\AppData\Roaming\USTV
2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Tobi\AppData\Roaming\VTAP
2014-11-20 21:48 - 2014-11-20 21:48 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-10-19 15:51 - 2014-10-19 15:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Tobi\AppData\Local\Temp\mirc738.exe
C:\Users\Tobi\AppData\Local\Temp\Quarantine.exe
C:\Users\Tobi\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 06:17

==================== End Of Log ============================
         
--- --- ---

Alt 22.01.2015, 12:55   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Vaudix Ads - Standard

Vaudix Ads




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 22.01.2015, 18:45   #9
tob11
 
Vaudix Ads - Standard

Vaudix Ads



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=6f6366e0417a3047be745d821c5bad48
# engine=22097
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-22 05:14:19
# local_time=2015-01-22 06:14:19 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 8028497 44930853 0 0
# scanned=133278
# found=17
# cleaned=0
# scan_time=1860
sh=E978937AC7FAAC9A69609B2A4A3B8E2D43466DF9 ft=1 fh=b7b8c96c17c22525 vn="Win32/Patched.NFQ Trojaner" ac=I fn="C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome.dll"
sh=D55D56AFF6519D4409C8347096A219CB96F987CE ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL Trojaner" ac=I fn="C:\ProgramData\pnkaiaejddfgepbbllfamkjefojllcoi\OtI.js"
sh=8BD0B914E8D2EF691BE987D70CA819761A687D1C ft=1 fh=c71c001166f4e188 vn="Variante von Win32/Adware.MultiPlug.ED Anwendung" ac=I fn="C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\Download (1).exe"
sh=21A094C91EDB2F2A3DDB54AFEED438E3A16039AC ft=1 fh=59c9d2c7b010900a vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\20f6461b-1317-4e61-b54a-f33a5f69df90\aeb6e1a6-5f91-48f5-995c-2900619d0921.dll.vir"
sh=21A094C91EDB2F2A3DDB54AFEED438E3A16039AC ft=1 fh=59c9d2c7b010900a vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\AGEIA Technologies\20f6461b-1317-4e61-b54a-f33a5f69df90.dll.vir"
sh=6F8FE1A0F528E8B8E27FF778FF4D6864F64E36CE ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mipnjnddbpbdmbpjafflemfdefjlibod\107\x.js.vir"
sh=D55D56AFF6519D4409C8347096A219CB96F987CE ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL Trojaner" ac=I fn="C:\Users\All Users\pnkaiaejddfgepbbllfamkjefojllcoi\OtI.js"
sh=8BD0B914E8D2EF691BE987D70CA819761A687D1C ft=1 fh=c71c001166f4e188 vn="Variante von Win32/Adware.MultiPlug.ED Anwendung" ac=I fn="C:\Users\All Users\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\Download (1).exe"
sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobi\AppData\Roaming\USTV"
sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobi\AppData\Roaming\VTAP"
sh=D6EB15ADEFE8BE7E36D184AD86DE9CA457095C7E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobi\AppData\Roaming\Opera Software\Opera Stable\Extensions\dimfohdigjaffdaanhmbocfkpolglnjk\1.26.88_0\extensionData\plugins\91.js"
sh=5DD4EBBF5FC3179CA01912B6454B022681A8D254 ft=1 fh=9db60c754dc31509 vn="Variante von Win32/InstallCore.UE evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobi\Downloads\BlueStacks-SplitInstaller_native_CB-DL-Manager.exe"
sh=8BD0B914E8D2EF691BE987D70CA819761A687D1C ft=1 fh=c71c001166f4e188 vn="Variante von Win32/Adware.MultiPlug.ED Anwendung" ac=I fn="C:\Users\Tobi\Downloads\Download (1).exe"
sh=0D7ED6BAFEBF6B7F5CC1680CAC02428F62A35612 ft=1 fh=742db127c3faaf99 vn="Variante von Win32/Adware.MultiPlug.DP Anwendung" ac=I fn="C:\Users\Tobi\Downloads\Download.exe"
sh=F67D88584F3F2F9513D1A102F64DB8A21996E726 ft=1 fh=6d4effb5e0baec6a vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobi\Downloads\Virtual Audio Cable - CHIP-Installer.exe"
sh=C1CC73B99E66C936041706413ED28B9DCD897867 ft=1 fh=7805ddc9e3baadcc vn="NSIS/StartPage.CC Trojaner" ac=I fn="C:\Users\Tobi\Downloads\vlc-2.1.5-win32.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Variante von Win32/Adware.MultiPlug.ED Anwendung" ac=I fn="${Memory}"
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Google Chrome (39.0.2171.95) 
 Google Chrome (39.0.2171.99) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Tobi (administrator) on TOBI-PC on 22-01-2015 18:40:29
Running from C:\Users\Tobi\Downloads
Loaded Profiles: Tobi (Available profiles: Tobi)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() H:\Programme\EslWire\service\WireHelperSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Turtle Entertainment GmbH) H:\Programme\EslWire\wire.exe
() C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\Download (1).exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Tobi\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7611608 2014-05-27] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-07] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKU\S-1-5-21-1247221106-465103080-481791032-1000\...\Run: [ESL Wire] => H:\Programme\EslWire\wire.exe [3771904 2014-12-09] (Turtle Entertainment GmbH)
Startup: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download (1).lnk
ShortcutTarget: Download (1).lnk -> C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\Download (1).exe ()
Startup: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP ENVY 4500 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP ENVY 4500 series.lnk -> C:\Program Files\HP\HP ENVY 4500 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1247221106-465103080-481791032-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1247221106-465103080-481791032-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Tcpip\Parameters: [DhcpNameServer] 217.68.161.141 217.68.161.171

