|
windows 8: istart.webssearches.com und spy hunter 4 auf dem rechner! Hallo, leider habe ich selbstverschuldet istart.websearch installiert, da es sich als notwendiges java- update ausgab. In diesem Zusammenhang habe ich zudem (wiederum selbstverschuldet) die malware spy hunter 4 runtergeladen und wieder gelöscht. Leider bin ich nicht sicher, ob das programm vollständig deinstalliert wurde. malwarebytes hat keine Probleme gefunden und ich weiß nicht, wie ich alles vollständig säubern kann. Hier die Logfiles: defogger ergab keine Fehlermeldung. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-07-2014 Ran by xxx at 2014-07-03 21:13:15 Running from C:\Users\xxx\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664} ==================== Installed Programs ====================== Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.5.0 - Auslogics Labs Pty Ltd) AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4592 - AVG Technologies) AVG 2014 (Version: 14.0.3986 - AVG Technologies) Hidden AVG 2014 (Version: 14.0.4592 - AVG Technologies) Hidden AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.1.7.598 - AVG Technologies) Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform) Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.8.0.16 - Dell) EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation) Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation) Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation) Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.) Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.) Steuer 2013 (HKLM-x32\...\{05AEF487-8926-48A9-B5BA-9BED72BC6B1C}) (Version: 21.00.8480 - Buhl Data Service GmbH) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player 2.0.7 (HKLM\...\VLC media player) (Version: 2.0.7 - VideoLAN) ==================== Restore Points ========================= 11-06-2014 17:33:25 Windows Update 15-06-2014 04:41:09 Wiederherstellungsvorgang 18-06-2014 07:24:13 Windows Update 25-06-2014 18:30:57 Geplanter Prüfpunkt 03-07-2014 05:47:14 Installed SpyHunter ==================== Hosts content: ========================== 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0096DAC5-0070-44C2-A4FB-4226CDC6BE41} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {0EF2C363-FBEE-476E-89D3-607E16D7C0EC} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-24] (Adobe Systems Incorporated) Task: {1DB41F58-3A5B-477C-9447-61A1871F6346} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation) Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {2B3B571D-FCAB-4356-AADF-42448FAC4A9B} - System32\Tasks\{720129A9-4CAE-496A-A174-6A3237A33C4D} => c:\program files\\waterfox\waterfox.exe Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation) Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation) Task: {3EC223E2-EBC2-4627-B0AC-0389DE10A6A0} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv Task: {477658B0-5DF3-427C-85EF-CF384C253561} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd) Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance Task: {519652C7-C176-48ED-85A9-96C471BB4F9C} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics Task: {5B81BE4A-8F58-445F-8C9D-D8F3CC0279B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-18] (Google Inc.) Task: {62AA15D3-9FA8-4FFC-95E9-BF8A9E15AC31} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-06-26] (globalUpdate) <==== ATTENTION Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {799C2517-FC63-4BAD-B95E-CA19DE628C15} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: {9D58F267-46F5-4C41-91BF-82CE232C80B3} - System32\Tasks\{9CE635A9-5C34-48FF-BA75-4DA34ACD4529} => c:\program files\\waterfox\waterfox.exe Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work Task: {B9DA8699-E1FA-48C9-B5F2-3CD3F62C5F73} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation Task: {C04CC267-57FF-48C3-A25C-BD2894992033} - System32\Tasks\7a9a219b-478f-4b4a-a06c-f4e2bc0f6231-5_user => C:\Program Files (x86)\Fraven 1.1\7a9a219b-478f-4b4a-a06c-f4e2bc0f6231-5.exe Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization Task: {E062FCA8-5E71-4A7D-A585-A9A4B67A7CE9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-18] (Google Inc.) Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE Task: {EF268A21-95EF-496C-AEE0-7ECE3E27418F} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-06-26] (globalUpdate) <==== ATTENTION Task: C:\WINDOWS\Tasks\7a9a219b-478f-4b4a-a06c-f4e2bc0f6231-5_user.job => C:\Program Files (x86)\Fraven 1.1\7a9a219b-478f-4b4a-a06c-f4e2bc0f6231-5.exe Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-04-14 09:02 - 2014-04-14 09:02 - 00034304 _____ () C:\WINDOWS\System32\ssj1mlm.dll 2014-06-20 17:10 - 2014-06-20 17:10 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe 2012-12-14 02:42 - 2012-12-14 02:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-06-19 12:56 - 2014-06-20 17:10 - 02567192 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe 2014-07-03 21:07 - 2014-07-03 21:07 - 00050477 _____ () C:\Users\xxx\Downloads\Defogger (1).exe 2014-06-20 17:10 - 2014-06-20 17:10 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\log4cplusU.dll 2014-06-19 12:56 - 2014-06-19 12:56 - 01632792 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\TBAPI.dll 2014-06-12 11:49 - 2014-06-05 15:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll 2014-06-12 11:49 - 2014-06-05 15:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll 2014-06-12 11:49 - 2014-06-05 15:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll 2014-06-12 11:49 - 2014-06-05 15:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll 2014-06-12 11:49 - 2014-06-05 15:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 AlternateDataStreams: C:\Users\xxx\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= HKLM\...