|
Plagegeister aller Art und deren Bekämpfung: ich habe ein defogger-disableWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
22.01.2015, 19:01 | #1 |
| ich habe ein defogger-disable Guten Abend, ich hatte den GVU Trojaner gehabt und den Laptop (Win. 7) über den abgesicherten Modus und Systemwiederherstellung zum Laufen gebracht . Bin mir aber nicht sicher ob es damit getan ist. Vielleicht lauert "Er" ja irgendwo im Hintergrund und spioniert mir nach. Der Computer läuft wie immer. Ich hab mich dann hier angemeldet, wegen Hilfestellung und wollte den defogger über den Computer laufen lassen. Soll man ja alles so machen, lt. Anleitung - die auch schon schwer zu verstehen ist. Ich hab dann folgende Fehlermeldung erhalten: [QUOTE=Da GuRu][QUOTE=Suse64]defogger_disable by jpshortstuff (23.02.10.1) Log created at 20:11 on 21/01/2015 (Susanne) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Ich bin allerdings ein Computerembryo. Vielleicht kann mir ja mal jemand hier helfen. Gruß Susanne |
22.01.2015, 19:04 | #2 |
/// the machine /// TB-Ausbilder | ich habe ein defogger-disable hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
22.01.2015, 19:37 | #3 |
| ich habe ein defogger-disable es zeigt: Scan completed. the "First.txt" is saved in the same Location FIRSt tooo is run.
__________________kann ich ok drücken? FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015 Ran by Susanne (administrator) on SUSANNE-PC on 22-01-2015 19:20:36 Running from C:\Users\Susanne\Desktop\Downloads Loaded Profiles: Susanne (Available profiles: Susanne & max) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NTI, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Windows\PLFSetI.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-06-10] (Alcor Micro Corp.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-29] (Realtek Semiconductor) HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2014-04-08] () HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-18] (Synaptics Incorporated) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated) HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-28] (NewTech Infosystems, Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-11] (Dritek System Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-04] (Oracle Corporation) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKU\S-1-5-21-585539473-3794034934-2184753831-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-585539473-3794034934-2184753831-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-585539473-3794034934-2184753831-1000\...\Policies\Explorer: [DisallowRun] 1 HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-04-09] (Microsoft Corporation) AppInit_DLLs-x32: C:\PROGRA~2\Amazon\AMAZON~1\\AMAZON~3.DLL => "C:\PROGRA~2\Amazon\AMAZON~1\\AMAZON~3.DLL" File Not Found GroupPolicyUsers\S-1-5-21-585539473-3794034934-2184753831-1001\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:53752;https=127.0.0.1:53752 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = Google HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Google HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = Google HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = Google HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Google HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = Google HKU\S-1-5-21-585539473-3794034934-2184753831-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/?gws_rd=ssl StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-585539473-3794034934-2184753831-1000 -> {F04394D0-E518-43EC-AE43-1CE54C168521} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\1zmx7jac.default FF NewTab: about:newtab FF Plugin: @java.com/DTPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: autotranslatorkobayashich - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\1zmx7jac.default\Extensions\autotranslator@kobayashi.ch [2014-11-19] FF Extension: Firebug - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\1zmx7jac.default\Extensions\firebug@software.joehewitt.com.xpi [2014-11-15] FF Extension: No Name - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\1zmx7jac.default\extensions\faststartff@gmail.com [Not Found] FF Extension: No Name - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\1zmx7jac.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com [Not Found] Chrome: ======= CHR Profile: C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-28] CHR Extension: (Google Drive) - C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-28] CHR Extension: (YouTube) - C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-28] CHR Extension: (Google Search) - C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-28] CHR Extension: (fadgflmigmogfionelcpalhohefbnehm) - C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadgflmigmogfionelcpalhohefbnehm [2014-11-19] CHR Extension: (Google Wallet) - C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-28] CHR Extension: (Gmail) - C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-28] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2010-04-17] (NTI, Inc.) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2014-07-20] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] () S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-22 19:20 - 2015-01-22 19:20 - 00000000 ____D () C:\FRST 2015-01-21 20:10 - 2015-01-21 20:11 - 00000476 _____ () C:\Users\Susanne\Desktop\defogger_disable.log 2015-01-21 20:10 - 2015-01-21 20:10 - 00000000 _____ () C:\Users\Susanne\defogger_reenable 2015-01-21 20:05 - 2015-01-21 20:05 - 00443288 _____ () C:\Users\Susanne\Desktop\InternetSpeedTracker.exe 2015-01-21 15:26 - 2015-01-22 18:36 - 00000168 _____ () C:\Windows\setupact.log 2015-01-21 15:26 - 2015-01-21 15:26 - 00000000 _____ () C:\Windows\setuperr.log 2015-01-20 15:19 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-20 15:19 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-20 15:19 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-20 15:19 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-20 15:19 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-20 15:19 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-20 15:19 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-20 15:19 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-20 15:19 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-20 15:19 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-20 15:19 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-20 15:19 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-20 15:19 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-19 21:24 - 2015-01-19 21:24 - 00000032 _____ () C:\Users\Susanne\AppData\Roaming\url.txt 2015-01-09 20:23 - 2015-01-09 20:23 - 00001861 _____ () C:\Users\Susanne\Desktop\UseNeXT by Tangysoft.lnk 2015-01-09 20:23 - 2015-01-09 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT 2014-12-26 09:38 - 2014-12-26 09:38 - 00000118 _____ () C:\Windows\wininit.ini 2014-12-25 15:25 - 2014-12-25 15:25 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-22 19:15 - 2014-06-22 20:55 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-22 18:43 - 2014-08-03 15:48 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{951FFD90-CAF6-4B86-859C-3479365B480C} 2015-01-22 18:43 - 2009-07-14 05:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-22 18:43 - 2009-07-14 05:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-22 18:42 - 2014-04-08 21:48 - 01333102 _____ () C:\Windows\WindowsUpdate.log 2015-01-22 18:36 - 2014-06-22 20:55 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-22 18:36 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-21 20:29 - 2014-04-09 03:27 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-21 20:10 - 2014-04-08 22:16 - 00000000 ____D () C:\Users\Susanne 2015-01-20 20:47 - 2014-04-08 23:07 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-20 20:47 - 2014-04-08 23:07 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-20 15:41 - 2014-04-09 07:38 - 00699342 _____ () C:\Windows\system32\perfh007.dat 2015-01-20 15:41 - 2014-04-09 07:38 - 00149450 _____ () C:\Windows\system32\perfc007.dat 2015-01-20 15:41 - 2009-07-14 06:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-20 15:35 - 2014-04-09 17:37 - 00000000 ____D () C:\Users\Susanne\AppData\Roaming\UseNeXT 2015-01-20 15:29 - 2014-04-09 03:27 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-20 15:29 - 2014-04-09 03:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-20 15:29 - 2014-04-09 03:27 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-20 15:27 - 2014-08-27 20:54 - 00000000 ____D () C:\AdwCleaner 2015-01-20 15:11 - 2014-09-13 11:30 - 00000000 ____D () C:\Users\Susanne\AppData\Roaming\vlc 2015-01-20 