|
Merwürdige Aufforderung zur Aktualisierung div. Software und jede Menge Werbung Hallo, ich bekomme ständig Meldungen dass mein PC nicht sicher ist, und dass ich irgendeine Software downloaden soll. Das wird immer mehr und nervt ständig. Wenn ich im Internet bin öffnen sich andauernd neue Fenster. Außerdem habe ich auch das Gefühl, dass viel mehr Werbung auf den Internetseiten angezeigt wird als zuvor. Das Antivirus-Programm findet aber auch nichts! Ich weiß nicht, was ich noch machen soll! Wer kann mir helfen? Ich kenne mich leider nicht wirklich gut mit Computern aus. Viele Grüße Abb< |
:hallo: Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
|
FRST Logfile: [CODE]Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2014 Ran by Annika (administrator) on ANNIS on 29-04-2014 16:35:07 Running from C:\Users\Annika\Downloads Windows 8 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (AMD) C:\windows\system32\atiesrxx.exe (AMD) C:\windows\system32\atieclxx.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Microsoft Corporation) C:\windows\system32\dashost.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe () C:\Program Files (x86)\ViewPassword_P\ViewPasswordFIXQNw.exe () C:\Program Files (x86)\ViewPassword_P\ViewPasswordFIX161.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe (Intel Corporation) C:\windows\system32\igfxext.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe (Microsoft Corporation) C:\windows\SysWOW64\DllHost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FRST Additions Logfile: Code: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2014--- --- --- |
Die Logdatei FRST.txt ist unvollständig. :) |
FRST Logfile: FRST Logfile: Code: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2014--- --- --- Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2014 Ran by Annika at 2014-04-29 16:37:07 Running from C:\Users\Annika\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Kaspersky Anti-Virus (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Kaspersky Anti-Virus (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated) Adobe Photoshop Elements 11 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated) AMD Accelerated Video Transcoding (Version: 12.5.100.21101 - Advanced Micro Devices, Inc.) Hidden AMD APP SDK Runtime (Version: 10.0.1016.4 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{4C3C42A4-A4D1-52CA-2298-197CD329C2D7}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.) Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Bitcasa version 0.9.20.4135 (HKLM\...\{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1) (Version: 0.9.20.4135 - Bitcasa Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center (x32 Version: 2012.1101.108.126 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2012.1101.108.126 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2012.1101.108.126 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Profiles Mobile (x32 Version: 2012.1101.108.126 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2012.1101.108.126 - Advanced Micro Devices, Inc.) Hidden CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.) CyberLink Power2Go 8 (x32 Version: 8.0.0.1912 - CyberLink Corp.) Hidden CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.) CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.6 - Samsung Electronics CO.,LTD.) Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.) Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Help Desk (HKLM\...\{22B32087-797D-4A1B-AFA7-072C87580ADC}) (Version: 1.0.9 - Samsung Electronics CO., LTD.) Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 3.6.1.33070.11 - Intel) Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36702 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2875 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.) Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab) Kaspersky Anti-Virus (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51 - Symantec Corporation) Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version: - PopCap Games) PowerXpressHybrid (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.214 - Qualcomm Atheros Communications) Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) Raccolta foto (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.4.907.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6818 - Realtek Semiconductor Corp.) Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.9.4 - Samsung Electronics CO., LTD.) S Agent (Version: 1.1.30 - Samsung Electronics CO., LTD.) Hidden Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.) Support Center (HKLM\...\{25B191F6-A277-478F-90CA-88B76D5A08BD}) (Version: 2.1.70 - Samsung Electronics CO., LTD.) Support Center FAQ (x32 Version: 1.0.8 - Samsung Electronics CO., LTD.) Hidden SW Update (HKLM-x32\...\{DC4F83F3-CAF0-4347-97A4-D6B43D7E34F0}) (Version: 2.1.7 - Samsung Electronics CO., LTD.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.14.2 - Synaptics Incorporated) User Guide (HKLM-x32\...\{087EB114-ACEF-44D3-8C0A-27AE0CC8A8BB}) (Version: 1.2.00 - Samsung Electronics CO., LTD.) ViewPassword (HKLM-x32\...\40A3780F-0D28-4F2D-2AA4-7FCE3D35EA34) (Version: - ViewPassword-software) Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden ==================== Restore Points ========================= 29-04-2014 10:31:50 Windows Update ==================== Hosts content: ========================== 2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {2ED79312-8766-4484-BABA-4CD6C948B524} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation) Task: {310F4E96-687D-419C-ADDF-A5EEEA92474C} - System32\Tasks\Microsoft\Windows\SysResetDelayedCleanup => Rundll32.exe ResetEng.dll,RjvDelayedCleanupEntryPoint Task: {320BB859-D78D-47CC-B5C3-6B327E68C26B} - System32\Tasks\ViewPassword_wd => C:\Program Files (x86)\ViewPassword_P\ViewPasswordFIXQNw.exe [2014-04-29] () Task: {38300192-872D-4932-B4CF-4B8571387D0F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {5071709C-98AD-41A6-9451-2A5E26883B79} - System32\Tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl => C:\Users\Annika\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl\minibarchrome.exe [2014-04-29] (Sien SA) Task: {5E950256-B043-4CF6-82D2-7F595B318C9D} - System32\Tasks\ViewPassword Update => C:\Program Files (x86)\ViewPassword_P\ViewPasswordFIX.exe [2014-04-29] () Task: {A6C9121C-BA59-435C-A9C8-772120D07AC6} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-11-30] (Samsung Electronics CO., LTD.) Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {AB96B97B-39C2-46A2-876A-EEB6AE199033} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\windows\system32\dism.exe [2012-07-26] (Microsoft Corporation) Task: {BC88B817-7BCB-4460-8727-BE3538B2FF47} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2013-02-13] (Samsung Electronics CO., LTD.) Task: {C041BD1B-A4B8-45A0-9E38-17C4190A626A} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2013-01-14] (SEC) Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {DB7630B6-D2BE-4D09-A71E-484552621C68} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation) Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {F8E9F306-F34A-402E-A5B7-FB560F72E779} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup Task: C:\windows\Tasks\ViewPassword Update.job => C:\Program Files (x86)\ViewPassword_P\ViewPasswordFIX.exe Task: C:\windows\Tasks\ViewPassword_wd.job => C:\Program Files (x86)\ViewPassword_P\ViewPasswordFIXQNw.exe ==================== Loaded Modules (whitelisted) ============= 2012-11-30 09:26 - 2012-11-30 09:26 - 00082312 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe 2014-04-29 13:14 - 2014-04-29 13:14 - 00077312 _____ () C:\Program Files (x86)\ViewPassword_P\ViewPasswordFIXQNw.exe 2014-04-29 13:14 - 2014-04-29 13:14 - 00142848 _____ () C:\Program Files (x86)\ViewPassword_P\ViewPasswordFIX161.exe 2013-01-03 02:50 - 2012-11-01 07:43 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll 2012-10-31 13:57 - 2012-10-31 13:57 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll 2012-10-31 13:52 - 2012-10-31 13:52 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll 2012-10-31 13:55 - 2012-10-31 13:55 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2012-10-31 13:57 - 2012-10-31 13:57 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe 2012-11-06 18:08 - 2012-11-06 18:08 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2013-02-13 07:16 - 2013-02-13 07:16 - 00022528 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll 2012-07-24 05:06 - 2012-07-24 05:06 - 00119808 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe 2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-02-27 04:24 - 2012-06-25 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2012-11-30 09:26 - 2012-11-30 09:26 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll 2012-11-30 09:26 - 2012-11-30 09:26 - 