| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Webseiten werden auf Werbung umgeleitet, Chrome startet nicht mehrWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
03.06.2015, 10:05
| #1 |
| |  Windows 7: Webseiten werden auf Werbung umgeleitet, Chrome startet nicht mehr Hallo, nachdem mir hier vor knapp zwei Jahren schon einmal so wunderbar und schnell geholfen wurde, habe ich es nun wieder geschafft, mir irgendwelche Malware auf den Laptop zu holen. Ähnlich wie beim letzten Mal sind auf allen Internetseiten, die ich in Chrome öffne, wahllos Worte aus dem Text in Capslock geschrieben, blau unterlegt und unterstrichen. Ich werde ständig auf Werbeseiten geleitet und sämtliche Prozesse im Browser sind stark verlangsamt. WICHTIG: Nach dem Scan mit GMER konnte ich Chrome gar nicht mehr öffnen. Über den Internet Explorer geht es, da sind auch keine der unterstrichenen Capslockworte. Ich hoffe, mir wird wieder so super geholfen wie letztes Mal - und vielleicht mal ein, zwei Tipps, wie ich meine eigene Doofheit in den Griff bekommen kann  Lieben Gruß! PS. Was der Auslöser gewesen sein mag, kann ich mir leider gar nicht mehr herleiten, da ich die letzten sechs Monate kein Internet hatte und erst seit 1 Stunde wieder online bin... Anbei die Logfiles: defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:13 on 03/06/2015 (Karen)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-05-2015
Ran by Karen (administrator) on KAREN-PC on 03-06-2015 10:16:00
Running from C:\Users\Karen\Downloads
Loaded Profiles: Karen (Available Profiles: Karen)
Platform: Microsoft Windows 7 Professional N Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Radio Canyon) C:\Program Files\Radio Canyon\b30a95ca-6648-4b52-9277-ed9559e74043-6.exe
(globalUpdate) C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Client Connect LTD) C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Spotify Ltd) C:\Users\Karen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Client Connect LTD) C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Zhorn Software) C:\Program Files\Stickies\stickies.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\McUICnt.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
() C:\Program Files\Spring Sporting Games\spring_sporting_games_helper_service.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-1089619224-531690134-2804591565-1000\...\Run: [Spotify Web Helper] => C:\Users\Karen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-11-17] (Spotify Ltd)
HKU\S-1-5-21-1089619224-531690134-2804591565-1000\...\Run: [GoogleChromeAutoLaunch_E11DCE7527D66757436FF4E702A98ED4] => c:\Program Files\Google\Chrome\Application\chrome.exe [856904 2014-12-06] (Google Inc.)
HKU\S-1-5-21-1089619224-531690134-2804591565-1000\...\RunOnce: [Adobe Speed Launcher] => 1432054503
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files\SearchProtect\SearchProtect\bin\VC32Loader.dll [216896 2014-11-27] (Client Connect LTD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-07-11]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk [2014-04-13]
ShortcutTarget: Stickies.lnk -> C:\Program Files\Stickies\stickies.exe (Zhorn Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1089619224-531690134-2804591565-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=M81B058CE-4C0C-44F8-B1A8-150359F4752C&SearchSource=55&CUI=&UM=6&UP=SPB1AD97BF-E6AD-456C-94D5-2622B750B3CE&SSPV=
SearchScopes: HKU\S-1-5-21-1089619224-531690134-2804591565-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=M81B058CE-4C0C-44F8-B1A8-150359F4752C&SearchSource=58&CUI=&UM=6&UP=SPB1AD97BF-E6AD-456C-94D5-2622B750B3CE&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1089619224-531690134-2804591565-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=M81B058CE-4C0C-44F8-B1A8-150359F4752C&SearchSource=58&CUI=&UM=6&UP=SPB1AD97BF-E6AD-456C-94D5-2622B750B3CE&q={searchTerms}&SSPV=
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO: Radio Canyon -> {11111111-1111-1111-1111-110611081104} -> C:\Program Files\Radio Canyon\Radio Canyon-bho.dll [2014-11-21] (Radio Canyon)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2014-11-11] (DVDVideoSoft Ltd.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2014-11-21] (globalUpdate)
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2014-11-21] (globalUpdate)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-13] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-13] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
Chrome:
=======
CHR HomePage: Default -> https://www.google.de/
CHR StartupUrls: Default -> "https://www.google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-13]
CHR Extension: (Google Drive) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09]
CHR Extension: (YouTube) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-13]
CHR Extension: (Google Search) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-13]
CHR Extension: (AdBlock) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-14]
CHR Extension: (Pin It Button) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-11-21]
CHR Extension: (Spring Sporting Games) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnkijijhilfpgfdfglidfdgbpaeihamb [2015-06-03]
CHR Extension: (Google Wallet) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-13]
CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2014-12-08]
CHR Extension: (piekbefgpgdecckjcpffhnacjflfoddg) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\piekbefgpgdecckjcpffhnacjflfoddg [2015-06-03]
CHR Extension: (Gmail) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-13]
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 CltMngSvc; C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe [3312960 2014-11-27] (Client Connect LTD)
S2 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-11-21] (globalUpdate) [File not signed] <==== ATTENTION
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-11-21] (globalUpdate) [File not signed] <==== ATTENTION
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1773368 2014-03-20] (TuneUp Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2014-02-10] (TuneUp Software)
