|
Plagegeister aller Art und deren Bekämpfung: Leihlaptop mit hoher CPU-Auslastung (100%)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
20.11.2014, 00:24 | #1 |
| Leihlaptop mit hoher CPU-Auslastung (100%) Sehr geeherte Trojaner-Boarder, da ich von viele Leute gehört habe, dass Ihr ihnen helfen konntet, wende ich mich mit meinem Problem ebenfalls an euch. Ich habe mir von einer Freundin einen Laptop ausgeliehen, da mein PC leider kaputt ist (Hardware-Verschleiß). Der Laptop hat aber leider eine sehr hohe CPU-Auslastung und ich sehe keinen Grund dafür. Ich kenne mich nicht genug mit Computer aus, um das Problem selbst zu beheben. Im Internet habe ich einige Tipps gefunden, wie man (angeblich) die CPU-Auslastung senken kann. Funktioniert hier leider alles nicht. Ich habe es mit der Besitzerin abgesprochen, dass ich hier für ihr Gerät nach Hilfe frage, da sie selbst beim Einrichten des Laptops Hilfe hatte und sich scheinbar noch weniger mit PCs auskennt als ich. Malwarebytes Anti-Malware hat folgendes gefunden: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 19.11.2014 Scan Time: 22:43:37 Logfile: MalwarebytesLog.txt Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.11.19.07 Rootkit Database: v2014.11.18.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Jey Scan Type: Threat Scan Result: Completed Objects Scanned: 314794 Time Elapsed: 1 hr, 3 min, 41 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 12 PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2214285484-1360722716-164639359-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, , [7e25231ae29a221472890ab0a16157a9], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, , [0d96033add9f71c50f707b79976b9967], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, , [5e4579c4b9c350e6d8a8ec08d32fa759], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, , [455ee25b7ffd9d994bc9aa4aad553cc4], PUP.Optional.DataMangr.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DatamngrCoordinator.exe, , [4162ed500c7048ee43b42b220bf8f30d], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, , [30730934b1cb6acc61c3afc72fd4d22e], PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DatamngrCoordinator.exe, , [d7cc2d10a4d85bdba2550944d92ad62a], PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginService, , [d7cc42fbbac263d3bc93d85f649ff50b], PUP.Optional.SearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD, , [fba825186616b18525420d3e4eb5dd23], PUP.Optional.SupraSavings.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Supra Savings, , [129105386d0f0b2be593e383b74c936d], PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-2214285484-1360722716-164639359-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TutoTag, , [940f83ba8bf17eb84852d2dcbf45bc44], PUP.Optional.ViewPassword.A, HKU\S-1-5-21-2214285484-1360722716-164639359-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\ViewPassword, , [049f2c11205ca195dd5782d18d7629d7], Registry Values: 4 PUP.Optional.Iminent.A, HKU\S-1-5-21-2214285484-1360722716-164639359-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, , [455ee25b7ffd9d994bc9aa4aad553cc4], PUP.Optional.Iminent.A, HKU\S-1-5-21-2214285484-1360722716-164639359-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, , [8d1684b979030a2c6ba90ee6976bad53], PUP.Optional.FirstSeenToday.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fst_de_85, , [a7fc5fde403ce74faf68de8418eb768a], PUP.Optional.SearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD|ImagePath, \??\C:\Windows\system32\drivers\SPPD.sys, , [fba825186616b18525420d3e4eb5dd23] Registry Data: 1 PUP.Optional.Trovi.A, HKU\S-1-5-21-2214285484-1360722716-164639359-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=M9BF507A1-1D0E-4472-80F7-6099D82502C4&SearchSource=55&CUI=&UM=6&UP=SP8AC88077-3D77-4888-BE56-282F4C2669FB&SSPV=2184TC_sp_ie, Good: (www.google.com), Bad: (hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=M9BF507A1-1D0E-4472-80F7-6099D82502C4&SearchSource=55&CUI=&UM=6&UP=SP8AC88077-3D77-4888-BE56-282F4C2669FB&SSPV=2184TC_sp_ie),,[8b1895a8bebe74c2bdc8c77c996c6898] Folders: 1 PUP.Optional.FLVMPlayer, C:\Program Files (x86)\FLVM Player, , [2d7654e9c7b51125ee16fb3153b0dc24], Files: 5 PUP.Optional.SearchProtect.A, C:\Users\Jey\AppData\Roaming\RHEng\36594921D9F941A8B015C743111C4CDD\13443.exe, , [b3f0cf6e6f0d290da4f00d8eb44d946c], PUP.Optional.SupraSavings.A, C:\temp\t.msi, , [c7dc97a6fd7fce68899686971ee77d83], PUP.Optional.Iminent.A, C:\Users\Jey\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage, , [bce77cc15c207cba1ef360ff58ab20e0], PUP.Optional.Trovi, C:\Users\Jey\AppData\Roaming\Mozilla\Firefox\Profiles\wbtfc6oj.default\prefs.js, Good: (), Bad: (user_pref("browser.search.defaultenginename", "Trovi search");), ,[277c88b5205cc86e74c81b69ad58f30d] PUP.Optional.Trovi.A, C:\Users\Jey\AppData\Roaming\Mozilla\Firefox\Profiles\wbtfc6oj.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=M9BF507A1-1D0E-4472-80F7-6099D82502C4&SearchSource=69&CUI=&SSPV=2184TC_sp_ff&Lay=1&UM=6&UP=SP8AC88077-3D77-4888-BE56-282F4C2669FB");), ,[346f7ebfe498ab8bd2f99aeae4216d93] Physical Sectors: 0 (No malicious items detected) (end) Code:
ATTFilter Exportierte Ereignisse: 11.11.2014 23:17 [System-Scanner] Malware gefunden Die Datei 'C:\Users\Jey\AppData\Local\Mozilla\Firefox\Profiles\wbtfc6oj.default\cache2\ent ries\D9E203425FA278AA82AC6F0EBD55038E31C871C2' enthielt einen Virus oder unerwünschtes Programm 'JS/iFrame.EXP.8' [virus]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48ba575f.qua' verschoben! 11.11.2014 23:10 [System-Scanner] Malware gefunden Die Datei 'C:\Users\Jey\AppData\Local\Mozilla\Firefox\Profiles\wbtfc6oj.default\cache2\ent ries\51505D03DB744AEB75F5F0A28FC7BD0ABC69F300' enthielt einen Virus oder unerwünschtes Programm 'JS/iFrame.EXP.8' [virus]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '501d7a7e.qua' verschoben! Ich hoffe Ihr konnt mir helfen und mein Problem ist nicht zu simpel. Mit freundlichen Grüßen Zinke |
20.11.2014, 00:26 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Leihlaptop mit hoher CPU-Auslastung (100%) Hallo und
__________________Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
20.11.2014, 01:04 | #3 |
| Leihlaptop mit hoher CPU-Auslastung (100%) Vielen Dank für die schnelle Antwort.
__________________AdwCleaner gibt Code:
ATTFilter # AdwCleaner v4.101 - Bericht erstellt am 20/11/2014 um 00:37:02 # Aktualisiert 09/11/2014 von Xplode # Database : 2014-11-16.1 [Live] # Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits) # Benutzername : Jey - SCHLÄPTOP # Gestartet von : C:\Users\Jey\Downloads\AdwCleaner_4.101.exe # Option : Löschen ***** [ Dienste ] ***** Dienst Gelöscht : netfilter64 [#] Dienst Gelöscht : SPPD ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\Program Files (x86)\FLVM Player Ordner Gelöscht : C:\Program Files (x86)\DriverTurbo Ordner Gelöscht : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Systweak Ordner Gelöscht : C:\Users\Jey\AppData\Local\Temp\DriverTurbo Ordner Gelöscht : C:\Users\Jey\AppData\Roaming\RHEng Ordner Gelöscht : C:\Users\Jey\AppData\Roaming\DriverTurbo Datei Gelöscht : C:\Windows\System32\drivers\netfilter64.sys Datei Gelöscht : C:\Windows\System32\roboot64.exe Datei Gelöscht : C:\Users\Jey\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage ***** [ Tasks ] ***** Task Gelöscht : Advanced System Protector ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginService Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08} Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36} Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKCU\Software\systweak Schlüssel Gelöscht : HKCU\Software\TutoTag Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ViewPassword Schlüssel Gelöscht : HKLM\SOFTWARE\Iminent Schlüssel Gelöscht : HKLM\SOFTWARE\systweak Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DatamngrCoordinator.exe ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17420 Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] -\\ Mozilla Firefox v33.1 (x86 de) [wbtfc6oj.default\prefs.js] - Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=M9BF507A1-1D0E-4472-80F7-6099D82502C4&SearchSource=69&CUI=&SSPV=2184TC_sp_ff&Lay=1&UM=6&UP=SP8AC88[...] [wbtfc6oj.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultenginename", "Trovi search"); -\\ Google Chrome v38.0.2125.111 [C:\Users\Jey\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://start.iminent.com/?appId=6A5A101C-C1C7-4661-A847-7BB5A5254386&ref=toolbox&q={searchTerms} [C:\Users\Jey\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=M9BF507A1-1D0E-4472-80F7-6099D82502C4&SearchSource=58&CUI=&UM=6&UP=SP8AC88077-3D77-4888-BE56-282F4C2669FB&q={searchTerms}&SSPV=2184TC_sp_ch [C:\Users\Jey\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=M9BF507A1-1D0E-4472-80F7-6099D82502C4&SearchSource=58&CUI=&UM=6&UP=SP8AC88077-3D77-4888-BE56-282F4C2669FB&q={searchTerms}&SSPV=2184TC_sp_ch ************************* AdwCleaner[R0].txt - [5008 octets] - [05/07/2014 09:26:14] AdwCleaner[R1].txt - [965 octets] - [05/07/2014 