Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Windows7 unerwünschte Programme SlimCleanerPlus

Windows7 unerwünschte Programme SlimCleanerPlus


Plagegeister aller Art und deren Bekämpfung: Windows7 unerwünschte Programme SlimCleanerPlus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 07.07.2015, 15:58   #4
petti
 
Windows7 unerwünschte Programme SlimCleanerPlus - Standard

Windows7 unerwünschte Programme SlimCleanerPlus


Hallo Matthias

danke für die schnelle Antwort.

So combofix ausgeführt.

Code:
ATTFilter
ComboFix 15-07-07.01 - Anwender 07.07.2015  16:40:22.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4095.2321 [GMT 2:00]
ausgeführt von:: c:\users\Anwender\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\program files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
c:\program files (x86)\Skype\Phone\Skype.exe
c:\programdata\12600259755908936684
c:\programdata\12600259755908936684\cd5b15e575e1c3d0b5230903e0778a0a.ini
c:\programdata\ntuser.pol
c:\users\Anwender\AppData\Local\Microsoft\Windows\Temporary Internet Files\Edu App_iels
c:\users\Anwender\AppData\Local\nsf2C13.tmp
c:\users\Anwender\AppData\Local\SmartWeb
c:\users\Anwender\AppData\Local\SmartWeb\uninst.lnk
c:\users\Anwender\AppData\Roaming\AnyProtectEx
c:\users\Anwender\AppData\Roaming\AnyProtectEx\installer\ab.test.json
c:\users\Anwender\AppData\Roaming\AnyProtectEx\installer\tempfile.t
c:\users\Anwender\AppData\Roaming\AnyProtectEx\language\de.xml
c:\users\Anwender\AppData\Roaming\AnyProtectEx\language\en.xml
c:\users\Anwender\AppData\Roaming\AnyProtectEx\language\fr.xml
c:\users\Anwender\AppData\Roaming\AnyProtectEx\scan_results\aps.scan.quick.results
c:\users\Anwender\AppData\Roaming\AnyProtectEx\scan_results\aps.scan.results
c:\users\Anwender\AppData\Roaming\AnyProtectEx\swf\mov01.swf
c:\windows\security\logs\scecomp.log
c:\windows\SysWow64\sn.txt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-06-07 bis 2015-07-07  ))))))))))))))))))))))))))))))
.
.
2015-07-07 14:48 . 2015-07-07 14:48	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-07-07 14:48 . 2015-07-07 14:48	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{02B5A1E0-1217-4F74-8916-D5D090576FC1}\offreg.dll
2015-07-07 13:11 . 2015-07-07 13:13	--------	d-----w-	C:\FRST
2015-06-27 15:58 . 2015-06-27 15:58	--------	d-----w-	c:\programdata\4e37a8c900002a05
2015-06-27 15:56 . 2015-06-27 15:56	--------	d-----w-	c:\programdata\3fe8688000004fe9
2015-06-27 14:41 . 2015-07-07 13:53	136408	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-27 14:38 . 2015-04-14 07:37	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-06-27 14:38 . 2015-04-14 07:37	107736	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-06-27 14:38 . 2015-04-14 07:37	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-06-27 14:38 . 2015-06-27 14:39	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2015-06-27 14:38 . 2015-06-27 14:38	--------	d-----w-	c:\programdata\Malwarebytes
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-23 23:32 . 2014-09-29 14:33	778416	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-06-23 23:32 . 2014-09-29 14:33	142512	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-05-15 20:13 . 2014-09-29 10:23	140425016	----a-w-	c:\windows\system32\MRT.exe
2015-05-06 22:23 . 2014-11-19 20:59	97888	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-05-05 01:29 . 2015-05-14 20:05	342016	----a-w-	c:\windows\system32\schannel.dll
2015-05-05 01:12 . 2015-05-14 20:05	248832	----a-w-	c:\windows\SysWow64\schannel.dll
2015-05-01 13:17 . 2015-05-14 21:07	124112	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-01 13:16 . 2015-05-14 21:07	102608	----a-w-	c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-04-20 03:17 . 2015-05-15 20:09	1647104	----a-w-	c:\windows\system32\DWrite.dll
