Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Safesaver und Chrome

Safesaver und Chrome


Plagegeister aller Art und deren Bekämpfung: Safesaver und Chrome

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 23.01.2014, 13:03   #1
Der Internet
 
Safesaver und Chrome - Standard

Safesaver und Chrome


Juten Tach zusammen,
sehr beschämt muss ich zugeben, mir irgendwo dieses furchtbare safesaver plugin eingefangen habe... ich bin eigentlich kein Amateur, bekomme es aber einfach nicht weg. Habe auch schon die Anleitungen die hier im Board sind befolgt, leider ohne Erfolg

System: Win7 64bit, tritt nur bei Chrome auf.

Unter Software findet sich nichts zum deinstallieren

AdwCleaner findet nur unter Chrome was mit preferences:

Code:
ATTFilter
# AdwCleaner v3.017 - Bericht erstellt am 23/01/2014 um 12:48:33
# Aktualisiert 12/01/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Der Internet - JO-PC
# Gestartet von : C:\Users\Der Internet\Desktop\adwcleaner.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Google Chrome v33.0.1750.46

[ Datei : C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gefunden : homepage
Gefunden : homepage
Gefunden : homepage

*************************

AdwCleaner[R1].txt - [3047 octets] - [03/01/2014 01:31:35]
AdwCleaner[R2].txt - [1134 octets] - [03/01/2014 01:43:03]
AdwCleaner[R3].txt - [1194 octets] - [03/01/2014 01:46:42]
AdwCleaner[R4].txt - [1249 octets] - [23/01/2014 01:28:40]
AdwCleaner[R5].txt - [1306 octets] - [23/01/2014 01:33:55]
AdwCleaner[R6].txt - [1358 octets] - [23/01/2014 01:39:43]
AdwCleaner[R7].txt - [1098 octets] - [23/01/2014 12:48:33]
AdwCleaner[S1].txt - [2926 octets] - [03/01/2014 01:37:20]
AdwCleaner[S2].txt - [1268 octets] - [23/01/2014 01:32:06]
AdwCleaner[S3].txt - [1367 octets] - [23/01/2014 01:34:48]
AdwCleaner[S4].txt - [1377 octets] - [23/01/2014 01:40:18]

########## EOF - C:\AdwCleaner\AdwCleaner[R7].txt - [1398 octets] ##########

Danach neu gestartet und FRST64 ausgeführt...