FireFox:
========
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR DefaultSearchKeyword: Default -> 66BDAEADE98EDC3356B789E6ED77674DAD506A9A605E861C5802E59ED79C6DC9
CHR DefaultSearchURL: Default -> E211984B217D9EB92449B5231BB746E7E74945700D008ADBA83F129A942CDD33
CHR Profile: C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-19]
CHR Extension: (Google Docs) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-19]
CHR Extension: (Google Drive) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-19]
CHR Extension: (YouTube) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-19]
CHR Extension: (Google-Suche) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-19]
CHR Extension: (Google Tabellen) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-19]
CHR Extension: (AdBlock) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-19]
CHR Extension: (AntiGameOrigin) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldbahlcmhmlpomdepooifmhnalokdhgm [2015-01-04]
CHR Extension: (Google Wallet) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-19]
CHR Extension: (Google Mail) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-19]
CHR Extension: (Voauedix) - C:\ProgramData\pnkaiaejddfgepbbllfamkjefojllcoi\ [2014-10-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.)
R2 EslWireHelper; H:\Programme\EslWire\service\WireHelperSvc.exe [663056 2014-01-28] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-17] (NVIDIA Corporation)
S2 MBAMScheduler; H:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; H:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-17] (NVIDIA Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-10-31] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems)
S3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [67584 2014-11-10] (Eugene V. Muzychenko) [File not signed]
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [33448 2014-09-05] (Razer Inc)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-09-05] (Razer Inc)
R3 rzp1endpt; C:\Windows\System32\DRIVERS\rzp1endpt.sys [40104 2014-09-05] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.)
S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [31912 2014-09-05] (Razer Inc)
R3 rzvmouse; C:\Windows\System32\DRIVERS\rzvmouse.sys [31912 2014-09-05] (Razer Inc)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-22 17:41 - 2015-01-22 17:41 - 00852504 _____ () C:\Users\Tobi\Downloads\SecurityCheck (1).exe
2015-01-22 17:40 - 2015-01-22 17:40 - 02347384 _____ (ESET) C:\Users\Tobi\Downloads\esetsmartinstaller_deu.exe
2015-01-22 17:40 - 2015-01-22 17:40 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-21 18:40 - 2015-01-21 18:40 - 00000922 _____ () C:\Users\Tobi\Desktop\JRT.txt
2015-01-21 18:39 - 2015-01-21 18:39 - 01707939 _____ (Thisisu) C:\Users\Tobi\Downloads\JRT (1).exe
2015-01-21 18:37 - 2015-01-21 18:37 - 00001772 _____ () C:\Users\Tobi\Desktop\AdwCleaner[S2].txt
2015-01-21 18:06 - 2015-01-21 18:06 - 00001492 _____ () C:\Users\Tobi\Desktop\mbam.txt
2015-01-21 17:52 - 2015-01-21 18:13 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\mIRC
2015-01-21 17:52 - 2015-01-21 17:52 - 02471776 _____ (mIRC Co. Ltd.) C:\Users\Tobi\Downloads\mirc738.exe
2015-01-21 17:52 - 2015-01-21 17:52 - 00000628 _____ () C:\Users\Public\Desktop\mIRC.lnk
2015-01-21 17:52 - 2015-01-21 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
2015-01-21 15:44 - 2015-01-21 15:44 - 00019856 _____ () C:\ComboFix.txt
