|
Plagegeister aller Art und deren Bekämpfung: komische Musik wie Filmmusik im Hintergrund am PCWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
01.02.2015, 12:39 | #31 |
| komische Musik wie Filmmusik im Hintergrund am PC Ok, starte gleich. Hoffe, Geldverdienen war ok ;o)? |
01.02.2015, 12:46 | #32 |
/// TB-Ausbilder /// Anleitungs-Guru | komische Musik wie Filmmusik im Hintergrund am PC Naja, jobbe ja nicht an der Tanke, sondern das ist mein Hauptjob.
__________________
__________________ |
01.02.2015, 13:00 | #33 |
| Inhalt von FixlogCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015 Ran by Elisa at 2015-02-01 12:46:27 Run:1 Running from C:\Users\Elisa\Desktop Loaded Profiles: Elisa (Available profiles: Elisa) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Toolbar: HKU\S-1-5-21-2203958977-2909987201-2001847882-1000 -> No Name - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Extension: {7d701d07-c418-4e0e-95f8-b8fce4f85e56} - C:\Users\Elisa\AppData\Roaming\Mozilla\Firefox\Profiles\1cwqe510.default\Extensions\{7d701d07-c418-4e0e-95f8-b8fce4f85e56}.xpi [2015-01-12] FF Extension: No Name - C:\Users\Elisa\AppData\Roaming\Mozilla\Firefox\Profiles\1cwqe510.default\extensions\fftoolbar2014@etech.com [Not Found] FF Extension: No Name - C:\Users\Elisa\AppData\Roaming\Mozilla\Firefox\Profiles\1cwqe510.default\extensions\faststartff@gmail.com [Not Found] Task: {8A08535D-A8DF-4E9C-A3C0-03559E31B267} - System32\Tasks\1114tbUpdateInfo => C:\ProgramData\Avg_Update_1114tb\1114tb_{A58D2A0A-6877-4772-88A2-2EBDD2CC17CC}.exe [2014-11-09] () Task: {A4A8AA2A-311A-41F7-95B5-716936C45AB0} - System32\Tasks\{4A9674F1-46F2-4626-B1CA-6BBD9E1ECB59} => pcalua.exe -a C:\Users\Elisa\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=cvs Task: {A914A58F-2390-48C8-8621-8DA970C0A443} - System32\Tasks\0414cUpdateInfo => C:\ProgramData\Avg_Update_0414c\0414c_{309CBF7D-E57E-44DB-82F3-0BBC7E019CF0}.exe [2014-05-26] () Task: C:\Windows\Tasks\0414cUpdateInfo.job => C:\ProgramData\Avg_Update_0414c\0414c_{309CBF7D-E57E-44DB-82F3-0BBC7E019CF0}.exe Task: C:\Windows\Tasks\1114tbUpdateInfo.job => C:\ProgramData\Avg_Update_1114tb\1114tb_{A58D2A0A-6877-4772-88A2-2EBDD2CC17CC}.exe REG: reg delete "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f REG: reg add "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f CreateRestorePoint: EmptyTemp: ***************** Processes closed successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found. HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found. HKU\S-1-5-21-2203958977-2909987201-2001847882-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} => value deleted successfully. HKCR\CLSID\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} => Key not found. "HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully. C:\Users\Elisa\AppData\Roaming\Mozilla\Firefox\Profiles\1cwqe510.default\Extensions\{7d701d07-c418-4e0e-95f8-b8fce4f85e56}.xpi => Moved successfully. C:\Users\Elisa\AppData\Roaming\Mozilla\Firefox\Profiles\1cwqe510.default\extensions\fftoolbar2014@etech.com not found. C:\Users\Elisa\AppData\Roaming\Mozilla\Firefox\Profiles\1cwqe510.default\extensions\faststartff@gmail.com not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A08535D-A8DF-4E9C-A3C0-03559E31B267}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A08535D-A8DF-4E9C-A3C0-03559E31B267}" => Key deleted successfully. C:\Windows\System32\Tasks\1114tbUpdateInfo => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1114tbUpdateInfo" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A4A8AA2A-311A-41F7-95B5-716936C45AB0}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A4A8AA2A-311A-41F7-95B5-716936C45AB0}" => Key deleted successfully. C:\Windows\System32\Tasks\{4A9674F1-46F2-4626-B1CA-6BBD9E1ECB59} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4A9674F1-46F2-4626-B1CA-6BBD9E1ECB59}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A914A58F-2390-48C8-8621-8DA970C0A443}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A914A58F-2390-48C8-8621-8DA970C0A443}" => Key