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-01-2014
Ran by Der Internet (administrator) on JO-PC on 23-01-2014 12:53:05
Running from C:\Users\Der Internet\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Miranda Fusion Team) C:\Program Files (x86)\MirandaFusion\fusiontools\mfstart.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(Google Inc.) C:\Users\Der Internet\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(modified by Miranda Fusion Team) C:\Program Files (x86)\MirandaFusion\miranda32.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Dropbox, Inc.) C:\Users\Der Internet\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Florian Klein Software) G:\Kaufland\Baumarkt\Multimedia\sound_automator\sound_automator.exe
(Almico Software (www.almico.com)) C:\Program Files (x86)\SpeedFan\speedfan.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CCC.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Piotr Pawlowski) C:\Program Files (x86)\foobar2000\foobar2000.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [Fences] - C:\Program Files (x86)\Stardock\Fences\Fences.exe [4017368 2012-10-29] (Stardock Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKCU\...\Run: [Google Update] - C:\Users\Der Internet\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-19] (Google Inc.)
HKCU\...\Run: [Miranda Fusion] - C:\Program Files (x86)\MirandaFusion\fusiontools\mfstart.exe [1122241 2012-06-12] (Miranda Fusion Team)
HKCU\...\Run: [HP Photosmart 5510 series (NET)] - C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [2676584 2011-09-16] (Hewlett-Packard Co.)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1815976 2014-01-23] (Valve Corporation)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKCU\...\Run: [] - [x]
HKCU\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKCU\...\Run: [Google+ Auto Backup] - C:\Users\Der Internet\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3619096 2014-01-06] (Google Inc.)
HKCU\...\Run: [GoogleChromeAutoLaunch_6D82468B35573D5D2204F6922BE8CD8A] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [858392 2014-01-22] (Google Inc.)
HKCU\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
MountPoints2: {ce31afd6-3637-11e2-9571-002522b42065} - H:\setup.exe
AppInit_DLLs:  => File Not Found
AppInit_DLLs-x32: à => File Not Found
Startup: C:\Users\Der Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Der Internet\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Der Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk
ShortcutTarget: Mozilla Thunderbird.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
Startup: C:\Users\Der Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sound_automator - Verknüpfung.lnk
ShortcutTarget: sound_automator - Verknüpfung.lnk -> G:\Kaufland\Baumarkt\Multimedia\sound_automator\sound_automator.exe (Florian Klein Software)
Startup: C:\Users\Der Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk
ShortcutTarget: SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
Startup: C:\Users\Der Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Photosmart 5510 series (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Photosmart 5510 series (Netzwerk).lnk -> C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x285201EFA696CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: ReggularDueals - {58C7BD69-58DC-BC31-48D0-88D9C7653223} - C:\ProgramData\ReggularDueals\zs7n.x64.dll ()
BHO: ShopDrop - {A9869688-1795-A825-DEFF-05E80ECCA231} - C:\ProgramData\ShopDrop\2yKuPLTIhU.x64.dll ()
BHO-x32: ReggularDueals - {58C7BD69-58DC-BC31-48D0-88D9C7653223} - C:\ProgramData\ReggularDueals\zs7n.dll ()
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ShopDrop - {A9869688-1795-A825-DEFF-05E80ECCA231} - C:\ProgramData\ShopDrop\2yKuPLTIhU.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 46.23.70.78 pagead2.googlesyndication.com
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome: 
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP6F2B3C5B-E543-4DF7-B373-14E8FB43EA5B
CHR Extension: (ProxTube) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-01-04]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2013-06-28]
CHR Extension: (No Name) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-28]
CHR Extension: (Feedly tabs) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbknmbmpegpkeamflgefmekmjjhgddhk [2013-07-27]
CHR Extension: (No Name) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-28]
CHR Extension: (No Name) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2013-06-28]
CHR Extension: (No Name) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\didcohlhbnnjkbpcakccofgfpfalobdn [2013-07-03]
CHR Extension: (No Name) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlbemabjbfhjcccahjioenmkgimjbbkd [2013-06-28]
CHR Extension: (Chrome Connectivity Diagnostics (Dev)) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemlkeanncmjljgehlbplemhmdmalhdc [2014-01-13]
CHR Extension: (No Name) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-06-28]
CHR Extension: (Facebook One) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\gceeodfjmkoilhaoehbnhofdpobaohnm [2013-07-17]
CHR Extension: (AdBlock) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-01-02]
CHR Extension: (No Name) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\glclbhaolhlabamoncniejlhknjffdip [2013-10-09]
CHR Extension: (Google Calendar (by Google)) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2013-06-28]
CHR Extension: (TweetDeck) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2013-06-28]
CHR Extension: (LastPass) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2013-06-28]
CHR Extension: (surf anD  keep) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\heiaobnbainaibjdkdcehdephlgfpncd [2013-11-26]
CHR Extension: (ProxMate - Improve your Internet!) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm [2013-06-28]
CHR Extension: (Feedly - News, Blogs and Youtube) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2013-07-13]
CHR Extension: (Checker Plus for Google Calendar™) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkhggnncdpfibdhinjiegagmopldibha [2013-06-28]
CHR Extension: (Google Keep) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2013-08-20]
CHR Extension: (No Name) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2013-06-28]
CHR Extension: (Chrome to Mobile) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd [2013-06-28]
CHR Extension: (Social Fixer for Facebook) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2013-06-28]
CHR Extension: (No Name) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab [2013-12-24]
CHR Extension: (No Name) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\jijgclgmgjipgefcnnnibgllfonlfdap [2013-07-17]
CHR Extension: (No Name) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjpfchnjhjfiildkeelmdbkfkegkgehh [2013-06-28]
CHR Extension: (No Name) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkgogmboalmaijfgfhfepckdgjeopfhk [2013-12-06]
CHR Extension: (Any.DO) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2013-07-15]
CHR Extension: (SimpleExtManager) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\kniehgiejgnnpgojkdhhjbgbllnfkfdk [2013-06-28]
CHR Extension: (No Name) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2013-06-28]
CHR Extension: (Smooth Gestures) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkgmnnajiljnolcgolmmgnecgldgeld [2013-06-28]
CHR Extension: (No Name) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\libmnnehcdjmemobhldmjnpfamankgho [2013-07-04]
CHR Extension: (MyPermissions Cleaner) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\liiikhhbkpmpomjmdofandjmdgapiahi [2013-12-05]
CHR Extension: (No Name) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-06-28]
CHR Extension: (Google Play Books) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2013-09-25]
CHR Extension: (Hangouts) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2013-11-12]
CHR Extension: (No Name) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nheaocaplknjkpcnbadlgfpdfjaabiml [2013-06-28]
CHR Extension: (No Name) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2013-06-28]
CHR Extension: (Extensions Update Notifier) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlldbplhbaopldicmcoogopmkonpebjm [2014-01-20]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Auto-Translate) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\obgoiaeapddkeekbocomnjlckbbfapmk [2013-07-17]
CHR Extension: (YoutubeBookmark) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\odhfgbnijgflcibgcbckkhoclnmhdcin [2013-11-26]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2013-06-28]
CHR Extension: (No Name) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\oheflacdocadefgdpiimpapbkomhgbbe [2013-12-06]
CHR Extension: (No Name) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc [2013-06-28]
CHR Extension: (Picasa) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2014-01-20]
CHR Extension: (4chan Plus) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinelipedelckihohgdlpcclgocodhjj [2013-06-28]
CHR Extension: (SHoPDroap) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkfjkgmimhoojoahdhhoadgmgahofjl [2013-12-30]
CHR Extension: (No Name) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-28]
CHR Extension: (Privacyfix by Privacychoice) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmejhjjecaldkllonlokhkglbdbkdcni [2013-06-28]
CHR Extension: (No Name) - C:\Users\Der Internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmdghpofpmllhegbpllolmndihbedof [2013-10-24]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - C:\Program Files (x86)\LastPass\lpchrome.crx [2012-09-19]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 03e661da; C:\ProgramData\WinFilter\WinFilterSvc.dll [176464 2013-12-28] ()
R2 14be225b; C:\ProgramData\FastSys\FastSysSvc.dll [179024 2013-12-30] ()
R2 2384af53; C:\ProgramData\Network Acceleration\NetworkAccelerationSvc.dll [181072 2013-12-30] ()
R2 25a98636; C:\ProgramData\Web Light\WebLightSvc.dll [179024 2013-12-29] ()
R2 89f7ebe4; C:\ProgramData\WinWeb protection\WinWebprotectionSvc.dll [184656 2013-12-28] ()
R2 8b68ee33; C:\ProgramData\Accelesys\AccelesysSvc.dll [180048 2013-12-31] ()
R2 c8d49171; C:\ProgramData\InteliWeb\InteliWebSvc.dll [180560 2013-12-30] ()
R2 def8540c; C:\ProgramData\Winclean performap\WincleanperformapSvc.dll [176976 2013-12-31] ()
R2 dfc86759; C:\ProgramData\Performancer\PerformancerSvc.dll [178512 2013-12-31] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-09] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1326176 2012-07-25] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [681056 2012-07-25] (Secunia)
R2 StarMoney 8.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [744856 2012-11-14] (Tunngle.net GmbH)