2015-01-21 15:41 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-21 15:41 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-21 15:41 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-21 15:41 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-21 15:41 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-21 15:41 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-21 15:41 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-21 15:41 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-21 15:39 - 2015-01-21 15:45 - 00000000 ____D () C:\Qoobox
2015-01-21 15:39 - 2015-01-21 15:44 - 00000000 ____D () C:\Windows\erdnt
2015-01-21 15:35 - 2015-01-21 15:35 - 05608785 ____R (Swearware) C:\Users\Tobi\Downloads\ComboFix.exe
2015-01-20 22:33 - 2015-01-22 18:40 - 00014785 _____ () C:\Users\Tobi\Downloads\FRST.txt
2015-01-20 22:33 - 2015-01-22 18:40 - 00000000 ____D () C:\FRST
2015-01-20 22:33 - 2015-01-20 22:34 - 00019780 _____ () C:\Users\Tobi\Downloads\Addition.txt
2015-01-20 22:33 - 2015-01-20 22:33 - 02126848 _____ (Farbar) C:\Users\Tobi\Downloads\FRST64.exe
2015-01-20 21:24 - 2015-01-20 21:24 - 00852504 _____ () C:\Users\Tobi\Downloads\SecurityCheck.exe
2015-01-20 21:11 - 2015-01-20 21:11 - 00001790 _____ () C:\sc-cleaner.txt
2015-01-20 21:11 - 2015-01-20 21:11 - 00000000 ____D () C:\Windows\ERUNT
2015-01-20 21:10 - 2015-01-20 21:11 - 02186752 _____ () C:\Users\Tobi\Downloads\AdwCleaner_4.108.exe
2015-01-20 21:10 - 2015-01-20 21:11 - 01707939 _____ (Thisisu) C:\Users\Tobi\Downloads\JRT.exe
2015-01-20 21:10 - 2015-01-20 21:11 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\Tobi\Downloads\sc-cleaner.exe
2015-01-20 14:28 - 2015-01-20 14:28 - 00037888 _____ () C:\Users\Tobi\Downloads\tempDownload_1bcb678d-b7a1-4a25-9688-fb0a367ca006_1412572857279
2015-01-19 21:28 - 2015-01-19 21:28 - 00000000 ____D () C:\Program Files (x86)\Instagram for Chrome Tabs  Instatabs
2015-01-19 21:27 - 2015-01-19 21:27 - 00000000 ____D () C:\ProgramData\pnkaiaejddfgepbbllfamkjefojllcoi
2015-01-19 21:27 - 2015-01-19 21:27 - 00000000 ____D () C:\Program Files (x86)\Voauedix
2015-01-19 21:26 - 2015-01-19 22:22 - 00000000 ____D () C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}
2015-01-19 21:26 - 2015-01-19 21:26 - 01347584 _____ () C:\Users\Tobi\Downloads\Download (1).exe
2015-01-19 17:35 - 2015-01-19 17:35 - 00085412 _____ () C:\Users\Tobi\Downloads\Download
2015-01-11 22:33 - 2015-01-22 18:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-11 22:33 - 2015-01-14 03:05 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-11 22:33 - 2015-01-14 03:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-11 22:33 - 2015-01-14 03:05 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-11 22:33 - 2015-01-11 22:35 - 00000000 ____D () C:\Users\Tobi\AppData\Local\Adobe
2015-01-11 22:33 - 2015-01-11 22:33 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-01-11 22:33 - 2015-01-11 22:33 - 00000000 ____D () C:\Windows\system32\Macromed
2015-01-11 21:04 - 2015-01-21 22:07 - 00000000 ____D () C:\Users\Tobi\AppData\Local\ESL Wire Game Client
2015-01-11 21:04 - 2015-01-11 21:05 - 00000645 _____ () C:\Users\Public\Desktop\ESL Wire.lnk
2015-01-11 21:04 - 2015-01-11 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESL Wire
2015-01-11 21:04 - 2015-01-11 21:04 - 00000000 ____D () C:\ProgramData\ESL Wire
2015-01-08 22:06 - 2015-01-21 18:31 - 00000000 ____D () C:\AdwCleaner
2015-01-08 22:05 - 2015-01-08 22:05 - 02191360 _____ () C:\Users\Tobi\Downloads\AdwCleaner_4.107.exe