2015-04-20 03:17 . 2015-05-15 20:09	1179136	----a-w-	c:\windows\system32\FntCache.dll
2015-04-20 02:56 . 2015-05-15 20:09	1250816	----a-w-	c:\windows\SysWow64\DWrite.dll
2015-04-20 02:11 . 2015-05-15 20:09	3204608	----a-w-	c:\windows\system32\win32k.sys
2015-04-18 03:10 . 2015-05-14 20:05	460800	----a-w-	c:\windows\system32\certcli.dll
2015-04-18 02:56 . 2015-05-14 20:05	342016	----a-w-	c:\windows\SysWow64\certcli.dll
2015-04-13 03:28 . 2015-05-14 20:02	328704	----a-w-	c:\windows\system32\services.exe
2015-04-10 19:56 . 2015-04-10 19:56	58224	----a-w-	c:\windows\system32\drivers\innfd_1_10_0_14.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4F524A2D-5354-2D53-5045-7A786E7484D7}]
2015-04-28 06:22	11144	----a-w-	c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ebfbdd44-c0e0-4f63-a8e6-ee5f34765238}]
2015-05-08 20:41	269032	----a-w-	c:\program files (x86)\Edu App\EduAppbho.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{4F524A2D-5354-2D53-5045-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Passport.dll" [2015-04-28 11144]
.
[HKEY_CLASSES_ROOT\clsid\{4f524a2d-5354-2d53-5045-7a786e7484d7}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-09-29 13:31	223432	----a-w-	c:\users\Anwender\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-09-29 13:31	223432	----a-w-	c:\users\Anwender\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-09-29 13:31	223432	----a-w-	c:\users\Anwender\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SlimCleaner Plus"="c:\program files\SlimCleaner Plus\SlimCleanerPlus.exe" [2015-03-26 26166552]
"YTDownloader"="c:\program files (x86)\YTDownloader\YTDownloader.exe" [2015-01-08 1988968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2014-11-26 2372800]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-29 642304]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2015-05-26 1684360]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-04-30 334896]
"YTDownloader"="c:\program files (x86)\YTDownloader\YTDownloader.exe" [2015-01-08 1988968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"MaxComputerCleaner_v17.391"="c:\program files (x86)\MaxComputerCleaner_v17.391\MaxComputerCleaner_Maintenance.exe" [2015-05-10 26112]
.
c:\users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
hqghumeaylnlf.lnk - c:\programdata\{f40376ff-34b3-b8a9-f403-376ff34bdbfc}\hqghumeaylnlf.exe /startup [2014-5-10 6172784]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Launcher.lnk - c:\program files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe [2014-10-2 510520]
MCtlSvc.lnk - c:\program files (x86)\congstar\Internet-Manager\Bin\mcserver.exe [2015-4-7 60688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 BrsHelper;BrsHelper;c:\progra~2\YTDOWN~1\BROWSE~2.EXE;c:\progra~2\YTDOWN~1\BROWSE~2.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 licosely;Normal Greyscale;c:\users\Anwender\AppData\Local\DE8134D4-1430960677-4C1F-0500-E0CB4E29E6BA\snsr1319.tmp;c:\users\Anwender\AppData\Local\DE8134D4-1430960677-4C1F-0500-E0CB4E29E6BA\snsr1319.tmp [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R2 movimito;Memory Key Receive;c:\users\Anwender\AppData\Roaming\DE8134D4-1430952928-4C1F-0500-E0CB4E29E6BA\nstEFC.tmp;c:\users\Anwender\AppData\Roaming\DE8134D4-1430952928-4C1F-0500-E0CB4E29E6BA\nstEFC.tmp [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys;c:\windows\SYSNATIVE\drivers\BMLoad.sys [x]
S1 innfd_1_10_0_14;innfd_1_10_0_14;c:\windows\system32\drivers\innfd_1_10_0_14.sys;c:\windows\SYSNATIVE\drivers\innfd_1_10_0_14.sys [x]