R3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-03 10:16 - 2015-06-03 10:16 - 06420480 _____ () C:\Program Files\GUTF591.tmp
2015-06-03 10:16 - 2015-06-03 10:16 - 00012032 _____ () C:\Users\Karen\Downloads\FRST.txt
2015-06-03 10:16 - 2015-06-03 10:16 - 00000000 ____D () C:\Program Files\GUMF571.tmp
2015-06-03 10:15 - 2015-06-03 10:15 - 01147392 _____ (Farbar) C:\Users\Karen\Downloads\FRST.exe
2015-06-03 10:13 - 2015-06-03 10:13 - 00000472 _____ () C:\Users\Karen\Downloads\defogger_disable.log
2015-06-03 10:13 - 2015-06-03 10:13 - 00000000 _____ () C:\Users\Karen\defogger_reenable
2015-06-03 10:11 - 2015-06-03 10:12 - 00050477 _____ () C:\Users\Karen\Downloads\Defogger.exe
2015-06-03 10:10 - 2015-06-03 10:10 - 01950640 _____ ( ) C:\Users\Karen\Downloads\Nicht bestätigt 685417.crdownload
2015-06-03 10:10 - 2015-06-03 10:10 - 01950640 _____ ( ) C:\Users\Karen\Downloads\Nicht bestätigt 671422.crdownload
2015-06-03 09:54 - 2015-06-03 09:54 - 00000556 _____ () C:\Windows\Tasks\spring_sporting_games_helper_service.job
2015-06-03 09:54 - 2015-06-03 09:54 - 00000000 ____D () C:\Program Files\Spring Sporting Games
2015-06-03 08:00 - 2015-06-03 08:00 - 00013017 _____ () C:\Users\Karen\Desktop\versicherungen.odt
2015-05-19 19:41 - 2015-05-19 20:17 - 00020892 _____ () C:\Users\Karen\Desktop\Beschwerde O2.odt
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-03 10:16 - 2014-04-13 13:36 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-03 10:16 - 2014-04-13 13:36 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-03 10:16 - 2013-09-23 15:44 - 00000000 ____D () C:\FRST
2015-06-03 10:14 - 2009-07-14 06:02 - 00028160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-03 10:14 - 2009-07-14 06:02 - 00028160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-03 09:54 - 2014-11-21 10:49 - 00000932 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-06-03 09:54 - 2014-11-21 10:49 - 00000928 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-06-03 09:50 - 2014-11-21 10:50 - 00002416 _____ () C:\Windows\Tasks\b30a95ca-6648-4b52-9277-ed9559e74043-5_user.job
2015-06-03 09:50 - 2014-11-21 10:50 - 00002416 _____ () C:\Windows\Tasks\b30a95ca-6648-4b52-9277-ed9559e74043-5.job
2015-06-03 09:49 - 2014-11-21 10:49 - 00005488 _____ () C:\Windows\Tasks\b30a95ca-6648-4b52-9277-ed9559e74043-6.job
2015-06-03 09:49 - 2014-11-21 10:49 - 00005152 _____ () C:\Windows\Tasks\b30a95ca-6648-4b52-9277-ed9559e74043-7.job
2015-06-03 09:49 - 2014-11-21 10:49 - 00004464 _____ () C:\Windows\Tasks\b30a95ca-6648-4b52-9277-ed9559e74043-4.job
2015-06-03 09:49 - 2014-11-21 10:49 - 00003082 _____ () C:\Windows\Tasks\b30a95ca-6648-4b52-9277-ed9559e74043-1.job
2015-06-03 09:49 - 2014-11-21 10:49 - 00002080 _____ () C:\Windows\Tasks\b30a95ca-6648-4b52-9277-ed9559e74043-2.job
2015-06-03 09:49 - 2014-11-21 10:48 - 00004810 _____ () C:\Windows\Tasks\b30a95ca-6648-4b52-9277-ed9559e74043-11.job
2015-06-03 09:49 - 2014-04-10 21:43 - 01229188 _____ () C:\Windows\WindowsUpdate.log
2015-06-03 09:48 - 2014-07-11 12:42 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-06-03 09:46 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-06-03 08:43 - 2014-08-24 22:50 - 00000000 ____D () C:\Users\Karen\AppData\Roaming\vlc
2015-06-03 08:01 - 2014-11-28 10:54 - 00000000 ____D () C:\Users\Karen\Desktop\weg
2015-06-03 08:00 - 2014-04-23 21:24 - 00000000 ____D () C:\Users\Karen\Desktop\photos
2015-05-19 18:59 - 2010-11-20 23:03 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-19 18:55 - 2014-04-13 13:59 - 00000000 ____D () C:\Users\Karen\AppData\Roaming\stickies
2015-05-19 18:54 - 2014-04-22 20:36 - 00007762 _____ () C:\Windows\setupact.log
2015-05-19 18:54 - 2009-07-14 06:17 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-06 10:33 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-06 10:30 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-05-06 10:29 - 2014-07-11 12:44 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-05-06 10:29 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
==================== Files in the root of some directories =======
2015-06-03 10:16 - 2015-06-03 10:16 - 6420480 _____ () C:\Program Files\GUTF591.tmp
2014-04-13 13:34 - 2014-04-13 13:34 - 0000000 _____ () C:\Users\Karen\AppData\Local\AtStart.txt
2014-04-13 13:34 - 2014-04-13 13:34 - 0000000 _____ () C:\Users\Karen\AppData\Local\DSwitch.txt
2015-04-02 21:20 - 2015-04-02 21:20 - 0000000 _____ () C:\Users\Karen\AppData\Local\FnF4.txt
2014-04-13 13:34 - 2014-04-13 13:34 - 0000000 _____ () C:\Users\Karen\AppData\Local\QSwitch.txt
2014-10-14 16:28 - 2014-10-14 16:28 - 0018617 _____ () C:\Users\Karen\AppData\Local\recently-used.xbel
Some files in TEMP:
====================
C:\Users\Karen\AppData\Local\Temp\AutoRun.exe
C:\Users\Karen\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Karen\AppData\Local\Temp\drm_dyndata_7400006.dll
C:\Users\Karen\AppData\Local\Temp\VP6Install.exe
C:\Users\Karen\AppData\Local\Temp\VP6VFW.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-19 21:12
==================== End of log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-05-2015
Ran by Karen at 2015-06-03 10:17:33
Running from C:\Users\Karen\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1089619224-531690134-2804591565-500 - Administrator - Disabled)
Gast (S-1-5-21-1089619224-531690134-2804591565-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1089619224-531690134-2804591565-1002 - Limited - Enabled)
Karen (S-1-5-21-1089619224-531690134-2804591565-1000 - Administrator - Enabled) => C:\Users\Karen
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Reader XI (11.0.11) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Die Sims™ 2 (HKLM\...\{2C82E097-694E-44ea-A947-2750679469CF}) (Version: - Electronic Arts)
Free YouTube to MP3 Converter version 3.12.50.1111 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.50.1111 - DVDVideoSoft Ltd.)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GUILD WARS (HKLM\...\Guild Wars) (Version: - )
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
OpenOffice 4.1.0 (HKLM\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
Radio Canyon (HKLM\...\Radio Canyon) (Version: 1.35.9.29 - Radio Canyon) <==== ATTENTION!