==================== Drivers (Whitelisted) ====================

S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-11-24] (DT Soft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [108648 2013-01-08] (Softwareentwicklung Remus - ArchiCrypt - )
S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [38272 2013-08-17] (Windows (R) Win 7 DDK provider)
S3 wod0205; C:\Windows\System32\DRIVERS\wod0205.sys [33160 2011-04-23] (WeOnlyDo Software)
S4 NVHDA; system32\drivers\nvhda64v.sys [x]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [x]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-23 01:45 - 2014-01-23 01:45 - 01037068 _____ (Thisisu) C:\Users\Der Internet\Desktop\JRT (1).exe
2014-01-23 01:35 - 2014-01-23 12:53 - 00025882 _____ C:\Users\Der Internet\Desktop\FRST.txt
2014-01-23 01:35 - 2014-01-23 01:35 - 00000000 ____D C:\FRST
2014-01-23 01:27 - 2014-01-23 01:27 - 02077184 _____ (Farbar) C:\Users\Der Internet\Desktop\FRST64.exe
2014-01-23 01:22 - 2014-01-23 01:22 - 01236282 _____ C:\Users\Der Internet\Desktop\adwcleaner.exe
2014-01-22 17:43 - 2014-01-22 17:43 - 00000000 ____D C:\Users\Der Internet\AppData\Roaming\ATI
2014-01-22 17:43 - 2014-01-22 17:43 - 00000000 ____D C:\Users\Der Internet\AppData\Local\ATI
2014-01-22 17:43 - 2014-01-22 17:43 - 00000000 ____D C:\ProgramData\ATI
2014-01-22 17:43 - 2014-01-22 17:43 - 00000000 _____ C:\Windows\ativpsrm.bin
2014-01-22 17:40 - 2014-01-22 17:40 - 00000000 ____D C:\ProgramData\AMD
2014-01-22 17:40 - 2014-01-22 17:40 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2014-01-22 17:40 - 2014-01-22 17:40 - 00000000 ____D C:\Program Files\ATI
2014-01-22 17:40 - 2014-01-22 17:40 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2014-01-22 17:40 - 2014-01-22 17:40 - 00000000 ____D C:\Program Files (x86)\AMD APP
2014-01-22 17:39 - 2014-01-22 17:40 - 00000000 ____D C:\Program Files (x86)\ATI
2014-01-22 17:38 - 2014-01-22 17:38 - 00000000 ____D C:\AMD
2014-01-22 17:35 - 2014-01-22 17:35 - 00791552 _____ (AMD) C:\Users\Der Internet\Desktop\amddriverdownloader.exe
2014-01-22 17:34 - 2014-01-22 17:35 - 00000757 _____ C:\Windows\LkmdfCoInst.log
2014-01-22 01:16 - 2014-01-22 01:16 - 00410480 _____ C:\Windows\Minidump\012214-15927-01.dmp
2014-01-21 23:10 - 2014-01-21 23:10 - 00368712 _____ C:\Windows\Minidump\012114-9578-01.dmp
2014-01-21 14:52 - 2014-01-21 14:56 - 113722693 _____ C:\Users\Der Internet\Desktop\Mosh - Empire.zip
2014-01-21 14:02 - 2014-01-21 14:02 - 00005327 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-20 16:15 - 2014-01-20 16:15 - 00000000 ____D C:\Users\Der Internet\Documents\Assassin's Creed Liberation HD
2014-01-20 16:15 - 2014-01-20 16:15 - 00000000 ____D C:\Saves
2014-01-20 15:47 - 2014-01-20 15:47 - 00000000 ____D C:\Users\Der Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-01-19 21:49 - 2014-01-19 21:49 - 00000880 _____ C:\Users\Public\Desktop\Assassin's Creed Liberation HD.lnk
2014-01-19 17:03 - 2014-01-19 17:03 - 00092966 _____ C:\Users\Der Internet\Desktop\Hausaufgaben.zip
2014-01-17 19:07 - 2014-01-17 19:07 - 00000000 ____D C:\Users\Der Internet\Documents\MGR
2014-01-17 16:43 - 2014-01-17 16:43 - 00000797 _____ C:\Users\Public\Desktop\METAL GEAR RISING REVENGEANCE.lnk
2014-01-16 12:03 - 2014-01-16 12:06 - 00000000 ____D C:\Users\Der Internet\Downloads\extracted
2014-01-15 22:20 - 2014-01-15 22:20 - 00037795 _____ C:\Users\Der Internet\Desktop\bf38a0b5782e67e66e8cdcc293960c18ac87377c.zip