deleted successfully. C:\Windows\System32\Tasks\0414cUpdateInfo => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0414cUpdateInfo" => Key deleted successfully. C:\Windows\Tasks\0414cUpdateInfo.job => Moved successfully. C:\Windows\Tasks\1114tbUpdateInfo.job => Moved successfully. ========= reg delete "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f ========= Der Vorgang wurde erfolgreich beendet. ========= End of Reg: ========= ========= reg add "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f ========= Der Vorgang wurde erfolgreich beendet. ========= End of Reg: ========= Restore point was successfully created. EmptyTemp: => Removed 1002 MB temporary data. The system needed a reboot. ==== End of Fixlog 12:48:13 ==== FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015 Ran by Elisa (administrator) on ELISA-PC on 01-02-2015 12:58:24 Running from C:\Users\Elisa\Desktop Loaded Profiles: Elisa (Available profiles: Elisa) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () C:\Program Files (x86)\PHotkey\AsLdrSrv.exe () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe () C:\Program Files (x86)\watchmi\TvdService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe () C:\Program Files (x86)\PHotkey\PHotkey.exe () C:\Program Files (x86)\PHotkey\MsgTranAgt.exe () C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE () C:\Program Files (x86)\PHotkey\Atouch64.exe () C:\Program Files (x86)\PHotkey\PVDesktop.exe () C:\Program Files (x86)\PHotkey\PVDAgent.exe () C:\Program Files (x86)\PHotkey\POsd.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE (TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe (Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Program Files (x86)\watchmi\TvdTray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2884880 2012-02-23] (Synaptics Incorporated) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp HKLM\...\Run: [MedionReminder] => C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe [443688 2011-05-26] (CyberLink) HKLM\...\Run: [EPSON Stylus DX3800 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIACE.EXE [98304 2005-02-08] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-30] (Intel Corporation) HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-21] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-05] (Intel Corporation) HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-03] (CyberLink) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG) HKLM\...\RunOnce: [MedionReminder] => C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe [443688 2011-05-26] (CyberLink) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2203958977-2909987201-2001847882-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-11-03] (Google Inc.) HKU\S-1-5-21-2203958977-2909987201-2001847882-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILQE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-2203958977-2909987201-2001847882-1000\...\Run: [EPLTarget\P0000000000000002] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILQE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-2203958977-2909987201-2001847882-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1367360 2014-12-16] (Lavasoft) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk ShortcutTarget: watchmi tray.lnk -> C:\Windows\Installer\{F0559C5E-7912-4391-B1A0-6B975F0E5064}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe (Acresso Software Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:50126;https=127.0.0.1:50126 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2203958977-2909987201-2001847882-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COSP&ptag=D010815-AB747CC590BEC44CD91F&form=CONMHP&conlogo=CT3330962 BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: EpsonToolBandKicker Class -> {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} -> C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKU\S-1-5-21-2203958977-2909987201-2001847882-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Elisa\AppData\Roaming\Mozilla\Firefox\Profiles\1cwqe510.default FF Homepage: hxxp://www.bing.com/?pc=COSP&ptag=D010815-AB747CC590BEC44CD91F&form=CONMHP&conlogo=CT3330962 FF NetworkProxy: "type", 5 FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Avira Browser Safety - C:\Users\Elisa\AppData\Roaming\Mozilla\Firefox\Profiles\1cwqe510.default\Extensions\abs@avira.com [2015-01-06] FF Extension: No Name - C:\Users\Elisa\AppData\Roaming\Mozilla\Firefox\Profiles\1cwqe510.default\extensions\fftoolbar2014@etech.com [Not Found] FF Extension: No Name - C:\Users\Elisa\AppData\Roaming\Mozilla\Firefox\Profiles\1cwqe510.default\extensions\faststartff@gmail.com [Not Found] Chrome: ======= CHR Profile: C:\Users\Elisa\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Elisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-31] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Elisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07] CHR Extension: (Google Wallet) - C:\Users\Elisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [807672 2014-11-24] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-11-24] (Avira Operations GmbH & Co. KG) R2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2009-12-18] () R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG) R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation) R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON CORPORATION) R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [156672 2011-10-13] () [File not signed] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation) R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe [1351512 2014-12-16] (Lavasoft Limited) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [15208 2014-12-16] () R2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [70144 2012-01-31] () [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-14] (AVG Technologies) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-11-24] (Avira Operations GmbH & Co. KG) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-01] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-01 12:44 - 2015-02-01 12:44 - 00000000 ____D () C:\Users\Elisa\Desktop\FRST-OlderVersion 2015-01-31 19:22 - 2015-01-31 19:22 - 02347384 _____ (ESET) C:\Users\Elisa\Desktop\esetsmartinstaller_deu.exe 2015-01-31 18:27 - 2015-02-01 12:52 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-31 18:27 - 2015-01-31 18:27 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-31 18:27 - 2015-01-31 18:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-31 18:27 - 2015-01-31 18:27 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-31 18:27 - 2015-01-31 18:27 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-31 18:27 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-31 18:27 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-31 18:27 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-01-31 18:26 - 2015-01-31 18:26 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Elisa\Downloads\mbam-setup-2.0.4.1028.exe 2015-01-31 18:24 - 2015-01-31 18:24 - 04917720 _____ (WinZip International LLC ) C:\Users\Elisa\Downloads\wzmp_8.exe 2015-01-31 18:11 - 2015-02-01 12:49 - 00003216 _____ () C:\Windows\PFRO.log 2015-01-31 18:08 - 2015-01-31 18:10 - 00000000 ____D () C:\AdwCleaner 2015-01-31 18:08 - 2015-01-31 18:08 - 02194432 _____ () C:\Users\Elisa\Desktop\AdwCleaner_4.109.exe 2015-01-31 18:03 - 2015-01-31 18:03 - 00000000 ____D () C:\Users\Elisa\Desktop\RevoUninstallerPortable 2015-01-31 18:01 - 2015-01-31 18:01 - 02785665 _____ (PortableApps.com) C:\Users\Elisa\Desktop\RevoUninstallerPortable_1.95_Rev_2.paf.exe 2015-01-31 17:21 - 2015-01-31 19:05 - 00067125 _____ () C:\Users\Elisa\Desktop\Addition.txt 2015-01-31 17:20 - 2015-02-01 12:58 - 00020245 _____ () C:\Users\Elisa\Desktop\FRST.txt 