Search Protect (HKLM\...\SearchProtect) (Version: 2.19.0.260 - Client Connect LTD) <==== ATTENTION
Spotify (HKU\S-1-5-21-1089619224-531690134-2804591565-1000\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Stickies 7.1e (HKLM\...\ZhornStickies) (Version: - Zhorn Software)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Tomb Raider: Legend 1.0 (HKLM\...\Tomb Raider: Legend) (Version: - )
TuneUp Utilities 2014 (de-DE) (Version: 14.0.1000.275 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM\...\TuneUp Utilities) (Version: 14.0.1000.275 - TuneUp Software)
TuneUp Utilities 2014 (Version: 14.0.1000.275 - TuneUp Software) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0E25A3B1-2177-4DF0-BD62-7F736C95DBB0} - System32\Tasks\b30a95ca-6648-4b52-9277-ed9559e74043-11 => C:\Program Files\Radio Canyon\b30a95ca-6648-4b52-9277-ed9559e74043-11.exe [2014-11-21] (Radio Canyon) <==== ATTENTION
Task: {2688535C-66D8-46E2-8DE6-704E84605428} - System32\Tasks\b30a95ca-6648-4b52-9277-ed9559e74043-5 => C:\Program Files\Radio Canyon\b30a95ca-6648-4b52-9277-ed9559e74043-5.exe [2014-11-21] (Radio Canyon) <==== ATTENTION
Task: {2ADD6162-C1CE-4392-9563-82CF3C8380A4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {2D7D6532-1A93-4701-93DA-13E48C0BCEA6} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-11-21] (globalUpdate) <==== ATTENTION
Task: {4541C39B-EEB1-45B6-8703-1FD136E5BAF8} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-11-21] (globalUpdate) <==== ATTENTION
Task: {49E86F3D-E95E-45F6-87DC-F52D7E4A21B6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-13] (Google Inc.)
Task: {7C912160-A3A5-44C2-85C3-4D0C2960ACB1} - System32\Tasks\b30a95ca-6648-4b52-9277-ed9559e74043-1 => C:\Program Files\Radio Canyon\Radio Canyon-codedownloader.exe [2014-11-21] (Radio Canyon) <==== ATTENTION
Task: {833B62BD-83D2-4F98-B81F-F8D3AE2387AE} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files\CHIP Updater\CHIPUpdater.exe [2014-07-21] (CHIP)
Task: {A83AF54E-5748-4ED5-8D42-1C3EFA8901B6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-13] (Google Inc.)
Task: {AA1445FA-D835-495A-8C8D-B22CB3A067B5} - System32\Tasks\b30a95ca-6648-4b52-9277-ed9559e74043-6 => C:\Program Files\Radio Canyon\b30a95ca-6648-4b52-9277-ed9559e74043-6.exe [2014-11-21] (Radio Canyon) <==== ATTENTION
Task: {CAE70A28-DA81-4B6C-9201-880BD3107D48} - System32\Tasks\b30a95ca-6648-4b52-9277-ed9559e74043-7 => C:\Program Files\Radio Canyon\b30a95ca-6648-4b52-9277-ed9559e74043-7.exe [2014-11-21] (Radio Canyon) <==== ATTENTION
Task: {D3FA0E0F-5D23-4FF4-B3A4-92B72EE5789E} - System32\Tasks\b30a95ca-6648-4b52-9277-ed9559e74043-5_user => C:\Program Files\Radio Canyon\b30a95ca-6648-4b52-9277-ed9559e74043-5.exe [2014-11-21] (Radio Canyon) <==== ATTENTION
Task: {E07C5E75-D9FB-4FCB-8690-9AC6C68DECD3} - System32\Tasks\b30a95ca-6648-4b52-9277-ed9559e74043-2 => C:\Program Files\Radio Canyon\b30a95ca-6648-4b52-9277-ed9559e74043-2.exe [2014-11-21] (Radio Canyon) <==== ATTENTION
Task: {E3E4C4E9-D2E4-42F4-A4BA-1089CBB28AD6} - System32\Tasks\b30a95ca-6648-4b52-9277-ed9559e74043-4 => C:\Program Files\Radio Canyon\b30a95ca-6648-4b52-9277-ed9559e74043-4.exe [2014-11-21] (Radio Canyon) <==== ATTENTION
Task: {F27BBD0F-4567-4219-BA89-93582F26F854} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FC73E142-7B81-47D2-A279-EFBF2A370369} - System32\Tasks\spring_sporting_games_helper_service => C:\Program Files\Spring Sporting Games\spring_sporting_games_helper_service.exe [2015-06-03] ()
Task: {FF5377B5-004F-414F-8755-13C5A2AD4440} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2014\OneClick.exe [2014-03-20] (TuneUp Software)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\b30a95ca-6648-4b52-9277-ed9559e74043-1.job => C:\Program Files\Radio Canyon\Radio Canyon-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\b30a95ca-6648-4b52-9277-ed9559e74043-11.job => C:\Program Files\Radio Canyon\b30a95ca-6648-4b52-9277-ed9559e74043-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\b30a95ca-6648-4b52-9277-ed9559e74043-2.job => C:\Program Files\Radio Canyon\b30a95ca-6648-4b52-9277-ed9559e74043-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\b30a95ca-6648-4b52-9277-ed9559e74043-4.job => C:\Program Files\Radio Canyon\b30a95ca-6648-4b52-9277-ed9559e74043-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\b30a95ca-6648-4b52-9277-ed9559e74043-5.job => C:\Program Files\Radio Canyon\b30a95ca-6648-4b52-9277-ed9559e74043-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\b30a95ca-6648-4b52-9277-ed9559e74043-5_user.job => C:\Program Files\Radio Canyon\b30a95ca-6648-4b52-9277-ed9559e74043-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\b30a95ca-6648-4b52-9277-ed9559e74043-6.job => C:\Program Files\Radio Canyon\b30a95ca-6648-4b52-9277-ed9559e74043-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\b30a95ca-6648-4b52-9277-ed9559e74043-7.job => C:\Program Files\Radio Canyon\b30a95ca-6648-4b52-9277-ed9559e74043-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\spring_sporting_games_helper_service.job => C:\Program Files\Spring Sporting Games\spring_sporting_games_helper_service.exe