\StartupApproved\StartupFolder: => "WISO Mein Steuer-Sparbuch heute.lnk" HKLM\...\StartupApproved\Run32: => "Adobe ARM" ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (07/03/2014 07:42:34 PM) (Source: Windows Search Service) (EventID: 1019) (User: ) Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-645814921-2363520728-22122384-1001}/">. Error: (07/03/2014 07:42:33 PM) (Source: Windows Search Service) (EventID: 1019) (User: ) Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-645814921-2363520728-22122384-1001}/">. Error: (07/03/2014 07:49:43 AM) (Source: MsiInstaller) (EventID: 11721) (User: PC) Description: Produkt: SpyHunter -- Fehler 1721. Es liegt ein dieses Windows Installer-Paket betreffendes Problem vor. Ein für den Abschluss der Installation erforderliches Programm konnte nicht ausgeführt werden. Wenden Sie sich an das Supportpersonal oder den Hersteller des Pakets. Aktion: , Pfad: WiseCustomCall, Befehl: g5 Error: (07/03/2014 07:43:01 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (07/01/2014 03:26:24 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (06/30/2014 10:04:47 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (06/29/2014 05:00:54 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (06/29/2014 04:23:55 PM) (Source: Windows Search Service) (EventID: 1019) (User: ) Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-645814921-2363520728-22122384-1001}/">. Error: (06/29/2014 04:23:54 PM) (Source: Windows Search Service) (EventID: 1019) (User: ) Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-645814921-2363520728-22122384-1001}/">. Error: (06/29/2014 03:12:59 PM) (Source: Windows Search Service) (EventID: 1019) (User: ) Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-645814921-2363520728-22122384-1001}/">. System errors: ============= Error: (07/03/2014 09:01:55 PM) (Source: DCOM) (EventID: 10010) (User: PC) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (07/03/2014 09:01:24 PM) (Source: DCOM) (EventID: 10010) (User: PC) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (07/03/2014 06:57:23 AM) (Source: bowser) (EventID: 8016) (User: ) Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "PC" auf Transport "NetBT_Tcpip_{8F3AB39D-6ECC-4FDE-A883-B9810F8E2358}". Das Datagramm steht in den Daten. Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist. Error: (07/01/2014 03:08:42 PM) (Source: bowser) (EventID: 8016) (User: ) Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "PC" auf Transport "NetBT_Tcpip_{8F3AB39D-6ECC-4FDE-A883-B9810F8E2358}". Das Datagramm steht in den Daten. Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist. Error: (06/30/2014 09:28:52 PM) (Source: DCOM) (EventID: 10016) (User: PC) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}PCxxxS-1-5-21-645814921-2363520728-22122384-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (06/30/2014 09:28:52 PM) (Source: DCOM) (EventID: 10016) (User: PC) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}PCxxxS-1-5-21-645814921-2363520728-22122384-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (06/30/2014 09:28:52 PM) (Source: DCOM) (EventID: 10016) (User: PC) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}PCxxxS-1-5-21-645814921-2363520728-22122384-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (06/30/2014 09:28:52 PM) (Source: DCOM) (EventID: 10016) (User: PC) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}PCxxxS-1-5-21-645814921-2363520728-22122384-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (06/30/2014 09:28:52 PM) (Source: DCOM) (EventID: 10016) (User: PC) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}PCxxxS-1-5-21-645814921-2363520728-22122384-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (06/30/2014 09:28:52 PM) (Source: DCOM) (EventID: 10016) (User: PC) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}PCxxxS-1-5-21-645814921-2363520728-22122384-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-06-05 20:50:58.063 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\xxx\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-06-05 20:50:57.688 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-12-26 19:25:28.413 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2013-12-26 19:25:23.147 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2013-12-26 19:25:17.521 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2013-12-26 19:25:12.146 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2013-12-26 19:25:06.130 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2013-12-26 19:25:00.130 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2013-12-26 19:24:53.051 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2013-12-26 19:24:52.629 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Percentage of memory in use: 38% Total physical RAM: 4002.05 MB Available physical RAM: 2477.89 MB Total Pagefile: 4706.05 MB Available Pagefile: 2833.37 MB Total Virtual: 131072 MB Available Virtual: 131071.8 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:323.53 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 6853086E) Partition 1: (Not Active) - (Size=100 MB) - (Type=DE) Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: Nina Scan Type: Threat Scan Result: Completed Objects Scanned: 291607 Time Elapsed: 19 min, 3 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-07-03 21:45:22 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002c ST9500423AS rev.0003DEM1 465,76GB Running: Gmer-19357.exe; Driver: C:\Users\xxx\AppData\Local\Temp\fxldapow.