15:11 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat 2015-01-20 15:10 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration 2015-01-14 16:24 - 2014-10-01 15:42 - 00103736 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2015-01-09 20:23 - 2014-04-09 17:37 - 00000000 ____D () C:\Program Files (x86)\UseNeXT 2015-01-09 19:34 - 2014-12-21 18:11 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-01-06 04:36 - 2014-04-08 22:59 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-12-29 13:04 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-12-28 18:11 - 2014-04-19 11:17 - 00000680 __RSH () C:\Users\Susanne\ntuser.pol 2014-12-28 15:10 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries ==================== Files in the root of some directories ======= 2014-11-15 14:00 - 2014-11-15 14:00 - 1499056 _____ (Cinema Plus2.7cV15.11) C:\Users\Susanne\AppData\Roaming\EFGWQB.exe 2014-09-29 17:09 - 2014-11-22 13:10 - 4518118 _____ () C:\Users\Susanne\AppData\Roaming\pb.zip 2014-11-15 14:00 - 2014-11-15 14:00 - 1981360 _____ (Cinema Plus2.7cV15.11) C:\Users\Susanne\AppData\Roaming\PBFI.exe 2015-01-19 21:24 - 2015-01-19 21:24 - 0000032 _____ () C:\Users\Susanne\AppData\Roaming\url.txt 2014-04-09 04:08 - 2014-04-09 04:08 - 0007599 _____ () C:\Users\Susanne\AppData\Local\Resmon.ResmonCfg 2010-09-16 00:41 - 2010-03-02 23:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-16 22:10 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015 Ran by Susanne at 2015-01-22 19:21:51 Running from C:\Users\Susanne\Desktop\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) 2007 Microsoft Office Suite Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems) Acer Crystal Eye webcam Ver:1.1.194.1021 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.194.1021 - Chicony Electronics Co.,Ltd.) Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated) Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated) Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0423.2010 - Acer Incorporated) Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.) Airport Mania First Flight (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}) (Version: - Oberon Media) Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{DD89CE29-BC88-40C6-A845-E2548682C5D6}) (Version: 1.9.17.06019 - Alcor Micro Corp.) Alcor Micro USB Card Reader (x32 Version: 1.9.17.06019 - Alcor Micro Corp.) Hidden Alliance of Valiant Arms DE (HKLM-x32\...\Alliance of Valiant Arms DE) (Version: - ) Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ATI Catalyst Install Manager (HKLM\...\{84CC4DD9-03B2-C31A-537E-9BBC18ACC602}) (Version: 3.0.786.0 - ATI Technologies, Inc.) AVS Registry Cleaner version 2.2 (HKLM-x32\...\AVSRegistryCleaner_is1) (Version: - Online Media Technologies Ltd.) AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.) Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.2.4.2 - Broadcom Corporation) Call of Duty(R) 4 - Modern Warfare(TM) (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.7 - Activision) Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.00.0000 - Activision) Hidden Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: - ) Hidden Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: 1.6 - Activision) Hidden Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: - ) Hidden Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: 1.7 - Activision) Hidden ccc-core-static (x32 Version: 2010.0828.2240.38829 - Ihr Firmenname) Hidden FastStone Image Viewer 4.9 (x32 Version: 4.9 - FastStone Soft) Hidden Freemake Video Converter Version 4.1.3 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.3 - Ellora Assets Corporation) HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät (HKLM\...\{3DF2B8CD-072D-49F5-BCF8-1DB86B0DF632}) (Version: 22.0.334.0 - Hewlett-Packard Co.) HP Deskjet 3050 J610 series Hilfe (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard) HP Update (HKLM-x32\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard) Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation) Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation) iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.) Java 8 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418000FF}) (Version: 8.0.0 - Oracle Corporation) Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.630 - NewTech Infosystems) NTI Backup Now Standard (x32 Version: 5.1.2.630 - NewTech Infosystems) Hidden NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6636 - NewTech Infosystems) NTI Media Maker 8 (x32 Version: 8.0.12.6636 - NewTech Infosystems) Hidden PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.6.0 - Synaptics Incorporated) Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version: - Tangysoft Ltd.) VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN) Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated) Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation) Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 11-12-2014 06:11:22 Windows Modules Installer 11-12-2014 06:13:46 Windows Modules Installer 11-12-2014 06:14:26 Windows Modules Installer 12-12-2014 10:14:29 Windows Update 16-12-2014 15:37:15 Windows Update 19-12-2014 16:44:25 Windows Modules Installer 19-12-2014 16:49:50 Windows Update 21-12-2014 18:12:12 Installed iTunes 21-12-2014 18:21:19 Removed iTunes 21-12-2014 18:30:18 Installed iTunes 23-12-2014 11:52:23 Windows Update 26-12-2014 09:36:49 Removed Bonjour 26-12-2014 09:38:58 Removed Apple Software Update 26-12-2014 15:19:37 Windows Update 30-12-2014 18:49:56 Windows Update 06-01-2015 19:38:12 Windows Update 09-01-2015 19:34:24 Removed Apple Mobile Device Support 13-01-2015 15:38:07 Windows Update 14-01-2015 16:55:48 Windows Update 20-01-2015 15:19:42 Windows Update 20-01-2015 20:41:55 Backup_2015_01_20 20-01-2015 20:47:06 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1A90AB87-BF04-45FB-9C2A-6605F9670797} - System32\Tasks\{D01B9B71-E1A2-420C-A614-2DB41667A8A9} => C:\Program Files (x86)\UseNeXT\UseNeXT.exe [2014-11-19] () Task: {29639ED0-9639-41C5-8350-39DA11043BD6} - System32\Tasks\{A7BEFC5C-754D-4C39-AC33-868014A6F057} => pcalua.exe -a "C:\Users\Susanne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A5GNL30H\pb35setup.exe" -d C:\Users\Susanne\Desktop Task: {2DA58C14-8819-465E-9882-C4E5E23E70FE} - System32\Tasks\{10D9A3C4-989C-4B18-B396-2C18B1570345} => C:\Program Files (x86)\UseNeXT\UseNeXT.exe [2014-11-19] () Task: {45BDA3E4-A417-4745-83BA-EEE147C3020B} - System32\Tasks\{9BEA91D2-BA29-4B3F-BD61-3E94A2F653D7} => pcalua.exe -a "C:\Users\Susanne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A5GNL30H\CoD4MW_1_4_to_1_5_MP.exe" -d C:\Users\Susanne\Desktop Task: {6537D342-652F-42FB-976F-B3525CBB87B7} - System32\Tasks\{0E883005-6E76-43BE-97C5-81E0C89EF4AA} => pcalua.exe -a "C:\Program Files (x86)\Acer GameZone\Airport Mania First Flight\Uninstall.exe" -c "C:\Program Files (x86)\Acer GameZone\Airport Mania First Flight\install.log" Task: {8C87F424-735E-43AC-8D9A-5B27E00A8A7A} - System32\Tasks\{77131DD6-4E01-45DD-882A-DA3882438C63} => C:\Program Files (x86)\UseNeXT\UseNeXT.exe [2014-11-19] () Task: {96DBB813-4390-4BB9-B7CF-672C9BB062B5} - System32\Tasks\{6B2CDE7B-31EE-4333-9856-3162C5CC6A4F} => C:\Program Files (x86)\UseNeXT\UseNeXT.exe [2014-11-19] () Task: {9D7E8829-37D5-4CF9-9090-C065308388EE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-22] (Google Inc.) Task: {A2C0A2B7-2950-4CCF-9AF3-1BE9C768EBD1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-22] (Google Inc.) Task: {E544D795-9E1F-4ADC-B926-7B6CC19E63FC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-20] (Adobe Systems Incorporated) Task: {EA3AC74D-E16A-4763-AF17-1FE3115780CB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-06-25 18:13 - 2014-07-20 11:00 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2014-04-08 21:52 - 2014-04-08 21:52 - 00206208 _____ () C:\Windows\PLFSetI.exe 2010-08-26 14:45 - 2010-08-26 14:45 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2010-08-28 21:39 - 2010-08-28 21:39 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2010-06-28 23:20 - 2010-06-28 23:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll 2010-06-28 23:12 - 2010-06-28 23:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll 2014-04-09 07:25 - 2009-05-20 23:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-585539473-3794034934-2184753831-500 - Administrator - Disabled) Gast (S-1-5-21-585539473-3794034934-2184753831-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-585539473-3794034934-2184753831-1003 - Limited - Enabled) max (S-1-5-21-585539473-3794034934-2184753831-1001 - Limited - Enabled) => C:\Users\max.Susanne-PC Susanne (S-1-5-21-585539473-3794034934-2184753831-1000 - Administrator - Enabled) => C:\Users\Susanne ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/16/2015 09:39:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000004e4e4 ID des fehlerhaften Prozesses: 0x10e0 Startzeit der fehlerhaften Anwendung: 0xvlc.exe0 Pfad der fehlerhaften Anwendung: vlc.exe1 Pfad des fehlerhaften Moduls: vlc.exe2 Berichtskennung: vlc.exe3 Error: (01/13/2015 07:27:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000004e4e4 ID des fehlerhaften Prozesses: 0x13cc Startzeit der fehlerhaften Anwendung: 0xvlc.exe0 Pfad der fehlerhaften Anwendung: vlc.exe1 Pfad des fehlerhaften Moduls: vlc.exe2 Berichtskennung: vlc.exe3 Error: (01/13/2015 07:25:01 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000004e4e4 ID des fehlerhaften Prozesses: 0xda8 Startzeit der fehlerhaften Anwendung: 0xvlc.exe0 Pfad der fehlerhaften Anwendung: vlc.exe1 Pfad des fehlerhaften Moduls: vlc.exe2 Berichtskennung: vlc.exe3 Error: (01/10/2015 09:06:41 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000004e4e4 ID des fehlerhaften Prozesses: 0x13ac Startzeit der fehlerhaften Anwendung: 0xvlc.exe0 Pfad der fehlerhaften Anwendung: vlc.exe1 Pfad des fehlerhaften Moduls: vlc.exe2 Berichtskennung: vlc.exe3 Error: (01/10/2015 08:47:29 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000004e4e4 ID des fehlerhaften Prozesses: 0xafc Startzeit der fehlerhaften Anwendung: 0xvlc.exe0 Pfad der fehlerhaften Anwendung: vlc.exe1 Pfad des fehlerhaften Moduls: vlc.exe2 Berichtskennung: vlc.exe3 Error: (01/10/2015 08:42:42 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000004e4e4 ID des fehlerhaften Prozesses: 0x428 Startzeit der fehlerhaften Anwendung: 0xvlc.exe0 Pfad der fehlerhaften Anwendung: vlc.exe1 Pfad des fehlerhaften Moduls: vlc.exe2 Berichtskennung: vlc.exe3 Error: (01/10/2015 08:42:19 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000004e4e4 ID des fehlerhaften Prozesses: 0xc18 Startzeit der fehlerhaften Anwendung: 0xvlc.exe0 Pfad der fehlerhaften Anwendung: vlc.exe1 Pfad des fehlerhaften Moduls: vlc.exe2 Berichtskennung: vlc.exe3 Error: (01/09/2015 09:22:58 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error: (01/03/2015 00:12:34 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17496, Zeitstempel: 0x546fdf97 Name des fehlerhaften Moduls: Flash64_15_0_0_246.ocx, Version: 15.0.0.246, Zeitstempel: 0x5481126b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000002a7337 ID des fehlerhaften Prozesses: 0xb24 Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0 Pfad der fehlerhaften Anwendung: iexplore.exe1 Pfad des fehlerhaften Moduls: iexplore.exe2 Berichtskennung: iexplore.exe3 Error: (12/28/2014 02:57:52 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm iw3mp.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: f30 Startzeit: 01d022a624334e67 Endzeit: 3 Anwendungspfad: C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe Berichts-ID: 8149ea9d-8e99-11e4-9767-206a8a23698d System errors: ============= Error: (01/20/2015 07:50:03 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (01/20/2015 07:50:03 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (01/20/2015 03:08:06 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334} Error: (01/20/2015 03:06:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "PnP-X-IP-Busenumerator" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (01/20/2015 03:04:29 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf Error: (01/20/2015 03:04:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (01/20/2015 03:04:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (01/20/2015 03:04:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (01/20/2015 03:04:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst "Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31 Error: (01/20/2015 03:04:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "IP-Hilfsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Microsoft Office Sessions: ========================= ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz Percentage of memory in use: 31% Total physical RAM: 3956.5 MB Available physical RAM: 2714.72 MB Total Pagefile: 7911.18 MB Available Pagefile: 6477 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (ACER) (Fixed) (Total:305.51 GB) (Free:238.87 GB) NTFS Drive d: (2013 09) (CDROM) (Total:0.02 GB) (Free:0 GB) UDF Drive e: (SICHERUNG) (Fixed) (Total:146.48 GB) (Free:107.3 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 33C133C1) Partition 1: (Not Active) - (Size=13.7 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=305.5 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=146.5 GB) - (Type=OF Extended) ==================== End Of Log ============================ Ich hoffe es ist so alles richtig. Gruß Susanne |
23.01.2015, 12:22 | #4 |
/// the machine /// TB-Ausbilder | ich habe ein defogger-disable hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
24.01.2015, 09:41 | #5 |
| ich habe ein defogger-disableCode:
ATTFilter ComboFix 15-01-22.02 - Susanne 24.01.2015 8:59.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3956.2869 [GMT 1:00] ausgeführt von:: c:\users\Susanne\Desktop\Downloads\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Susanne\AppData\Local\Adobe\ChromeInstaller.exe c:\users\Susanne\AppData\Local\Adobe\downloader.dll c:\users\Susanne\AppData\Local\Adobe\gccheck.exe c:\users\Susanne\AppData\Local\Adobe\GTB.exe c:\users\Susanne\AppData\Local\Adobe\gtbcheck.exe c:\users\Susanne\Desktop\Search.lnk c:\windows\msdownld.tmp c:\windows\wininit.ini . . ((((((((((((((((((((((( Dateien erstellt von 2014-12-24 bis 2015-01-24 )))))))))))))))))))))))))))))) . . 2015-01-24 08:04 . 2015-01-24 08:04 -------- d-----w- c:\users\max.-PC\AppData\Local\temp 2015-01-24 08:04 . 2015-01-24 08:04 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-01-23 17:27 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2CA21D91-F38B-4041-AFF3-0177C8AA7C10}\mpengine.dll 2015-01-22 18:20 . 2015-01-22 18:22 -------- d-----w- C:\FRST . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-01-22 18:29 . 2014-04-09 02:27 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2015-01-22 18:29 . 2014-04-09 02:27 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2015-01-20 19:47 . 2014-04-08 22:07 113365784 ----a-w- c:\windows\system32\MRT.exe 2015-01-14 15:24 . 2014-10-01 14:42 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2015-01-06 03:36 . 2014-04-08 21:59 298120 ------w- c:\windows\system32\MpSigStub.exe 2014-12-13 05:09 . 2014-12-18 15:27 144384 ----a-w- c:\windows\system32\ieUnatt.exe 2014-12-13 03:33 . 2014-12-18 15:27 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2014-11-27 01:43 . 2014-12-10 16:35 389296 ----a-w- c:\windows\system32\iedkcs32.dll 2014-11-22 03:13 . 2014-12-10 16:35 25059840 ----a-w- c:\windows\system32\mshtml.dll 2014-11-22 03:06 . 2014-12-10 16:35 2724864 ----a-w- c:\windows\system32\mshtml.tlb 2014-11-22 03:06 . 2014-12-10 16:35 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll 2014-11-22 02:50 . 2014-12-10 16:35 66560 ----a-w- c:\windows\system32\iesetup.dll 2014-11-22 02:50 . 2014-12-10 16:35 580096 ----a-w- c:\windows\system32\vbscript.dll 2014-11-22 02:49 . 2014-12-10 16:35 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll 2014-11-22 02:49 . 2014-12-10 16:35 2885120 ----a-w- c:\windows\system32\iertutil.dll 2014-11-22 02:48 . 2014-12-10 16:35 88064 ----a-w- c:\windows\system32\MshtmlDac.dll 2014-11-22 02:41 . 2014-12-10 16:35 54784 ----a-w- c:\windows\system32\jsproxy.dll 2014-11-22 02:40 . 2014-12-10 16:35 34304 ----a-w- c:\windows\system32\iernonce.dll 2014-11-22 02:37 . 2014-12-10 16:35 633856 ----a-w- c:\windows\system32\ieui.dll 2014-11-22 02:35 . 2014-12-10 16:35 114688 ----a-w- c:\windows\system32\ieetwcollector.exe 2014-11-22 02:34 . 2014-12-10 16:35 814080 ----a-w- c:\windows\system32\jscript9diag.dll 2014-11-22 02:34 . 2014-12-10 16:35 6039552 ----a-w- c:\windows\system32\jscript9.dll 2014-11-22 02:26 . 2014-12-10 16:35 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2014-11-22 02:22 . 2014-12-10 16:35 490496 ----a-w- c:\windows\system32\dxtmsft.dll 2014-11-22 02:20 . 2014-12-10 16:35 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb 2014-11-22 02:14 . 2014-12-10 16:35 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll 2014-11-22 02:09 . 2014-12-10 16:35 199680 ----a-w- c:\windows\system32\msrating.dll 2014-11-22 02:08 . 2014-12-10 16:35 92160 ----a-w- c:\windows\system32\mshtmled.dll 2014-11-22 02:07 . 2014-12-10 16:35 501248 ----a-w- c:\windows\SysWow64\vbscript.dll 2014-11-22 02:07 . 2014-12-10 16:35 62464 ----a-w- c:\windows\SysWow64\iesetup.dll 2014-11-22 02:06 . 2014-12-10 16:35 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll 2014-11-22 02:05 . 