==================== Loaded Modules (Whitelisted) ==============
2014-04-13 13:59 - 2014-04-13 13:59 - 00049152 _____ () C:\Program Files\Stickies\shook70.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-20 15:44 - 2014-03-20 15:44 - 00568120 _____ () C:\Program Files\TuneUp Utilities 2014\avgreplibx.dll
2009-07-01 15:44 - 2009-07-01 15:44 - 00632888 _____ () C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
2015-06-03 09:54 - 2015-06-03 09:54 - 00191692 _____ () C:\Program Files\Spring Sporting Games\spring_sporting_games_helper_service.exe
2014-11-21 10:49 - 2014-11-21 10:49 - 00139176 _____ () C:\Program Files\Radio Canyon\8c345a2d-abeb-44bf-a032-86c114a84dc5.dll
2014-12-12 00:05 - 2014-12-06 03:50 - 01077064 _____ () c:\Program Files\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-12 00:05 - 2014-12-06 03:50 - 00211272 _____ () c:\Program Files\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-12 00:05 - 2014-12-06 03:50 - 09009480 _____ () c:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 00:05 - 2014-12-06 03:50 - 01677128 _____ () c:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-12 00:05 - 2014-12-06 03:50 - 14913352 _____ () c:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1089619224-531690134-2804591565-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{2E00AA7D-E23E-4F69-A811-3697A756D86B}C:\users\karen\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\karen\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{8FE7311D-EE56-4529-A35A-DA81D8DF8F10}C:\users\karen\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\karen\appdata\roaming\spotify\spotify.exe
FirewallRules: [{AEA63E13-4CAA-4436-A172-97CE1FA9B74F}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{8A1159B5-3537-496A-A754-F81A71DABE64}C:\users\karen\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\karen\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{A7A61DC7-7FFB-48F5-AC10-32F7E928FE0C}C:\users\karen\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\karen\appdata\roaming\spotify\spotify.exe
FirewallRules: [{FF04801D-38EA-4868-BB3D-2DC53B4856E4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0BC3328B-71C1-4C2E-A408-DFF714573D5B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{83C60248-3A13-4947-A738-5BA2C6DE0EB8}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{648604AC-810F-4024-B662-6381BC9CAE94}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/19/2015 06:55:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/08/2015 04:36:21 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Volume "(E:)" wurde aufgrund eines Fehlers nicht defragmentiert: Das Element ist in der Tabelle bereits vorhanden. Alle Einträge in der Tabelle müssen eindeutig sein. (0x89000014)
Error: (05/08/2015 02:00:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/06/2015 10:50:26 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Volume "(E:)" wurde aufgrund eines Fehlers nicht defragmentiert: Das Element ist in der Tabelle bereits vorhanden. Alle Einträge in der Tabelle müssen eindeutig sein. (0x89000014)
Error: (05/06/2015 10:31:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/06/2015 10:14:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/05/2015 04:15:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/05/2015 03:23:19 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Volume "(E:)" wurde aufgrund eines Fehlers nicht defragmentiert: Das Element ist in der Tabelle bereits vorhanden. Alle Einträge in der Tabelle müssen eindeutig sein. (0x89000014)
Error: (05/05/2015 01:42:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/30/2015 05:48:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (05/08/2015 11:40:15 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR3 gefunden.
Error: (05/08/2015 11:40:15 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR3 gefunden.
Error: (05/08/2015 11:40:14 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR3 gefunden.
Error: (05/08/2015 11:40:14 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR3 gefunden.