2014-01-15 17:30 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 17:12 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 17:12 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 17:12 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 17:12 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 17:12 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 17:12 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 17:12 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 17:12 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 22:57 - 2014-01-21 21:53 - 00000633 _____ C:\Users\Public\Desktop\The Walking Dead.lnk
2014-01-14 20:31 - 2014-01-14 20:31 - 00039492 _____ C:\Users\Der Internet\Desktop\f272b59a009c9d315f5253d0acbcaf47ee3dc516.zip
2014-01-13 17:46 - 2014-01-13 17:46 - 00039625 _____ C:\Users\Der Internet\Desktop\3571977.zip
2014-01-13 16:33 - 2014-01-13 16:33 - 00897216 _____ C:\Users\Der Internet\Desktop\AlbumArtDownloaderXUI-1.00.exe
2014-01-13 16:29 - 2014-01-13 16:29 - 00152691 _____ (Tordex) C:\Users\Der Internet\Desktop\mc-foo2k.exe
2014-01-13 01:55 - 2014-01-13 01:55 - 00019456 ___SH C:\Users\Der Internet\Downloads\Thumbs.db
2014-01-09 00:12 - 2014-01-09 00:12 - 03172160 _____ C:\Users\Der Internet\Desktop\N8FanClub.com_Swype_v2.1.4436_fixed_unsigned.sis
2014-01-08 21:41 - 2014-01-08 22:29 - 274355821 _____ C:\Users\Der Internet\Desktop\NordicLakeSoundsVolV.zip
2014-01-08 01:07 - 2014-01-08 01:07 - 00000000 ____D C:\NVIDIA
2014-01-06 20:23 - 2014-01-06 20:23 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2014-01-04 16:04 - 2014-01-04 16:05 - 27609126 _____ C:\Users\Der Internet\Desktop\DFRNT - Dark Blue EP.zip
2014-01-03 23:15 - 2014-01-03 23:15 - 00000000 ____D C:\Users\Der Internet\Desktop\Paula Temple - Colonized [RS1307D] (2013)
2014-01-03 01:43 - 2014-01-03 01:43 - 01036305 _____ (Thisisu) C:\Users\Der Internet\Desktop\JRT.exe
2014-01-03 01:43 - 2014-01-03 01:43 - 00000000 ____D C:\Windows\ERUNT
2014-01-03 01:31 - 2014-01-23 12:48 - 00000000 ____D C:\AdwCleaner
2014-01-03 01:31 - 2014-01-03 01:31 - 01233962 _____ C:\Users\Der Internet\Desktop\adwcleaner_3.016.exe
2013-12-31 21:49 - 2013-12-31 21:49 - 00000000 ____D C:\ProgramData\Winclean performap
2013-12-31 11:38 - 2013-12-31 11:38 - 00000000 ____D C:\ProgramData\Performancer
2013-12-31 02:17 - 2013-12-31 02:17 - 00000000 ____D C:\ProgramData\Accelesys
2013-12-30 13:10 - 2013-12-30 13:10 - 00000000 ____D C:\ProgramData\InteliWeb
2013-12-30 13:08 - 2013-12-30 13:08 - 00000000 ____D C:\ProgramData\ShopDrop
2013-12-30 13:08 - 2013-12-30 13:08 - 00000000 ____D C:\ProgramData\SHoPDroap
2013-12-30 13:08 - 2013-12-30 13:08 - 00000000 ____D C:\ProgramData\ReggularDueals
2013-12-30 13:08 - 2013-12-30 13:08 - 00000000 ____D C:\ProgramData\mhjpkbehoplopblenpbhmofpnabjfnbe
2013-12-30 13:08 - 2013-12-30 13:08 - 00000000 ____D C:\ProgramData\bedaajccclfbfhilmpglafgmjjlapdnp
2013-12-30 13:01 - 2013-12-30 13:01 - 00000000 ____D C:\ProgramData\Tordex
2013-12-30 05:44 - 2013-12-30 05:44 - 00000000 ____D C:\ProgramData\FastSys
2013-12-30 01:38 - 2013-12-30 01:38 - 00000000 ____D C:\ProgramData\Network Acceleration
2013-12-29 06:10 - 2013-12-29 06:10 - 00000000 ____D C:\ProgramData\Web Light
2013-12-29 05:15 - 2013-12-29 05:15 - 00000000 ____D C:\Users\Der Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Airfoil
2013-12-29 05:15 - 2013-12-29 05:15 - 00000000 ____D C:\Program Files (x86)\Airfoil
2013-12-29 05:13 - 2013-12-29 05:13 - 09022448 _____ C:\Users\Der Internet\Desktop\AirfoilInstaller.exe
2013-12-29 05:05 - 2013-12-29 07:03 - 00000000 ____D C:\Users\Der Internet\AppData\Local\Rogue Amoeba
2013-12-29 04:36 - 2013-12-29 04:38 - 06738360 _____ C:\Users\Der Internet\Desktop\AirfoilSpeakersInstaller.exe
2013-12-28 23:32 - 2013-12-28 23:32 - 00000000 ____D C:\ProgramData\WinFilter
2013-12-28 23:24 - 2013-12-28 23:24 - 00000000 ____D C:\ProgramData\WinWeb protection
2013-12-24 00:32 - 2013-12-24 00:32 - 00000000 ____D C:\Users\Der Internet\Desktop\A Very Bootie Christmas 3