2015-01-31 17:20 - 2015-02-01 12:58 - 00000000 ____D () C:\FRST 2015-01-31 17:19 - 2015-02-01 12:44 - 02131456 _____ (Farbar) C:\Users\Elisa\Desktop\FRST64.exe 2015-01-31 13:18 - 2015-01-31 13:18 - 03458272 _____ (tuneuppro.com ) C:\Users\Elisa\Downloads\tuppsetup_2005.exe 2015-01-30 15:16 - 2015-01-30 15:16 - 00000000 ____D () C:\Users\Elisa\Arbeit 2015-01-29 20:19 - 2015-01-29 20:19 - 00000000 ____D () C:\Users\Elisa\Drucker 2015-01-29 20:16 - 2015-01-29 20:16 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk 2015-01-25 17:38 - 2015-01-25 17:38 - 03539632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2015-01-25 12:44 - 2015-01-25 14:41 - 00000000 ____D () C:\Users\Elisa\Sport 2015-01-25 12:29 - 2015-01-25 12:29 - 00212992 _____ () C:\Users\Elisa\Downloads\Trainingsdaten_Elisa.xls 2015-01-25 12:08 - 2015-02-01 12:50 - 00001523 _____ () C:\Windows\setupact.log 2015-01-25 12:08 - 2015-01-25 12:08 - 00000000 _____ () C:\Windows\setuperr.log 2015-01-24 23:22 - 2015-01-24 23:31 - 00000000 ____D () C:\Users\Elisa\AppData\Local\AviraSpeedup 2015-01-19 18:16 - 2015-01-19 18:16 - 00001243 _____ () C:\Users\Public\Desktop\Avira System Speedup.lnk 2015-01-14 20:49 - 2015-02-01 12:53 - 00000000 ____D () C:\Users\Elisa\Documents\Youcam 2015-01-14 17:25 - 2015-01-14 17:25 - 00000000 ____D () C:\Users\Public\Documents\CyberLink 2015-01-14 12:19 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 12:19 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 12:19 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-14 12:19 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-14 12:19 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-14 12:19 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-14 12:19 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-14 12:19 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-14 12:19 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-14 12:19 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 12:19 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 12:19 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-14 12:19 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-10 16:46 - 2015-01-10 16:46 - 00022813 _____ () C:\Users\Elisa\Downloads\pdfPrint (6) 2015-01-10 16:46 - 2015-01-10 16:46 - 00022811 _____ () C:\Users\Elisa\Downloads\pdfPrint (7) 2015-01-10 16:44 - 2015-01-10 16:44 - 00022818 _____ () C:\Users\Elisa\Downloads\pdfPrint (5) 2015-01-10 16:38 - 2015-01-10 16:38 - 00022996 _____ () C:\Users\Elisa\Downloads\pdfPrint (4) 2015-01-10 16:09 - 2015-01-10 16:09 - 00023080 _____ () C:\Users\Elisa\Downloads\pdfPrint (3) 2015-01-10 15:58 - 2015-01-10 15:58 - 00023081 _____ () C:\Users\Elisa\Downloads\pdfPrint (2) 2015-01-10 15:06 - 2015-01-10 15:06 - 00022519 _____ () C:\Users\Elisa\Downloads\pdfPrint (1) 2015-01-10 14:52 - 2015-01-12 22:12 - 00000000 ____D () C:\Users\Elisa\Autos 2015-01-10 14:52 - 2015-01-10 14:52 - 00023070 _____ () C:\Users\Elisa\Downloads\pdfPrint 2015-01-08 09:26 - 2015-01-08 09:27 - 00000000 ____D () C:\Users\Elisa\AppData\Local\Lavasoft 2015-01-08 09:26 - 2015-01-08 09:26 - 00004688 _____ () C:\Windows\SysWOW64\LavasoftTcpService.ini 2015-01-08 09:26 - 2015-01-08 09:26 - 00002520 _____ () C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini 2015-01-08 09:26 - 2015-01-08 09:26 - 00002520 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini 2015-01-08 09:26 - 2015-01-08 09:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2015-01-08 09:26 - 2015-01-08 09:26 - 00000000 ____D () C:\Program Files (x86)\Lavasoft 2015-01-08 09:26 - 2014-12-16 12:10 - 00358736 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll 2015-01-08 09:26 - 2014-12-16 12:10 - 00312424 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll 2015-01-08 09:25 - 2015-01-08 09:25 - 00000000 ____D () C:\Users\Elisa\AppData\Roaming\Lavasoft 2015-01-08 09:25 - 2015-01-08 09:25 - 00000000 ____D () C:\ProgramData\Lavasoft 2015-01-07 