![]() |
|
Plagegeister aller Art und deren Bekämpfung: auch von Positive Finds ad betroffenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() |
|
![]() | #1 |
| ![]() auch von Positive Finds ad betroffen Hallo, und guten Abend. Seit heute morgen habe ich starke Probleme mit meinem Laptop. Ich habe Windows 7 64Bit Im Chrome als auch im Internet Explorer poppen ueberall Werbe Anzeigen auf, Ich kann garnicht mehr im internet surfen, wenn ich auf links klicke kommen komplett andere seiten, teilweise tut sich garnichts, zusätzlich kommen bis zu 2 neue Tabs mit werbung, und auf jeder seite fährt Werbung aus den seiten, teilweise kommen auch videos von unten hoch gefahren.. habe sämtliche antivir programme laufen lassen, kein erfolg. ich hoffe mir kann jemand helfen? Geändert von testkandidat (11.02.2015 um 22:30 Uhr) |
![]() | #2 |
/// TB-Ausbilder /// Anleitungs-Guru ![]() ![]() ![]() ![]() ![]() | ![]() auch von Positive Finds ad betroffen![]() Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das... ![]()
![]() Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean ![]() Los geht's: Schritt 1 ![]() ![]() Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: ![]() (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
![]() Lesestoff Posten in CODE-Tags: So gehts... Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
![]()
__________________ |
![]() | #3 |
| ![]() auch von Positive Finds ad betroffen FRST Logfile:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 02 Ran by Micha (administrator) on MICHA-PC on 11-02-2015 22:33:20 Running from C:\Users\Micha\Desktop Loaded Profiles: UpdatusUser & Micha (Available profiles: UpdatusUser & Micha) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2011-01-05] (Acer Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.) HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [266496 2011-06-17] (NewTech Infosystems, Inc.) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-01-14] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG) HKLM\...\RunOnce: [ETDUnst] => RUNDLL32.EXE C:\Windows\ETDUninst.dll, ETD_DeleteFile Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-21-3768329959-137400028-1920496046-1000\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default HKU\S-1-5-21-3768329959-137400028-1920496046-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [247768 2012-12-05] (TomTom) HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [241984 2011-11-26] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [203072 2011-11-26] (NVIDIA Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3768329959-137400028-1920496046-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3768329959-137400028-1920496046-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3768329959-137400028-1920496046-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: 127.0.0.1 secure.tune-up.com Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\Micha\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06] CHR Extension: (Avira Browserschutz) - C:\Users\Micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-07] CHR Extension: (Premiumize.me) - C:\Users\Micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\lojbjecfjcnaledoelddkcjlifhhfebm [2014-07-01] CHR Extension: (Google Wallet) - C:\Users\Micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S3 de_serv; C:\Program Files (x86)\Common Files\AVM\de_serv.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-15] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-15] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-11] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] () ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-11 22:33 - 2015-02-11 22:33 - 00013950 _____ () C:\Users\Micha\Desktop\FRST.txt 2015-02-11 22:21 - 2015-02-11 22:33 - 00000000 ____D () C:\FRST 2015-02-11 22:20 - 2015-02-11 22:20 - 02134016 _____ (Farbar) C:\Users\Micha\Desktop\FRST64.exe 2015-02-11 21:21 - 2010-02-03 07:03 - 00249736 _____ (ELAN Microelectronic Corp.) C:\Windows\ETDUninst.dll 2015-02-11 09:58 - 2015-02-11 22:14 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-11 09:57 - 2015-02-11 09:57 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-11 09:57 - 2015-02-11 09:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-11 09:57 - 2015-02-11 09:57 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-11 09:57 - 2015-02-11 09:57 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-02-11 09:57 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-02-11 09:57 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-02-11 09:57 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-02-11 09:53 - 2015-02-11 10:01 - 00000000 ____D () C:\AdwCleaner 2015-02-11 09:36 - 2015-02-11 09:36 - 00001757 _____ () C:\Users\Public\Desktop\iTunes.lnk 2015-02-11 09:36 - 2015-02-11 09:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-02-11 09:36 - 2015-02-11 09:36 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-02-11 09:36 - 2015-02-11 09:36 - 00000000 ____D () C:\Program Files\iTunes 2015-02-11 09:36 - 2015-02-11 09:36 - 00000000 ____D () C:\Program Files\iPod 2015-02-11 09:36 - 2015-02-11 09:36 - 00000000 ____D () C:\Program Files (x86)\iTunes 2015-02-08 14:47 - 2015-02-08 14:47 - 00000000 ____D () C:\Users\Micha\AppData\Roaming\BackupTrans 2015-02-01 19:31 - 2015-02-01 19:31 - 00001966 _____ () C:\Users\Public\Desktop\Samsung Kies (Lite).lnk 2015-02-01 19:31 - 2015-02-01 19:31 - 00001956 _____ () C:\Users\Public\Desktop\Samsung Kies.lnk 2015-02-01 19:30 - 2015-02-01 19:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2015-02-01 19:20 - 2015-02-01 19:25 - 00000000 ____D () C:\Users\Micha\AppData\Roaming\Samsung 2015-02-01 19:20 - 2015-02-01 19:20 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log 2015-02-01 19:20 - 2015-02-01 19:20 - 00000000 ____D () C:\Users\Micha\AppData\Local\Samsung 2015-02-01 19:16 - 2015-02-01 19:16 - 00000000 ____D () C:\Users\Micha\Documents\samsung 2015-02-01 19:16 - 2014-10-13 06:57 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys 2015-02-01 19:16 - 2014-10-13 06:57 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys 2015-02-01 19:15 - 2013-12-30 10:53 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll 2015-02-01 19:15 - 2013-12-30 10:53 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll 2015-02-01 19:14 - 2015-02-01 19:29 - 00000000 ____D () C:\ProgramData\Samsung 2015-02-01 19:14 - 2015-02-01 19:29 - 00000000 ____D () C:\Program Files (x86)\Samsung 2015-01-30 16:02 - 2015-01-30 16:02 - 00000000 ____D () C:\Users\Micha\AppData\Local\sabnzbd 2015-01-30 16:01 - 2015-02-11 21:21 - 00000000 ____D () C:\Program Files (x86)\SABnzbd 2015-01-14 10:10 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 10:10 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 10:10 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-14 10:10 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-14 10:10 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-14 10:10 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-14 10:10 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-14 10:10 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-14 10:10 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-14 10:10 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 10:10 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 10:10 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-14 10:10 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-11 22:27 - 2013-01-10 22:24 - 00000000 ____D () C:\Users\Micha\Desktop\Neu 2015-02-11 22:24 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-11 22:24 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-11 22:19 - 2013-01-10 20:23 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-11 22:13 - 2013-01-11 10:33 - 00000000 ____D () C:\Users\Micha\AppData\Roaming\vlc 2015-02-11 21:34 - 2012-07-17 15:02 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-02-11 21:34 - 2012-07-17 15:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-11 21:21 - 2013-01-08 16:23 - 00000000 ____D () C:\Program Files\Elantech 2015-02-11 21:18 - 2013-01-08 16:01 - 01056319 _____ () C:\Windows\WindowsUpdate.log 2015-02-11 21:12 - 2013-01-10 20:23 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-11 21:12 - 2010-11-21 04:47 - 00202906 _____ () C:\Windows\PFRO.log 2015-02-11 21:12 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-11 21:12 - 2009-07-14 05:51 - 00130726 _____ () C:\Windows\setupact.log 2015-02-11 11:17 - 2013-01-10 13:34 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2013 2015-02-11 09:36 - 2014-09-21 11:15 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2015-02-11 09:36 - 2013-01-17 18:44 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-02-11 09:24 - 2014-11-06 10:49 - 00000000 ____D () C:\ProgramData\Package Cache 2015-02-11 09:24 - 2013-01-10 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-02-11 09:24 - 2013-01-10 20:43 - 00000000 ____D () C:\Program Files (x86)\Avira 2015-02-08 14:22 - 2009-07-14 05:45 - 00269296 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-02-08 11:13 - 2013-01-10 12:22 - 00058880 _____ () C:\Users\Micha\AppData\Local\GDIPFONTCACHEV1.DAT 2015-02-07 09:20 - 2013-01-10 20:24 - 00002139 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-02-07 09:14 - 2013-01-10 20:23 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-07 09:14 - 2013-01-10 20:23 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-02-01 19:30 - 2012-07-17 14:40 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-02-01 19:12 - 2013-01-30 17:22 - 00000000 ____D () C:\Users\Micha\AppData\Local\Downloaded Installations 2015-01-30 19:44 - 2013-08-19 08:56 - 00000000 ____D () C:\Users\Micha\Desktop\newnigmasim2_mp richtig 2015-01-24 10:06 - 2013-01-09 00:55 - 00699440 _____ () C:\Windows\system32\perfh007.dat 2015-01-24 10:06 - 2013-01-09 00:55 - 00149548 _____ () C:\Windows\system32\perfc007.dat 2015-01-24 10:06 - 2009-07-14 06:13 - 01619700 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-24 09:55 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT ==================== Files in the root of some directories ======= 2012-12-22 07:13 - 2012-12-22 07:13 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll 2014-10-22 09:55 - 2014-10-22 09:55 - 0000000 _____ () C:\Users\Micha\AppData\Local\{FFD9C439-04FD-4C92-A74E-8C8B4ADCB47F} Some content of TEMP: ==================== C:\Users\Micha\AppData\Local\Temp\AskSLib.dll C:\Users\Micha\AppData\Local\Temp\avgnt.exe C:\Users\Micha\AppData\Local\Temp\mpsetup.exe C:\Users\Micha\AppData\Local\Temp\Quarantine.exe C:\Users\Micha\AppData\Local\Temp\sqlite3.dll C:\Users\Micha\AppData\Local\Temp\vlc-2.0.8-win64.exe C:\Users\Micha\AppData\Local\Temp\vlc-2.1.5-win64.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-11 14:36 ==================== End Of Log ============================ --- --- --- FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-02-2015 02 Ran by Micha at 2015-02-11 22:33:43 Running from C:\Users\Micha\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.72 - NewTech Infosystems) Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.) Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3009 - Acer Incorporated) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3500 - Acer) Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3506 - Acer Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated) Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.2.202.222 - Adobe Systems Incorporated) Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated) Apple Application Support (32-Bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Avira (HKLM-x32\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG) Avira (x32 Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira) Backup Manager Basic (x32 Version: 2.0.0.72 - NewTech Infosystems) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Bouquet Wizard (HKLM-x32\...