2014-12-10 16:35 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll 2014-11-22 02:05 . 2014-12-10 16:35 316928 ----a-w- c:\windows\system32\dxtrans.dll 2014-11-22 01:54 . 2014-12-10 16:35 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll 2014-11-22 01:49 . 2014-12-10 16:35 718848 ----a-w- c:\windows\system32\ie4uinit.exe 2014-11-22 01:49 . 2014-12-10 16:35 800768 ----a-w- c:\windows\system32\msfeeds.dll 2014-11-22 01:47 . 2014-12-10 16:35 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll 2014-11-22 01:46 . 2014-12-10 16:35 2125312 ----a-w- c:\windows\system32\inetcpl.cpl 2014-11-22 01:43 . 2014-12-10 16:35 14412800 ----a-w- c:\windows\system32\ieframe.dll 2014-11-22 01:40 . 2014-12-10 16:35 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll 2014-11-22 01:29 . 2014-12-10 16:35 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll 2014-11-22 01:28 . 2014-12-10 16:35 2358272 ----a-w- c:\windows\system32\wininet.dll 2014-11-22 01:22 . 2014-12-10 16:35 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2014-11-22 01:21 . 2014-12-10 16:35 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2014-11-22 01:15 . 2014-12-10 16:35 1548288 ----a-w- c:\windows\system32\urlmon.dll 2014-11-22 01:03 . 2014-12-10 16:35 800768 ----a-w- c:\windows\system32\ieapfltr.dll 2014-11-22 01:00 . 2014-12-10 16:35 1888256 ----a-w- c:\windows\SysWow64\wininet.dll 2014-11-18 13:56 . 2014-11-18 13:56 1202848 ----a-w- c:\windows\SysWow64\FM20.DLL 2014-11-15 13:00 . 2014-11-15 13:00 1499056 ----a-w- c:\users\Susanne\AppData\Roaming\EFGWQB.exe 2014-11-15 13:00 . 2014-11-15 13:00 1981360 ----a-w- c:\users\Susanne\AppData\Roaming\PBFI.exe 2014-11-11 03:09 . 2014-12-10 16:35 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll 2014-11-11 03:08 . 2014-11-19 15:20 241152 ----a-w- c:\windows\system32\pku2u.dll 2014-11-11 03:08 . 2014-11-19 15:20 728064 ----a-w- c:\windows\system32\kerberos.dll 2014-11-11 02:44 . 2014-12-10 16:35 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2014-11-11 02:44 . 2014-11-19 15:20 186880 ----a-w- c:\windows\SysWow64\pku2u.dll 2014-11-11 02:44 . 2014-11-19 15:20 550912 ----a-w- c:\windows\SysWow64\kerberos.dll 2014-11-11 01:46 . 2014-12-10 16:35 119296 ----a-w- c:\windows\system32\drivers\tdx.sys 2014-11-08 03:16 . 2014-12-10 16:33 2048 ----a-w- c:\windows\system32\tzres.dll 2014-11-08 02:45 . 2014-12-10 16:33 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2014-10-30 02:03 . 2014-12-10 16:33 165888 ----a-w- c:\windows\system32\charmap.exe 2014-10-30 01:45 . 2014-12-10 16:33 155136 ----a-w- c:\windows\SysWow64\charmap.exe . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-28 98304] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-11 975952] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-03-04 224128] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x] S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x] S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x] . . Inhalt des "geplante Tasks" Ordners . 2015-01-23 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-09 18:29] . 2015-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-06-22 19:55] . 2015-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-06-22 19:55] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-06-10 324608] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-29 11101800] "PLFSetI"="c:\windows\PLFSetI.exe" [2014-04-08 206208] "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216] . ------- Zusätzlicher Suchlauf ------- . uStart Page = https://www.google.de/?gws_rd=ssl uLocal Page = c:\windows\system32\blank.htm mDefault_Search_URL = hxxp://www.google.com mDefault_Page_URL = hxxp://www.google.com mStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm mSearch Page = hxxp://www.google.com uInternet Settings,ProxyOverride = <-loopback> IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000 Trusted Zone: aeriagames.com TCP: DhcpNameServer = 192.168.178.1 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.16" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2015-01-24 09:06:22 ComboFix-quarantined-files.txt 2015-01-24 08:06 . Vor Suchlauf: 13 Verzeichnis(se), 256.880.324.608 Bytes frei Nach Suchlauf: 19 Verzeichnis(se), 256.348.336.128 Bytes frei . - - End Of File - - 3EB02F384E1003B9F1787B6E1D4B573D |
24.01.2015, 11:08 | #6 |
/// the machine /// TB-Ausbilder | ich habe ein defogger-disable Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> ich habe ein defogger-disable |
24.01.2015, 14:09 | #7 |
| ich habe ein defogger-disableCode:
ATTFilter alwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 24.01.2015 Suchlauf-Zeit: 13:00:54 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.01.24.07 Rootkit Datenbank: v2015.01.14.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Susanne Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 389869 Verstrichene Zeit: 19 Min, 13 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 2 PUP.Optional.CinemaPlus.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\CinPlus-2.7cV15.11, In Quarantäne, [b5825c9f692056e0e497e39dcf3449b7], PUP.Optional.FlowSurf.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\FLOWSURF, In Quarantäne, [79be3ebd8aff78bee01010df689c2ad6], Registrierungswerte: 1 PUP.Optional.FlowSurf.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\FLOWSURF|chrid, oglkiljdmflopemijdadoiepkhcaodjn, In Quarantäne, [79be3ebd8aff78bee01010df689c2ad6] Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 5 PUP.Optional.CinemaPlus.A, C:\Users\Susanne\AppData\Roaming\EFGWQB.exe, In Quarantäne, [5ed9a05b8603aa8cf4ff4f866e978080], PUP.Optional.CinemaPlus.A, C:\Users\Susanne\AppData\Roaming\PBFI.exe, In Quarantäne, [df587d7e54353cfa648fe8ed9d68d32d], PUP.Optional.MindSpark.A, C:\Users\Susanne\Desktop\InternetSpeedTracker.exe, In Quarantäne, [c17645b6c9c061d5b91af2616e978e72], CrackTool.Agent, C:\Program Files (x86)\AVS4YOU\avs4you.all.products.activator.2011.(v1.1a)-FIXED-mpt.exe, In Quarantäne, [3dfaca3135540f27c009b98ab34e2cd4], PUP.Optional.Amonetize, C:\Users\max.-PC\Downloads\Hay Day Multihack__5160_i832511053_il356294.exe, In Quarantäne, [9e995aa12465a195e124338fb74ae51b], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Gruß Susanne Code:
ATTFilter # AdwCleaner v4.109 - Bericht erstellt am 24/01/2015 um 13:46:04 # Aktualisiert 24/01/2015 von Xplode # Database : 2015-01-24.4 [Live] # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : Susanne - SUSANNE-PC # Gestartet von : C:\Users\Susanne\Desktop\Downloads\AdwCleaner_4.109.exe # Option : Suchen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** ***** [ Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Daten Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback> ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17496 -\\ Mozilla Firefox v -\\ Google Chrome v ************************* AdwCleaner[R0].txt - [3911 octets] - [27/08/2014 20:54:18] AdwCleaner[R1].txt - [9667 octets] - [10/01/2015 20:28:42] AdwCleaner[R2].txt - [1045 octets] - [20/01/2015 15:22:11] AdwCleaner[R3].txt - [1106 octets] - [20/01/2015 15:26:28] AdwCleaner[R4].txt - [1020 octets] - [24/01/2015 13:46:04] AdwCleaner[S0].txt - [3565 octets] - [27/08/2014 20:59:11] AdwCleaner[S1].txt - [7588 octets] - [10/01/2015 20:30:21] AdwCleaner[S2].txt - [1168 octets] - [20/01/2015 15:27:54] ########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [1260 octets] ########## Code:
ATTFilter Junkware Removal Tool (JRT) by Thisisu Version: 6.4.1 (12.28.2014:1) OS: Windows 7 Home Premium x64 Ran by Susanne on 24.01.2015 at 13:58:11,43 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 24.01.2015 at 14:00:59,57 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01 Ran by Susanne (administrator) on SUSANNE-PC on 24-01-2015 14:04:49 Running from C:\Users\Susanne\Desktop\Downloads Loaded Profiles: Susanne (Available profiles: Susanne & max) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NTI, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Windows\PLFSetI.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-06-10] (Alcor Micro Corp.