Error: (05/08/2015 11:39:53 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error: (05/08/2015 11:39:52 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error: (05/08/2015 11:39:51 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error: (05/08/2015 04:14:26 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (05/06/2015 04:52:38 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (05/06/2015 10:31:41 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.62
registriert werden. Der Computer mit IP-Adresse 192.168.1.1 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Microsoft Office:
=========================
Error: (05/19/2015 06:55:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/08/2015 04:36:21 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: (E:)Das Element ist in der Tabelle bereits vorhanden. Alle Einträge in der Tabelle müssen eindeutig sein. (0x89000014)
Error: (05/08/2015 02:00:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/06/2015 10:50:26 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: (E:)Das Element ist in der Tabelle bereits vorhanden. Alle Einträge in der Tabelle müssen eindeutig sein. (0x89000014)
Error: (05/06/2015 10:31:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/06/2015 10:14:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/05/2015 04:15:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/05/2015 03:23:19 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: (E:)Das Element ist in der Tabelle bereits vorhanden. Alle Einträge in der Tabelle müssen eindeutig sein. (0x89000014)
Error: (05/05/2015 01:42:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/30/2015 05:48:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz
Percentage of memory in use: 70%
Total physical RAM: 2039.3 MB
Available physical RAM: 596.69 MB
Total Pagefile: 4078.61 MB
Available Pagefile: 1487.86 MB
Total Virtual: 2047.88 MB
Available Virtual: 1909.58 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:149.04 GB) (Free:55.22 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: () (Removable) (Total:1.86 GB) (Free:1.62 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 51735173)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End of log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-06-03 10:46:58
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHY2160BH rev.890B 149,05GB
Running: Gmer-19357.exe; Driver: C:\Users\Karen\AppData\Local\Temp\agloqpow.sys
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82852A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8288C212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? C:\Windows\system32\drivers\SPPD.sys Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 2.1 ----
.text c:\Program Files\Google\Chrome\Application\chrome.exe[50536] ntdll.dll!NtCreateFile + 6 7776560E 4 Bytes [28, 08, B5, 00] {SUB [EAX], CL; MOV CH, 0x0}
.text c:\Program Files\Google\Chrome\Application\chrome.exe[50536] ntdll.dll!NtCreateFile + B 77765613 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[50536] ntdll.dll!NtMapViewOfSection + 6 77765C6E 4 Bytes [28, 0B, B5, 00] {SUB [EBX], CL; MOV CH, 0x0}
.text c:\Program Files\Google\Chrome\Application\chrome.exe[50536] ntdll.dll!NtMapViewOfSection + B 77765C73 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[50536] ntdll.dll!NtOpenFile + 6 77765D1E 4 Bytes [68, 08, B5, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[50536] ntdll.dll!NtOpenFile + B 77765D23 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[50536] ntdll.dll!NtOpenProcess + 6 77765DCE 4 Bytes [A8, 09, B5, 00] {TEST AL, 0x9; MOV CH, 0x0}
.text c:\Program Files\Google\Chrome\Application\chrome.exe[50536] ntdll.dll!NtOpenProcess + B 77765DD3 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[50536] ntdll.dll!NtOpenProcessToken + B 77765DE3 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[50536] ntdll.dll!NtOpenProcessTokenEx + 6 77765DEE 4 Bytes [A8, 0A, B5, 00] {TEST AL, 0xa; MOV CH, 0x0}
.text c:\Program Files\Google\Chrome\Application\chrome.exe[50536] ntdll.dll!NtOpenProcessTokenEx + B 77765DF3 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[50536] ntdll.dll!NtOpenThread + 6 77765E4E 4 Bytes [68, 09, B5, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[50536] ntdll.dll!NtOpenThread + B 77765E53 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[50536] ntdll.dll!NtOpenThreadToken + 6 77765E5E 4 Bytes [68, 0A, B5, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[50536] ntdll.dll!NtOpenThreadToken + B 77765E63 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[50536] ntdll.dll!NtOpenThreadTokenEx + B 77765E73 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[50536] ntdll.dll!NtQueryAttributesFile + 6 77765F7E 4 Bytes [A8, 08, B5, 00] {TEST AL, 0x8; MOV CH, 0x0}
.text c:\Program Files\Google\Chrome\Application\chrome.exe[50536] ntdll.dll!NtQueryAttributesFile + B 77765F83 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[50536] ntdll.dll!NtQueryFullAttributesFile + B 77766033 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[50536] ntdll.dll!NtSetInformationFile + 6 7776667E 4 Bytes [28, 09, B5, 00] {SUB [ECX], CL; MOV CH, 0x0}
.text c:\Program Files\Google\Chrome\Application\chrome.exe[50536] ntdll.dll!NtSetInformationFile + B 77766683 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[50536] ntdll.dll!NtSetInformationThread + 6 777666DE 4 Bytes [28, 0A, B5, 00] {SUB [EDX], CL; MOV CH, 0x0}
.text c:\Program Files\Google\Chrome\Application\chrome.exe[50536] ntdll.dll!NtSetInformationThread + B 777666E3 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[50536] ntdll.dll!NtUnmapViewOfSection + 6 777669FE 4 Bytes [68, 0B, B5, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[50536] ntdll.dll!NtUnmapViewOfSection + B 77766A03 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[50536] kernel32.dll!ExitProcess 7753BC9A 5 Bytes JMP 00C80018
.text c:\Program Files\Google\Chrome\Application\chrome.exe[51648] ntdll.dll!NtMapViewOfSection + 6 77765C6E 2 Bytes [18, 20] {SBB [EAX], AH}
.text c:\Program Files\Google\Chrome\Application\chrome.exe[51648] ntdll.dll!NtMapViewOfSection + 9 77765C71 1 Byte [71]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[51648] ntdll.dll!NtMapViewOfSection + 9 77765C71 3 Bytes [71, FF, E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[51648] kernel32.dll!ExitProcess 7753BC9A 5 Bytes JMP 00240018