==================== One Month Modified Files and Folders =======

2014-01-23 12:53 - 2014-01-23 01:35 - 00025882 _____ C:\Users\Der Internet\Desktop\FRST.txt
2014-01-23 12:52 - 2012-09-19 23:12 - 00000000 ____D C:\Users\Der Internet\AppData\Roaming\foobar2000
2014-01-23 12:48 - 2014-01-03 01:31 - 00000000 ____D C:\AdwCleaner
2014-01-23 12:47 - 2009-07-14 05:45 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-23 12:47 - 2009-07-14 05:45 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-23 12:46 - 2011-04-12 08:43 - 00699416 _____ C:\Windows\system32\perfh007.dat
2014-01-23 12:46 - 2011-04-12 08:43 - 00149556 _____ C:\Windows\system32\perfc007.dat
2014-01-23 12:46 - 2009-07-14 06:13 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-23 12:44 - 2012-09-19 21:00 - 01903654 _____ C:\Windows\WindowsUpdate.log
2014-01-23 12:43 - 2013-11-12 18:02 - 00001122 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-23 12:42 - 2012-09-20 20:09 - 00000000 ____D C:\Users\Der Internet\AppData\Roaming\Dropbox
2014-01-23 12:41 - 2013-03-19 22:03 - 00005088 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Jo-PC-Der Internet Jo-PC
2014-01-23 12:41 - 2012-10-27 21:24 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-23 12:40 - 2013-11-26 16:55 - 00000462 ____H C:\Windows\Tasks\SK.Enhancer-S-161304646.job
2014-01-23 12:40 - 2013-11-17 10:50 - 00022827 _____ C:\Windows\setupact.log
2014-01-23 12:40 - 2013-11-12 18:02 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-23 12:40 - 2013-08-16 23:59 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2014-01-23 12:40 - 2013-02-12 14:22 - 00000000 ____D C:\Program Files (x86)\StarMoney 8.0
2014-01-23 12:40 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-23 01:45 - 2014-01-23 01:45 - 01037068 _____ (Thisisu) C:\Users\Der Internet\Desktop\JRT (1).exe
2014-01-23 01:38 - 2012-09-19 21:12 - 00001148 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2910854657-4121419401-2933497238-1000UA.job
2014-01-23 01:35 - 2014-01-23 01:35 - 00000000 ____D C:\FRST
2014-01-23 01:28 - 2012-09-22 18:03 - 00000000 ____D C:\Program Files (x86)\JDownloader 2
2014-01-23 01:27 - 2014-01-23 01:27 - 02077184 _____ (Farbar) C:\Users\Der Internet\Desktop\FRST64.exe
2014-01-23 01:22 - 2014-01-23 01:22 - 01236282 _____ C:\Users\Der Internet\Desktop\adwcleaner.exe
2014-01-23 00:46 - 2012-09-19 22:11 - 01593956 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-23 00:28 - 2012-09-20 01:16 - 00000000 ____D C:\Program Files (x86)\Origin
2014-01-23 00:27 - 2012-09-19 22:08 - 00000000 ____D C:\Spiele
2014-01-23 00:16 - 2012-09-20 00:19 - 00000000 ____D C:\Users\Der Internet\AppData\Roaming\vlc
2014-01-22 18:38 - 2012-09-19 21:12 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2910854657-4121419401-2933497238-1000Core.job
2014-01-22 17:43 - 2014-01-22 17:43 - 00000000 ____D C:\Users\Der Internet\AppData\Roaming\ATI
2014-01-22 17:43 - 2014-01-22 17:43 - 00000000 ____D C:\Users\Der Internet\AppData\Local\ATI
2014-01-22 17:43 - 2014-01-22 17:43 - 00000000 ____D C:\ProgramData\ATI
2014-01-22 17:43 - 2014-01-22 17:43 - 00000000 _____ C:\Windows\ativpsrm.bin
2014-01-22 17:40 - 2014-01-22 17:40 - 00000000 ____D C:\ProgramData\AMD
2014-01-22 17:40 - 2014-01-22 17:40 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2014-01-22 17:40 - 2014-01-22 17:40 - 00000000 ____D C:\Program Files\ATI
2014-01-22 17:40 - 2014-01-22 17:40 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2014-01-22 17:40 - 2014-01-22 17:40 - 00000000 ____D C:\Program Files (x86)\AMD APP
2014-01-22 17:40 - 2014-01-22 17:39 - 00000000 ____D C:\Program Files (x86)\ATI
2014-01-22 17:39 - 2013-11-14 02:28 - 00000000 ____D C:\Users\Der Internet\AppData\Local\NVIDIA Corporation