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-29] (Realtek Semiconductor) HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2014-04-08] () HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-18] (Synaptics Incorporated) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated) HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-28] (NewTech Infosystems, Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-11] (Dritek System Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-04] (Oracle Corporation) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKU\S-1-5-21-585539473-3794034934-2184753831-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-585539473-3794034934-2184753831-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 GroupPolicyUsers\S-1-5-21-585539473-3794034934-2184753831-1001\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-585539473-3794034934-2184753831-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:53752;https=127.0.0.1:53752 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-585539473-3794034934-2184753831-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/?gws_rd=ssl HKU\S-1-5-21-585539473-3794034934-2184753831-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-585539473-3794034934-2184753831-1000 -> {F04394D0-E518-43EC-AE43-1CE54C168521} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\1zmx7jac.default FF NewTab: about:newtab FF Plugin: @java.com/DTPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: autotranslatorkobayashich - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\1zmx7jac.default\Extensions\autotranslator@kobayashi.ch [2014-11-19] FF Extension: Firebug - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\1zmx7jac.default\Extensions\firebug@software.joehewitt.com.xpi [2014-11-15] FF Extension: No Name - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\1zmx7jac.default\extensions\faststartff@gmail.com [Not Found] FF Extension: No Name - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\1zmx7jac.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com [Not Found] Chrome: ======= CHR Profile: C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-28] CHR Extension: (Google Drive) - C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-28] CHR Extension: (YouTube) - C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-28] CHR Extension: (Google Search) - C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-28] CHR Extension: (fadgflmigmogfionelcpalhohefbnehm) - C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadgflmigmogfionelcpalhohefbnehm [2014-11-19] CHR Extension: (Google Wallet) - C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-28] CHR Extension: (Gmail) - C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-28] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2010-04-17] (NTI, Inc.) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2014-07-20] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-24] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] () S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-24 14:00 - 2015-01-24 14:00 - 00001289 _____ () C:\Users\Susanne\Desktop\JRT.txt 2015-01-24 13:58 - 2015-01-24 13:58 - 00000000 ____D () C:\Windows\ERUNT 2015-01-24 13:31 - 2015-01-24 13:31 - 00002306 _____ () C:\Users\Susanne\Desktop\mbam.txt 2015-01-24 12:59 - 2015-01-24 13:53 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-24 12:59 - 2015-01-24 12:59 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-24 12:59 - 2015-01-24 12:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-24 12:59 - 2015-01-24 12:59 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-24 12:59 - 2015-01-24 12:59 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-24 12:59 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-24 12:59 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-24 12:59 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-01-24 12:42 - 2015-01-24 13:52 - 00002790 _____ () C:\Windows\PFRO.log 2015-01-24 09:06 - 2015-01-24 09:06 - 00018536 _____ () C:\ComboFix.txt 2015-01-24 08:56 - 2015-01-24 09:06 - 00000000 ____D () C:\Qoobox 2015-01-24 08:56 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-01-24 08:56 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-01-24 08:56 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-01-24 08:56 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-01-24 08:56 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-01-24 08:56 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-01-24 08:56 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-01-24 08:56 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-01-24 08:55 - 2015-01-24 09:05 - 00000000 ____D () C:\Windows\erdnt 2015-01-22 19:20 - 2015-01-24 14:04 - 00000000 ____D () C:\FRST 2015-01-21 20:10 - 2015-01-21 20:11 - 00000476 _____ () C:\Users\Susanne\Desktop\defogger_disable.log 2015-01-21 20:10 - 2015-01-21 20:10 - 00000000 _____ () C:\Users\Susanne\defogger_reenable 2015-01-21 15:26 - 2015-01-24 13:52 - 00000504 _____ () C:\Windows\setupact.log 2015-01-21 15:26 - 2015-01-21 15:26 - 00000000 _____ () C:\Windows\setuperr.log 2015-01-20 15:19 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-20 15:19 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-20 15:19 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-20 15:19 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-20 15:19 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-20 15:19 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-20 15:19 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-20 15:19 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-20 15:19 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-20 15:19 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-20 15:19 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-20 15:19 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-20 15:19 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-19 21:24 - 2015-01-19 21:24 - 00000032 _____ () C:\Users\Susanne\AppData\Roaming\url.txt 2015-01-09 20:23 - 2015-01-09 20:23 - 00001861 _____ () C:\Users\Susanne\Desktop\UseNeXT by Tangysoft.lnk 2015-01-09 20:23 - 2015-01-09 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT 2014-12-25 15:25 - 2014-12-25 15:25 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-24 14:00 - 2009-07-14 05:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-24 14:00 - 2009-07-14 05:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-24 13:53 - 2014-06-22 20:55 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-24 13:52 - 2014-08-27 20:54 - 00000000 ____D () C:\AdwCleaner 2015-01-24 13:52 - 2014-04-08 21:48 - 01457577 _____ () C:\Windows\WindowsUpdate.log 2015-01-24 13:52 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-24 13:29 - 2014-04-09 03:27 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-24 13:15 - 2014-06-22 20:55 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-24 09:47 - 2014-04-09 17:37 - 00000000 ____D () C:\Users\Susanne\AppData\Roaming\UseNeXT 2015-01-24 09:17 - 2014-08-03 15:48 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{951FFD90-CAF6-4B86-859C-3479365B480C} 2015-01-24 09:04 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2015-01-24 09:03 - 2014-04-09 03:24 - 00000000 ____D () C:\Users\Susanne\AppData\Local\Adobe 2015-01-22 19:29 - 2014-04-09 03:27 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-22 19:29 - 2014-04-09 03:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-22 19:29 - 2014-04-09 03:27 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-21 20:10 - 2014-04-08 22:16 - 00000000 ____D () C:\Users\Susanne 2015-01-20 20:47 - 2014-04-08 23:07 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-20 20:47 - 2014-04-08 23:07 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-20 15:41 - 2014-04-09 07:38 - 00699342 _____ () C:\Windows\system32\perfh007.dat 2015-01-20 15:41 - 2014-04-09 07:38 - 00149450 _____ () C:\Windows\system32\perfc007.dat 2015-01-20 15:41 - 2009-07-14 06:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-20 15:11 - 2014-09-13 11:30 - 00000000 ____D () C:\Users\Susanne\AppData\Roaming\vlc 2015-01-20 15:11 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat 2015-01-20 15:10 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration 2015-01-14 16:24 - 2014-10-01 15:42 - 00103736 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2015-01-09 20:23 - 2014-04-09 17:37 - 00000000 ____D () C:\Program Files (x86)\UseNeXT 2015-01-09 19:34 - 2014-12-21 18:11 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-01-06 04:36 - 2014-04-08 22:59 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-12-29 13:04 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-12-28 18:11 - 2014-04-19 11:17 - 00000680 __RSH () C:\Users\Susanne\ntuser.pol 2014-12-28 15:10 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries ==================== Files in the root of some directories ======= 2014-09-29 17:09 - 2014-11-22 13:10 - 4518118 _____ () C:\Users\Susanne\AppData\Roaming\pb.zip 2015-01-19 21:24 - 2015-01-19 21:24 - 0000032 _____ () C:\Users\Susanne\AppData\Roaming\url.txt 2014-04-09 04:08 - 2014-04-09 04:08 - 0007599 _____ () C:\Users\Susanne\AppData\Local\Resmon.ResmonCfg 2010-09-16 00:41 - 2010-03-02 23:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe Some content of TEMP: ==================== C:\Users\Susanne\AppData\Local\Temp\Quarantine.exe C:\Users\Susanne\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-16 22:10 ==================== End Of Log ============================ --- --- --- --- --- --- ist jetzt wieder alles ok? Gruß Susanne. |