07:32 - 2015-01-19 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup 2015-01-07 07:31 - 2015-01-19 18:14 - 00003364 _____ () C:\Windows\System32\Tasks\AviraSpeedup 2015-01-07 07:21 - 2015-01-07 07:21 - 04549888 _____ (Avira Operations & Co. KG) C:\Users\Elisa\Downloads\avira_de_issu_3007254828_ef2hsdpc5wafwgaqc14z_wd(1).exe 2015-01-06 10:04 - 2015-01-06 10:04 - 00000000 ____D () C:\Users\Elisa\AppData\Roaming\dlg 2015-01-06 09:36 - 2015-01-06 09:36 - 00000000 ____D () C:\Users\Elisa\AppData\Roaming\Bildverkleinerer 2015-01-06 09:35 - 2015-01-06 09:35 - 00000000 ____D () C:\Users\Elisa\Documents\verkleinert 2015-01-06 09:31 - 2015-01-06 09:31 - 00000000 ____D () C:\Program Files (x86)\SparPilot 2015-01-06 09:12 - 2015-01-06 09:12 - 00000000 ____D () C:\Users\Elisa\AppData\Roaming\Avira 2015-01-06 09:06 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-01-06 09:06 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-01-06 09:06 - 2014-11-24 10:23 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2015-01-06 09:06 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2015-01-06 09:03 - 2015-01-29 20:16 - 00000000 ____D () C:\ProgramData\Package Cache 2015-01-06 09:03 - 2015-01-29 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-01-06 09:03 - 2015-01-29 20:16 - 00000000 ____D () C:\Program Files (x86)\Avira 2015-01-06 09:02 - 2015-01-06 09:02 - 04549888 _____ (Avira Operations & Co. KG) C:\Users\Elisa\Downloads\avira_de_av_5763853064__ws.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-01 12:58 - 2009-07-14 05:45 - 00024800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-01 12:58 - 2009-07-14 05:45 - 00024800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-01 12:50 - 2012-11-03 17:49 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-01 12:50 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-01 12:49 - 2012-11-03 18:44 - 01918074 _____ () C:\Windows\WindowsUpdate.log 2015-02-01 12:42 - 2014-07-20 12:42 - 00000911 _____ () C:\Windows\Tasks\EPSON XP-610 Series Update {8B18E676-8E3E-49EA-834E-2422990204B8}.job 2015-02-01 12:42 - 2014-07-20 12:42 - 00000725 _____ () C:\Windows\Tasks\EPSON XP-610 Series Invitation {8B18E676-8E3E-49EA-834E-2422990204B8}.job 2015-02-01 12:39 - 2012-11-03 17:49 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-01 12:38 - 2014-12-21 20:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-01 12:05 - 2014-07-20 12:05 - 00000911 _____ () C:\Windows\Tasks\EPSON XP-610 Series Update {E9F9B998-B11A-4B8D-9D42-891052B80D54}.job 2015-02-01 12:05 - 2014-07-20 12:05 - 00000725 _____ () C:\Windows\Tasks\EPSON XP-610 Series Invitation {E9F9B998-B11A-4B8D-9D42-891052B80D54}.job 2015-02-01 10:11 - 2011-05-16 15:04 - 00700134 _____ () C:\Windows\system32\perfh007.dat 2015-02-01 10:11 - 2011-05-16 15:04 - 00149984 _____ () C:\Windows\system32\perfc007.dat 2015-02-01 10:11 - 2009-07-14 06:13 - 01622300 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-31 22:12 - 2014-09-07 11:18 - 00000000 ____D () C:\Users\Elisa\Rezepte 2015-01-31 22:11 - 2014-05-26 06:14 - 00000000 ____D () C:\Elisa 2015-01-31 18:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Branding 2015-01-31 18:11 - 2014-03-23 10:13 - 00000000 ____D () C:\Users\Elisa\AppData\Local\AVG SafeGuard toolbar 2015-01-31 18:10 - 2014-12-17 17:04 - 00001069 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-01-31 18:10 - 2014-12-17 17:04 - 00001057 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-01-31 18:10 - 2013-03-19 20:42 - 00000000 ____D () C:\Users\Elisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-01-31 18:10 - 2012-11-03 17:55 - 00000999 _____ () C:\Users\Elisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-01-31 18:10 - 2012-11-03 17:50 - 00001296 _____ () C:\Users\Public\Desktop\MEDION Serviceportal.lnk 2015-01-31 18:10 - 2012-11-03 17:50 - 00001294 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2015-01-31 18:10 - 2012-11-03 17:49 - 00001286 