01068664 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll 2012-11-30 09:26 - 2012-11-30 09:26 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll 2012-11-30 09:26 - 2012-11-30 09:26 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll 2012-11-30 09:26 - 2012-11-30 09:26 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll 2014-04-29 13:14 - 2014-04-29 13:14 - 00133120 _____ () C:\Program Files (x86)\ViewPassword_P\ViewPasswordFIX161.dll 2012-11-30 09:26 - 2012-11-30 09:26 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll 2012-11-30 09:26 - 2012-11-30 09:26 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll 2012-11-30 09:26 - 2012-11-30 09:26 - 00060536 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll 2012-11-30 09:26 - 2012-11-30 09:26 - 00103032 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll 2013-02-27 04:36 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2012-06-08 04:34 - 2012-06-08 04:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\dblite.dll 2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\kpcengine.2.3.dll 2011-08-15 13:12 - 2011-08-15 13:12 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll 2012-06-14 04:57 - 2012-06-14 04:57 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll 2011-08-15 13:12 - 2011-08-15 13:12 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll 2011-08-15 13:15 - 2011-08-15 13:15 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll 2011-08-17 09:41 - 2011-08-17 09:41 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll 2011-08-17 09:48 - 2011-08-17 09:48 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll 2011-08-17 09:48 - 2011-08-17 09:48 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll 2011-08-15 12:23 - 2011-08-15 12:23 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll 2012-06-14 04:56 - 2012-06-14 04:56 - 00481792 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll 2012-06-14 05:06 - 2012-06-14 05:06 - 00500064 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll 2012-06-14 04:55 - 2012-06-14 04:55 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll 2011-07-19 09:05 - 2011-07-19 09:05 - 14978048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtWebKit4.dll 2011-08-15 13:17 - 2011-08-15 13:17 - 09224704 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtGui4.dll 2011-07-19 09:04 - 2011-07-19 09:04 - 00317952 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\phonon4.dll 2014-04-29 12:53 - 2014-03-15 10:40 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/29/2014 01:04:34 PM) (Source: MsiInstaller) (User: ANNIS) Description: Produkt: OpenOffice 4.0.1 -- Fehler 1500.Eine andere Installation wird durchgeführt. Sie müssen diese Installation abschließen, bevor Sie diese fortsetzen. Error: (04/29/2014 01:04:32 PM) (Source: MsiInstaller) (User: ANNIS) Description: Produkt: OpenOffice 4.0.1 -- Fehler 1500.Eine andere Installation wird durchgeführt. Sie müssen diese Installation abschließen, bevor Sie diese fortsetzen. Error: (04/29/2014 01:04:31 PM) (Source: MsiInstaller) (User: ANNIS) Description: Produkt: OpenOffice 4.0.1 -- Fehler 1500.Eine andere Installation wird durchgeführt. Sie müssen diese Installation abschließen, bevor Sie diese fortsetzen. Error: (04/29/2014 00:30:41 PM) (Source: Application Hang) (User: ) Description: Programm SystemSettings.exe, Version 6.2.9200.16420 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1348 Startzeit: 01cf6396020b1a04 Endzeit: 15 Anwendungspfad: C:\windows\ImmersiveControlPanel\SystemSettings.exe Berichts-ID: 4a0bd8cc-cf89-11e3-be8f-1867b056fcbd Vollständiger Name des fehlerhaften Pakets: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy Anwendungs-ID, die relativ zum fehlerhaften Paket ist: microsoft.windows.immersivecontrolpanel Error: (04/29/2014 00:25:25 PM) (Source: Customer Experience Improvement Program) (User: ) Description: 80070005 System errors: ============= Error: (04/29/2014 01:39:50 PM) (Source: DCOM) (User: ANNIS) Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} Error: (04/29/2014 01:39:50 PM) (Source: DCOM) (User: ANNIS) Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} Error: (04/29/2014 01:39:50 PM) (Source: DCOM) (User: ANNIS) Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} Error: (04/29/2014 01:39:50 PM) (Source: DCOM) (User: ANNIS) Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} Error: (04/29/2014 01:39:50 PM) (Source: DCOM) (User: ANNIS) Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} Error: (04/29/2014 01:39:50 PM) (Source: DCOM) (User: ANNIS) Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} Error: (04/29/2014 01:39:50 PM) (Source: DCOM) (User: ANNIS) Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} Error: (04/29/2014 01:39:50 PM) (Source: DCOM) (User: ANNIS) Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} Error: (04/29/2014 01:39:50 PM) (Source: DCOM) (User: ANNIS) Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} Error: (04/29/2014 01:39:50 PM) (Source: DCOM) (User: ANNIS) Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} Microsoft Office Sessions: ========================= Error: (04/29/2014 01:04:34 PM) (Source: MsiInstaller)(User: ANNIS) Description: Produkt: OpenOffice 4.0.1 -- Fehler 1500.Eine andere Installation wird durchgeführt. Sie müssen diese Installation abschließen, bevor Sie diese fortsetzen.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (04/29/2014 01:04:32 PM) (Source: MsiInstaller)(User: ANNIS) Description: Produkt: OpenOffice 4.0.1 -- Fehler 1500.Eine andere Installation wird durchgeführt. Sie müssen diese Installation abschließen, bevor Sie diese fortsetzen.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (04/29/2014 01:04:31 PM) (Source: MsiInstaller)(User: ANNIS) Description: Produkt: OpenOffice 4.0.1 -- Fehler 1500.Eine andere Installation wird durchgeführt. Sie müssen diese Installation abschließen, bevor Sie diese fortsetzen.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (04/29/2014 00:30:41 PM) (Source: Application Hang)(User: ) Description: SystemSettings.exe6.2.9200.16420134801cf6396020b1a0415C:\windows\ImmersiveControlPanel\SystemSettings.exe4a0bd8cc-cf89-11e3-be8f-1867b056fcbdwindows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewymicrosoft.windows.immersivecontrolpanel Error: (04/29/2014 00:25:25 PM) (Source: Customer Experience Improvement Program)(User: ) Description: 80070005 ==================== Memory info =========================== Percentage of memory in use: 66% Total physical RAM: 3797.53 MB Available physical RAM: 1253.5 MB Total Pagefile: 7253.53 MB Available Pagefile: 4162.23 MB Total Virtual: 8192 MB Available Virtual: 8191.78 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:441.3 GB) (Free:335.66 GB) NTFS ==================== MBR & Partition Table ================== ==================== End Of Log ============================ |
Lauter Adware... ziemlich lästig, aber nicht gefährlich. Wir beginnen erst mal so: Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/
Schritt 4 Kontrollscan mit FRST Führe wie zuvor beschrieben einen Scan mit FRST aus. Setze dazu einen Haken bei Addition.txt rechts unten und klicke auf Scan. Es werden zwei Logdateien erzeugt. Poste mir diese. Bitte poste mit deiner nächsten Antwort
|
okay! nicht gefährlich ist gut. aber wie bekommt man sowas? Habe ich etwas falscher heruntergeladen? |
Zitat:
Einfach mal die geposteten Schritte ausführen und die Logdateien posten, dann sehen wir weiter. ;) |
AdwCleaner Logfile: Code: # AdwCleaner v3.205 - Bericht erstellt am 29/04/2014 um 16:55:18Malwarebytes Anti-Malware Malwarebytes | Free Anti-Malware & Internet Security Software Suchlauf Datum: 29.04.2014 Suchlauf-Zeit: 18:29:53 Logdatei: mbam.txt Administrator: Nein Version: 2.00.1.1004 Malware Datenbank: v2014.04.29.03 Rootkit Datenbank: v2014.03.27.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Chameleon: Deaktiviert Betriebssystem: Windows 8 CPU: x64 Dateisystem: NTFS Benutzer: Annika Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 291748 Verstrichene Zeit: 42 Min, 48 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 1 PUP.Optional.ViewPassword.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\40A3780F-0D28-4F2D-2AA4-7FCE3D35EA34, In Quarantäne, [ad6ac66aaecd1d192939343e3fc34eb2], Registrierungswerte: 1 PUP.Optional.ViewPassword.A, HKU\S-1-5-21-308811900-1167254852-910680650-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{24BB16A8-DF60-43FA-FE7D-AB1DFA4BCEF1}, C:\Program Files (x86)\ViewPassword_P\161.xpi, In Quarantäne, [74a3b67ad6a577bf751eee849b67e719] Registrierungsdaten: 0 (No malicious items detected) Ordner: 1 PUP.Optional.ViewPassword.A, C:\Program Files (x86)\ViewPassword_P, In Quarantäne, [ad6ac66aaecd1d192939343e3fc34eb2], Dateien: 15 PUP.Optional.Iminent.A, C:\Users\Annika\AppData\Local\Temp\n582\Iminent_1712-b2fcad5e.exe, In