\BouquetWizard) (Version: - ) Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden dreamboxEDIT -- The one and only settings editor for your Dreambox (HKLM-x32\...\dreamboxEDIT) (Version: - ) Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation) iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.) Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.) Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MixPad Audiodatei-Mixer (HKLM-x32\...\MixPad) (Version: 3.37 - NCH Software) NVIDIA Grafiktreiber 285.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 285.90 - NVIDIA Corporation) NVIDIA PhysX (HKLM-x32\...\{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}) (Version: 9.10.0514 - NVIDIA Corporation) Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.) Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15013.18 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.6.3.15013.18 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) TomTom HOME (HKLM-x32\...\{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}) (Version: 2.9.3 - Ihr Firmenname) Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH) Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel) VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN) WavePad Audio-Editor (HKLM-x32\...\WavePad) (Version: 5.58 - NCH Software) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH) Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 11-02-2015 14:43:21 Geplanter Prüfpunkt ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2013-01-10 13:37 - 00000854 __RAH C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 secure.tune-up.com ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {13F02234-34BD-4204-A6AE-5CB27505867A} - \SidebarExecute No Task File <==== ATTENTION Task: {2625AFAC-3DE2-4513-81A4-594E92BDDA40} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-17] (Adobe Systems Incorporated) Task: {3C9B04F1-AE0B-498A-A056-95855A23908B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {698615E9-A4A1-4BEB-AA75-0EF51CD3AD3F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {79714FDD-3CA3-40E1-9E9E-8DE056E471C1} - System32\Tasks\{DE2FFD91-8868-4BC7-9712-1516F6D97A01} => pcalua.exe -a E:\Setup.exe -d E:\ Task: {9F0A159C-C983-4F5D-8427-62F760C4CB5E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-10] (Google Inc.) Task: {B5844C66-2DB5-4ABC-9C4F-04902521EDF5} - System32\Tasks\{B2A7CEC1-C109-40CF-8204-7290DEEC8B67} => C:\Program Files (x86)\Muuta Streaming Server\muuta.exe [2009-10-25] () Task: {BA2ECED3-E7DF-499E-9D4A-A01146A5B1B8} - System32\Tasks\{D6665DF0-4FF7-4C85-BE0D-3D021159E46E} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\FRITZ!DSL\StCenter.exe" Task: {BF833759-1924-4932-834B-012F11309E98} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-07] (Acer Incorporated) Task: {FB80E02F-ED00-4A0E-BC87-AAA457FDF0D8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-10] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2013-01-10 13:22 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll 2010-12-22 18:22 - 2010-12-22 18:22 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll 2010-12-22 18:10 - 2010-12-22 18:10 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll 2015-02-07 09:20 - 2015-02-04 10:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll 2014-10-15 17:13 - 2014-10-15 17:13 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\89753abff3827095ec7f3d3fb79f744a\IsdiInterop.ni.dll 2013-01-08 16:11 - 2010-04-13 09:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2015-02-07 09:20 - 2015-02-04 10:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll 2015-02-07 09:20 - 2015-02-04 10:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll 2015-02-07 09:20 - 2015-02-04 10:02 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3768329959-137400028-1920496046-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.178.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-3768329959-137400028-1920496046-500 - Administrator - Disabled) Gast (S-1-5-21-3768329959-137400028-1920496046-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3768329959-137400028-1920496046-1003 - Limited - Enabled) Micha (S-1-5-21-3768329959-137400028-1920496046-1001 - Administrator - Enabled) => C:\Users\Micha UpdatusUser (S-1-5-21-3768329959-137400028-1920496046-1000 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/11/2015 10:13:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000004e4e4 ID des fehlerhaften Prozesses: 0xec8 Startzeit der fehlerhaften Anwendung: 0xvlc.exe0 Pfad der fehlerhaften Anwendung: vlc.exe1 Pfad des fehlerhaften Moduls: vlc.exe2 Berichtskennung: vlc.exe3 Error: (02/11/2015 10:10:54 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000004e4e4 ID des fehlerhaften Prozesses: 0x1d4 Startzeit der fehlerhaften Anwendung: 0xvlc.exe0 Pfad der fehlerhaften Anwendung: vlc.exe1 Pfad des fehlerhaften Moduls: vlc.exe2 Berichtskennung: vlc.exe3 Error: (02/11/2015 10:08:50 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000004e4e4 ID des fehlerhaften Prozesses: 0xb4c Startzeit der fehlerhaften Anwendung: 0xvlc.exe0 Pfad der fehlerhaften Anwendung: vlc.exe1 Pfad des fehlerhaften Moduls: vlc.exe2 Berichtskennung: vlc.exe3 Error: (02/11/2015 10:06:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000004e4e4 ID des fehlerhaften Prozesses: 0xb78 Startzeit der fehlerhaften Anwendung: 0xvlc.exe0 Pfad der fehlerhaften Anwendung: vlc.exe1 