2015-01-08 22:02 - 2015-01-22 14:42 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-08 22:01 - 2015-01-08 22:01 - 00000737 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-08 22:01 - 2015-01-08 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-08 22:01 - 2015-01-08 22:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-08 22:01 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-08 22:01 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-08 22:01 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-08 22:00 - 2015-01-08 22:01 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Tobi\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-08 21:52 - 2015-01-08 21:54 - 00002192 _____ () C:\Users\Tobi\Desktop\chrome.lnk
2015-01-08 21:49 - 2015-01-21 15:43 - 00000000 ____D () C:\Program Files (x86)\20f6461b-1317-4e61-b54a-f33a5f69df90
2015-01-08 21:35 - 2015-01-08 21:48 - 00000000 ___HD () C:\Users\Public\Temp
2015-01-08 21:34 - 2015-01-08 22:06 - 00000000 ____D () C:\Users\Tobi\AppData\Local\com
2015-01-07 21:53 - 2015-01-07 21:53 - 00004456 _____ () C:\Users\Tobi\Downloads\zonixx-CFG+video+DMcfg.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-22 17:48 - 2014-11-12 15:43 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-22 16:47 - 2014-10-19 15:18 - 01226182 _____ () C:\Windows\WindowsUpdate.log
2015-01-22 15:48 - 2014-11-12 15:43 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-21 22:16 - 2009-07-14 05:51 - 00051735 _____ () C:\Windows\setupact.log
2015-01-21 22:14 - 2009-07-14 05:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-21 22:14 - 2009-07-14 05:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-21 22:13 - 2011-04-12 08:43 - 00691940 _____ () C:\Windows\system32\perfh007.dat
2015-01-21 22:13 - 2011-04-12 08:43 - 00145538 _____ () C:\Windows\system32\perfc007.dat
2015-01-21 22:13 - 2009-07-14 06:13 - 01599026 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-21 22:07 - 2014-10-19 16:02 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-21 22:07 - 2010-11-21 04:47 - 00079318 _____ () C:\Windows\PFRO.log
2015-01-21 22:07 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-21 21:58 - 2014-10-19 16:18 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\TS3Client
2015-01-21 21:02 - 2014-10-19 16:01 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-21 20:58 - 2014-10-19 19:51 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\vlc
2015-01-21 18:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-01-21 15:44 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-01-21 15:44 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-21 15:43 - 2014-10-19 16:02 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-01-20 14:28 - 2011-04-12 08:54 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-19 22:21 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\DigitalLocker
2015-01-09 07:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources
2015-01-08 21:50 - 2014-11-05 13:18 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2015-01-08 21:40 - 2014-10-19 15:18 - 00001439 _____ () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-08 21:40 - 2014-10-19 15:18 - 00001405 _____ () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-01-04 05:02 - 2014-10-22 18:03 - 00000000 ____D () C:\Users\Tobi\Desktop\Tattoo
2014-12-31 12:14 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======
2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Tobi\AppData\Roaming\USTV
2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Tobi\AppData\Roaming\VTAP
2014-11-20 21:48 - 2014-11-20 21:48 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-10-19 15:51 - 2014-10-19 15:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Tobi\AppData\Local\Temp\mirc738.exe
C:\Users\Tobi\AppData\Local\Temp\Quarantine.exe
C:\Users\Tobi\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 06:17