.text c:\Program Files\Google\Chrome\Application\chrome.exe[52796] ntdll.dll!NtCreateFile + 6 7776560E 4 Bytes [28, 90, B8, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[52796] ntdll.dll!NtCreateFile + B 77765613 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[52796] ntdll.dll!NtMapViewOfSection + 6 77765C6E 4 Bytes [28, 93, B8, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[52796] ntdll.dll!NtMapViewOfSection + B 77765C73 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[52796] ntdll.dll!NtOpenFile + 6 77765D1E 4 Bytes [68, 90, B8, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[52796] ntdll.dll!NtOpenFile + B 77765D23 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[52796] ntdll.dll!NtOpenProcess + 6 77765DCE 4 Bytes [A8, 91, B8, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[52796] ntdll.dll!NtOpenProcess + B 77765DD3 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[52796] ntdll.dll!NtOpenProcessToken + B 77765DE3 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[52796] ntdll.dll!NtOpenProcessTokenEx + 6 77765DEE 4 Bytes [A8, 92, B8, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[52796] ntdll.dll!NtOpenProcessTokenEx + B 77765DF3 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[52796] ntdll.dll!NtOpenThread + 6 77765E4E 4 Bytes [68, 91, B8, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[52796] ntdll.dll!NtOpenThread + B 77765E53 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[52796] ntdll.dll!NtOpenThreadToken + 6 77765E5E 4 Bytes [68, 92, B8, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[52796] ntdll.dll!NtOpenThreadToken + B 77765E63 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[52796] ntdll.dll!NtOpenThreadTokenEx + B 77765E73 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[52796] ntdll.dll!NtQueryAttributesFile + 6 77765F7E 4 Bytes [A8, 90, B8, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[52796] ntdll.dll!NtQueryAttributesFile + B 77765F83 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[52796] ntdll.dll!NtQueryFullAttributesFile + B 77766033 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[52796] ntdll.dll!NtSetInformationFile + 6 7776667E 4 Bytes [28, 91, B8, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[52796] ntdll.dll!NtSetInformationFile + B 77766683 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[52796] ntdll.dll!NtSetInformationThread + 6 777666DE 4 Bytes [28, 92, B8, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[52796] ntdll.dll!NtSetInformationThread + B 777666E3 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[52796] ntdll.dll!NtUnmapViewOfSection + 6 777669FE 4 Bytes [68, 93, B8, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[52796] ntdll.dll!NtUnmapViewOfSection + B 77766A03 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[52796] kernel32.dll!ExitProcess 7753BC9A 5 Bytes JMP 00FB0018
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53124] ntdll.dll!NtCreateFile + 6 7776560E 4 Bytes [28, B0, 39, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53124] ntdll.dll!NtCreateFile + B 77765613 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53124] ntdll.dll!NtMapViewOfSection + 6 77765C6E 4 Bytes [28, B3, 39, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53124] ntdll.dll!NtMapViewOfSection + B 77765C73 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53124] ntdll.dll!NtOpenFile + 6 77765D1E 4 Bytes [68, B0, 39, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53124] ntdll.dll!NtOpenFile + B 77765D23 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53124] ntdll.dll!NtOpenProcess + 6 77765DCE 4 Bytes [A8, B1, 39, 00] {TEST AL, 0xb1; CMP [EAX], EAX}
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53124] ntdll.dll!NtOpenProcess + B 77765DD3 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53124] ntdll.dll!NtOpenProcessToken + B 77765DE3 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53124] ntdll.dll!NtOpenProcessTokenEx + 6 77765DEE 4 Bytes [A8, B2, 39, 00] {TEST AL, 0xb2; CMP [EAX], EAX}
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53124] ntdll.dll!NtOpenProcessTokenEx + B 77765DF3 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53124] ntdll.dll!NtOpenThread + 6 77765E4E 4 Bytes [68, B1, 39, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53124] ntdll.dll!NtOpenThread + B 77765E53 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53124] ntdll.dll!NtOpenThreadToken + 6 77765E5E 4 Bytes [68, B2, 39, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53124] ntdll.dll!NtOpenThreadToken + B 77765E63 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53124] ntdll.dll!NtOpenThreadTokenEx + B 77765E73 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53124] ntdll.dll!NtQueryAttributesFile + 6 77765F7E 4 Bytes [A8, B0, 39, 00] {TEST AL, 0xb0; CMP [EAX], EAX}
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53124] ntdll.dll!NtQueryAttributesFile + B 77765F83 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53124] ntdll.dll!NtQueryFullAttributesFile + B 77766033 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53124] ntdll.dll!NtSetInformationFile + 6 7776667E 4 Bytes [28, B1, 39, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53124] ntdll.dll!NtSetInformationFile + B 77766683 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53124] ntdll.dll!NtSetInformationThread + 6 777666DE 4 Bytes [28, B2, 39, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53124] ntdll.dll!NtSetInformationThread + B 777666E3 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53124] ntdll.dll!NtUnmapViewOfSection + 6 777669FE 4 Bytes [68, B3, 39, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53124] ntdll.dll!NtUnmapViewOfSection + B 77766A03 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53124] kernel32.dll!ExitProcess 7753BC9A 5 Bytes JMP 00690018
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53912] ntdll.dll!NtCreateFile + 6 7776560E 4 Bytes [28, 78, 8E, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53912] ntdll.dll!NtCreateFile + B 77765613 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53912] ntdll.dll!NtMapViewOfSection + 6 77765C6E 4 Bytes [28, 7B, 8E, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53912] ntdll.dll!NtMapViewOfSection + B 77765C73 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53912] ntdll.dll!NtOpenFile + 6 77765D1E 4 Bytes [68, 78, 8E, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53912] ntdll.dll!NtOpenFile + B 77765D23 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53912] ntdll.dll!NtOpenProcess + 6 77765DCE 4 Bytes [A8, 79, 8E, 00] {TEST AL, 0x79; MOV ES, [EAX]}
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53912] ntdll.dll!NtOpenProcess + B 77765DD3 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53912] ntdll.dll!NtOpenProcessToken + B 77765DE3 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53912] ntdll.dll!NtOpenProcessTokenEx + 6 77765DEE 4 Bytes [A8, 7A, 8E, 00] {TEST AL, 0x7a; MOV ES, [EAX]}