Pfad des fehlerhaften Moduls: vlc.exe2 Berichtskennung: vlc.exe3 Error: (02/11/2015 10:01:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000004e4e4 ID des fehlerhaften Prozesses: 0xc2c Startzeit der fehlerhaften Anwendung: 0xvlc.exe0 Pfad der fehlerhaften Anwendung: vlc.exe1 Pfad des fehlerhaften Moduls: vlc.exe2 Berichtskennung: vlc.exe3 Error: (02/11/2015 09:14:13 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/11/2015 10:05:54 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/11/2015 09:22:58 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/08/2015 04:48:15 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000004e4e4 ID des fehlerhaften Prozesses: 0x604 Startzeit der fehlerhaften Anwendung: 0xvlc.exe0 Pfad der fehlerhaften Anwendung: vlc.exe1 Pfad des fehlerhaften Moduls: vlc.exe2 Berichtskennung: vlc.exe3 Error: (02/08/2015 04:46:43 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000004e4e4 ID des fehlerhaften Prozesses: 0x434 Startzeit der fehlerhaften Anwendung: 0xvlc.exe0 Pfad der fehlerhaften Anwendung: vlc.exe1 Pfad des fehlerhaften Moduls: vlc.exe2 Berichtskennung: vlc.exe3 System errors: ============= Error: (02/11/2015 09:14:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "SAMSUNG Mobile Connectivity Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (02/11/2015 10:06:37 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (02/11/2015 10:06:12 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Der Dienst "Avira Echtzeit-Scanner" wurde nicht richtig gestartet. Error: (02/11/2015 10:01:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (02/11/2015 10:01:58 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (02/11/2015 10:01:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Dienst "Bonjour"" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (02/11/2015 10:01:58 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Dritek WMI Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 3000 Millisekunden durchgeführt: Neustart des Diensts. Error: (02/11/2015 10:01:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Acer ePower Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (02/11/2015 10:01:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "GREGService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (02/11/2015 10:01:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Live Updater Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Microsoft Office Sessions: ========================= Error: (02/11/2015 10:13:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: vlc.exe2.1.5.000000000ntdll.dll6.1.7601.18247521eaf24c0000005000000000004e4e4ec801d0463f737b97b6C:\Program Files\VideoLAN\VLC\vlc.exeC:\Windows\SYSTEM32\ntdll.dlld0e5a939-b232-11e4-8ab4-1c750839ebcf Error: (02/11/2015 10:10:54 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: vlc.exe2.1.5.000000000ntdll.dll6.1.7601.18247521eaf24c0000005000000000004e4e41d401d0463efc597ad5C:\Program Files\VideoLAN\VLC\vlc.exeC:\Windows\SYSTEM32\ntdll.dll76509efe-b232-11e4-8ab4-1c750839ebcf Error: (02/11/2015 10:08:50 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: vlc.exe2.1.5.000000000ntdll.dll6.1.7601.18247521eaf24c0000005000000000004e4e4b4c01d0463ec1d64a61C:\Program Files\VideoLAN\VLC\vlc.exeC:\Windows\SYSTEM32\ntdll.dll2c678e51-b232-11e4-8ab4-1c750839ebcf Error: (02/11/2015 10:06:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: vlc.exe2.1.5.000000000ntdll.dll6.1.7601.18247521eaf24c0000005000000000004e4e4b7801d0463e6ee1443bC:\Program Files\VideoLAN\VLC\vlc.exeC:\Windows\SYSTEM32\ntdll.dlle3b22026-b231-11e4-8ab4-1c750839ebcf Error: (02/11/2015 10:01:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: vlc.exe2.1.5.000000000ntdll.dll6.1.7601.18247521eaf24c0000005000000000004e4e4c2c01d0463de23895aaC:\Program Files\VideoLAN\VLC\vlc.exeC:\Windows\SYSTEM32\ntdll.dll377024f3-b231-11e4-8ab4-1c750839ebcf Error: (02/11/2015 09:14:13 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/11/2015 10:05:54 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/11/2015 09:22:58 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/08/2015 04:48:15 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: vlc.exe2.1.5.000000000ntdll.dll6.1.7601.18247521eaf24c0000005000000000004e4e460401d043b6840eddf6C:\Program Files\VideoLAN\VLC\vlc.exeC:\Windows\SYSTEM32\ntdll.dlle49ecc56-afa9-11e4-b447-1c750839ebcf Error: (02/08/2015 04:46:43 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: vlc.exe2.1.5.000000000ntdll.dll6.1.7601.18247521eaf24c0000005000000000004e4e443401d043b66c7f5545C:\Program Files\VideoLAN\VLC\vlc.exeC:\Windows\SYSTEM32\ntdll.dlladaf3049-afa9-11e4-b447-1c750839ebcf CodeIntegrity Errors: =================================== Date: 2014-10-10 08:45:25.843 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-10-10 08:45:25.719 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5 CPU M 450 @ 2.40GHz Percentage of memory in use: 27% Total physical RAM: 7862.71 MB Available physical RAM: 5667.2 MB Total Pagefile: 15723.6 MB Available Pagefile: 12924.87 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:338.47 GB) (Free:56.96 GB) NTFS Drive d: (DATA) (Fixed) (Total:338.58 GB) (Free:338.45 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 3D70DB87) Partition 1: (Not Active) - (Size=21.5 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=338.5 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=338.6 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Ich hoffe ich habe alles richtig gemacht? |
![]() | #4 | |
/// TB-Ausbilder /// Anleitungs-Guru ![]() ![]() ![]() ![]() ![]() | ![]() auch von Positive Finds ad betroffen Schritt 1 Echtzeitschutz des Virenscanners abschalten. ![]() Schritt 2 Download von ![]()
__________________ Gruß deeprybka ![]() Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
![]() | #5 |