Quarantäne, [9681fa3680fb7cbacbbf4cf4db2659a7], PUP.Optional.Rapiddown, C:\Users\Annika\AppData\Local\Temp\n582\s582.exe, In Quarantäne, [e532a090bac137ff9e63b7a7df22c838], PUP.Optional.BundleInstaller.A, C:\Users\Annika\Downloads\Dropbox.exe, In Quarantäne, [9c7b38f87ffcca6ca96c59e138c8f907], PUP.Optional.ViewPassword.A, C:\Program Files (x86)\ViewPassword_P\161.dat, In Quarantäne, [ad6ac66aaecd1d192939343e3fc34eb2], PUP.Optional.ViewPassword.A, C:\Program Files (x86)\ViewPassword_P\161.xpi, In Quarantäne, [ad6ac66aaecd1d192939343e3fc34eb2], PUP.Optional.ViewPassword.A, C:\Program Files (x86)\ViewPassword_P\a.db, In Quarantäne, [ad6ac66aaecd1d192939343e3fc34eb2], PUP.Optional.ViewPassword.A, C:\Program Files (x86)\ViewPassword_P\b.db, In Quarantäne, [ad6ac66aaecd1d192939343e3fc34eb2], PUP.Optional.ViewPassword.A, C:\Program Files (x86)\ViewPassword_P\Sqlite3.dll, In Quarantäne, [ad6ac66aaecd1d192939343e3fc34eb2], PUP.Optional.ViewPassword.A, C:\Program Files (x86)\ViewPassword_P\Uninstall.exe, In Quarantäne, [ad6ac66aaecd1d192939343e3fc34eb2], PUP.Optional.ViewPassword.A, C:\Program Files (x86)\ViewPassword_P\ViewPasswordFIX.exe, In Quarantäne, [ad6ac66aaecd1d192939343e3fc34eb2], PUP.Optional.ViewPassword.A, C:\Program Files (x86)\ViewPassword_P\ViewPasswordFIX161.bin, In Quarantäne, [ad6ac66aaecd1d192939343e3fc34eb2], PUP.Optional.ViewPassword.A, C:\Program Files (x86)\ViewPassword_P\ViewPasswordFIX161.dll, In Quarantäne, [ad6ac66aaecd1d192939343e3fc34eb2], PUP.Optional.ViewPassword.A, C:\Program Files (x86)\ViewPassword_P\ViewPasswordFIX161.exe, In Quarantäne, [ad6ac66aaecd1d192939343e3fc34eb2], PUP.Optional.ViewPassword.A, C:\Program Files (x86)\ViewPassword_P\ViewPasswordFIX161.ini, In Quarantäne, [ad6ac66aaecd1d192939343e3fc34eb2], PUP.Optional.ViewPassword.A, C:\Program Files (x86)\ViewPassword_P\ViewPasswordFIXQNw.exe, In Quarantäne, [ad6ac66aaecd1d192939343e3fc34eb2], Physische Sektoren: 0 (No malicious items detected) (end) Zoek.exe v5.0.0.0 Updated 14-April-2014 Tool run by Annika on 29.04.2014 at 18:38:35,07. Microsoft Windows 8 6.2.9200 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Annika\Downloads\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 29.04.2014 18:40:30 Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-308811900-1167254852-910680650-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} deleted successfully HKEY_USERS\S-1-5-21-308811900-1167254852-910680650-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} deleted successfully HKEY_USERS\S-1-5-21-308811900-1167254852-910680650-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} deleted successfully HKEY_USERS\S-1-5-21-308811900-1167254852-910680650-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} deleted successfully HKEY_USERS\S-1-5-21-308811900-1167254852-910680650-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} deleted successfully HKEY_CLASSES_ROOT\CLSID\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== Deleted from C:\Users\Annika\AppData\Roaming\Mozilla\Firefox\Profiles\45evv89m.default\prefs.js: user_pref("browser.startup.homepage", "https://www.google.de/"); user_pref("browser.search.selectedEngine", "StartWeb"); Added to C:\Users\Annika\AppData\Roaming\Mozilla\Firefox\Profiles\45evv89m.default\prefs.js: user_pref("browser.startup.homepage", "hxxp://www.google.com"); user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "hxxp://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); ==== Deleting Files \ Folders ====================== C:\PROGRA~3\MakeMarkerFile.exe deleted "C:\PROGRA~3\boost_interprocess\Nobu64AgentService" deleted "C:\PROGRA~3\boost_interprocess\Nobu64TrayIcon" deleted "C:\PROGRA~3\boost_interprocess" not deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "content_blocker@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com" [29.04.2014 15:32] ==== Firefox Extensions ====================== AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx[17.10.2013 15:49] hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx[17.10.2013 15:50] jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx[17.10.2013 15:49] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="hxxp://www.msn.com/?ocid=iehp" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="hxxp://www.msn.com/?ocid=iehp" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {683F4EE4-FC8F-4319-B99B-CB0B360A92AF} Unknown Url="Not_Found" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Reset