S2 ALDITALKVerbindungsassistent_Service;ALDITALKVerbindungsassistent_Service;c:\program files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe;c:\program files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 APNMCP;Ask Aktualisierungsdienst;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 insvc_1.10.0.14;Infonaut 1.10.0.14 Client Service;c:\program files (x86)\Infonaut_1.10.0.14\Service\insvc.exe;c:\program files (x86)\Infonaut_1.10.0.14\Service\insvc.exe [x]
S2 sbmntr;sbmntr;c:\progra~2\YTDOWN~1\sbmntr.sys;c:\progra~2\YTDOWN~1\sbmntr.sys [x]
S2 SlimService;SlimWare Utility Service Launcher;c:\program files\SlimService\SlimServiceFactory.exe;c:\program files\SlimService\SlimServiceFactory.exe [x]
S2 Update Edu App;Update Edu App;c:\program files (x86)\Edu App\updateEduApp.exe;c:\program files (x86)\Edu App\updateEduApp.exe [x]
S2 Util Edu App;Util Edu App;c:\program files (x86)\Edu App\bin\utilEduApp.exe;c:\program files (x86)\Edu App\bin\utilEduApp.exe [x]
S2 WajWebEnhance Service;WajWebEnhance Service;c:\program files (x86)\WajWebEnhance\WajWebEnhance Internet Enhancer\InternetEnhancerService.exe;c:\program files (x86)\WajWebEnhance\WajWebEnhance Internet Enhancer\InternetEnhancerService.exe [x]
S2 WTGService;WTGService;c:\program files (x86)\Verbindungsassistent\WTGService.exe;c:\program files (x86)\Verbindungsassistent\WTGService.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - AWDDQKOW
*Deregistered* - awddqkow
*Deregistered* - NisDrv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components]
2015-05-10 20:05	913408	----a-w-	c:\program files (x86)\Crossbrowse\Crossbrowse\Application\39.5.2171.95\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-07-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-29 23:32]
.
2015-05-10 c:\windows\Tasks\APSnotifierPP1.job
- c:\program files (x86)\AnyProtectEx\AnyProtect.exe [2015-05-10 19:55]
.
2015-05-10 c:\windows\Tasks\APSnotifierPP2.job
- c:\program files (x86)\AnyProtectEx\AnyProtect.exe [2015-05-10 19:55]
.
2015-05-10 c:\windows\Tasks\APSnotifierPP3.job
- c:\program files (x86)\AnyProtectEx\AnyProtect.exe [2015-05-10 19:55]
.
2015-07-07 c:\windows\Tasks\Crossbrowse.job
- c:\program files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe [2015-05-10 20:03]
.
2015-04-17 c:\windows\Tasks\DriverUpdate Scan.job
- c:\program files (x86)\DriverUpdate\DriverUpdate.exe [2015-03-26 12:07]
.
2015-07-07 c:\windows\Tasks\DriverUpdate Startup.job
- c:\program files (x86)\DriverUpdate\DriverUpdate.exe [2015-03-26 12:07]
.
2015-06-29 c:\windows\Tasks\SlimCleaner Plus (Scheduled Scan - Anwender).job
- c:\program files\SlimCleaner Plus\SlimCleanerPlus.exe [2015-03-26 13:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F524A2D-5354-2D53-5045-7A786E7484D7}]
2015-04-28 06:22	12680	----a-w-	c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Passport_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4F524A2D-5354-2D53-5045-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Passport_x64.dll" [2015-04-28 12680]
.
[HKEY_CLASSES_ROOT\CLSID\{4F524A2D-5354-2D53-5045-7A786E7484D7}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-09-29 13:32	262344	----a-w-	c:\users\Anwender\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-09-29 13:32	262344	----a-w-	c:\users\Anwender\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-09-29 13:32	262344	----a-w-	c:\users\Anwender\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windesk Winsearch"="c:\program files (x86)\WindeskWinsearch\Windesk Winsearch.exe" [2015-04-08 1061256]
"3D BubbleSound"="c:\program files\BubbleSound\3D BubbleSound.exe" [2015-01-09 14115328]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