| ![]() auch von Positive Finds ad betroffenCode:
ATTFilter Zoek.exe v5.0.0.0 Updated 10-February-2015 Tool run by Micha on 11.02.2015 at 23:02:02,96. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Micha\Desktop\zoek\zoek.exe.scr [Scan all users] [Script inserted] ==== System Restore Info ====================== 11.02.2015 23:08:56 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Complitly Setup deleted successfully C:\PROGRA~2\NTI deleted successfully C:\PROGRA~2\TuneUp Utilities 2013 deleted successfully C:\PROGRA~3\Evernote deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted successfully C:\Users\Micha\AppData\Roaming\Windows Live Writer deleted successfully C:\Users\Micha\AppData\Local\FRITZ! deleted successfully C:\Users\Micha\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Services(whitelist) ====================== Powered by E Dev R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe R2 - [AntiVirSchedulerService] - Avira Planer - c:\program files (x86)\avira\antivir desktop\sched.exe R2 - [AntiVirService] - Avira Echtzeit-Scanner - c:\program files (x86)\avira\antivir desktop\avguard.exe R2 - [Apple Mobile Device Service] - Apple Mobile Device Service - c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe R2 - [Avira.OE.ServiceHost] - Avira Service Host - c:\program files (x86)\avira\my avira\avira.oe.servicehost.exe R2 - [Bonjour Service] - Dienst "Bonjour" - c:\program files\bonjour\mdnsresponder.exe R2 - [DsiWMIService] - Dritek WMI Service - c:\program files (x86)\launch manager\dsiwmis.exe R2 - [ePowerSvc] - Acer ePower Service - c:\program files\acer\acer epower management\epowersvc.exe R2 - [GREGService] - GREGService - c:\program files (x86)\acer\registration\gregsvc.exe R2 - [IAStorDataMgrSvc] - Intel(R) Rapid Storage Technology - c:\program files (x86)\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe R2 - [Live Updater Service] - Live Updater Service - c:\program files\acer\acer updater\updaterservice.exe R2 - [LMS] - Intel(R) Management and Security Application Local Management Service - c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe R2 - [MBAMService] - MBAMService - c:\program files (x86)\ malwarebytes anti-malware \mbamservice.exe R2 - [nvsvc] - NVIDIA Display Driver Service - c:\windows\system32\nvvsvc.exe R2 - [nvUpdatusService] - NVIDIA Update Service Daemon - c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe R2 - [ss_conn_service] - SAMSUNG Mobile Connectivity Service - c:\program files (x86)\samsung\usb drivers\25_escape\conn\ss_conn_service.exe R2 - [UNS] - Intel(R) Management & Security Application User Notification Service - c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe R2 - [WMPNetworkSvc] - Windows Media Player-Netzwerkfreigabedienst - c:\program files\windows media player\wmpnetwk.exe R3 - [iPod Service] - iPod-Dienst - c:\program files\ipod\bin\ipodservice.exe R4 - [MBAMScheduler] - MBAMScheduler - c:\program files (x86)\ malwarebytes anti-malware \mbamscheduler.exe S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe S2 - [gupdate] - Google Update-Dienst (gupdate) - c:\program files (x86)\google\update\googleupdate.exe S2 - [SkypeUpdate] - Skype Updater - c:\program files (x86)\skype\updater\updater.exe S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe S3 - [ALG] - Gatewaydienst auf Anwendungsebene - c:\windows\system32\alg.exe S3 - [COMSysApp] - COM+-Systemanwendung - c:\windows\system32\dllhost.exe S3 - [de_serv] - AVM FRITZ!web Routing Service - c:\program files (x86)\common files\avm\de_serv.exe [x] S3 - [ehRecvr] - Windows Media Center-Empfängerdienst - c:\windows\ehome\ehrecvr.exe S3 - [ehSched] - Windows Media Center-Planerdienst - c:\windows\ehome\ehsched.exe S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe S3 - [FLEXnet Licensing Service] - FLEXnet Licensing Service - c:\program files (x86)\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe S3 - [FontCache3.0.0.0] - Windows Presentation Foundation-Schriftartcache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe S3 - [gupdatem] - Google Update-Dienst (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe S3 - [PerfHost] - Leistungsindikator-DLL-Host - c:\windows\syswow64\perfhost.exe S3 - [RpcLocator] - RPC-Locator - c:\windows\system32\locator.exe S3 - [SNMPTRAP] - SNMP-Trap - c:\windows\system32\snmptrap.exe S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe S3 - [TurboBoost] - TurboBoost - c:\program files\intel\turboboost\turboboost.exe S3 - [vds] - Virtueller Datenträger - c:\windows\system32\vds.exe S3 - [VSS] - Volumeschattenkopie - c:\windows\system32\vssvc.exe S3 - [wbengine] - Blockebenen-Sicherungsmodul - c:\windows\system32\wbengine.exe S3 - [wlidsvc] - Windows Live ID Sign-in Assistant - c:\program files\common files\microsoft shared\windows live\wlidsvc.exe S3 - [wmiApSrv] - WMI-Leistungsadapter - c:\windows\system32\wbem\wmiapsrv.exe S4 - [aspnet_state] - ASP.NET-Zustandsdienst - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe S4 - [wlcrasvc] - Windows Live Mesh remote connections service - c:\program files\windows live\mesh\wlcrasvc.exe S4 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} not found C:\found.000 deleted C:\PROGRA~3\SearchOnline deleted C:\PROGRA~3\Package Cache deleted C:\Windows\SysNative\config\systemprofile\Searches deleted "C:\Users\Micha\AppData\Local\{FFD9C439-04FD-4C92-A74E-8C8B4ADCB47F}" deleted "C:\Users\Micha\AppData\Roaming\FreeCAD\system.cfg" deleted "C:\Users\Micha\AppData\Roaming\FreeCAD\user.cfg" deleted "C:\Users\Micha\AppData\Roaming\FreeCAD" deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 7863 MB CPU Info: Intel(R) Core(TM) i5 CPU M 450 @ 2.40GHz CPU Speed: 2399,8 MHz Sound Card: Lautsprecher (Realtek High Defi | Display