| moosmupfel | 13.01.2015 19:25 |
vielen lieben Dank. Ich fang dann mal an zu posten:
MBAM- fand 4 Bedrohungen, interessanterweise nur komplett andere Dateien als ESET, hab sie dennoch wie befohlen in die Quarantäne verbannt ;) ... Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Update, 13.01.2015 17:58:22, SYSTEM, SCHNUCKILAP, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1,
Update, 13.01.2015 17:58:22, SYSTEM, SCHNUCKILAP, Manual, Rootkit Database, 2014.11.18.1, 2015.1.7.1,
Update, 13.01.2015 17:58:31, SYSTEM, SCHNUCKILAP, Manual, Malware Database, 2014.11.20.6, 2015.1.13.13,
(end)
dann Adwcleaner: Code:
# AdwCleaner v4.107 - Bericht erstellt am 13/01/2015 um 18:48:26
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-13.2 [Live]
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Schnuckilap - SCHNUCKILAP
# Gestartet von : C:\Users\Schnuckilap\Downloads\AdwCleaner_4.107.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\Uniblue
Ordner Gelöscht : C:\ProgramData\Viewpoint
Ordner Gelöscht : C:\Program Files\Viewpoint
Ordner Gelöscht : C:\Users\SCHNUC~1\AppData\Local\Temp\apn
Ordner Gelöscht : C:\Users\SCHNUC~1\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Schnuckilap\AppData\Roaming\OpenCandy
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{41564952-412D-5637-00A7-7A786E7484D7}]
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\MetaStream
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\Viewpoint
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16599
-\\ Mozilla Firefox v29.0.1 (de)
-\\ Google Chrome v39.0.2171.95
*************************
AdwCleaner[R0].txt - [2888 octets] - [13/01/2015 16:52:54]
AdwCleaner[R1].txt - [2948 octets] - [13/01/2015 18:45:44]
AdwCleaner[S0].txt - [2813 octets] - [13/01/2015 18:48:26]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2873 octets] ##########
Danach folgte JRT Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Schnuckilap on 13.01.2015 at 19:00:02,82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Schnuckilap\AppData\Roaming\mozilla\firefox\profiles\20k7mtxn.default\minidumps [1 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.01.2015 at 19:13:23,43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
und zuletzt noch mal FRST
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2015 02
Ran by Schnuckilap (administrator) on SCHNUCKILAP on 13-01-2015 19:14:24
Running from C:\Users\Schnuckilap\Downloads
Loaded Profile: Schnuckilap (Available profiles: User & Schnuckilap & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AOL LLC) C:\Program Files\Common Files\aol\acs\AOLacsd.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Mobile Partner Manager\AssistantServices.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
() C:\Program Files\Mobile Partner Manager\UIExec.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Adobe Systems Incorporated) D:\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1316136 2008-06-20] (Synaptics, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4874240 2008-01-14] (Realtek Semiconductor)
HKLM\...\Run: [SMSERIAL] => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1458176 2009-10-26] (Motorola Inc.)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2008-08-01] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [UIExec] => C:\Program Files\Mobile Partner Manager\UIExec.exe [138584 2010-07-16] ()
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-02-14] (DivX, LLC)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1915616 2014-11-13] (Bitdefender)
HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1393791617\ee\AOLSoftware.exe [50736 2006-09-26] (America Online, Inc.)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2737698808-1499909334-785541602-1001\...\Run: [PlayNC Launcher] => [X]
HKU\S-1-5-21-2737698808-1499909334-785541602-1001\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2737698808-1499909334-785541602-1001\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [482392 2014-11-13] (Bitdefender)
HKU\S-1-5-21-2737698808-1499909334-785541602-1001\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe [615256 2014-11-13] (Bitdefender)