uDefault_Search_URL = web/?type=dspp&q={searchTerms}
mDefault_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1431287237&z=38043de0e7e6d29232cc69eg4zfc0geodb4m3o9cfm&from=cmi&uid=WDCXWD3200BEKT-60V5T1_WD-WXC1A20F8611F8611&q={searchTerms}
mDefault_Page_URL = ?type=hppp
mStart Page = ?type=hppp
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1431287237&z=38043de0e7e6d29232cc69eg4zfc0geodb4m3o9cfm&from=cmi&uid=WDCXWD3200BEKT-60V5T1_WD-WXC1A20F8611F8611&q={searchTerms}
uInternet Settings,ProxyOverride = <-loopback>
uInternet Settings,ProxyServer = http=127.0.0.1:53032;https=127.0.0.1:53032
uSearchAssistant = www.google.com
TCP: DhcpNameServer = 192.168.43.1
TCP: Interfaces\{0052E9BC-23BD-4DE5-A465-7D35F97E8BA5}: NameServer = 212.23.103.8 212.23.103.9
TCP: Interfaces\{0D468547-79CD-4D7A-B90A-F7DBFC87C4E2}: NameServer = 212.23.115.132 212.23.115.148
TCP: Interfaces\{0FE0A1DC-7D2A-426B-9BCA-F6BD846AAE02}: NameServer = 212.23.103.9 212.23.103.8
TCP: Interfaces\{447B8B92-E638-4A24-807C-983A5C592B10}: NameServer = 212.23.103.9 212.23.103.8
TCP: Interfaces\{4D1BC870-F250-43F6-806F-D901FF04935E}: NameServer = 212.23.103.9 212.23.103.8
TCP: Interfaces\{6E804F9B-383F-4182-8682-6116BD95A036}: NameServer = 212.23.115.150 212.23.115.132
TCP: Interfaces\{B8B01A5D-4C1B-4CD8-A98F-4E3799D94C7A}: NameServer = 212.23.115.84 212.23.115.150
TCP: Interfaces\{DA3FBBD6-AFE9-4184-B50F-BF92A5382BFA}: NameServer = 212.23.115.148 212.23.115.150
TCP: Interfaces\{E1760BFF-CEBA-465E-9700-0AAB1ED52ABE}: NameServer = 212.23.103.8 212.23.103.9
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-GoogleChromeAutoLaunch_C4859DDBFABC3069E28D5BBA1A08DE65 - c:\program files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
c:\users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk - c:\program files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
AddRemove-ConvertAd - c:\users\Anwender\AppData\Local\DE8134D4-1430960650-4C1F-0500-E0CB4E29E6BA\uninstall.exe
AddRemove-Google Chrome - c:\program files (x86)\Google\Chrome\Application\41.0.2272.118\Installer\setup.exe
AddRemove-SoftwareUpdater - c:\users\Anwender\AppData\Local\DE8134D4-1430960677-4C1F-0500-E0CB4E29E6BA\Uninstall.exe
AddRemove-Chromium - c:\users\Anwender\AppData\Local\Chrome\Application\41.0.2231.0\Installer\setup.exe
AddRemove-OneDriveSetup.exe - c:\users\Anwender\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\OneDriveSetup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\licosely]
"ImagePath"="c:\users\Anwender\AppData\Local\DE8134D4-1430960677-4C1F-0500-E0CB4E29E6BA\snsr1319.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\movimito]
"ImagePath"="c:\users\Anwender\AppData\Roaming\DE8134D4-1430952928-4C1F-0500-E0CB4E29E6BA\nstEFC.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3363051143-1332560974-1509076309-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3363051143-1332560974-1509076309-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_190_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_190_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_190_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_190_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_190.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_190.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_190.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_190.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-07-07  16:51:00
ComboFix-quarantined-files.txt  2015-07-07 14:51
.
Vor Suchlauf: 12 Verzeichnis(se), 275.508.858.880 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 276.775.968.768 Bytes frei
.
- - End Of File - - 904A30B1AE9483E8BF72700EA356F4A0
A36C5E4F47E84449FF07ED3517B43A31