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53912] ntdll.dll!NtOpenProcessTokenEx + B 77765DF3 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53912] ntdll.dll!NtOpenThread + 6 77765E4E 4 Bytes [68, 79, 8E, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53912] ntdll.dll!NtOpenThread + B 77765E53 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53912] ntdll.dll!NtOpenThreadToken + 6 77765E5E 4 Bytes [68, 7A, 8E, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53912] ntdll.dll!NtOpenThreadToken + B 77765E63 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53912] ntdll.dll!NtOpenThreadTokenEx + B 77765E73 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53912] ntdll.dll!NtQueryAttributesFile + 6 77765F7E 4 Bytes [A8, 78, 8E, 00] {TEST AL, 0x78; MOV ES, [EAX]}
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53912] ntdll.dll!NtQueryAttributesFile + B 77765F83 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53912] ntdll.dll!NtQueryFullAttributesFile + B 77766033 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53912] ntdll.dll!NtSetInformationFile + 6 7776667E 4 Bytes [28, 79, 8E, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53912] ntdll.dll!NtSetInformationFile + B 77766683 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53912] ntdll.dll!NtSetInformationThread + 6 777666DE 4 Bytes [28, 7A, 8E, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53912] ntdll.dll!NtSetInformationThread + B 777666E3 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53912] ntdll.dll!NtUnmapViewOfSection + 6 777669FE 4 Bytes [68, 7B, 8E, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53912] ntdll.dll!NtUnmapViewOfSection + B 77766A03 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[53912] kernel32.dll!ExitProcess 7753BC9A 5 Bytes JMP 00DB0018
.text c:\Program Files\Google\Chrome\Application\chrome.exe[54512] ntdll.dll!NtCreateFile + 6 7776560E 4 Bytes [28, 14, 2E, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[54512] ntdll.dll!NtCreateFile + B 77765613 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[54512] ntdll.dll!NtMapViewOfSection + 6 77765C6E 4 Bytes [28, 17, 2E, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[54512] ntdll.dll!NtMapViewOfSection + B 77765C73 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[54512] ntdll.dll!NtOpenFile + 6 77765D1E 4 Bytes [68, 14, 2E, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[54512] ntdll.dll!NtOpenFile + B 77765D23 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[54512] ntdll.dll!NtOpenProcess + 6 77765DCE 4 Bytes [A8, 15, 2E, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[54512] ntdll.dll!NtOpenProcess + B 77765DD3 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[54512] ntdll.dll!NtOpenProcessToken + B 77765DE3 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[54512] ntdll.dll!NtOpenProcessTokenEx + 6 77765DEE 4 Bytes [A8, 16, 2E, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[54512] ntdll.dll!NtOpenProcessTokenEx + B 77765DF3 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[54512] ntdll.dll!NtOpenThread + 6 77765E4E 4 Bytes [68, 15, 2E, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[54512] ntdll.dll!NtOpenThread + B 77765E53 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[54512] ntdll.dll!NtOpenThreadToken + 6 77765E5E 4 Bytes [68, 16, 2E, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[54512] ntdll.dll!NtOpenThreadToken + B 77765E63 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[54512] ntdll.dll!NtOpenThreadTokenEx + B 77765E73 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[54512] ntdll.dll!NtQueryAttributesFile + 6 77765F7E 4 Bytes [A8, 14, 2E, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[54512] ntdll.dll!NtQueryAttributesFile + B 77765F83 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[54512] ntdll.dll!NtQueryFullAttributesFile + B 77766033 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[54512] ntdll.dll!NtSetInformationFile + 6 7776667E 4 Bytes [28, 15, 2E, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[54512] ntdll.dll!NtSetInformationFile + B 77766683 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[54512] ntdll.dll!NtSetInformationThread + 6 777666DE 4 Bytes [28, 16, 2E, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[54512] ntdll.dll!NtSetInformationThread + B 777666E3 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[54512] ntdll.dll!NtUnmapViewOfSection + 6 777669FE 4 Bytes [68, 17, 2E, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[54512] ntdll.dll!NtUnmapViewOfSection + B 77766A03 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[54512] kernel32.dll!ExitProcess 7753BC9A 5 Bytes JMP 00610018
.text c:\Program Files\Google\Chrome\Application\chrome.exe[54908] kernel32.dll!ExitProcess 7753BC9A 5 Bytes JMP 002A0018
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57084] ntdll.dll!NtCreateFile + 6 7776560E 4 Bytes [28, C8, 0C, 00] {SUB AL, CL; OR AL, 0x0}
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57084] ntdll.dll!NtCreateFile + B 77765613 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57084] ntdll.dll!NtMapViewOfSection + 6 77765C6E 4 Bytes [28, CB, 0C, 00] {SUB BL, CL; OR AL, 0x0}
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57084] ntdll.dll!NtMapViewOfSection + B 77765C73 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57084] ntdll.dll!NtOpenFile + 6 77765D1E 4 Bytes [68, C8, 0C, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57084] ntdll.dll!NtOpenFile + B 77765D23 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57084] ntdll.dll!NtOpenProcess + 6 77765DCE 4 Bytes [A8, C9, 0C, 00] {TEST AL, 0xc9; OR AL, 0x0}
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57084] ntdll.dll!NtOpenProcess + B 77765DD3 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57084] ntdll.dll!NtOpenProcessToken + B 77765DE3 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57084] ntdll.dll!NtOpenProcessTokenEx + 6 77765DEE 4 Bytes [A8, CA, 0C, 00] {TEST AL, 0xca; OR AL, 0x0}
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57084] ntdll.dll!NtOpenProcessTokenEx + B 77765DF3 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57084] ntdll.dll!NtOpenThread + 6 77765E4E 4 Bytes [68, C9, 0C, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57084] ntdll.dll!NtOpenThread + B 77765E53 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57084] ntdll.dll!NtOpenThreadToken + 6 77765E5E 4 Bytes [68, CA, 0C, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57084] ntdll.dll!NtOpenThreadToken + B 77765E63 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57084] ntdll.dll!NtOpenThreadTokenEx + B 77765E73 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57084] ntdll.dll!NtQueryAttributesFile + 6 77765F7E 4 Bytes [A8, C8, 0C, 00] {TEST AL, 0xc8; OR AL, 0x0}
