| Mazewayne | 08.03.2015 22:26 |
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 08.03.2015
Suchlauf-Zeit: 21:10:11
Logdatei: mbam.txt
Administrator: Ja
Version: 2.00.4.1028
Malware Datenbank: v2015.03.08.05
Rootkit Datenbank: v2015.02.25.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Maze Wayne
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 405904
Verstrichene Zeit: 19 Min, 56 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(Keine schädliche Elemente erkannt)
Module: 0
(Keine schädliche Elemente erkannt)
Registrierungsschlüssel: 1
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT, In Quarantäne, [0e0774cf7b0f2d094605ca070003639d],
Registrierungswerte: 1
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT|InstallDir, C:\PROGRA~2\SearchProtect, In Quarantäne, [0e0774cf7b0f2d094605ca070003639d]
Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)
Ordner: 6
PUP.Optional.SearchProtect.A, C:\Users\Maze Wayne\AppData\Local\SearchProtect, In Quarantäne, [a96c5be86a20cb6b2e79730abd46e11f],
PUP.Optional.SearchProtect.A, C:\Users\Maze Wayne\AppData\Local\SearchProtect\SearchProtect, In Quarantäne, [a96c5be86a20cb6b2e79730abd46e11f],
PUP.Optional.SearchProtect.A, C:\Users\Maze Wayne\AppData\Local\SearchProtect\SearchProtect\rep, In Quarantäne, [a96c5be86a20cb6b2e79730abd46e11f],
PUP.Optional.SearchProtect.A, C:\Users\Maze Wayne\AppData\Local\SearchProtect\UI, In Quarantäne, [a96c5be86a20cb6b2e79730abd46e11f],
PUP.Optional.SearchProtect.A, C:\Users\Maze Wayne\AppData\Local\SearchProtect\UI\rep, In Quarantäne, [a96c5be86a20cb6b2e79730abd46e11f],
PUP.Optional.MyAppsCloud.A, C:\Users\Maze Wayne\AppData\Roaming\AppCloudUpdater, In Quarantäne, [e035ea5993f7be787ccbaceb29daee12],
Dateien: 6
PUP.Optional.Trovi.A, C:\Users\Maze Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\z46bcksp.default\searchplugins\trovi-search.xml, In Quarantäne, [a66f162d9ceec175accdf2ea71926898],
PUP.Optional.SearchProtect.A, C:\Users\Maze Wayne\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, In Quarantäne, [a96c5be86a20cb6b2e79730abd46e11f],
PUP.Optional.SearchProtect.A, C:\Users\Maze Wayne\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat, In Quarantäne, [a96c5be86a20cb6b2e79730abd46e11f],
PUP.Optional.SearchProtect.A, C:\Users\Maze Wayne\AppData\Local\SearchProtect\UI\rep\UIRepository.dat, In Quarantäne, [a96c5be86a20cb6b2e79730abd46e11f],
PUP.Optional.Trovi.A, C:\Users\Maze Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\z46bcksp.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "https://dub123.mail.live.com/default.aspx?id=64855|hxxp://www.trovi.com/?gd=&ctid=CT3330789&octid=EB_ORIGINAL_CTID&ISID=M2CD7CCC6-6174-4EB1-82F4-E9FD2AABCB6A&SearchSource=55&CUI=&UM=6&UP=SP59F61808-E8C2-41DC-A6A5-40B86AC2FF63&SSPV=|hxxp://www.ebay.de/itm/Sony-xperia-Z-Display-LCD-Touchscreen-Rahmen-in-weiss-Akkudeckel-/380992767387?orig_cvip=true&autorefresh=true|hxxp://www.ebay.de/itm/Sitz-Schlafbank-komplett-mit-Auflage-Matratze-VW-T4-Multivan-Westfalia-etc-/251624540182?orig_cvip=true");), Ersetzt,[987d241f0684112572f171ac798dfa06]
PUP.Optional.Trovi.A, C:\Users\Maze Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\z46bcksp.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3330789&octid=EB_ORIGINAL_CTID&ISID=M2CD7CCC6-6174-4EB1-82F4-E9FD2AABCB6A&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SP59F61808-E8C2-41DC-A6A5-40B86AC2FF63");), Ersetzt,[8f86152e404ad2642341d6471fe746ba]
Physische Sektoren: 0
(Keine schädliche Elemente erkannt)
(end)
Code:
# AdwCleaner v4.111 - Bericht erstellt 08/03/2015 um 21:39:08
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-03-05.1 [Server]
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (x64)
# Benutzername : Maze Wayne - MAZEWAYNE-PC
# Gestarted von : C:\Users\Maze Wayne\Desktop\AdwCleaner_4.111.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\Maze Wayne\AppData\Roaming\dvdvideosoftiehelpers
***** [ Geplante Tasks ] *****
Task Gelöscht : avayvaxvaa
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\SPPDCOM
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2D81E70-2A98-4A08-A628-94388B063C5E}
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17239
-\\ Mozilla Firefox v35.0.1 (x86 de)
[z46bcksp.default\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3330789&octid=EB_ORIGINAL_CTID&ISID=M2CD7CCC6-6174-4EB1-82F4-E9FD2AABCB6A&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SP59F61808-E8C2-41D[...]