24.01.2015, 16:18 | #8 |
/// the machine /// TB-Ausbilder | ich habe ein defogger-disableESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
24.01.2015, 20:00 | #9 |
| ich habe ein defogger-disableCode:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=90088e639e886747a6028f92624e846b # engine=22127 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-01-24 06:11:07 # local_time=2015-01-24 07:11:07 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 89044 173752917 0 0 # scanned=139370 # found=33 # cleaned=0 # scan_time=4414 sh=21CAB45134CBAB08DA9DEF13EECAC86B46F3E669 ft=1 fh=5fc65ef6698c7c41 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir" sh=1727DEA1E7C028D11876CFC42F3553C3C6718467 ft=1 fh=f9e5b6a85939375c vn="Win64/Thinknice.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir" sh=2FC3A5E92137A2B80A59D68B7C62C774C50FFE00 ft=1 fh=938e1c7bdaa228ad vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\HpUI.exe.vir" sh=12EBF6FC8AD543662053CA101C2D5DA175137EB2 ft=1 fh=c71c00119e5c1a87 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader32.exe.vir" sh=8F0ABE23DDA3F9DC04497B1A4F455AF8CE9D45B8 ft=1 fh=787e176d56997de7 vn="Win64/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader64.exe.vir" sh=6796FD43F04FE933E9155F5DD9B5B928E8C1AC71 ft=1 fh=0691f007be75c371 vn="Variante von Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir" sh=147893B2EC59DC338295C9DB77760076F7817A79 ft=1 fh=f16cf01e720a3dcc vn="Win64/Thinknice.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir" sh=2B55DF509EC5D62C5FB44E14E63AAC90371B917F ft=1 fh=918bb53878474d1f vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe.vir" sh=43B2963293CE3865C32132A4802B92531C16D256 ft=1 fh=e1d0248c77f0c9d9 vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir" sh=9AE9A2C0B8241366357206097FD312B5671FCAE8 ft=1 fh=dc7a3c84863e13b7 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\uninstall.exe.vir" sh=2B55DF509EC5D62C5FB44E14E63AAC90371B917F ft=1 fh=918bb53878474d1f vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir" sh=A5AFD43F80036873D9CF6AEBD2F6A2EABBA072D6 ft=1 fh=9f46438dbe9f0851 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir" sh=F9FD8A46A46C3412CE6313DD941CEE0E075BB780 ft=1 fh=9d4c8bf9843f9b20 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\ValueApps64.dll.vir" sh=E4CF376DF44724A1ECF32D28CF38A8E0C7682E54 ft=1 fh=d95eee5e647657f0 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\ValueApps.dll.vir" sh=0363B5F86019FBFCF2F8A3D138DFD21D17C9AC09 ft=1 fh=9c616d5db57dfcc6 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Config.Msi\256c2.rbf" sh=B91AAE77E2715738E9A0587F34297D185DC66996 ft=1 fh=c71c0011d1659d7a vn="Variante von Win32/Amonetize.AW evtl. unerwünschte Anwendung" ac=I fn="C:\Users\max.-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7JDA8WQS\Hay Day Hack Downloader__3687_i832534008_il2654227.exe" sh=D38A27DB25C4299323810DC473468E8F98A3E5C7 ft=1 fh=7fadfd6518d4da32 vn="Variante von MSIL/FakeTool.KX Trojaner" ac=I fn="C:\Users\max.-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7JDA8WQS\Hay_day_hack_2014\HayDayHack.exe" sh=B91AAE77E2715738E9A0587F34297D185DC66996 ft=1 fh=c71c0011d1659d7a vn="Variante von Win32/Amonetize.AW evtl. unerwünschte Anwendung" ac=I fn="C:\Users\max.-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TDD2RDWV\Hay Day Multihack__5160_i832509257_il356294.exe" sh=125B9C6377BA9DCA6E0322D4245460D5481E70F1 ft=1 fh=cb31bf0efa885ec8 vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\max.-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZJ8Z8TXG\Call-of-Duty_-Modern-Warfare-3-lnstall.exe" sh=92B3D57210543CC4D1E90920A2A69312B15CC971 ft=1 fh=c71c0011e48792bc vn="Win32/InstallCore.MF evtl. unerwünschte Anwendung" ac=I fn="C:\Users\max.-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZJ8Z8TXG\COMPUTER_BILD-Download-Manager_fuer_cod4mw-1.6-patchsetup.exe" sh=6FC72DB379815B568847EAFE5BC583F2A1EB9FFB ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\max.-PC\Desktop\Neuer Ordner\Download\Root My Android Pro.apk" sh=979E12CA0892E31D8DA745788F4F3F0566A884A4 ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.CU Trojaner" ac=I fn="C:\Users\max.-PC\Desktop\Neuer Ordner\Download\Root My Android-1.apk" sh=979E12CA0892E31D8DA745788F4F3F0566A884A4 ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.CU Trojaner" ac=I fn="C:\Users\max.-PC\Desktop\Neuer Ordner\Download\Root My Android-2.apk" sh=979E12CA0892E31D8DA745788F4F3F0566A884A4 ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.CU Trojaner" ac=I fn="C:\Users\max.-PC\Desktop\Neuer Ordner\Download\Root My Android.apk" sh=93C6A7B8EA0B6E747AD088F7419D5F9ACAC4E864 ft=0 fh=0000000000000000 vn="Variante von Android/Leadbolt.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\max.-PC\Desktop\Neuer Ordner\Download\Superuser Elite Pro.apk" sh=B3328C32B46570430A2CD313431B3EA0FB64B1AE ft=0 fh=0000000000000000 vn="Variante von Android/TrojanSMS.Agent.KA Trojaner" ac=I fn="C:\Users\max.-PC\Desktop\Neuer Ordner\Download\sx2372tas.apk" sh=4DEED39845F2A9AD5D21BF5736BD2F2A5D0F828C ft=0 fh=0000000000000000 vn="Variante von MSIL/FakeTool.KX Trojaner" ac=I fn="C:\Users\max.-PC\Downloads\Hay_Day_Hack_2014.zip" sh=951B1F6C0D2A1344A7F6EE3D62D93092E7E05190 ft=1 fh=d936b074ca2dda41 vn="Variante von Win32/Amonetize.BY evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Susanne\Desktop\Downloads\World At Arms Hack Downloader__3687_i1405803658_il1306551.exe" sh=951B1F6C0D2A1344A7F6EE3D62D93092E7E05190 ft=1 fh=d936b074ca2dda41 vn="Variante von Win32/Amonetize.BY evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Susanne\Desktop\Downloads\World At Arms Hack Downloader__3687_i1405804447_il1306551.exe" sh=45A900304F7436489C43B1CA08923097804EE3E1 ft=1 fh=02b766e47b947bc1 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Susanne\Desktop\Neuer Ordner\COD4 PunkBuster Updater.exe" sh=423C30EE929D6068F8DD706192C170EC510C6463 ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Susanne\Desktop\Neuer Ordner\dll\COD4_PB_Updater.rar" sh=C0E75937083BEB21B60F17609F5F25F3B4D81E2A ft=1 fh=b25613acc75299e9 vn="Variante von Win32/AdWare.iBryte.V.gen Anwendung" ac=I fn="E:\Eigene Dokumente\UseNeXT\wizard\wizard\Mortdecai (2014) Repack DVDRip XviD - spR 01\Codec\Setup.exe" sh=AABF7C4B5D0D5E0373B3B415711CC6CEE21E403C ft=1 fh=639b2c29b79f21db vn="Variante von Win32/Toolbar.Conduit.AE evtl. unerwünschte Anwendung" ac=I fn="E:\Software\FastStone_Image_Viewer_TSV250S8U.exe" Code:
ATTFilter Results of screen317's Security Check version 0.99.93 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` AVS Registry Cleaner version 2.2 Java version 32-bit out of Date! Adobe Reader XI Google Chrome 35.0.1916.114 Google Chrome out of date! ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01 Ran by Susanne (administrator) on SUSANNE-PC on 24-01-2015 19:49:20 Running from C:\Users\Susanne\Desktop\Downloads Loaded Profiles: Susanne (Available profiles: Susanne & max) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NTI, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Windows\PLFSetI.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-06-10] (Alcor Micro Corp.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-29] (Realtek Semiconductor) HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2014-04-08] () HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-18] (Synaptics Incorporated) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated) HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-28] (NewTech Infosystems, Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-11] (Dritek System Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-04] (Oracle Corporation) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKU\S-1-5-21-585539473-3794034934-2184753831-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-585539473-3794034934-2184753831-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 GroupPolicyUsers\S-1-5-21-585539473-3794034934-2184753831-1001\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-585539473-3794034934-2184753831-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:53752;https=127.0.0.1:53752 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-585539473-3794034934-2184753831-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/?gws_rd=ssl HKU\S-1-5-21-585539473-3794034934-2184753831-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-585539473-3794034934-2184753831-1000 -> {F04394D0-E518-43EC-AE43-1CE54C168521} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\1zmx7jac.default FF NewTab: about:newtab FF Plugin: @java.com/DTPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: autotranslatorkobayashich - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\1zmx7jac.default\Extensions\autotranslator@kobayashi.ch [2014-11-19] FF Extension: Firebug - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\1zmx7jac.default\Extensions\firebug@software.joehewitt.com.xpi [2014-11-15] FF Extension: No Name - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\1zmx7jac.default\extensions\faststartff@gmail.com [Not Found] FF Extension: No Name - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\1zmx7jac.