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57084] ntdll.dll!NtQueryAttributesFile + B 77765F83 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57084] ntdll.dll!NtQueryFullAttributesFile + B 77766033 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57084] ntdll.dll!NtSetInformationFile + 6 7776667E 4 Bytes [28, C9, 0C, 00] {SUB CL, CL; OR AL, 0x0}
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57084] ntdll.dll!NtSetInformationFile + B 77766683 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57084] ntdll.dll!NtSetInformationThread + 6 777666DE 4 Bytes [28, CA, 0C, 00] {SUB DL, CL; OR AL, 0x0}
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57084] ntdll.dll!NtSetInformationThread + B 777666E3 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57084] ntdll.dll!NtUnmapViewOfSection + 6 777669FE 4 Bytes [68, CB, 0C, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57084] ntdll.dll!NtUnmapViewOfSection + B 77766A03 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57084] kernel32.dll!ExitProcess 7753BC9A 5 Bytes JMP 00270018
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57936] ntdll.dll!NtCreateFile + 6 7776560E 4 Bytes [28, 80, 36, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57936] ntdll.dll!NtCreateFile + B 77765613 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57936] ntdll.dll!NtMapViewOfSection + 6 77765C6E 4 Bytes [28, 83, 36, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57936] ntdll.dll!NtMapViewOfSection + B 77765C73 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57936] ntdll.dll!NtOpenFile + 6 77765D1E 4 Bytes [68, 80, 36, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57936] ntdll.dll!NtOpenFile + B 77765D23 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57936] ntdll.dll!NtOpenProcess + 6 77765DCE 4 Bytes [A8, 81, 36, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57936] ntdll.dll!NtOpenProcess + B 77765DD3 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57936] ntdll.dll!NtOpenProcessToken + B 77765DE3 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57936] ntdll.dll!NtOpenProcessTokenEx + 6 77765DEE 4 Bytes [A8, 82, 36, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57936] ntdll.dll!NtOpenProcessTokenEx + B 77765DF3 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57936] ntdll.dll!NtOpenThread + 6 77765E4E 4 Bytes [68, 81, 36, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57936] ntdll.dll!NtOpenThread + B 77765E53 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57936] ntdll.dll!NtOpenThreadToken + 6 77765E5E 4 Bytes [68, 82, 36, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57936] ntdll.dll!NtOpenThreadToken + B 77765E63 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57936] ntdll.dll!NtOpenThreadTokenEx + B 77765E73 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57936] ntdll.dll!NtQueryAttributesFile + 6 77765F7E 4 Bytes [A8, 80, 36, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57936] ntdll.dll!NtQueryAttributesFile + B 77765F83 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57936] ntdll.dll!NtQueryFullAttributesFile + B 77766033 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57936] ntdll.dll!NtSetInformationFile + 6 7776667E 4 Bytes [28, 81, 36, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57936] ntdll.dll!NtSetInformationFile + B 77766683 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57936] ntdll.dll!NtSetInformationThread + 6 777666DE 4 Bytes [28, 82, 36, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57936] ntdll.dll!NtSetInformationThread + B 777666E3 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57936] ntdll.dll!NtUnmapViewOfSection + 6 777669FE 4 Bytes [68, 83, 36, 00]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57936] ntdll.dll!NtUnmapViewOfSection + B 77766A03 1 Byte [E2]
.text c:\Program Files\Google\Chrome\Application\chrome.exe[57936] kernel32.dll!ExitProcess 7753BC9A 5 Bytes JMP 00580018
---- Devices - GMER 2.1 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Processes - GMER 2.1 ----
Process hidden process (*** hidden *** ) 1128
Process hidden process (*** hidden *** ) 13612
Process hidden process (*** hidden *** ) 14340
Process hidden process (*** hidden *** ) 14432
Process hidden process (*** hidden *** ) 15900
Process hidden process (*** hidden *** ) 18852
Process hidden process (*** hidden *** ) 23028
Process hidden process (*** hidden *** ) 24720
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@564F758A 159
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EA GAMES\Die Sims\x2122 2\Die Sims\x2122 2.lnk 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\Die Sims\x2122 2\Die Sims\x2122 2.lnk 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EA GAMES\Die Sims\x2122 2\Die Sims\x2122 2 Body Shop.lnk 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\Die Sims\x2122 2\Die Sims\x2122 2 Body Shop.lnk 1
---- EOF - GMER 2.1 ----
Geändert von turmfalke (03.06.2015 um 10:10 Uhr) |
|
03.06.2015, 10:29
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows 7: Webseiten werden auf Werbung umgeleitet, Chrome startet nicht mehr Hi,
__________________Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Danach gehts weiter, gib Bescheid wenn das erledigt ist.
__________________ |
|
03.06.2015, 10:45
| #3 |
| | Windows 7: Webseiten werden auf Werbung umgeleitet, Chrome startet nicht mehr Hej cosinus,
__________________danke für die schnelle Antwort! Mit dem Revo Uninstaller bin ich jetzt durch. Wie geht's weiter? |
|
03.06.2015, 10:46
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Webseiten werden auf Werbung umgeleitet, Chrome startet nicht mehr Adware/Junkware/Toolbars entfernen 1. Schritt: Malwarebytes Downloade Dir bitte  Malwarebytes Anti-Malware
(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!) 2. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
3. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
4. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
| Themen zu Windows 7: Webseiten werden auf Werbung umgeleitet, Chrome startet nicht mehr |
| adobe, adware, bonjour, browser, computer, converter, cpu, defender, desktop, homepage, internet explorer, launch, malware, mozilla, mp3, prozesse, registry, scan, security, services.exe, software, super, svchost.exe, system, udp, werbung, windows |
dann auf 
und dann auf 
. 
Linear-Darstellung