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-01-31 14:10 - 2014-09-16 21:37 - 00000000 ____D () C:\Users\Elisa\AppData\Local\CrashDumps 2015-01-31 13:02 - 2014-05-11 16:44 - 00000000 ____D () C:\Users\Elisa\Documents\Ebay 2015-01-30 15:41 - 2012-11-03 18:09 - 00000000 ____D () C:\Users\Elisa\AppData\Roaming\SoftGrid Client 2015-01-30 15:16 - 2012-11-03 17:54 - 00000000 ____D () C:\Users\Elisa 2015-01-30 15:15 - 2014-12-17 17:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-30 15:15 - 2014-12-17 17:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-28 20:53 - 2014-07-27 21:44 - 00000000 ____D () C:\Users\Elisa\AppData\Roaming\Epson 2015-01-28 20:31 - 2013-05-26 12:34 - 00119296 ___SH () C:\Users\Elisa\Thumbs.db 2015-01-28 18:15 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-25 17:38 - 2014-12-21 20:33 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-25 17:38 - 2013-07-04 20:21 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-25 17:38 - 2011-12-01 22:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-15 17:54 - 2014-09-08 20:17 - 00000000 ____D () C:\Users\Elisa\Documents\Urlaub 2015-01-14 12:30 - 2013-08-11 21:01 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-14 12:24 - 2011-07-18 21:31 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-12 22:13 - 2014-08-24 13:03 - 00000000 ____D () C:\Users\Elisa\Documents\MTBs 29er 2015-01-12 12:50 - 2014-09-21 21:46 - 00000000 ____D () C:\Users\Elisa\Documents\MTB 2015-01-07 17:57 - 2012-11-03 17:56 - 00061216 _____ () C:\Users\Elisa\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-07 17:13 - 2009-07-14 05:45 - 00272248 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-01-07 07:40 - 2013-12-15 12:21 - 00000000 ____D () C:\Windows\Minidump 2015-01-06 12:31 - 2014-03-22 21:20 - 00000000 ____D () C:\ProgramData\Norton 2015-01-06 09:06 - 2014-03-01 20:15 - 00000000 ____D () C:\ProgramData\Avira ==================== Files in the root of some directories ======= 2012-11-06 20:21 - 2012-11-06 20:21 - 6839611 _____ () C:\Program Files\epson324794eu (1).zip 2012-11-05 10:37 - 2012-11-06 20:22 - 6858240 _____ () C:\Program Files\epson324794eu.exe 2012-11-06 20:20 - 2012-11-06 20:21 - 0000022 _____ () C:\Program Files\epson324794eu.zip 2001-08-23 18:25 - 2001-08-23 18:25 - 1706800 _____ (Microsoft Corporation) C:\Program Files\gdiplus.dll 2004-11-05 20:00 - 2004-11-05 20:00 - 0557056 _____ (WisePixel Multimedia) C:\Program Files\HandySnap.exe 2004-11-05 19:19 - 2004-11-05 19:19 - 0040960 _____ () C:\Program Files\hsnapkbd.dll 2004-11-05 19:50 - 2004-11-05 19:50 - 0003494 _____ () C:\Program Files\readme.txt 2006-01-03 21:32 - 2006-01-03 21:32 - 0007693 _____ () C:\Program Files\unins000.dat 2003-11-28 07:00 - 2003-11-28 07:00 - 0075922 _____ (Jordan Russell) C:\Program Files\unins000.exe 2014-03-09 21:13 - 2014-11-17 06:12 - 0000143 _____ () C:\Users\Elisa\AppData\Roaming\WB.CFG 2012-11-03 18:29 - 2012-11-03 18:29 - 0017408 _____ () C:\Users\Elisa\AppData\Local\WebpageIcons.db Some content of TEMP: ==================== C:\Users\Elisa\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-24 19:08 ==================== End Of Log ============================ --- --- --- --- --- --- Und das war nun der Inhalt von dem txt nach dem Scan von FRST, welchen ich nach dem Neustart machen sollte. |
01.02.2015, 13:09 | #34 | |
/// TB-Ausbilder /// Anleitungs-Guru | komische Musik wie Filmmusik im Hintergrund am PC OK! Die bitte deinstallieren: Zitat:
Cleanup: Alle Logs gepostet? Ja! Dann lade Dir bitte DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. >>clean<< Wir haben es geschafft! Die Logs sehen für mich im Moment sauber aus. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen. Es bleibt mir nur noch, Dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. Wie kann ich mich in Zukunft besser schützen? Tipps, Dos & Don'ts Updates & Software
Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Firewall, Antivirus & Co.