Google Chrome ====================== Nothing found to reset ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-308811900-1167254852-910680650-1001\Software\Microsoft\Internet Explorer\SearchScopes\{683F4EE4-FC8F-4319-B99B-CB0B360A92AF} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Empty IE Cache ====================== C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Annika\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Annika\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Annika\AppData\Local\Mozilla\Firefox\Profiles\45evv89m.default\Cache emptied successfully ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=4 folders=1 2106474 bytes) ==== Empty Temp Folders ====================== C:\Users\Administrator\AppData\Local\Temp emptied successfully C:\Users\Annika\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\windows\Temp successfully emptied C:\Users\Annika\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\PROGRA~3\boost_interprocess" not found ==== EOF on 29.04.2014 at 18:58:17,46 ====================== Zoek.exe v5.0.0.0 Updated 14-April-2014 Tool run by Annika on 29.04.2014 at 18:38:35,07. Microsoft Windows 8 6.2.9200 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Annika\Downloads\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 29.04.2014 18:40:30 Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-308811900-1167254852-910680650-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} deleted successfully HKEY_USERS\S-1-5-21-308811900-1167254852-910680650-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} deleted successfully HKEY_USERS\S-1-5-21-308811900-1167254852-910680650-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} deleted successfully HKEY_USERS\S-1-5-21-308811900-1167254852-910680650-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} deleted successfully HKEY_USERS\S-1-5-21-308811900-1167254852-910680650-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} deleted successfully HKEY_CLASSES_ROOT\CLSID\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== Deleted from C:\Users\Annika\AppData\Roaming\Mozilla\Firefox\Profiles\45evv89m.default\prefs.js: user_pref("browser.startup.homepage", "https://www.google.de/"); user_pref("browser.search.selectedEngine", "StartWeb"); Added to C:\Users\Annika\AppData\Roaming\Mozilla\Firefox\Profiles\45evv89m.default\prefs.js: user_pref("browser.startup.homepage", "hxxp://www.google.com"); user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "hxxp://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); ==== Deleting Files \ Folders ====================== C:\PROGRA~3\MakeMarkerFile.exe deleted "C:\PROGRA~3\boost_interprocess\Nobu64AgentService" deleted "C:\PROGRA~3\boost_interprocess\Nobu64TrayIcon" deleted "C:\PROGRA~3\boost_interprocess" not deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "content_blocker@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com" [29.04.2014 15:32] ==== Firefox Extensions ====================== AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx[17.10.2013 15:49] hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx[17.10.2013 15:50] jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx[17.10.2013 15:49] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="hxxp://www.msn.com/?ocid=iehp" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="hxxp://www.msn.com/?ocid=iehp" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {683F4EE4-FC8F-4319-B99B-CB0B360A92AF} Unknown Url="Not_Found" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Reset Google Chrome ====================== Nothing found to reset ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-308811900-1167254852-910680650-1001\Software\Microsoft\Internet Explorer\SearchScopes\{683F4EE4-FC8F-4319-B99B-CB0B360A92AF} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Empty IE Cache ====================== C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Annika\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Annika\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Annika\AppData\Local\Mozilla\Firefox\Profiles\45evv89m.default\Cache emptied successfully ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=4 folders=1 2106474 bytes) ==== Empty Temp Folders ====================== C:\Users\Administrator\AppData\Local\Temp emptied successfully C:\Users\Annika\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\windows\Temp successfully emptied C:\Users\Annika\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\PROGRA~3\boost_interprocess" not found ==== EOF on 29.04.2014 at 18:58:17,46 ====================== FRST Logfile: FRST Logfile: FRST Logfile: Code: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2014--- --- --- --- --- --- FRST Additions Logfile: Code: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2014 |
Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern. Im Anschluss daran räumen wir auf und ich gebe dir noch ein paar Tipps mit auf den Weg. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code: startSpeichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 ESET Online Scanner
Schritt 3 Downloade Dir bitte  SecurityCheck und:
Bitte poste mit deiner nächsten Antwort
|
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-04-2014 Ran by Annika at 2014-04-30 18:40:09 Run:1 Running from C:\Users\Annika\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** start IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe C:\windows\System32\Tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl Task: {320BB859-D78D-47CC-B5C3-6B327E68C26B} - \ViewPassword_wd No Task File <==== ATTENTION Task: {5071709C-98AD-41A6-9451-2A5E26883B79} - System32\Tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl => C:\Users\Annika\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl\minibarchrome.exe Task: {5E950256-B043-4CF6-82D2-7F595B318C9D} - \ViewPassword Update No Task File <==== ATTENTION end ***************** HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\DatamngrCoordinator.exe => Key deleted successfully. C:\windows\System32\Tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{320BB859-D78D-47CC-B5C3-6B327E68C26B} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{320BB859-D78D-47CC-B5C3-6B327E68C26B} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ViewPassword_wd => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5071709C-98AD-41A6-9451-2A5E26883B79} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5071709C-98AD-41A6-9451-2A5E26883B79} => Key deleted successfully. C:\Windows\System32\Tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5E950256-B043-4CF6-82D2-7F595B318C9D} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E950256-B043-4CF6-82D2-7F595B318C9D} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ViewPassword Update => Key deleted successfully. ==== End of Fixlog ==== ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=a3015a150a85dd46822d5e66c135a8b3 # engine=18090 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-04-30 06:04:17 # local_time=2014-04-30 08:04:17 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.2.9200 NT # compatibility_mode=5893 16776574 100 94 96111 55610969 0 0 # scanned=364053 # found=0 # cleaned=0 # scan_time=4614 Results of screen317's Security Check version 0.99.82 x64 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Kaspersky Anti-Virus Windows Defender Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Adobe Reader 10.1.3 Adobe Reader out of Date! Mozilla Firefox (28.0) ````````Process Check: objlist.exe by Laurent```````` Kaspersky Lab Kaspersky Anti-Virus 14.0.0 avpui.exe Kaspersky Lab Kaspersky Anti-Virus 14.0.0 klwtblfs.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` |
Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber. :daumenhoc Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt 1 Deinstalliere bitte deine aktuelle Version von Adobe Reader Start--> Systemsteuerung--> Software / Programme deinstallieren--> Adobe Reader und lade dir die neue Version von Hier herunter- Entferne den Hacken für den McAfee SecurityScan bzw. Google Chrome. Schritt 2
Prüfe bitte auch (regelmässig) ob folgende Links fehlende Updates bei deinen Plugins zeigen: Schritt 3 Die Reihenfolge ist hier entscheidend.
Schritt 4 Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems. Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti-Viren-Programm und zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden. Mozilla Firefox
Performance
Was du vermeiden solltest:
Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
Ich bin froh, dass wir helfen konnten :abklatsch: In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest: Lob, Kritik und Wünsche Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! :) Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 20:52 Uhr. |
Copyright ©2000-2025, Trojaner-Board