09:35:43] AdwCleaner[R2].txt - [1035 octets] - [08/07/2014 15:01:24] AdwCleaner[R3].txt - [320 octets] - [20/11/2014 00:33:06] AdwCleaner[R4].txt - [5432 octets] - [20/11/2014 00:34:16] AdwCleaner[S0].txt - [4363 octets] - [05/07/2014 09:26:45] AdwCleaner[S1].txt - [1025 octets] - [05/07/2014 09:36:14] AdwCleaner[S2].txt - [1097 octets] - [08/07/2014 15:02:04] AdwCleaner[S3].txt - [4792 octets] - [20/11/2014 00:37:02] ########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [4852 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.3.9 (11.15.2014:2) OS: Windows 7 Ultimate x64 Ran by Jey on 20.11.2014 at 0:41:19,83 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin" ~~~ FireFox Emptied folder: C:\Users\Jey\AppData\Roaming\mozilla\firefox\profiles\wbtfc6oj.default\minidumps [6 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 20.11.2014 at 0:55:23,89 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -in FRST.txt FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-11-2014 Ran by Jey (administrator) on SCHLÄPTOP on 20-11-2014 00:57:29 Running from C:\Users\Jey\Downloads Loaded Profile: Jey (Available profiles: Jey) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (Akamai Technologies, Inc.) C:\Users\Jey\AppData\Local\Akamai\netsession_win.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe (Akamai Technologies, Inc.) C:\Users\Jey\AppData\Local\Akamai\netsession_win.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ASUSQuickGesture(x86)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [20352 2012-09-11] (ASUSTeK Computer Inc.) HKLM\...\Run: [ASUSTPLoader(x64)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe [169856 2012-09-11] (AsusTek) HKLM\...\Run: [ASUSQuickGesture(x64)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe [22400 2012-09-11] (ASUSTeK Computer Inc.) HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322208 2012-06-25] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174752 2012-06-19] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [fst_de_85] => [X] HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-18] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) HKLM-x32\...\Run: [StartCCC] => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2214285484-1360722716-164639359-1000\...\Run: [DAEMON Tools Lite] => "D:\DAEMON Tools Lite\DTLite.exe" -autorun HKU\S-1-5-21-2214285484-1360722716-164639359-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Jey\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.) HKU\S-1-5-21-2214285484-1360722716-164639359-1000\...\Run: [DriverTurbo] => C:\Program Files (x86)\DriverTurbo\DriverTurbo.exe HKU\S-1-5-21-2214285484-1360722716-164639359-1000\...\MountPoints2: {603079fd-c34b-11e3-8a0b-d2c83a6464c2} - H:\Autorun.exe HKU\S-1-5-21-2214285484-1360722716-164639359-1000\...\MountPoints2: {ab5c4c05-6975-11e4-8a28-b4a8bed52ac7} - H:\pushinst.exe HKU\S-1-5-21-2214285484-1360722716-164639359-1000\...\MountPoints2: {d9c91715-ca77-11e3-8993-c0e0e22a06d3} - H:\cdstart.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2214285484-1360722716-164639359-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKU\S-1-5-21-2214285484-1360722716-164639359-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x40EFF800AF57CF01 HKU\S-1-5-21-2214285484-1360722716-164639359-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 -> DefaultScope value is missing. SearchScopes: HKU\S-1-5-21-2214285484-1360722716-164639359-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO: ASUS Browser Extension x64 -> {78234974-0C4B-4111-BDEB-D9A104418772} -> C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x64\BrowserExtension64.dll (ASUSTeK Computer Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: ASUS Browser Extension x86 -> {78234974-0C4B-4111-BDEB-D9A104418771} -> C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x86\BrowserExtension.dll (ASUSTeK Computer Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2 FireFox: ======== FF ProfilePath: C:\Users\Jey\AppData\Roaming\Mozilla\Firefox\Profiles\wbtfc6oj.default FF Homepage: google.de FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll () FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation) Chrome: ======= CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=M9BF507A1-1D0E-4472-80F7-6099D82502C4&SearchSource=55&CUI=&UM=6&UP=SP8AC88077-3D77-4888-BE56-282F4C2669FB&SSPV=2184TC_sp_ch CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=M9BF507A1-1D0E-4472-80F7-6099D82502C4&SearchSource=55&CUI=&UM=6&UP=SP8AC88077-3D77-4888-BE56-282F4C2669FB&SSPV=2184TC_sp_ch" CHR