2014-01-22 17:39 - 2012-09-19 21:17 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2014-01-22 17:39 - 2012-09-19 21:17 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2014-01-22 17:39 - 2012-09-19 21:16 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2014-01-22 17:38 - 2014-01-22 17:38 - 00000000 ____D C:\AMD
2014-01-22 17:37 - 2012-09-19 21:17 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-22 17:35 - 2014-01-22 17:35 - 00791552 _____ (AMD) C:\Users\Der Internet\Desktop\amddriverdownloader.exe
2014-01-22 17:35 - 2014-01-22 17:34 - 00000757 _____ C:\Windows\LkmdfCoInst.log
2014-01-22 17:34 - 2012-09-19 21:51 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-01-22 16:34 - 2013-11-29 23:48 - 335683607 _____ C:\Windows\MEMORY.DMP
2014-01-22 01:16 - 2014-01-22 01:16 - 00410480 _____ C:\Windows\Minidump\012214-15927-01.dmp
2014-01-21 23:10 - 2014-01-21 23:10 - 00368712 _____ C:\Windows\Minidump\012114-9578-01.dmp
2014-01-21 23:10 - 2012-09-20 08:09 - 00000000 ____D C:\Windows\Minidump
2014-01-21 23:05 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Help
2014-01-21 21:53 - 2014-01-14 22:57 - 00000633 _____ C:\Users\Public\Desktop\The Walking Dead.lnk
2014-01-21 14:56 - 2014-01-21 14:52 - 113722693 _____ C:\Users\Der Internet\Desktop\Mosh - Empire.zip
2014-01-21 14:05 - 2013-11-12 00:28 - 00000000 ____D C:\ProgramData\Oracle
2014-01-21 14:02 - 2014-01-21 14:02 - 00005327 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-21 14:02 - 2012-09-22 16:42 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-20 19:14 - 2012-09-19 21:12 - 00000000 ____D C:\Users\Der Internet\AppData\Local\Google
2014-01-20 16:15 - 2014-01-20 16:15 - 00000000 ____D C:\Users\Der Internet\Documents\Assassin's Creed Liberation HD
2014-01-20 16:15 - 2014-01-20 16:15 - 00000000 ____D C:\Saves
2014-01-20 15:47 - 2014-01-20 15:47 - 00000000 ____D C:\Users\Der Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-01-20 15:12 - 2009-07-14 04:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2014-01-19 21:50 - 2013-11-20 11:28 - 00088135 _____ C:\Windows\DirectX.log
2014-01-19 21:49 - 2014-01-19 21:49 - 00000880 _____ C:\Users\Public\Desktop\Assassin's Creed Liberation HD.lnk
2014-01-19 17:03 - 2014-01-19 17:03 - 00092966 _____ C:\Users\Der Internet\Desktop\Hausaufgaben.zip
2014-01-19 08:33 - 2010-11-21 04:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-17 19:07 - 2014-01-17 19:07 - 00000000 ____D C:\Users\Der Internet\Documents\MGR
2014-01-17 16:43 - 2014-01-17 16:43 - 00000797 _____ C:\Users\Public\Desktop\METAL GEAR RISING REVENGEANCE.lnk
2014-01-17 13:04 - 2012-09-20 20:09 - 00000000 ____D C:\Users\Der Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-17 13:04 - 2012-09-19 21:00 - 00000000 ___RD C:\Users\Der Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-16 15:34 - 2009-07-14 05:45 - 00376856 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 12:06 - 2014-01-16 12:03 - 00000000 ____D C:\Users\Der Internet\Downloads\extracted
2014-01-16 11:08 - 2012-10-18 12:56 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-16 11:07 - 2013-08-15 00:57 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 11:04 - 2012-09-19 21:38 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 22:20 - 2014-01-15 22:20 - 00037795 _____ C:\Users\Der Internet\Desktop\bf38a0b5782e67e66e8cdcc293960c18ac87377c.zip
2014-01-15 21:21 - 2013-04-17 18:28 - 00000000 ____D C:\Users\Der Internet\AppData\Roaming\Skype
2014-01-14 22:57 - 2013-01-18 21:01 - 00000000 ____D C:\Users\Der Internet\Documents\Telltale Games
2014-01-14 20:31 - 2014-01-14 20:31 - 00039492 _____ C:\Users\Der Internet\Desktop\f272b59a009c9d315f5253d0acbcaf47ee3dc516.zip
2014-01-13 17:46 - 2014-01-13 17:46 - 00039625 _____ C:\Users\Der Internet\Desktop\3571977.zip
2014-01-13 16:33 - 2014-01-13 16:33 - 00897216 _____ C:\Users\Der Internet\Desktop\AlbumArtDownloaderXUI-1.00.exe