Adapters: Intel(R) HD Graphics | Intel(R) HD Graphics | NVIDIA GeForce GT 540M | NVIDIA GeForce GT 540M | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; PnP-Monitor (Standard) | Screen Resolution: 1366 X 768 - 32 bit Network: Network Present Network Adapters: Atheros AR5B97 Wireless Network Adapter | Broadcom NetLink (TM) Gigabit Ethernet CD / DVD Drives: 1x (E: | ) E: PIONEER DVD-RW DVRTD10RS Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 338,5GB | D: 338,6GB Hard Disks - Free: C: 57,1GB | D: 338,5GB Manufacturer *: Acer BIOS Info: AT/AT COMPATIBLE | 08/13/12 | ACRSYS - 1 Time Zone: Mitteleuropäische Zeit Motherboard *: Acer Aspire 5742G Country: Deutschland Language: DEU ==== System Specs (Software) ====================== Anti-Virus: Avira Desktop On-access scanning disabled (Outdated) Anti-Spyware: Avira Desktop disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Default Browser: Google Chrome 40.0.2214.111 Internet Explorer Version: 11.0.9600.17501 Google Chrome version: 40.0.2214.111 Adobe Reader version: 10.1.13.16 Sun Java version: 1.7.0_67 (32-bit) ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2015-02-11 20:21:55 339619E810285ADB767A5418BDCC547E 249736 ----a-w- C:\Windows\ETDUninst.dll ====== C:\Users\Micha\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2015-02-01 18:15:13 7753FC56F9CAC4B5AFDA3196DB654F21 144664 ----a-w- C:\Windows\SysWOW64\secman.dll 2015-02-01 18:15:12 A64711C9CF690718EADA750370EC5EB2 4659712 ----a-w- C:\Windows\SysWOW64\Redemption.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2015-02-11 08:58:08 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys 2015-02-11 08:57:41 CA43F8904E24BBE49982E4C0B29E6579 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys 2015-02-11 08:57:41 A646C2DDB8C46E9B20A326FAF566646C 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys 2015-02-11 08:57:41 478CC94C937D235CB0A96AB8F2359D81 93400 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys 2015-02-01 18:16:09 91310683D7B6B292B746D60734B59322 206080 ----a-w- C:\Windows\Sysnative\drivers\ssudmdm.sys 2015-02-01 18:16:09 30710AEFCE721CEEE0F35EB6A01C263C 110336 ----a-w- C:\Windows\Sysnative\drivers\ssudbus.sys 2015-01-14 09:10:31 AE3334958D8F631FF14A0AEB3D7EFB3A 141312 ----a-w- C:\Windows\Sysnative\drivers\mrxdav.sys ====== C:\Windows\Tasks ====== 2015-02-11 21:56:53 1534A37560F1ABBB8E2084B077D58B24 3128 ----a-w- C:\Windows\Sysnative\Tasks\{1E1DA685-5D4D-417B-9FBE-7EBE65D583D2} ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-02-11 08:36:10 -------- d-----w- C:\Program Files\iTunes 2015-02-11 08:36:10 -------- d-----w- C:\Program Files\iPod ======= C:\PROGRA~2 ===== 2015-02-11 08:36:10 -------- d-----w- C:\PROGRA~2\iTunes 2015-02-01 18:14:34 -------- d-----w- C:\PROGRA~2\Samsung 2015-01-30 15:01:45 -------- d-----w- C:\PROGRA~2\SABnzbd ======= C: ===== ====== C:\Users\Micha\AppData\Roaming ====== 2015-02-11 08:57:19 -------- d-----w- C:\Users\Micha\AppData\Local\Programs 2015-02-11 08:31:00 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Roaming\Apple Computer 2015-02-08 13:47:31 -------- d-----w- C:\Users\Micha\AppData\Roaming\BackupTrans 2015-02-01 18:20:40 -------- d-----w- C:\Users\Micha\AppData\Local\Samsung 2015-02-01 18:20:38 -------- d-----w- C:\Users\Micha\AppData\Roaming\Samsung 2015-01-30 15:02:15 -------- d-----w- C:\Users\Micha\AppData\Local\sabnzbd ====== C:\Users\Micha ====== 2015-02-11 21:20:14 9E477AFBA05D1D2B0DA8608E3F399DC1 2134016 ----a-w- C:\Users\Micha\Desktop\FRST64.exe 2015-02-11 08:36:48 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-02-11 08:36:10 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-02-01 18:30:07 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2015-02-01 18:14:34 -------- d-----w- C:\ProgramData\Samsung ====== C: exe-files == 2015-02-11 21:56:17 93B2503379F80DC35ABAE9C5D84863CE 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3768329959-137400028-1920496046-1001\$IGKBCG0.exe 2015-02-11 21:52:28 92ABBC6E52E32F8F66684F90BF4A25CE 1295360 ----a-w- C:\$Recycle.Bin\S-1-5-21-3768329959-137400028-1920496046-1001\$RGKBCG0.exe 2015-02-11 08:27:12 0E944E42AB48C84036CF4E275AC9F7DF 77104 ----a-w- C:\Users\Micha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NHOTGJ5H\SetupAdmin[1].exe 2015-02-11 08:27:12 0E944E42AB48C84036CF4E275AC9F7DF 77104 ----a-w- C:\ProgramData\Apple Computer\Installer Cache\iTunes 12.1.0.71\SetupAdmin.exe 2015-02-07 08:19:56 DEBC443A07258009C5EA123A20EBDC47 1009232 ----a-w- C:\Program Files (x86)\Google\Update\Install\{766DD2A1-DB05-437C-84DC-1845210FC84D}\40.0.2214.111_40.0.2214.93_chrome_updater.exe 2015-02-07 08:19:56 DEBC443A07258009C5EA123A20EBDC47 1009232 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\40.0.2214.111\40.0.2214.111_40.0.2214.93_chrome_updater.exe 2015-02-07 08:14:04 FD98434B6A06FE31A35E4BFBC827B290 52040 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe 2015-02-07 08:14:04 5F0A3AA68785C49454F56C9F2DDA0237 52040 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateWebPlugin.exe 2015-02-07 08:14:04 4C02536F4CA35911FB3EA5715F300C57 52040 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateBroker.exe 2015-02-07 08:14:03 7CA00A58AA808F4B9844C91845910377 880208 ----a-w- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateSetup.exe 2015-02-07 08:13:59 F3B6470DA7CE34E559D3BA7365CC909C 115528 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateComRegisterShell64.exe 2015-02-07 08:13:59 83BB030C71C9727DCFB2737005772C4E 232264 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe 2015-02-07 08:13:59 323CFFFDAF253AC65CD194A101BE6231 287048 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe 2015-02-07 08:13:58 E1B44A75947137F4143308D566889837 107848 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdate.exe 2015-02-07 08:13:56 7CA00A58AA808F4B9844C91845910377 880208 ----a-w- C:\Program Files (x86)\Google\Update\Install\{5FF67D5A-6760-45C5-8B56-D4E0553739C0}\GoogleUpdateSetup.exe 2015-02-07 08:13:56 7CA00A58AA808F4B9844C91845910377 880208 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.26.9\GoogleUpdateSetup.exe 2015-02-07 07:44:14 723B70A5229599F1A1A540168F6580D8 437456 ----a-w- C:\ProgramData\NVIDIA\Updatus\Download\6F01\updatus.19296794_RUNASUSER.