Profile: C:\Users\Jey\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Jey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-29] CHR Extension: (Google Drive) - C:\Users\Jey\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-29] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jey\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-24] CHR Extension: (YouTube) - C:\Users\Jey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-29] CHR Extension: (Google-Suche) - C:\Users\Jey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-29] CHR Extension: (Google Wallet) - C:\Users\Jey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-29] CHR Extension: (Google Mail) - C:\Users\Jey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-29] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG) R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.) R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-03-23] (VIA Technologies, Inc.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 ATP; C:\Windows\System32\DRIVERS\AsusTP.sys [56704 2012-09-11] (ASUS Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-07-02] (Avira Operations GmbH & Co. KG) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2014-04-23] (Duplex Secure Ltd.) S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-11-18] () U3 at9o4kps; No ImagePath S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-20 00:57 - 2014-11-20 00:58 - 00014125 _____ () C:\Users\Jey\Downloads\FRST.txt 2014-11-20 00:57 - 2014-11-20 00:57 - 02117120 _____ (Farbar) C:\Users\Jey\Downloads\FRST64.exe 2014-11-20 00:57 - 2014-11-20 00:57 - 00000000 ____D () C:\FRST 2014-11-20 00:55 - 2014-11-20 00:55 - 00000818 _____ () C:\Users\Jey\Desktop\JRT.txt 2014-11-20 00:43 - 2014-11-20 00:43 - 00004944 _____ () C:\Users\Jey\Desktop\AdwCleaner[S3].txt 2014-11-20 00:41 - 2014-11-20 00:41 - 00000000 ____D () C:\Windows\ERUNT 2014-11-20 00:40 - 2014-11-20 00:40 - 01707532 _____ (Thisisu) C:\Users\Jey\Downloads\JRT.exe 2014-11-20 00:38 - 2014-11-20 00:38 - 00000578 _____ () C:\Windows\PFRO.log 2014-11-20 00:31 - 2014-11-20 00:32 - 02140160 _____ () C:\Users\Jey\Downloads\AdwCleaner_4.101.exe 2014-11-19 22:42 - 2014-11-19 22:43 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-19 22:42 - 2014-11-19 22:42 - 00001111 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-11-19 22:41 - 2014-11-19 22:42 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-11-19 22:41 - 2014-11-19 22:41 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-19 22:41 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-19 22:41 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-19 22:41 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-19 22:39 - 2014-11-19 22:39 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Jey\Downloads\mbam-setup-2.0.3.1025.exe 2014-11-19 15:24 - 2014-11-19 15:24 - 00000000 __SHD () C:\Users\Jey\AppData\Local\EmieBrowserModeList 2014-11-18 23:12 - 2014-11-18 23:12 - 00000000 ____D () C:\ProgramData\ATI 2014-11-18 23:09 - 2014-11-18 23:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center 2014-11-18 23:00 - 2014-11-18 23:00 - 00000000 ____D () C:\Program Files\AMD 2014-11-18 22:56 - 2014-11-18 22:56 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies 2014-11-18 22:46 - 2014-11-18 23:19 - 00000000 ____D () C:\AMD 2014-11-18 22:23 - 2014-11-18 22:23 - 00000000 ____D () C:\Program Files (x86)\Realtek 2014-11-18 22:23 - 2000-01-01 01:00 - 00939224 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys 2014-11-18 22:23 - 2000-01-01 01:00 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll 2014-11-18 22:23 - 2000-01-01 01:00 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll 2014-11-18 22:18 - 2014-11-18 22:18 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys 2014-11-18 22:18 - 2014-11-18 22:18 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers 2014-11-18 22:18 - 2014-11-18 22:18 - 00000000 ____D () C:\Users\Jey\AppData\Local\SlimWare Utilities Inc 2014-11-18 22:16 - 2014-11-18 22:17 - 00858432 _____ (SlimWare Utilities, Inc.) C:\Users\Jey\Downloads\SlimDrivers-setup_32705.exe 2014-11-18 09:05 - 2014-11-18 09:06 - 00000000 ____D () C:\Users\Jey\Desktop\Eskimo Callboy 2014-11-18 09:05 - 2014-11-18 09:05 - 00000000 ____D () C:\Users\Jey\Desktop\DevilsDriver 2014-11-16 19:44 - 2014-11-16 19:45 - 00433816 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-16 18:00 - 2014-11-16 18:00 - 00111520 _____ () C:\Users\Jey\AppData\Local\GDIPFONTCACHEV1.DAT 2014-11-16 17:49 - 2014-11-20 