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 1 fffff96000127201 7 bytes [20, 0A, 02, 00, F0, 70, 01] .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 9 fffff96000127209 6 bytes [88, B0, FF, 01, 23, DC] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[192] C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE!wdGetApplicationObject + 166 000000002f8f1afc 2 bytes [8F, 2F] .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[192] C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE!wdGetApplicationObject + 253 000000002f8f1b53 2 bytes [8F, 2F] .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[192] C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE!wdGetApplicationObject + 320 000000002f8f1b96 2 bytes [8F, 2F] .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[192] C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE!wdGetApplicationObject + 390 000000002f8f1bdc 2 bytes [8F, 2F] .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[192] C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE!wdGetApplicationObject + 738 000000002f8f1d38 2 bytes [8F, 2F] .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[192] C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE!wdGetApplicationObject + 937 000000002f8f1dff 2 bytes [8F, 2F] .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[192] C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE!wdGetApplicationObject + 958 000000002f8f1e14 2 bytes [8F, 2F] .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[192] C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE!wdGetApplicationObject + 970 000000002f8f1e20 2 bytes [8F, 2F] .text C:\WINDOWS\splwow64.exe[6116] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffabc51169a 4 bytes [51, BC, FA, 7F] .text C:\WINDOWS\splwow64.exe[6116] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffabc5116a2 4 bytes [51, BC, FA, 7F] .text C:\WINDOWS\splwow64.exe[6116] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffabc51181a 4 bytes [51, BC, FA, 7F] .text C:\WINDOWS\splwow64.exe[6116] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffabc511832 4 bytes [51, BC, FA, 7F] ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [860:884] fffff96000916b90 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{B04054FC-8F05-468C-9A07-0A60C015B026}\Connection@Name isatap.{8F3AB39D-6ECC-4FDE-A883-B9810F8E2358} Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -1967367893 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 5352 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalResumeTime 12369 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeBootMgrTime 447 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAppTime 595 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAppStartTimestamp 5802 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeLibraryInitTime 52 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeInitTime 152 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeHiberFileTime 387 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeRestoreImageStartTimestamp 6007 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeIoTime 290 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeDecompressTime 122 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeMapTime 7 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAllocateTime 1 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeKernelSwitchTimestamp 6397 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnFromHandlerTimestamp 6422 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@SleeperThreadEndTimestamp 11740 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TimeStampCounterAtSwitchTime 6418 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnSystemPowerState 12338 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberHiberFileTime 5633 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberInitTime 92 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberSharedBufferTime 3 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalHibernateTime 19624 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeHiberFileTime 5312 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeInitTime 87 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeSharedBufferTime 11 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@DeviceResumeTime 578 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelAnimationTime 56 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelPagesProcessed 348082 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelPagesWritten 0xC0 0x18 0x02 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@BootPagesProcessed 18400 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@BootPagesWritten 0xB6 0x24 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberWriteRate 101 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberCompressRate 27 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeReadRate 104 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeDecompressRate 88 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FileRuns 2 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeIoCpuTime 4237 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberIoCpuTime 579 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeCompleteTimestamp 0x23 0x68 0xBC 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\c0188550721a Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{B04054FC-8F05-468C-9A07-0A60C015B026}@InterfaceName isatap.