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com [Not Found] Chrome: ======= CHR Profile: C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-28] CHR Extension: (Google Drive) - C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-28] CHR Extension: (YouTube) - C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-28] CHR Extension: (Google Search) - C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-28] CHR Extension: (fadgflmigmogfionelcpalhohefbnehm) - C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadgflmigmogfionelcpalhohefbnehm [2014-11-19] CHR Extension: (Google Wallet) - C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-28] CHR Extension: (Gmail) - C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-28] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2010-04-17] (NTI, Inc.) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2014-07-20] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-24] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] () S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-24 14:00 - 2015-01-24 14:00 - 00001289 _____ () C:\Users\Susanne\Desktop\JRT.txt 2015-01-24 13:58 - 2015-01-24 13:58 - 00000000 ____D () C:\Windows\ERUNT 2015-01-24 13:31 - 2015-01-24 13:31 - 00002306 _____ () C:\Users\Susanne\Desktop\mbam.txt 2015-01-24 12:59 - 2015-01-24 18:28 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-24 12:59 - 2015-01-24 12:59 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-24 12:59 - 2015-01-24 12:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-24 12:59 - 2015-01-24 12:59 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-24 12:59 - 2015-01-24 12:59 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-24 12:59 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-24 12:59 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-24 12:59 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-01-24 12:42 - 2015-01-24 13:52 - 00002790 _____ () C:\Windows\PFRO.log 2015-01-24 09:06 - 2015-01-24 09:06 - 00018536 _____ () C:\ComboFix.txt 2015-01-24 08:56 - 2015-01-24 09:06 - 00000000 ____D () C:\Qoobox 2015-01-24 08:56 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-01-24 08:56 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-01-24 08:56 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-01-24 08:56 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-01-24 08:56 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-01-24 08:56 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-01-24 08:56 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-01-24 08:56 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-01-24 08:55 - 2015-01-24 09:05 - 00000000 ____D () C:\Windows\erdnt 2015-01-22 19:20 - 2015-01-24 19:49 - 00000000 ____D () C:\FRST 2015-01-21 20:10 - 2015-01-21 20:11 - 00000476 _____ () C:\Users\Susanne\Desktop\defogger_disable.log 2015-01-21 20:10 - 2015-01-21 20:10 - 00000000 _____ () C:\Users\Susanne\defogger_reenable 2015-01-21 15:26 - 2015-01-24 17:36 - 00001483 _____ () C:\Windows\setupact.log 2015-01-21 15:26 - 2015-01-21 15:26 - 00000000 _____ () C:\Windows\setuperr.log 2015-01-20 15:19 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-20 15:19 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-20 15:19 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-20 15:19 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-20 15:19 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-20 15:19 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-20 15:19 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-20 15:19 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-20 15:19 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-20 15:19 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-20 15:19 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-20 15:19 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-20 15:19 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-19 21:24 - 2015-01-19 21:24 - 00000032 _____ () C:\Users\Susanne\AppData\Roaming\url.txt 2015-01-09 20:23 - 2015-01-09 20:23 - 00001861 _____ () C:\Users\Susanne\Desktop\UseNeXT by Tangysoft.lnk 2015-01-09 20:23 - 2015-01-09 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT 2014-12-25 15:25 - 2014-12-25 15:25 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-24 19:29 - 2014-04-09 03:27 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-24 19:22 - 2014-04-08 21:48 - 01479180 _____ () C:\Windows\WindowsUpdate.log 2015-01-24 19:15 - 2014-06-22 20:55 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-24 18:20 - 2014-04-09 07:38 - 00699342 _____ () C:\Windows\system32\perfh007.dat 2015-01-24 18:20 - 2014-04-09 07:38 - 00149450 _____ () C:\Windows\system32\perfc007.dat 2015-01-24 18:20 - 2009-07-14 06:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-24 17:45 - 2014-08-03 15:48 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{951FFD90-CAF6-4B86-859C-3479365B480C} 2015-01-24 17:44 - 2009-07-14 05:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-24 17:44 - 2009-07-14 05:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-24 17:37 - 2014-06-22 20:55 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-24 17:36 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-24 13:52 - 2014-08-27 20:54 - 00000000 ____D () C:\AdwCleaner 2015-01-24 09:47 - 2014-04-09 17:37 - 00000000 ____D () C:\Users\Susanne\AppData\Roaming\UseNeXT 2015-01-24 09:04 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2015-01-24 09:03 - 2014-04-09 03:24 - 00000000 ____D () C:\Users\Susanne\AppData\Local\Adobe 2015-01-22 19:29 - 2014-04-09 03:27 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-22 19:29 - 2014-04-09 03:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-22 19:29 - 2014-04-09 03:27 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-21 20:10 - 2014-04-08 22:16 - 00000000 ____D () C:\Users\Susanne 2015-01-20 20:47 - 2014-04-08 23:07 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-20 20:47 - 2014-04-08 23:07 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-20 15:11 - 2014-09-13 11:30 - 00000000 ____D () C:\Users\Susanne\AppData\Roaming\vlc 2015-01-20 15:11 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat 2015-01-20 15:10 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration 2015-01-14 16:24 - 2014-10-01 15:42 - 00103736 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2015-01-09 20:23 - 2014-04-09 17:37 - 00000000 ____D () C:\Program Files (x86)\UseNeXT 2015-01-09 19:34 - 2014-12-21 18:11 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-01-06 04:36 - 2014-04-08 22:59 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-12-29 13:04 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-12-28 18:11 - 2014-04-19 11:17 - 00000680 __RSH () C:\Users\Susanne\ntuser.pol 2014-12-28 15:10 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries ==================== Files in the root of some directories ======= 2014-09-29 17:09 - 2014-11-22 13:10 - 4518118 _____ () C:\Users\Susanne\AppData\Roaming\pb.zip 2015-01-19 21:24 - 2015-01-19 21:24 - 0000032 _____ () C:\Users\Susanne\AppData\Roaming\url.txt 2014-04-09 04:08 - 2014-04-09 04:08 - 0007599 _____ () C:\Users\Susanne\AppData\Local\Resmon.ResmonCfg 2010-09-16 00:41 - 2010-03-02 23:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe Some content of TEMP: ==================== C:\Users\Susanne\AppData\Local\Temp\Quarantine.exe C:\Users\Susanne\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-16 22:10 ==================== End Of Log ============================ --- --- --- --- --- --- Erst mal ganz herzlichen Dank, das war super.Mein Computer ist jetzt schnell wie der Blitz!!! Ich bin total begeistert von dem Forum! Schönen Samstag wünsch ich Dir noch. |
25.01.2015, 08:29 | #10 |