00:38 - 00002703 _____ () C:\Windows\setupact.log 2014-11-16 17:49 - 2014-11-16 17:49 - 00000000 _____ () C:\Windows\setuperr.log 2014-11-12 22:19 - 2014-11-12 22:20 - 00000000 ____D () C:\Users\Jey\AppData\Roaming\DVDVideoSoft 2014-11-12 19:03 - 2014-11-12 19:04 - 00000000 ____D () C:\Users\Jey\Downloads\Blatt 5 2014-11-12 17:08 - 2014-11-14 04:58 - 00000000 ____D () C:\Users\Jey\Desktop\Java 2014-11-12 17:02 - 2014-11-12 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2014-11-12 16:56 - 2014-11-12 16:57 - 177856928 _____ (Oracle Corporation) C:\Users\Jey\Downloads\jdk-8u25-windows-x64.exe 2014-11-12 14:54 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-12 14:54 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-12 14:54 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-12 14:54 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-12 14:54 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-12 14:54 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-11-12 14:54 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-11-12 14:54 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-12 14:54 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-12 14:53 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-11-12 14:53 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-11-12 14:53 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-11-12 14:53 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-11-12 14:53 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-12 14:53 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-11-12 14:53 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-12 14:53 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-12 14:53 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-11-12 14:53 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-11-12 14:53 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-11-12 14:53 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-11-12 14:53 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-11-12 14:53 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-11-12 14:53 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-11-12 14:53 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-11-12 14:53 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-11-12 14:53 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-11-12 14:53 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-11-12 14:53 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-11-12 14:53 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-11-12 14:53 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-12 14:53 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-11-12 14:53 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-11-12 14:53 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-12 14:53 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-11-12 14:53 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-12 14:53 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-11-12 14:53 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-11-12 14:53 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-11-12 14:53 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-11-12 14:53 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-12 14:53 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-11-12 14:53 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-11-12 14:53 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-11-12 14:53 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-11-12 14:52 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-12 14:52 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-12 14:52 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-11-12 14:52 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-12 14:52 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-12 14:52 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-12 14:52 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-11-12 14:52 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-12 14:52 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-12 14:52 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-11-12 14:52 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-11-12 14:52 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-12 14:52 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-12 14:52 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-11-12 14:52 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-11-12 14:52 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-12 