HKU\S-1-5-21-2737698808-1499909334-785541602-1001\...\Run: [Spotify Web Helper] => C:\Users\Schnuckilap\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-30] (Spotify Ltd)
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [482392 2014-11-13] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [901608 2014-11-13] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe [615256 2014-11-13] (Bitdefender)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2737698808-1499909334-785541602-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2737698808-1499909334-785541602-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Schnuckilap\AppData\Roaming\Mozilla\Firefox\Profiles\20k7mtxn.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Schnuckilap\AppData\Roaming\Mozilla\Firefox\Profiles\20k7mtxn.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-17]
FF Extension: Adblock Plus - C:\Users\Schnuckilap\AppData\Roaming\Mozilla\Firefox\Profiles\20k7mtxn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-27]
FF Extension: Skype extension for Firefox - C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} [2010-02-07]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-27]
FF HKLM\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\ffpwdman
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\ffpwdman [2014-01-22]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-01-22]
FF HKU\S-1-5-21-2737698808-1499909334-785541602-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
CHR Profile: C:\Users\Schnuckilap\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Schnuckilap\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-08]
CHR Extension: (Google Drive) - C:\Users\Schnuckilap\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Schnuckilap\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (Bitdefender Wallet) - C:\Users\Schnuckilap\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl [2014-01-23]
CHR Extension: (Adblock Plus) - C:\Users\Schnuckilap\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-10]
CHR Extension: (Google Wallet) - C:\Users\Schnuckilap\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-10]
CHR HKLM\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\pmbxcr.crx [2014-01-22]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeActiveFileMonitor12.0; D:\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-03] (Adobe Systems Incorporated)
R2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [69880 2014-11-13] (Bitdefender)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [81704 2013-07-08] (Bitdefender)
R2 UI Assistant Service; C:\Program Files\Mobile Partner Manager\AssistantServices.exe [252784 2010-07-16] ()
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [54424 2014-11-13] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1300224 2014-11-13] (Bitdefender)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1060312 2014-11-13] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [242504 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [528248 2014-11-13] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [77632 2014-05-27] (BitDefender LLC)
R1 bdftdif; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys [130640 2011-11-14] (BitDefender LLC)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [66832 2013-11-04] (BitDefender SRL)
R1 bdselfpr; C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys [135600 2013-07-26] (BitDefender LLC)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [72704 2012-04-17] (BitDefender)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [165744 2013-08-23] (BitDefender LLC)
R3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)
S3 LVPr2Mon; C:\Windows\System32\Drivers\LVPr2Mon.sys [25824 2010-05-07] ()
S3 PID_0928; C:\Windows\System32\DRIVERS\LV561AV.SYS [495768 2009-04-30] (Logitech Inc.)
R0 PxHelp20; C:\Windows\System32\drivers\PxHelp20.sys [46096 2013-07-19] (Corel Corporation)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [385096 2014-11-13] (BitDefender S.R.L.)
R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-29] (America Online, Inc.)