[z46bcksp.default\prefs.js] - Zeile Gelöscht : user_pref("browser.startup.homepage", "hxxps://dub123.mail.live.com/default.aspx?id=64855hxxp://www.trovi.com/?gd=&ctid=CT3330789&octid=EB_ORIGINAL_CTID&ISID=M2CD7CCC6-6174-4EB1-82F4-E9FD2AABCB6A&Sea[...]
-\\ Opera v27.0.1689.76
*************************
AdwCleaner[R0].txt - [2160 Bytes] - [08/03/2015 21:37:04]
AdwCleaner[S0].txt - [1999 Bytes] - [08/03/2015 21:39:08]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2058 Bytes] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 7 Ultimate x64
Ran by Maze Wayne on 08.03.2015 at 22:05:36,99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Maze Wayne\AppData\Roaming\mozilla\firefox\profiles\z46bcksp.default\minidumps [34 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.03.2015 at 22:11:14,86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2015 01
Ran by Maze Wayne (administrator) on MAZEWAYNE-PC on 08-03-2015 22:24:22
Running from D:\EigeneDateien\Downloads
Loaded Profiles: Maze Wayne & UpdatusUser (Available profiles: Maze Wayne & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
() C:\Program Files (x86)\Everything\Everything.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Thisisu) C:\Users\Maze Wayne\Desktop\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(AceBIT GmbH) C:\Program Files (x86)\AceBIT\Password Depot\PasswordDepot.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-03-30] (IvoSoft)
HKLM-x32\...\Run: [Everything] => C:\Program Files (x86)\Everything\Everything.exe [602624 2009-03-13] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-4088498990-2834370405-2065065153-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4088498990-2834370405-2065065153-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4088498990-2834370405-2065065153-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4088498990-2834370405-2065065153-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-03-30] (IvoSoft)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> D:\Programme\Adobe CS3\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-27] (Adobe Systems Incorporated.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-03-30] (IvoSoft)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> D:\Programme\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-03-30] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-03-30] (IvoSoft)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Programme\Adobe CS3\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-27] (Adobe Systems Incorporated.)
Toolbar: HKU\S-1-5-21-4088498990-2834370405-2065065153-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Maze Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\z46bcksp.default
FF SelectedSearchEngine: Google
FF NetworkProxy: "backup.ftp", "10.16.1.254"
FF NetworkProxy: "backup.ftp_port", 800
FF NetworkProxy: "backup.socks", "10.16.1.254"
FF NetworkProxy: "backup.socks_port", 800
FF NetworkProxy: "backup.ssl", "10.16.1.254"
FF NetworkProxy: "backup.ssl_port", 800
FF NetworkProxy: "ftp", "10.16.1.254"
FF NetworkProxy: "ftp_port", 800
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "10.16.1.254"
FF NetworkProxy: "socks_port", 800
FF NetworkProxy: "ssl", "10.16.1.254"
FF NetworkProxy: "ssl_port", 800
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-09] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> D:\Programme\VLC\npvlc.dll [2014-02-28] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-09] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-4088498990-2834370405-2065065153-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF Extension: Avira Browser Safety - C:\Users\Maze Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\z46bcksp.default\Extensions\abs@avira.com [2015-02-09]
FF Extension: Flashblock - C:\Users\Maze Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\z46bcksp.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2015-01-14]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Maze Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\z46bcksp.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-04-04]
FF Extension: Grooveshark Unlocker - C:\Users\Maze Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\z46bcksp.default\Extensions\groovesharkUnlocker@overlord1337.xpi [2014-04-04]
FF Extension: Open in Google Docs Viewer - C:\Users\Maze Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\z46bcksp.default\Extensions\jid0-SQqz0FvZAHJtkvlT9nQ4I0O9fIw@jetpack.xpi [2014-04-04]
FF Extension: Add Google Search To New Tab Page - C:\Users\Maze Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\z46bcksp.default\Extensions\newtabgoogle@graememcc.co.uk.xpi [2014-04-04]
FF Extension: JS Switch - C:\Users\Maze Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\z46bcksp.default\Extensions\{88c7b321-2eb8-11da-8cd6-0800200c9a66}.xpi [2014-04-04]
FF Extension: Adblock Plus - C:\Users\Maze Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\z46bcksp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-04]
FF Extension: User Agent Switcher - C:\Users\Maze Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\z46bcksp.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2014-04-04]
FF HKU\S-1-5-21-4088498990-2834370405-2065065153-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-04-04] (Macrovision Europe Ltd.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-03-12] (Nero AG)