2014-01-13 16:29 - 2014-01-13 16:29 - 00152691 _____ (Tordex) C:\Users\Der Internet\Desktop\mc-foo2k.exe
2014-01-13 01:55 - 2014-01-13 01:55 - 00019456 ___SH C:\Users\Der Internet\Downloads\Thumbs.db
2014-01-13 01:55 - 2013-07-29 12:37 - 00000000 ____D C:\Users\Der Internet\Downloads\nd FB login_files
2014-01-12 19:15 - 2012-09-26 02:12 - 00000000 ____D C:\Users\Der Internet\AppData\Roaming\uTorrent
2014-01-09 00:12 - 2014-01-09 00:12 - 03172160 _____ C:\Users\Der Internet\Desktop\N8FanClub.com_Swype_v2.1.4436_fixed_unsigned.sis
2014-01-08 22:29 - 2014-01-08 21:41 - 274355821 _____ C:\Users\Der Internet\Desktop\NordicLakeSoundsVolV.zip
2014-01-08 01:07 - 2014-01-08 01:07 - 00000000 ____D C:\NVIDIA
2014-01-06 20:23 - 2014-01-06 20:23 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2014-01-05 23:21 - 2013-04-17 18:28 - 00000000 ___RD C:\Program Files (x86)\Skype
2014-01-05 23:21 - 2013-04-17 18:28 - 00000000 ____D C:\ProgramData\Skype
2014-01-04 16:05 - 2014-01-04 16:04 - 27609126 _____ C:\Users\Der Internet\Desktop\DFRNT - Dark Blue EP.zip
2014-01-03 23:15 - 2014-01-03 23:15 - 00000000 ____D C:\Users\Der Internet\Desktop\Paula Temple - Colonized [RS1307D] (2013)
2014-01-03 01:43 - 2014-01-03 01:43 - 01036305 _____ (Thisisu) C:\Users\Der Internet\Desktop\JRT.exe
2014-01-03 01:43 - 2014-01-03 01:43 - 00000000 ____D C:\Windows\ERUNT
2014-01-03 01:40 - 2012-09-19 21:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-03 01:40 - 2012-09-19 21:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-03 01:38 - 2013-11-26 18:37 - 00203836 _____ C:\Windows\PFRO.log
2014-01-03 01:31 - 2014-01-03 01:31 - 01233962 _____ C:\Users\Der Internet\Desktop\adwcleaner_3.016.exe
2014-01-03 01:31 - 2013-11-26 16:55 - 00000000 ____D C:\ProgramData\e9d54e1bbb87d760
2013-12-31 21:49 - 2013-12-31 21:49 - 00000000 ____D C:\ProgramData\Winclean performap
2013-12-31 11:38 - 2013-12-31 11:38 - 00000000 ____D C:\ProgramData\Performancer
2013-12-31 02:17 - 2013-12-31 02:17 - 00000000 ____D C:\ProgramData\Accelesys
2013-12-30 13:10 - 2013-12-30 13:10 - 00000000 ____D C:\ProgramData\InteliWeb
2013-12-30 13:08 - 2013-12-30 13:08 - 00000000 ____D C:\ProgramData\ShopDrop
2013-12-30 13:08 - 2013-12-30 13:08 - 00000000 ____D C:\ProgramData\SHoPDroap
2013-12-30 13:08 - 2013-12-30 13:08 - 00000000 ____D C:\ProgramData\ReggularDueals
2013-12-30 13:08 - 2013-12-30 13:08 - 00000000 ____D C:\ProgramData\mhjpkbehoplopblenpbhmofpnabjfnbe
2013-12-30 13:08 - 2013-12-30 13:08 - 00000000 ____D C:\ProgramData\bedaajccclfbfhilmpglafgmjjlapdnp
2013-12-30 13:01 - 2013-12-30 13:01 - 00000000 ____D C:\ProgramData\Tordex
2013-12-30 13:01 - 2012-09-20 16:35 - 00000000 ____D C:\Program Files\TrueLaunchBar
2013-12-30 05:44 - 2013-12-30 05:44 - 00000000 ____D C:\ProgramData\FastSys
2013-12-30 01:38 - 2013-12-30 01:38 - 00000000 ____D C:\ProgramData\Network Acceleration
2013-12-29 07:03 - 2013-12-29 05:05 - 00000000 ____D C:\Users\Der Internet\AppData\Local\Rogue Amoeba
2013-12-29 06:10 - 2013-12-29 06:10 - 00000000 ____D C:\ProgramData\Web Light
2013-12-29 05:15 - 2013-12-29 05:15 - 00000000 ____D C:\Users\Der Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Airfoil
2013-12-29 05:15 - 2013-12-29 05:15 - 00000000 ____D C:\Program Files (x86)\Airfoil
2013-12-29 05:13 - 2013-12-29 05:13 - 09022448 _____ C:\Users\Der Internet\Desktop\AirfoilInstaller.exe
2013-12-29 04:38 - 2013-12-29 04:36 - 06738360 _____ C:\Users\Der Internet\Desktop\AirfoilSpeakersInstaller.exe
2013-12-28 23:32 - 2013-12-28 23:32 - 00000000 ____D C:\ProgramData\WinFilter
2013-12-28 23:24 - 2013-12-28 23:24 - 00000000 ____D C:\ProgramData\WinWeb protection
2013-12-24 00:32 - 2013-12-24 00:32 - 00000000 ____D C:\Users\Der Internet\Desktop\A Very Bootie Christmas 3