==================== End Of Log ============================
         
--- --- ---


Die Werbung ist weg. Danke!
Hab eben nur unter C:/Programme(x86) einen Ordner Voauedix entdeckt.
Darin ist eine .exe und eine .dat Datei entdeckt. Kann ich diesen Ordner jetzt einfach löschen?

Alt 23.01.2015, 12:13   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Vaudix Ads - Standard

Vaudix Ads



Zitat:
Darin ist eine .exe und eine .dat Datei entdeckt. Kann ich diesen Ordner jetzt einfach löschen?
Mach ich jetzt.


Revo Uninstaller - Download - Filepony
damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.google.com/chrome/answer/3296214?hl=de




Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome.dll

C:\ProgramData\pnkaiaejddfgepbbllfamkjefojllcoi

C:\Users\Tobi\AppData\Roaming\USTV

C:\Users\Tobi\AppData\Roaming\VTAP

C:\Users\Tobi\AppData\Roaming\Opera Software\Opera Stable\Extensions\dimfohdigjaffdaanhmbocfkpolglnjk\1.26.88_0\extensionData\plugins\91.js

C:\Users\Tobi\Downloads\BlueStacks-SplitInstaller_native_CB-DL-Manager.exe

C:\Users\Tobi\Downloads\Download (1).exe

C:\Users\Tobi\Downloads\Download.exe

C:\Users\Tobi\Downloads\Virtual Audio Cable - CHIP-Installer.exe

C:\Users\Tobi\Downloads\vlc-2.1.5-win32.exe
Startup: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download (1).lnk
ShortcutTarget: Download (1).lnk -> C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\Download (1).exe ()
C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1247221106-465103080-481791032-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
CHR Extension: (Voauedix) - C:\ProgramData\pnkaiaejddfgepbbllfamkjefojllcoi\ [2014-10-19]
2015-01-19 21:27 - 2015-01-19 21:27 - 00000000 ____D () C:\ProgramData\pnkaiaejddfgepbbllfamkjefojllcoi
2015-01-19 21:27 - 2015-01-19 21:27 - 00000000 ____D () C:\Program Files (x86)\Voauedix
2015-01-19 21:26 - 2015-01-19 22:22 - 00000000 ____D () C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}
2015-01-19 21:26 - 2015-01-19 21:26 - 01347584 _____ () C:\Users\Tobi\Downloads\Download (1).exe
2015-01-19 17:35 - 2015-01-19 17:35 - 00085412 _____ () C:\Users\Tobi\Downloads\Download
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.01.2015, 14:34   #11
tob11
 
Vaudix Ads - Standard

Vaudix Ads



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by Tobi at 2015-01-23 14:29:16 Run:1
Running from C:\Users\Tobi\Downloads
Loaded Profiles: Tobi (Available profiles: Tobi)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome.dll

C:\ProgramData\pnkaiaejddfgepbbllfamkjefojllcoi

C:\Users\Tobi\AppData\Roaming\USTV

C:\Users\Tobi\AppData\Roaming\VTAP

C:\Users\Tobi\AppData\Roaming\Opera Software\Opera Stable\Extensions\dimfohdigjaffdaanhmbocfkpolglnjk\1.26.88_0\extensionData\plugins\91.js

C:\Users\Tobi\Downloads\BlueStacks-SplitInstaller_native_CB-DL-Manager.exe

C:\Users\Tobi\Downloads\Download (1).exe

C:\Users\Tobi\Downloads\Download.exe

C:\Users\Tobi\Downloads\Virtual Audio Cable - CHIP-Installer.exe

C:\Users\Tobi\Downloads\vlc-2.1.5-win32.exe
Startup: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download (1).lnk
ShortcutTarget: Download (1).lnk -> C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\Download (1).exe ()
C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1247221106-465103080-481791032-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
CHR Extension: (Voauedix) - C:\ProgramData\pnkaiaejddfgepbbllfamkjefojllcoi\ [2014-10-19]
2015-01-19 21:27 - 2015-01-19 21:27 - 00000000 ____D () C:\ProgramData\pnkaiaejddfgepbbllfamkjefojllcoi
2015-01-19 21:27 - 2015-01-19 21:27 - 00000000 ____D () C:\Program Files (x86)\Voauedix
2015-01-19 21:26 - 2015-01-19 22:22 - 00000000 ____D () C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}
2015-01-19 21:26 - 2015-01-19 21:26 - 01347584 _____ () C:\Users\Tobi\Downloads\Download (1).exe
2015-01-19 17:35 - 2015-01-19 17:35 - 00085412 _____ () C:\Users\Tobi\Downloads\Download
Emptytemp:
         
*****************

"C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome.dll" => File/Directory not found.
C:\ProgramData\pnkaiaejddfgepbbllfamkjefojllcoi => Moved successfully.
C:\Users\Tobi\AppData\Roaming\USTV => Moved successfully.
C:\Users\Tobi\AppData\Roaming\VTAP => Moved successfully.
C:\Users\Tobi\AppData\Roaming\Opera Software\Opera Stable\Extensions\dimfohdigjaffdaanhmbocfkpolglnjk\1.26.88_0\extensionData\plugins\91.js => Moved successfully.
C:\Users\Tobi\Downloads\BlueStacks-SplitInstaller_native_CB-DL-Manager.exe => Moved successfully.
C:\Users\Tobi\Downloads\Download (1).exe => Moved successfully.
C:\Users\Tobi\Downloads\Download.exe => Moved successfully.
C:\Users\Tobi\Downloads\Virtual Audio Cable - CHIP-Installer.exe => Moved successfully.
C:\Users\Tobi\Downloads\vlc-2.1.5-win32.exe => Moved successfully.
C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download (1).lnk => Moved successfully.
C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\Download (1).exe => Moved successfully.