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3768329959-137400028-1920496046-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3768329959-137400028-1920496046-1001\Software\Microsoft\Windows\CurrentVersion\Run] "TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" "GoogleChromeAutoLaunch_C129A15F311932BEAC42C9CF7A35B88B"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-21-3768329959-137400028-1920496046-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" "ScrSav"="C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BackupManagerTray"="C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe -h -k" "LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe" "avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe" "Avira Systray"="C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" "GoogleChromeAutoLaunch_C129A15F311932BEAC42C9CF7A35B88B"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\Windows\\SysWOW64\\nvinit.dll" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "Acer ePower Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\Windows\\system32\\nvinitx.dll" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" "OOTag"="C:\\Program Files (x86)\\Acer\\OOBEOffer\\OOTag.exe" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "Persistence"="C:\\Windows\\system32\\igfxpers.exe" "ETDWare"="%ProgramFiles%\\Elantech\\ETDCtrl.exe" "OOTag"="C:\\Program Files (x86)\\Acer\\OOBEOffer\\ootag.exe" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [17.07.2012 15:02] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:6C:\ProgramC:FilesC:x86\Google\Update\GoogleUpdate.exe [] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10.01.2013 20:23] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\UALU notificatin" ["C:\Program Files\Acer\Acer Updater\UALU.exe"] "C:\Windows\SysNative\tasks\{B2A7CEC1-C109-40CF-8204-7290DEEC8B67}" [C:\Program Files (x86)\Muuta Streaming Server\muuta.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] ==== Chromium Look ====================== Google Chrome Version: 40.0.2214.111 (Up to date, latest Stable version: 40.0.2214.111) HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions flliilndjeohchalpbbcdekjklbdgfkk - No path found[] Google Voice Search Hotword (Beta) - Micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn Premiumize.me - Micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\lojbjecfjcnaledoelddkcjlifhhfebm ==== Chromium Fix ====================== C:\Users\Micha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully C:\Users\Micha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully C:\Users\Micha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully C:\Users\Micha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully C:\Users\Micha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_linksave.in_0.localstorage deleted successfully C:\Users\Micha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_linksave.in_0.localstorage-journal deleted successfully C:\Users\Micha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.extcontent00.extcontent.com_0.localstorage deleted successfully C:\Users\Micha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.extcontent00.extcontent.com_0.localstorage-journal deleted successfully C:\Users\Micha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.eyeviewads.com_0.localstorage deleted successfully C:\Users\Micha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.eyeviewads.com_0.localstorage-journal deleted successfully C:\Users\Micha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.mybet.com_0.localstorage deleted successfully C:\Users\Micha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.mybet.com_0.localstorage-journal deleted successfully C:\Users\Micha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.unister-adservices.com_0.localstorage deleted successfully C:\Users\Micha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.unister-adservices.com_0.localstorage-journal deleted successfully C:\Users\Micha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully C:\Users\Micha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_w.unister-adservices.com_0.localstorage deleted successfully C:\Users\Micha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_w.unister-adservices.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Default_Page_URL"="hxxp://www.google.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main] "Start Page"="hxxp://www.searchcompletion.com?si=10195&home=true" "Start Default_Page_URL"="hxxp://www.searchcompletion.com?si=10195&home=true" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Main] "Start Page"="hxxp://www.searchcompletion.com?si=10195&home=true" "Start Default_Page_URL"="hxxp://www.searchcompletion.com?si=10195&home=true" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Default_Page_URL"="hxxp://www.google.com" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Start Default_Page_URL"="hxxp://www.google.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="hxxp://search.searchcompletion.com?si=10195&bs=true&q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI] "(Default)"="hxxp://search.searchcompletion.com?si=10195&bs=true&q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="hxxp://search.searchcompletion.com?si=10195&bs=true&q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI] "(Default)"="hxxp://search.searchcompletion.com?si=10195&bs=true&q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI] "(Default)"="hxxp://search.searchcompletion.com?si=10195&bs=true&q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="hxxp://www.google.