Some content of TEMP:
====================
C:\Users\Der Internet\AppData\Local\Temp\13-9-legacy_vista_win7_64_dd_ccc_whql.exe
C:\Users\Der Internet\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Der Internet\AppData\Local\Temp\NEventMessages.dll
C:\Users\Der Internet\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Der Internet\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Der Internet\AppData\Local\Temp\nvStInst.exe
C:\Users\Der Internet\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Der Internet\AppData\Local\Temp\sfareca00001.dll
C:\Users\Der Internet\AppData\Local\Temp\vlc-2.1.2-win32.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-19 00:58

==================== End Of Log ============================

Auch JRT führt zu keinem Ergebnis


Nach dem ausführen der Tools ist der Fehler erst einmal behoben, sobald ich den Rechner neustarte aber wieder da.




In Chrome ist ein Plugin aufgeführt, dass "ExstrAACoupon" heißt und sicherlich der Übeltäter ist. Entferne ich dieses, ist der Fehler behoben - beim nächsten Start ist dieses allerdings wieder da. Was mich stutzig macht, ist das eine Suche nach "ExstrAACoupon" keinerlei Ergebnisse gibt - oder blockt die Malware die Suche nach selbigem?

BIn euch für jeden Tipp dankbar und schon kurz davor, Windows neu aufzusetzen

 

Themen zu Safesaver und Chrome
.dll, adblock, administrator, adobe, bonjour, browser, chrome, desktop, diagnostics, explorer, fehler, google, internet, internet explorer, malware, minidump, mozilla, netzwerk, preferences, realtek, registrierungsdatenbank, registry, safesave, scan, secunia psi, security, services.exe, software, starmoney, suche, svchost.exe, vista, windows, winlogon.exe


« Hohe CPU Auslastung und veränderter autostart durch ccleaner-resident.exe | Search Protect läst sich nicht entfernen »


Ähnliche Themen: Safesaver und Chrome


  1. Chrome ADs/Werbung
    Log-Analyse und Auswertung - 02.08.2015 (3)
  2. ESET hat Diverses gefunden, Laptop extrem langsam, andauernde Fehlermeldungen Chrome"Ups Google Chrome ...."
    Plagegeister aller Art und deren Bekämpfung - 19.07.2015 (165)
  3. Google Chrome - öffnet eine andere Seite beim Starten von Google Chrome (Win7)
    Plagegeister aller Art und deren Bekämpfung - 19.01.2015 (29)
  4. Chrome Datenschutz
    Überwachung, Datenschutz und Spam - 17.09.2014 (10)
  5. appround.net - Chrome
    Plagegeister aller Art und deren Bekämpfung - 27.02.2014 (9)
  6. Problem mit dem Safesaver
    Plagegeister aller Art und deren Bekämpfung - 19.02.2014 (7)
  7. Safesaver wie entferne ichs?
    Log-Analyse und Auswertung - 23.01.2014 (1)
  8. Habe mir den "safesaver"-Mist eingefangen
    Plagegeister aller Art und deren Bekämpfung - 20.01.2014 (7)
  9. Auch hier: SafeSaver lässt sich nicht entfernen!
    Log-Analyse und Auswertung - 07.01.2014 (4)
  10. SafeSaver lässt sich nicht entfernen
    Log-Analyse und Auswertung - 05.01.2014 (12)
  11. Infektion mit SafeSaver
    Log-Analyse und Auswertung - 04.01.2014 (7)
  12. SafeSaver lässt sich nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 02.01.2014 (3)
  13. ClickTrojaner in Chrome!
    Plagegeister aller Art und deren Bekämpfung - 07.09.2013 (5)
  14. chrome adblocker
    Plagegeister aller Art und deren Bekämpfung - 10.08.2013 (11)
  15. "Ads not by this site" und "safesaver"
    Plagegeister aller Art und deren Bekämpfung - 29.06.2013 (10)
  16. Sicherheitsupdate für Chrome 27
    Nachrichten - 05.06.2013 (0)
  17. Chrome friert, ab und zu, ein
    Log-Analyse und Auswertung - 19.03.2012 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Safesaver und Chrome - Juten Tach zusammen, sehr beschämt muss ich zugeben, mir irgendwo dieses furchtbare safesaver plugin eingefangen habe... ich bin eigentlich kein Amateur, bekomme es aber einfach nicht weg. Habe auch schon - Safesaver und Chrome...
Archiv
Du betrachtest: Safesaver und Chrome auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131