"C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}" directory move:

C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\5d7f2dabbaffce09 => Moved successfully.
Could not move "C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\90828bfe9d2b29dd" => Scheduled to move on reboot.
C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\Download (1).dat => Moved successfully.
Could not move "C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}" directory. => Scheduled to move on reboot.

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-1247221106-465103080-481791032-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
C:\ProgramData\pnkaiaejddfgepbbllfamkjefojllcoi\ directory not found.
"C:\ProgramData\pnkaiaejddfgepbbllfamkjefojllcoi" => File/Directory not found.
C:\Program Files (x86)\Voauedix => Moved successfully.

"C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}" directory move:

Could not move "C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\90828bfe9d2b29dd" => Scheduled to move on reboot.
Could not move "C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}" directory. => Scheduled to move on reboot.

"C:\Users\Tobi\Downloads\Download (1).exe" => File/Directory not found.
C:\Users\Tobi\Downloads\Download => Moved successfully.
EmptyTemp: => Removed 847.3 MB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-01-23 14:31:33)<=

C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\90828bfe9d2b29dd => Is moved successfully.
C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0} => Is moved successfully.
C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\90828bfe9d2b29dd => Is moved successfully.
C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0} => Is moved successfully.

==== End of Fixlog 14:31:33 ====
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Tobi (administrator) on TOBI-PC on 23-01-2015 14:32:01
Running from C:\Users\Tobi\Downloads
Loaded Profiles: Tobi &  (Available profiles: Tobi)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
() H:\Programme\EslWire\service\WireHelperSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes Corporation) H:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) H:\Programme\ Malwarebytes Anti-Malware \mbam.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Turtle Entertainment GmbH) H:\Programme\EslWire\wire.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Tobi\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7611608 2014-05-27] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-07] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKU\S-1-5-21-1247221106-465103080-481791032-1000\...\Run: [ESL Wire] => H:\Programme\EslWire\wire.exe [3771904 2014-12-09] (Turtle Entertainment GmbH)
HKU\S-1-5-21-1247221106-465103080-481791032-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ESL Wire] => H:\Programme\EslWire\wire.exe [3771904 2014-12-09] (Turtle Entertainment GmbH)
Startup: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP ENVY 4500 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP ENVY 4500 series.lnk -> C:\Program Files\HP\HP ENVY 4500 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1247221106-465103080-481791032-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1247221106-465103080-481791032-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Tcpip\Parameters: [DhcpNameServer] 217.68.161.141 217.68.161.171