S3 PrintNotify; C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll [2675712 2012-09-20] (Microsoft Corporation) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2365792 2012-09-19] (TuneUp Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-09-19] (TuneUp Software)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-08 22:11 - 2015-03-08 22:11 - 00000763 _____ () C:\Users\Maze Wayne\Desktop\JRT.txt
2015-03-08 21:36 - 2015-03-08 21:39 - 00000000 ____D () C:\AdwCleaner
2015-03-08 21:34 - 2015-03-08 21:34 - 00003965 _____ () C:\Users\Maze Wayne\Desktop\mbam.txt
2015-03-08 21:08 - 2015-03-08 22:04 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-08 21:08 - 2015-03-08 21:08 - 00001112 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-08 21:08 - 2015-03-08 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-08 21:08 - 2015-03-08 21:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-08 21:08 - 2015-03-08 21:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-08 21:08 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-08 21:08 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-08 21:08 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-08 21:04 - 2015-03-08 21:04 - 01388333 _____ (Thisisu) C:\Users\Maze Wayne\Desktop\JRT.exe
2015-03-08 21:03 - 2015-03-08 21:03 - 02126848 _____ () C:\Users\Maze Wayne\Desktop\AdwCleaner_4.111.exe
2015-03-08 18:39 - 2015-03-08 18:39 - 00000179 _____ () C:\Windows\pwdepot.ini
2015-03-08 17:16 - 2015-03-08 17:16 - 00021283 _____ () C:\ComboFix.txt
2015-03-08 16:59 - 2015-03-08 17:16 - 00000000 ____D () C:\Qoobox
2015-03-08 16:59 - 2015-03-08 17:14 - 00000000 ____D () C:\Windows\erdnt
2015-03-08 16:59 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-08 16:59 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-08 16:59 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-08 16:59 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-08 16:59 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-08 16:59 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-08 16:59 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-08 16:59 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-08 16:57 - 2015-03-08 16:57 - 05612482 ____R (Swearware) C:\Users\Maze Wayne\Desktop\ComboFix.exe
2015-03-08 16:12 - 2015-03-08 16:12 - 00001274 _____ () C:\Users\Maze Wayne\Desktop\Revo Uninstaller.lnk
2015-03-08 16:12 - 2015-03-08 16:12 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-08 15:34 - 2015-03-08 22:24 - 00000000 ____D () C:\FRST
2015-03-08 15:31 - 2015-03-08 15:31 - 00000482 _____ () C:\Users\Maze Wayne\Desktop\defogger_disable.log
2015-03-08 15:31 - 2015-03-08 15:31 - 00000000 _____ () C:\Users\Maze Wayne\defogger_reenable
2015-03-07 15:45 - 2015-03-07 15:45 - 00021976 _____ () C:\Windows\system32\Drivers\SPPD.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-08 22:14 - 2014-04-04 16:16 - 00000000 ____D () C:\Program Files (x86)\Everything
2015-03-08 22:09 - 2009-07-14 05:45 - 00026480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-08 22:09 - 2009-07-14 05:45 - 00026480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-08 22:01 - 2015-01-29 22:37 - 00048776 _____ () C:\Windows\PFRO.log
2015-03-08 22:01 - 2015-01-29 22:37 - 00001167 _____ () C:\Windows\setupact.log
2015-03-08 22:01 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-08 21:39 - 2014-04-04 15:00 - 01871797 _____ () C:\Windows\WindowsUpdate.log
2015-03-08 20:46 - 2014-07-19 10:48 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-08 19:06 - 2014-12-06 22:07 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-03-08 17:22 - 2014-04-05 00:53 - 00699340 _____ () C:\Windows\system32\perfh007.dat
2015-03-08 17:22 - 2014-04-05 00:53 - 00149448 _____ () C:\Windows\system32\perfc007.dat
2015-03-08 17:22 - 2009-07-14 06:13 - 01619272 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-08 17:16 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-03-08 17:11 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-08 17:08 - 2009-07-14 03:34 - 78118912 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-03-08 17:08 - 2009-07-14 03:34 - 15466496 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-03-08 17:08 - 2009-07-14 03:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-03-08 17:08 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-03-08 17:08 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-03-08 16:10 - 2014-04-04 22:13 - 00000000 ____D () C:\Users\Maze Wayne\AppData\Roaming\ClassicShell
2015-03-08 15:31 - 2014-04-04 15:14 - 00000000 ____D () C:\Users\Maze Wayne
2015-03-08 15:01 - 2014-04-04 22:24 - 00000000 ____D () C:\Users\Maze Wayne\AppData\Roaming\BOM
2015-02-28 19:06 - 2014-12-06 22:08 - 00003860 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1417900087
2015-02-09 08:37 - 2014-07-19 10:48 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-09 08:37 - 2014-04-13 18:34 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-09 08:37 - 2014-04-13 18:34 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2014-05-31 15:05 - 2014-05-31 15:05 - 0003584 _____ () C:\Users\Maze Wayne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some content of TEMP:
====================
C:\Users\Maze Wayne\AppData\Local\Temp\avgnt.exe
C:\Users\Maze Wayne\AppData\Local\Temp\Quarantine.exe
C:\Users\Maze Wayne\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-07 12:28
==================== End Of Log ============================
--- --- --- |
So funktioniert es:
Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
dann auf 
und dann auf 
. 