Cracks, Downloads & Co. Neben unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch dubioser Websites kann bereits Risiken bergen. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten. Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher und beliebter Weg um Malware zu verbreiten. Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kann man nie sicher sein, ob auch wirklich drin ist, was drauf steht. (Trojanisches Pferd^^)
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden zu verleiten, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Abschließend noch ein paar grundsätzliche Bemerkungen:
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
01.02.2015, 13:26 | #35 |
| komische Musik wie Filmmusik im Hintergrund am PC So, alles erledigt und das war es jetzt und du weißt echt durch diese ganzen Files, die ich dir geschickt habe, das nun alles sauber ist??? Das wäre ja genial? |
01.02.2015, 13:35 | #36 |
/// TB-Ausbilder /// Anleitungs-Guru | komische Musik wie Filmmusik im Hintergrund am PC Ja, so ist es.
__________________ --> komische Musik wie Filmmusik im Hintergrund am PC |
01.02.2015, 13:37 | #37 |
| komische Musik wie Filmmusik im Hintergrund am PC Ja super und ich kann wieder sicher alles mit machen, auch Online Banking etc. Wenn ich für euch spende, kommt das Geld denn dann auch bei dir? Ist dir das egal, oder soll ich dir eine Kleinigkeit überweisen? Würde ich schon gerne machen, denn das war echt super. |
01.02.2015, 13:43 | #38 | |
/// TB-Ausbilder /// Anleitungs-Guru | komische Musik wie Filmmusik im Hintergrund am PCZitat:
Wenn Du möchtest, kannst Du gerne das Trojaner-Board mit einer Spende unterstützen. Wir sind ein Team und es kommt alles in einen Topf. Gibt ja auch Kosten usw. Kannst uns auch gerne weiterempfehlen!
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
01.02.2015, 13:51 | #39 |
| komische Musik wie Filmmusik im Hintergrund am PC Viele Dank, dir auch weiterhin alles Gute und einen erholsamen Sonntag! VLG |
01.02.2015, 13:56 | #40 |
/// TB-Ausbilder /// Anleitungs-Guru | komische Musik wie Filmmusik im Hintergrund am PC Danke! Und wenn was ist, meldest Dich einfach!
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
01.02.2015, 14:17 | #41 |
| komische Musik wie Filmmusik im Hintergrund am PC Mache ich, vielen Dank. Haben grad schon ne kleine Spende für euch gemacht ) |
01.02.2015, 14:22 | #42 | |
/// TB-Ausbilder /// Anleitungs-Guru | komische Musik wie Filmmusik im Hintergrund am PCZitat:
Vielen Dank!
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
Themen zu komische Musik wie Filmmusik im Hintergrund am PC |
arbeitet, avira, film, filmmusik, freue, hintergrund, hochgefahren, immer wieder, inter, interne, internet, komische, laptop, merkwürdige, merkwürdige werbung, musik, nichts, rückmeldung, tritt, troja, trojaner, trotz, version, wahrscheinlich, woche, wochen, würde |