FireFox:
========
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT2625848&SearchSource=48"
CHR Profile: C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-23]
CHR Extension: (Google Docs) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-23]
CHR Extension: (Google Drive) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-23]
CHR Extension: (YouTube) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-23]
CHR Extension: (Google-Suche) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-23]
CHR Extension: (Google Tabellen) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-23]
CHR Extension: (Google Wallet) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-23]
CHR Extension: (Google Mail) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.)
R2 EslWireHelper; H:\Programme\EslWire\service\WireHelperSvc.exe [663056 2014-01-28] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-17] (NVIDIA Corporation)
R2 MBAMScheduler; H:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; H:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-17] (NVIDIA Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-10-31] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems)
S3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [67584 2014-11-10] (Eugene V. Muzychenko) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-23] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [33448 2014-09-05] (Razer Inc)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-09-05] (Razer Inc)
R3 rzp1endpt; C:\Windows\System32\DRIVERS\rzp1endpt.sys [40104 2014-09-05] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.)
S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [31912 2014-09-05] (Razer Inc)
R3 rzvmouse; C:\Windows\System32\DRIVERS\rzvmouse.sys [31912 2014-09-05] (Razer Inc)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-23 14:28 - 2015-01-23 14:17 - 00001704 _____ () C:\fixlist.txt
2015-01-23 14:23 - 2015-01-23 14:23 - 00002247 _____ () C:\Users\Tobi\Desktop\Google Chrome.lnk
2015-01-23 14:23 - 2015-01-23 14:23 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-23 14:18 - 2015-01-23 14:18 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Tobi\Downloads\revosetup95.exe
2015-01-23 14:18 - 2015-01-23 14:18 - 00000729 _____ () C:\Users\Tobi\Desktop\Revo Uninstaller.lnk
2015-01-23 14:17 - 2015-01-23 14:17 - 00001704 _____ () C:\Users\Tobi\Desktop\Fixlist.txt
2015-01-22 17:41 - 2015-01-22 17:41 - 00852504 _____ () C:\Users\Tobi\Downloads\SecurityCheck (1).exe
2015-01-22 17:40 - 2015-01-22 17:40 - 02347384 _____ (ESET) C:\Users\Tobi\Downloads\esetsmartinstaller_deu.exe
2015-01-22 17:40 - 2015-01-22 17:40 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-21 18:40 - 2015-01-21 18:40 - 00000922 _____ () C:\Users\Tobi\Desktop\JRT.txt
2015-01-21 18:39 - 2015-01-21 18:39 - 01707939 _____ (Thisisu) C:\Users\Tobi\Downloads\JRT (1).exe
2015-01-21 18:37 - 2015-01-21 18:37 - 00001772 _____ () C:\Users\Tobi\Desktop\AdwCleaner[S2].txt
2015-01-21 18:06 - 2015-01-21 18:06 - 00001492 _____ () C:\Users\Tobi\Desktop\mbam.txt
2015-01-21 17:52 - 2015-01-21 18:13 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\mIRC
2015-01-21 17:52 - 2015-01-21 17:52 - 02471776 _____ (mIRC Co. Ltd.) C:\Users\Tobi\Downloads\mirc738.exe
2015-01-21 17:52 - 2015-01-21 17:52 - 00000628 _____ () C:\Users\Public\Desktop\mIRC.lnk
2015-01-21 17:52 - 2015-01-21 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
2015-01-21 15:41 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-21 15:41 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-21 15:41 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-21 15:41 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-21 15:41 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-21 15:41 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-21 15:41 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-21 15:41 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-21 15:39 - 2015-01-21 15:45 - 00000000 ____D () C:\Qoobox
2015-01-21 15:39 - 2015-01-21 15:44 - 00000000 ____D () C:\Windows\erdnt
2015-01-21 15:35 - 2015-01-21 15:35 - 05608785 ____R (Swearware) C:\Users\Tobi\Downloads\ComboFix.exe
2015-01-20 22:33 - 2015-01-23 14:32 - 00013574 _____ () C:\Users\Tobi\Downloads\FRST.txt
2015-01-20 22:33 - 2015-01-23 14:32 - 00000000 ____D () C:\FRST
2015-01-20 22:33 - 2015-01-20 22:34 - 00019780 _____ () C:\Users\Tobi\Downloads\Addition.txt
2015-01-20 22:33 - 2015-01-20 22:33 - 02126848 _____ (Farbar) C:\Users\Tobi\Downloads\FRST64.exe
2015-01-20 21:24 - 2015-01-20 21:24 - 00852504 _____ () C:\Users\Tobi\Downloads\SecurityCheck.exe
2015-01-20 21:11 - 2015-01-20 21:11 - 00000000 ____D () C:\Windows\ERUNT
2015-01-20 21:10 - 2015-01-20 21:11 - 02186752 _____ () C:\Users\Tobi\Downloads\AdwCleaner_4.108.exe
2015-01-20 21:10 - 2015-01-20 21:11 - 01707939 _____ (Thisisu) C:\Users\Tobi\Downloads\JRT.exe
2015-01-20 21:10 - 2015-01-20 21:11 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\Tobi\Downloads\sc-cleaner.exe
2015-01-20 14:28 - 2015-01-20 14:28 - 00037888 _____ () C:\Users\Tobi\Downloads\tempDownload_1bcb678d-b7a1-4a25-9688-fb0a367ca006_1412572857279
2015-01-19 21:28 - 2015-01-19 21:28 - 00000000 ____D () C:\Program Files (x86)\Instagram for Chrome Tabs  Instatabs