{8F3AB39D-6ECC-4FDE-A883-B9810F8E2358} Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{B04054FC-8F05-468C-9A07-0A60C015B026}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{B04054FC-8F05-468C-9A07-0A60C015B026}@DefunctTimestamp 0xCF 0x95 0xB5 0x53 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@Tag 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@ImagePath \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@DisplayName MBAMSwissArmy Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy\Instances Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy\Instances@DefaultInstance MBAMSwissArmy Instance Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy\Instances\MBAMSwissArmy Instance Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy\Instances\MBAMSwissArmy Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime ?Do?, ?Jul ?03 ?14, 07:50:30??????????????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 9649 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 4353 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8F3AB39D-6ECC-4FDE-A883-B9810F8E2358}@LeaseObtainedTime 1404409294 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8F3AB39D-6ECC-4FDE-A883-B9810F8E2358}@T1 -743074355 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8F3AB39D-6ECC-4FDE-A883-B9810F8E2358}@T2 1941280205 Reg HKLM\SYSTEM\CurrentControlSet\Services\UmPass\Parameters\Wdf@TimeOfLastSqmLog 0xB8 0x7E 0xA9 0x89 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@RwMask 0x64 0x62 0x03 0x00 ... ---- EOF - GMER 2.1 ---- Vielen Dank für die Hilfe |
hi, FRST.txt fehlt.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
|
Hallo schrauber, danke für den Hinweis! Hier nun FRST.text : FRST Logfile: Code: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-07-2014 |
Adware & Co. deinstallieren
Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter: Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte. |
Hallo Schrauber, zunächst konnten die in FRST als attention gekenzeichneten Elemente nicht mit revounistaller gelöscht werden. Nach den von dir vorgegeben AKtionen glaube ich jedoch, dass sie nun verschwunden sind. Hier nun die Logfiles: Malwarebytes Anti-Malware Malwarebytes | Free Anti-Malware & Internet Security Software Suchlauf Datum: 05.07.2014 Suchlauf-Zeit: 22:41:50 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.07.05.10 Rootkit Datenbank: v2014.07.03.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Nina Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 292126 Verstrichene Zeit: 18 Min, 44 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) __________________________________________________________________AdwCleaner Logfile: Code: # AdwCleaner v3.214 - Bericht erstellt am 05/07/2014 um 23:06:49______________________________________________________________________JRT Logfile: Code: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~_____________________________________________________________________ FRST Logfile: Code: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01Ist der Rechner nun sauber? Vielen Dank für die Hilfe! |
Kontrollscans :) ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? :) |
ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7587 # api_version=3.0.2 # EOSSerial=6ef3e192c4df024787af39b7eede15e0 # engine=19043 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-07-06 12:58:05 # local_time=2014-07-06 02:58:05 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.2.9200 NT # compatibility_mode_1='AVG AntiVirus Free Edition 2014' # compatibility_mode=1051 16777213 100 100 99071 91785469 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 2394328 9035006 0 0 # scanned=150799 # found=0 # cleaned=0 # scan_time=7143 _______________________________________________________________ Results of screen317's Security Check version 0.99.85 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` AVG AntiVirus Free Edition 2014 Windows Defender Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java version out of Date! Adobe Flash Player 13.0.0.214 Flash Player out of Date! Adobe Reader XI Google Chrome 35.0.1916.114 Google Chrome 35.0.1916.153 ````````Process Check: objlist.exe by Laurent```````` AVG avgwdsvc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` _________________________________________________________________ FRST Logfile: Code: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01 |
Java und Flash updaten. Fertig :) Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :) Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann. |
Fantastisch! Das hat alles echt schnell geklappt. Ich hätte nicht gedacht, dass Du mir wirklich so schnell bei der Lösung meines Problems helfen würdest. Immer super schnell auf meine Antworten reagiert und das vor allem auch am Wochenende, wo man sicher besseres zu tun hätte!! Ich wollte schon das ganze System neu auf den rechnen packen und konnte das durch deine guten Hinweise gottseidank vermeiden! Nochmals vielen Dank an dich und an das ganze board-team! Noch eine kurze Frage: Ist es ok ein Antivirenprogramm und Malwarebytes gleichzeitig laufen zu lassen oder blockieren die sich dann irgendwie gegenseitig? Beste Grüße |
ja ist ok :) Gern Geschehen :) |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 14:00 Uhr. |
Copyright ©2000-2025, Trojaner-Board