 

Themen zu Windows7 unerwünschte Programme SlimCleanerPlus
administrator, adware, autorun, branding, browser, computer, defender, downloader, explorer, failed, flash player, geforce, helper, home, iexplore.exe, onedrive, registry, rundll, scan, security, services.exe, slimcleaner plus, super, svchost.exe, system, temp, teredo, vista, windows, winlogon.exe, ytdownloader


« Avast erkennt Malware Prozess:prgramme32/svchost.exe | Windows 8: Browser sehr langsam, Probleme mit dem wlan »


Ähnliche Themen: Windows7 unerwünschte Programme SlimCleanerPlus


  1. Firefox: unerwünschte Werbebanner überall,öffnet selbstständig neue Tabs z.B.zu ReimageRepair Windows7
    Plagegeister aller Art und deren Bekämpfung - 18.10.2015 (26)
  2. 9 Viren bzw. unerwünschte Programme wurden gefunden
    Log-Analyse und Auswertung - 08.09.2015 (23)
  3. Malwarebytes findet potenziell unerwünschte Programme
    Plagegeister aller Art und deren Bekämpfung - 12.08.2015 (31)
  4. Windows 7: Malware Gefunden und unerwünschte Programme
    Log-Analyse und Auswertung - 28.07.2015 (10)
  5. Ungültiges Bild beim öffnen sämtlicher Programme-Windows7
    Log-Analyse und Auswertung - 16.03.2015 (39)
  6. 11 Viren bzw. unerwünschte Programme wurden gefunden !
    Log-Analyse und Auswertung - 28.12.2014 (21)
  7. Windows7, Neuinstallation, unerwünschte Programme nicht löschbar
    Log-Analyse und Auswertung - 19.08.2014 (46)
  8. Windows 7 Pro: Unerwünschte Programme in der Taskleiste
    Log-Analyse und Auswertung - 08.08.2014 (5)
  9. unerwünschte Programme / Adware? in der Taskleiste
    Log-Analyse und Auswertung - 20.06.2014 (1)
  10. Windows7: unerwünschte Werbung; Absturz des System.
    Log-Analyse und Auswertung - 17.03.2014 (8)
  11. Windows7 64bit - Seriöse Programme laden Spam herunter?
    Log-Analyse und Auswertung - 01.11.2013 (4)
  12. Verdacht auf unerwünschte Programme
    Plagegeister aller Art und deren Bekämpfung - 14.07.2013 (53)
  13. Avira meldet 2 unerwünschte Programme
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (3)
  14. Antivir meldet 10 Viren oder unerwünschte Programme
    Log-Analyse und Auswertung - 30.01.2012 (25)
  15. Habe Viren, unerwünschte Programme und Banner :(
    Plagegeister aller Art und deren Bekämpfung - 14.07.2011 (7)
  16. AviraAntiVirPersonal hat 7 Viren oder unerwünschte Programme gefunden
    Antiviren-, Firewall- und andere Schutzprogramme - 30.09.2010 (10)
  17. Unerwünschte Weiterleitungen, Programme nicht ausführbar etc.
    Log-Analyse und Auswertung - 20.07.2009 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows7 unerwünschte Programme SlimCleanerPlus - Hallo Matthias danke für die schnelle Antwort. So combofix ausgeführt. Code: Alles auswählen Aufklappen ATTFilter ComboFix 15-07-07.01 - Anwender 07.07.2015 16:40:22.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4095.2321 [GMT - Windows7 unerwünschte Programme SlimCleanerPlus...
Archiv
Du betrachtest: Windows7 unerwünschte Programme SlimCleanerPlus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131