2015-01-11 22:33 - 2015-01-23 13:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-11 22:33 - 2015-01-22 21:35 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-11 22:33 - 2015-01-22 21:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-11 22:33 - 2015-01-22 21:35 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-11 22:33 - 2015-01-11 22:35 - 00000000 ____D () C:\Users\Tobi\AppData\Local\Adobe
2015-01-11 22:33 - 2015-01-11 22:33 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-01-11 22:33 - 2015-01-11 22:33 - 00000000 ____D () C:\Windows\system32\Macromed
2015-01-11 21:04 - 2015-01-23 14:31 - 00000000 ____D () C:\Users\Tobi\AppData\Local\ESL Wire Game Client
2015-01-11 21:04 - 2015-01-11 21:05 - 00000645 _____ () C:\Users\Public\Desktop\ESL Wire.lnk
2015-01-11 21:04 - 2015-01-11 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESL Wire
2015-01-11 21:04 - 2015-01-11 21:04 - 00000000 ____D () C:\ProgramData\ESL Wire
2015-01-08 22:06 - 2015-01-21 18:31 - 00000000 ____D () C:\AdwCleaner
2015-01-08 22:05 - 2015-01-08 22:05 - 02191360 _____ () C:\Users\Tobi\Downloads\AdwCleaner_4.107.exe
2015-01-08 22:02 - 2015-01-23 14:31 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-08 22:01 - 2015-01-08 22:01 - 00000737 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-08 22:01 - 2015-01-08 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-08 22:01 - 2015-01-08 22:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-08 22:01 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-08 22:01 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-08 22:01 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-08 22:00 - 2015-01-08 22:01 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Tobi\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-08 21:52 - 2015-01-08 21:54 - 00002192 _____ () C:\Users\Tobi\Desktop\chrome.lnk
2015-01-08 21:49 - 2015-01-21 15:43 - 00000000 ____D () C:\Program Files (x86)\20f6461b-1317-4e61-b54a-f33a5f69df90
2015-01-08 21:35 - 2015-01-08 21:48 - 00000000 ___HD () C:\Users\Public\Temp
2015-01-08 21:34 - 2015-01-08 22:06 - 00000000 ____D () C:\Users\Tobi\AppData\Local\com
2015-01-07 21:53 - 2015-01-07 21:53 - 00004456 _____ () C:\Users\Tobi\Downloads\zonixx-CFG+video+DMcfg.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-23 14:30 - 2014-11-12 15:43 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-23 14:30 - 2014-10-19 16:02 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-23 14:30 - 2014-10-19 15:18 - 01470963 _____ () C:\Windows\WindowsUpdate.log
2015-01-23 14:30 - 2010-11-21 04:47 - 00080492 _____ () C:\Windows\PFRO.log
2015-01-23 14:30 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-23 14:30 - 2009-07-14 05:51 - 00052015 _____ () C:\Windows\setupact.log
2015-01-23 13:48 - 2014-11-12 15:43 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-22 19:51 - 2014-10-19 16:18 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\TS3Client
2015-01-22 19:06 - 2014-10-19 16:01 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-21 22:14 - 2009-07-14 05:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-21 22:14 - 2009-07-14 05:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-21 22:13 - 2011-04-12 08:43 - 00691940 _____ () C:\Windows\system32\perfh007.dat
2015-01-21 22:13 - 2011-04-12 08:43 - 00145538 _____ () C:\Windows\system32\perfc007.dat
2015-01-21 22:13 - 2009-07-14 06:13 - 01599026 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-21 20:58 - 2014-10-19 19:51 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\vlc
2015-01-21 18:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-01-21 15:44 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-01-21 15:44 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-21 15:43 - 2014-10-19 16:02 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-01-20 14:28 - 2011-04-12 08:54 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-19 22:21 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\DigitalLocker
2015-01-09 07:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources
2015-01-08 21:50 - 2014-11-05 13:18 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2015-01-08 21:40 - 2014-10-19 15:18 - 00001439 _____ () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-08 21:40 - 2014-10-19 15:18 - 00001405 _____ () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-01-04 05:02 - 2014-10-22 18:03 - 00000000 ____D () C:\Users\Tobi\Desktop\Tattoo
2014-12-31 12:14 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======
2014-11-20 21:48 - 2014-11-20 21:48 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-10-19 15:51 - 2014-10-19 15:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 06:17

==================== End Of Log ============================
         
--- --- ---

Alt 23.01.2015, 17:13   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Vaudix Ads - Standard

Vaudix Ads



Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Vaudix Ads
ads, anschluss, download, entferne, entfernen, helft, omiga-plus, schei, schonmal, toolbar, vaudix, vaudix ads, vaudix ads entfernen, werbung





Zum Thema Vaudix Ads - Hallo, ich habe mir seit langem mal wieder was eingefangen. Bei einem Download scheine ich mir die omiga-plus toolbar eingefangen. Die habe ich mittlerweile entfernen können. Nun im Anschluss kommt - Vaudix Ads...
Archiv
Du betrachtest: Vaudix Ads auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.