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search] "Start Page"="hxxp://www.searchcompletion.com?si=10195&home=true" "Start Default_Page_URL"="hxxp://www.searchcompletion.com?si=10195&home=true" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search] "Start Page"="hxxp://www.searchcompletion.com?si=10195&home=true" "Start Default_Page_URL"="hxxp://www.searchcompletion.com?si=10195&home=true" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "Start Page"="hxxp://www.google.com" "Start Default_Page_URL"="hxxp://www.google.com" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search] "Start Page"="hxxp://www.google.com" "Start Default_Page_URL"="hxxp://www.google.com" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Start Page"="hxxp://www.google.com" "Start Default_Page_URL"="hxxp://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main] "Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157" "Start Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Main] "Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157" "Start Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Start Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="hxxp://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI] "(Default)"="hxxp://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="hxxp://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI] "(Default)"="hxxp://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI] "(Default)"="hxxp://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="hxxp://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search] "Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157" "Start Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search] "Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157" "Start Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157" "Start Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search] "Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157" "Start Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157" "Start Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="hxxp://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Reset Google Chrome ====================== C:\Users\Micha\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Micha\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Micha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Micha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Micha\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Micha\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=37 folders=8 5768503 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Micha\AppData\Local\Temp will be emptied at reboot C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Micha\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on 11.02.2015 at 23:41:47,79 ====================== |
![]() | #6 |
/// TB-Ausbilder /// Anleitungs-Guru ![]() ![]() ![]() ![]() ![]() | ![]() auch von Positive Finds ad betroffen Hi, Schritt 1 ESET Online Scanner
__________________ --> auch von Positive Finds ad betroffen |
![]() | #7 |
| ![]() auch von Positive Finds ad betroffen Hallo, wie es scheint ist das Problem nur bei Google Chrome. Befehl habe ich ausgeführt, leider unverändert. |
![]() | #8 |
/// TB-Ausbilder /// Anleitungs-Guru ![]() ![]() ![]() ![]() ![]() | ![]() auch von Positive Finds ad betroffen Dann mal bitte deinstallieren mit Revo, keine Reste behalten und später neu installieren. Schritt 1 Bitte deinstalliere folgende Programme: Google Chrome Versuche es bei Windows 7 ![]() Sollte das nicht gehen, lade Dir bitte Revo Uninstaller ![]()
__________________ Gruß deeprybka ![]() Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
![]() | #9 |
| ![]() auch von Positive Finds ad betroffen Hat geholfen, alles wieder wie früher. Vielen dank für den Super Support, eine kleine Spende geht selbstverständlch ans Forum direkt raus. Weiter so!!! |
![]() | #10 |
/// TB-Ausbilder /// Anleitungs-Guru ![]() ![]() ![]() ![]() ![]() | ![]() auch von Positive Finds ad betroffen OK. Vielen Dank! ![]() Cleanup: Alle Logs gepostet? Ja! Dann lade Dir bitte ![]()
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. >>clean<< Wir haben es geschafft! ![]() Die Logs sehen für mich im Moment sauber aus. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst... ![]() ![]() ![]() Es bleibt mir nur noch, Dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. ![]() ![]() Tipps, Dos & Don'ts ![]()
Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. ![]()
![]() Neben unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch dubioser Websites kann bereits Risiken bergen. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten. Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher und beliebter Weg um Malware zu verbreiten. Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kann man nie sicher sein, ob auch wirklich drin ist, was drauf steht. (Trojanisches Pferd^^)
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden zu verleiten, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Abschließend noch ein paar grundsätzliche Bemerkungen:
__________________ Gruß deeprybka ![]() Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
![]() |
Themen zu auch von Positive Finds ad betroffen |
andere, antivir, explorer, guten, heute, interne, internet, internet explorer, klicke, komplett, laufen, links, morgen, neue, neue tabs mit werbung, nicht mehr, poppen, probleme, programme, seite, seiten, starke, surfen, sämtliche, tabs mit werbung, werbung, zusätzlich |