U4 eabfiltr; No ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-13 19:13 - 2015-01-13 19:13 - 00000777 _____ () C:\Users\Schnuckilap\Desktop\JRT.txt
2015-01-13 18:59 - 2015-01-13 18:59 - 00000000 ____D () C:\Windows\ERUNT
2015-01-13 18:42 - 2015-01-13 18:42 - 00000379 _____ () C:\Users\Schnuckilap\Desktop\mbam.txt
2015-01-13 17:58 - 2015-01-13 18:39 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-13 17:57 - 2015-01-13 17:57 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-13 17:57 - 2015-01-13 17:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-13 17:57 - 2015-01-13 17:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-13 17:57 - 2015-01-13 17:57 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-13 17:57 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-13 17:57 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-13 17:57 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-13 17:53 - 2015-01-13 17:56 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Schnuckilap\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-13 16:52 - 2015-01-13 18:49 - 00000000 ____D () C:\AdwCleaner
2015-01-13 16:46 - 2015-01-13 16:47 - 01707939 _____ (Thisisu) C:\Users\Schnuckilap\Downloads\JRT.exe
2015-01-13 16:46 - 2015-01-13 16:46 - 02191360 _____ () C:\Users\Schnuckilap\Downloads\AdwCleaner_4.107.exe
2015-01-13 16:06 - 2015-01-13 16:08 - 00024670 _____ () C:\Users\Schnuckilap\Downloads\Addition.txt
2015-01-13 16:04 - 2015-01-13 19:14 - 00017854 _____ () C:\Users\Schnuckilap\Downloads\FRST.txt
2015-01-13 16:04 - 2015-01-13 19:14 - 00000000 ____D () C:\FRST
2015-01-13 16:03 - 2015-01-13 16:03 - 01115648 _____ (Farbar) C:\Users\Schnuckilap\Downloads\FRST.exe
2015-01-13 01:53 - 2015-01-13 01:53 - 00000000 ____D () C:\Neuer Ordner
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-13 19:01 - 2008-01-21 02:35 - 01938382 _____ () C:\Windows\WindowsUpdate.log
2015-01-13 18:56 - 2013-12-17 18:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-13 18:54 - 2010-05-17 22:45 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-13 18:53 - 2006-11-02 13:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-13 18:53 - 2006-11-02 13:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-13 18:52 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-13 18:51 - 2008-01-21 03:47 - 00246090 _____ () C:\Windows\PFRO.log
2015-01-13 18:50 - 2006-11-02 14:01 - 00032610 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-13 18:47 - 2013-11-09 15:45 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cedd5a46ac1180.job
2015-01-13 02:20 - 2008-01-21 08:16 - 01565124 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-13 02:16 - 2014-06-30 01:00 - 00000000 ____D () C:\Users\Schnuckilap\AppData\Local\Adobe
2015-01-13 02:11 - 2014-02-04 15:16 - 00010024 _____ () C:\Windows\system32\spsys.log
2015-01-11 13:36 - 2010-10-26 11:48 - 00000370 _____ () C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2015-01-06 04:36 - 2009-12-18 19:11 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-04 17:10 - 2014-01-06 03:47 - 00000000 ____D () C:\Users\Schnuckilap\AppData\Roaming\Skype
2014-12-17 08:04 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
Some content of TEMP:
====================
C:\Users\Schnuckilap\AppData\Local\Temp\AcsInstall.dll
C:\Users\Schnuckilap\AppData\Local\Temp\AskSLib.dll
C:\Users\Schnuckilap\AppData\Local\Temp\avgnt.exe
C:\Users\Schnuckilap\AppData\Local\Temp\DivXSetup.exe
C:\Users\Schnuckilap\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Schnuckilap\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Schnuckilap\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Schnuckilap\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\Schnuckilap\AppData\Local\Temp\jre-1.6.0_20-windows-i586-iftw.exe_90744722.exe
C:\Users\Schnuckilap\AppData\Local\Temp\jre-6u20-windows-i586-jinstall_uac.exe
C:\Users\Schnuckilap\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\Schnuckilap\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\Schnuckilap\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Schnuckilap\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Schnuckilap\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Schnuckilap\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Schnuckilap\AppData\Local\Temp\jre-8u25-windows-au.exe
C:\Users\Schnuckilap\AppData\Local\Temp\lws_lws.exe
C:\Users\Schnuckilap\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe
C:\Users\Schnuckilap\AppData\Local\Temp\Quarantine.exe
C:\Users\Schnuckilap\AppData\Local\Temp\readSTILog.dll
C:\Users\Schnuckilap\AppData\Local\Temp\SHFOLDER.DLL
C:\Users\Schnuckilap\AppData\Local\Temp\sqlite3.dll
C:\Users\Schnuckilap\AppData\Local\Temp\uninst.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-13 19:02
==================== End Of Log ============================
--- --- ---
hoffe ich hab alles richtig gemacht, hab mich pingelig genau an die Anleitung gehalten |
FRST 32-Bit | FRST 64-Bit
AdwCleaner auf deinen Desktop.
Malwarebytes Anti-Malware 