14:52 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-11-12 14:52 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-11-12 14:52 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-12 14:52 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-11-12 14:52 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-12 14:52 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-12 14:52 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-12 14:52 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-11-12 14:52 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-12 14:52 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL 2014-11-12 14:51 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-12 14:51 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-12 14:51 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-12 14:51 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-12 14:51 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-12 14:51 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-12 14:51 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-12 14:51 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-12 14:51 - 2014-09-19 10:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-12 14:51 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-12 14:51 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-11-12 14:51 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-11-12 14:51 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-11-12 14:51 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-11-12 14:51 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-11-12 14:51 - 2014-09-19 10:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-12 14:51 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-11-12 14:51 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-12 14:51 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-11-12 14:51 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-11-12 14:51 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-11-12 14:51 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-11-12 14:50 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-12 14:50 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-12 14:50 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-12 14:50 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-12 14:50 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-12 14:50 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-11-12 14:50 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-12 14:47 - 2014-11-12 14:47 - 00000000 ____D () C:\Users\Jey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ 2014-11-12 14:47 - 2014-11-12 14:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ 2014-11-12 14:46 - 2014-11-12 17:09 - 00000000 ____D () C:\Users\Jey\AppData\Roaming\Notepad++ 2014-11-12 14:46 - 2014-11-12 14:47 - 00000000 ____D () C:\Program Files (x86)\Notepad++ 2014-11-11 14:54 - 2014-11-11 14:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-11-11 14:35 - 2014-11-11 14:35 - 00001146 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-11-11 14:35 - 2014-11-11 14:35 - 00001041 _____ () C:\Users\Jey\Desktop\ts.lnk 2014-11-11 08:54 - 2014-11-14 03:05 - 00002890 _____ () C:\Windows\System32\Tasks\{C2866E20-9463-4503-9C37-60B45924B61E} 2014-11-11 08:54 - 2014-11-14 03:05 - 00002890 _____ () C:\Windows\System32\Tasks\{73FC05D5-1FF3-4910-9781-A3AB8C6757C0} 2014-11-11 08:53 - 2014-11-14 03:05 - 00002890 _____ () C:\Windows\System32\Tasks\{488FE616-2A24-49D9-BFE4-34428FAEFA8A} 2014-11-11 08:53 - 2014-11-11 08:53 - 00003030 _____ () C:\Windows\System32\Tasks\{E853392A-0616-4A4D-99E4-AAEE80DD7550} 2014-11-09 21:13 - 2014-11-09 21:14 - 00000000 ____D () C:\Users\Jey\.android 2014-11-09 21:03 - 2014-11-09 21:03 - 00001816 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk 2014-11-09 20:55 - 2014-11-09 20:56 - 00000000 ____D () C:\ProgramData\BlueStacks 2014-11-09 20:55 - 2014-11-09 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks 2014-11-09 20:55 - 2014-11-09 20:55 - 00000000 ____D () C:\Program Files (x86)\BlueStacks 2014-11-09 20:52 - 2014-11-09 21:08 - 00000000 ____D () C:\ProgramData\BlueStacksSetup 2014-11-09 20:52 - 2014-11-09 20:52 - 00000000 ____D () C:\Users\Jey\AppData\Local\Bluestacks 2014-11-09 19:48 - 2014-11-09 19:48 - 00000000 ____D () C:\Users\Jey\AppData\Local\Macromedia 2014-11-09 19:45 - 2014-11-11 19:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-09 19:45 - 2014-11-09 19:46 - 00000000 ____D () C:\Users\Jey\AppData\Roaming\Mozilla 2014-11-09 19:45 - 2014-11-09 19:46 - 00000000 ____D () C:\Users\Jey\AppData\Local\Mozilla 2014-11-09 19:45 - 2014-11-09 19:45 - 00001168 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-11-09 19:45 - 2014-11-09 19:45 - 00001156 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-11-09 19:45 - 2014-11-09 19:45 - 00000000 ____D () C:\ProgramData\Mozilla ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-20 00:49 - 2014-05-11 11:15 - 01121634 _____ () C:\Windows\WindowsUpdate.log 2014-11-20 00:47 - 2009-07-14 05:45 - 00069968 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-20 00:47 - 2009-07-14 05:45 - 00069968 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-20 00:38 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-20 00:37 - 2014-07-05 09:26 - 00000000 ____D () C:\AdwCleaner 2014-11-20 00:32 - 2014-04-14 20:02 - 00000000 ____D () C:\Users\Jey\AppData\Roaming\TS3Client 2014-11-20 00:28 - 2014-07-19 19:35 - 00000000 ____D () C:\Users\Jey\AppData\Roaming\Skype 2014-11-18 23:09 - 2014-07-31 07:48 - 00000000 ____D () C:\Program Files\ATI Technologies 2014-11-18 22:54 - 2014-08-18 06:54 - 00000000 ____D () C:\ProgramData\Package Cache 2014-11-18 22:23 - 2014-04-14 05:08 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-11-18 09:09 - 2011-04-12 08:43 - 00699192 _____ () C:\Windows\system32\perfh007.dat 2014-11-18 09:09 - 2011-04-12 08:43 - 00149300 _____ () C:\Windows\system32\perfc007.dat 2014-11-18 09:09 - 2009-07-14 06:13 - 01618672 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-16 11:50 - 2014-07-15 08:27 - 00000000 ____D () C:\Windows\rescache 2014-11-14 10:25 - 2014-06-07 05:14 - 00000000 ____D () C:\Users\Jey\AppData\Local\Akamai 2014-11-14 10:23 - 2014-06-29 20:53 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-14 10:23 - 2014-06-29 20:53 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-14 10:23 - 2014-04-24 22:43 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-14 03:59 - 2014-04-14 15:24 - 00007602 _____ () C:\Users\Jey\AppData\Local\resmon.resmoncfg 2014-11-14 03:54 - 2014-04-17 02:40 - 00001912 _____ () C:\Windows\epplauncher.mif 2014-11-14 03:06 - 2014-05-03 20:21 - 00003184 _____ () C:\Windows\System32\Tasks\{9D28AB71-BD48-49F7-8241-D138F46B572B} 2014-11-14 03:05 - 2014-06-29 20:53 - 00004118 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-11-14 03:05 - 2014-06-29 20:53 - 00003866 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-11-14 03:05 - 2014-04-26 07:41 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-11-14 03:05 - 2014-04-24 22:43 - 00003824 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-11-14 02:17 - 2014-07-23 12:11 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-11-14 02:13 - 2014-07-23 12:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2014-11-12 17:05 - 2014-04-24 11:55 - 00000000 ____D () C:\ProgramData\Oracle 2014-11-12 17:04 - 2014-07-18 15:45 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-11-12 17:03 - 2014-07-18 15:44 - 00000000 ____D () C:\Program Files\Java 2014-11-12 16:00 - 2009-07-14 03:34 - 00000478 _____ () C:\Windows\win.ini 2014-11-12 15:56 - 2014-04-24 22:43 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-12 15:56 - 2014-04-24 22:43 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-12 15:55 - 2014-04-26 15:02 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-12 15:50 - 2014-04-26 15:02 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-11-11 14:35 - 2014-07-18 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-11-11 14:35 - 2014-07-18 15:05 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-11-11 09:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-11-11 08:59 - 2014-04-13 17:49 - 00000000 ____D () C:\Users\Jey 2014-11-10 08:31 - 2014-10-01 20:00 - 00000000 ____D () C:\Windows\Minidump 2014-11-09 21:02 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries 2014-11-04 14:40 - 2014-07-18 21:40 - 00000000 ____D () C:\Users\Jey\AppData\Roaming\.minecraft 2014-11-04 14:30 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-10-27 14:33 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT Some content of TEMP: ==================== C:\Users\Jey\AppData\Local\Temp\avgnt.exe C:\Users\Jey\AppData\Local\Temp\Quarantine.exe C:\Users\Jey\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-15 01:30 ==================== End Of Log ============================ --- --- --- -in Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-11-2014 Ran by Jey at 2014-11-20 00:59:49 Running from C:\Users\Jey\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated) Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.) Akamai NetSession Interface (HKU\S-1-5-21-2214285484-1360722716-164639359-1000\...