/// the machine /// TB-Ausbilder | ich habe ein defogger-disable Java und Chrome updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\HpUI.exe.vir C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader32.exe.vir C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader64.exe.vir C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe.vir C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\uninstall.exe.vir C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir C:\AdwCleaner\Quarantine\C\Windows\System32\ValueApps64.dll.vir C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\ValueApps.dll.vir C:\Config.Msi\256c2.rbf C:\Users\max.-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7JDA8WQS\Hay Day Hack Downloader__3687_i832534008_il2654227.exe C:\Users\max.-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7JDA8WQS\Hay_day_hack_2014\HayDayHack.exe C:\Users\max.-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TDD2RDWV\Hay Day Multihack__5160_i832509257_il356294.exe C:\Users\max.-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZJ8Z8TXG\Call-of-Duty_-Modern-Warfare-3-lnstall.exe C:\Users\max.-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZJ8Z8TXG\COMPUTER_BILD-Download-Manager_fuer_cod4mw-1.6-patchsetup.exe C:\Users\max.-PC\Desktop\Neuer Ordner\Download\Root My Android Pro.apk C:\Users\max.-PC\Desktop\Neuer Ordner\Download\Root My Android-1.apk C:\Users\max.-PC\Desktop\Neuer Ordner\Download\Root My Android-2.apk C:\Users\max.-PC\Desktop\Neuer Ordner\Download\Root My Android.apk C:\Users\max.-PC\Desktop\Neuer Ordner\Download\Superuser Elite Pro.apk C:\Users\max.-PC\Desktop\Neuer Ordner\Download\sx2372tas.apk C:\Users\max.-PC\Downloads\Hay_Day_Hack_2014.zip C:\Users\Susanne\Desktop\Downloads\World At Arms Hack Downloader__3687_i1405803658_il1306551.exe C:\Users\Susanne\Desktop\Downloads\World At Arms Hack Downloader__3687_i1405804447_il1306551.exe C:\Users\Susanne\Desktop\Neuer Ordner\COD4 PunkBuster Updater.exe C:\Users\Susanne\Desktop\Neuer Ordner\dll\COD4_PB_Updater.rar E:\Eigene Dokumente\UseNeXT\wizard\wizard\Mortdecai (2014) Repack DVDRip XviD - spR 01\Codec\Setup.exe E:\Software\FastStone_Image_Viewer_TSV250S8U.exe HKU\S-1-5-21-585539473-3794034934-2184753831-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:53752;https=127.0.0.1:53752 S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
25.01.2015, 20:25 | #11 |
| ich habe ein defogger-disableCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01 Ran by Susanne at 2015-01-25 13:18:19 Run:1 Running from C:\Users\Susanne\Desktop Loaded Profiles: Susanne (Available profiles: Susanne & max) Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\HpUI.exe.vir C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader32.exe.vir C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader64.exe.vir C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe.vir C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\uninstall.exe.vir C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir C:\AdwCleaner\Quarantine\C\Windows\System32\ValueApps64.dll.vir C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\ValueApps.dll.vir C:\Config.Msi\256c2.rbf C:\Users\max.-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7JDA8WQS\Hay Day Hack Downloader__3687_i832534008_il2654227.exe C:\Users\max.-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7JDA8WQS\Hay_day_hack_2014\HayDayHack.exe C:\Users\max.-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TDD2RDWV\Hay Day Multihack__5160_i832509257_il356294.exe C:\Users\max.-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZJ8Z8TXG\Call-of-Duty_-Modern-Warfare-3-lnstall.exe C:\Users\max.-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZJ8Z8TXG\COMPUTER_BILD-Download-Manager_fuer_cod4mw-1.6-patchsetup.exe C:\Users\max.-PC\Desktop\Neuer Ordner\Download\Root My Android Pro.apk C:\Users\max.-PC\Desktop\Neuer Ordner\Download\Root My Android-1.apk C:\Users\max.-PC\Desktop\Neuer Ordner\Download\Root My Android-2.apk C:\Users\max.-PC\Desktop\Neuer Ordner\Download\Root My Android.apk C:\Users\max.-PC\Desktop\Neuer Ordner\Download\Superuser Elite Pro.apk C:\Users\max.-PC\Desktop\Neuer Ordner\Download\sx2372tas.apk C:\Users\max.-PC\Downloads\Hay_Day_Hack_2014.zip C:\Users\Susanne\Desktop\Downloads\World At Arms Hack Downloader__3687_i1405803658_il1306551.exe C:\Users\Susanne\Desktop\Downloads\World At Arms Hack Downloader__3687_i1405804447_il1306551.exe C:\Users\Susanne\Desktop\Neuer Ordner\COD4 PunkBuster Updater.exe C:\Users\Susanne\Desktop\Neuer Ordner\dll\COD4_PB_Updater.rar E:\Eigene Dokumente\UseNeXT\wizard\wizard\Mortdecai (2014) Repack DVDRip XviD - spR 01\Codec\Setup.exe E:\Software\FastStone_Image_Viewer_TSV250S8U.exe HKU\S-1-5-21-585539473-3794034934-2184753831-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:53752;https=127.0.0.1:53752 S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ***************** C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir => Moved successfully. C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir => Moved successfully. C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\HpUI.exe.vir => Moved successfully. C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader32.exe.vir => Moved successfully. C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader64.exe.vir => Moved successfully. C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir => Moved successfully. C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir => Moved successfully. C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe.vir => Moved successfully. C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir => Moved successfully. C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\uninstall.exe.vir => Moved successfully. C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir => Moved successfully. C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir => Moved successfully. C:\AdwCleaner\Quarantine\C\Windows\System32\ValueApps64.dll.vir => Moved successfully. C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\ValueApps.dll.vir => Moved successfully. C:\Config.Msi\256c2.rbf => Moved successfully. C:\Users\max.-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7JDA8WQS\Hay Day Hack Downloader__3687_i832534008_il2654227.exe => Moved successfully. C:\Users\max.-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7JDA8WQS\Hay_day_hack_2014\HayDayHack.exe => Moved successfully. C:\Users\max.-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TDD2RDWV\Hay Day Multihack__5160_i832509257_il356294.exe => Moved successfully. C:\Users\max.-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZJ8Z8TXG\Call-of-Duty_-Modern-Warfare-3-lnstall.exe => Moved successfully. C:\Users\max.-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZJ8Z8TXG\COMPUTER_BILD-Download-Manager_fuer_cod4mw-1.6-patchsetup.exe => Moved successfully. C:\Users\max.-PC\Desktop\Neuer Ordner\Download\Root My Android Pro.apk => Moved successfully. C:\Users\max.-PC\Desktop\Neuer Ordner\Download\Root My Android-1.apk => Moved successfully. C:\Users\max.-PC\Desktop\Neuer Ordner\Download\Root My Android-2.apk => Moved successfully. C:\Users\max.-PC\Desktop\Neuer Ordner\Download\Root My Android.apk => Moved successfully. C:\Users\max.-PC\Desktop\Neuer Ordner\Download\Superuser Elite Pro.apk => Moved successfully. C:\Users\max.-PC\Desktop\Neuer Ordner\Download\sx2372tas.apk => Moved successfully. C:\Users\max.-PC\Downloads\Hay_Day_Hack_2014.zip => Moved successfully. "C:\Users\Susanne\Desktop\Downloads\World At Arms Hack Downloader__3687_i1405803658_il1306551.exe" => File/Directory not found. "C:\Users\Susanne\Desktop\Downloads\World At Arms Hack Downloader__3687_i1405804447_il1306551.exe" => File/Directory not found. C:\Users\Susanne\Desktop\Neuer Ordner\COD4 PunkBuster Updater.exe => Moved successfully. C:\Users\Susanne\Desktop\Neuer Ordner\dll\COD4_PB_Updater.rar => Moved successfully. Could not move "E:\Eigene Dokumente\UseNeXT\wizard\wizard\Mortdecai (2014) Repack DVDRip XviD - spR 01\Codec\Setup.exe" => Scheduled to move on reboot. E:\Software\FastStone_Image_Viewer_TSV250S8U.exe => Moved successfully. "HKU\S-1-5-21-585539473-3794034934-2184753831-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully. xhunter1 => Service deleted successfully. => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-01-25 13:21:16)<= "E:\Eigene Dokumente\UseNeXT\wizard\wizard\Mortdecai (2014) Repack DVDRip XviD - spR 01\Codec\Setup.exe" => File could not move. ==== End of Fixlog 13:21:19 ==== |
26.01.2015, 09:55 | #12 |
/// the machine /// TB-Ausbilder | ich habe ein defogger-disable Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu ich habe ein defogger-disable |
abgesicherte, abgesicherten, angemeldet, anleitung, autostart, computer, erhalte, erhalten, fehlermeldung, folge, folgende, gemeldet, guten, hintergrund, laptop, laufen, leitung, modus, schwer, spioniert, suse, systemwiederherstellung, troja, trojaner, verstehen |