\Akamai) (Version: - Akamai Technologies, Inc) Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.4.42.69356 - Alcor Micro Corp.) Alcor Micro USB Card Reader (x32 Version: 1.4.42.69356 - Alcor Micro Corp.) Hidden ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.32 - ASUS) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0020 - ASUS) Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira) BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.4.4078 - BlueStack Systems, Inc.) BlueStacks Notification Center (HKLM-x32\...\{152E0B21-19D5-4772-9EF8-8E76074B0C0A}) (Version: 0.9.4.4078 - BlueStack Systems, Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform) DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0327 - DT Soft Ltd) Divinity II - Ego Draconis (HKLM-x32\...\Divinity II - Ego Draconis_is1) (Version: - dtp) Final Fantasy III (HKLM-x32\...\RmluYWxGYW50YXN5SUlJ_is1) (Version: 1 - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2653 - Intel Corporation) Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation) Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation) Java SE Development Kit 8 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation) Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Mozilla Firefox 33.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.3 - Mozilla) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team) NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation) Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.) Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 3.0 - Qualcomm Atheros) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.86.508.2014 - Realtek) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer) VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.) Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 18-11-2014 07:33:40 Windows Update 18-11-2014 21:20:02 SlimDrivers Installing Drivers 18-11-2014 21:22:43 Installiert Realtek Ethernet Controller Driver 18-11-2014 21:52:52 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 18-11-2014 21:53:41 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 18-11-2014 22:22:24 Removed SlimDrivers ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {039DC18A-D784-499D-9B2F-60631FB232AD} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {0CB9B55C-84CF-4297-9843-C87DA21FAAB3} - System32\Tasks\{73FC05D5-1FF3-4910-9781-A3AB8C6757C0} => F:\setup.exe Task: {107F18BC-DBF3-4BD6-A0A4-49394289E505} - System32\Tasks\{488FE616-2A24-49D9-BFE4-34428FAEFA8A} => F:\setup.exe Task: {38D10BDD-D955-47D5-8363-676EF3B37CCE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {3D0D0BA3-EDF6-44FE-805C-DDAD23533093} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {517452DF-1C79-485D-8F57-A155C2342706} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-29] (Google Inc.) Task: {67DCEE81-2C8E-47F9-9328-AFBEECE6BA52} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-06-25] (ASUSTek Computer Inc.) Task: {9595D331-1913-42A2-848D-32E7C8625C83} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd) Task: {D41E51AC-A5A5-4BBA-A1D3-356B1DF83996} - System32\Tasks\{C2866E20-9463-4503-9C37-60B45924B61E} => F:\setup.exe Task: {D88BD0AC-D2B9-467A-A66E-DEF2F119830C} - System32\Tasks\{9D28AB71-BD48-49F7-8241-D138F46B572B} => Chrome.exe hxxp://ui.skype.com/ui/0/6.11.0.102/de/go/help.faq.installer?source=lightinstaller&LastError=1601 Task: {F173419B-E68A-41BA-A6CC-B3B6D203F6E2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {F7AEEF85-7B5B-489D-9FFB-2334E4CE0F42} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-29] (Google Inc.) Task: {FE151CE9-5829-4FE5-BA2C-F1953AC24995} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-11-11 14:54 - 2014-11-11 14:54 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-11-12 15:56 - 2014-11-12 15:56 - 16840880 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun MSCONFIG\startupreg: TeamSpeak 3 Client => "E:\TeamSpeak 3 Client\ts3client_win64.exe" ========================= Accounts: ========================== Administrator (S-1-5-21-2214285484-1360722716-164639359-500 - Administrator - Disabled) Gast (S-1-5-21-2214285484-1360722716-164639359-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2214285484-1360722716-164639359-1003 - Limited - Enabled) Jey (S-1-5-21-2214285484-1360722716-164639359-1000 - Administrator - Enabled) => C:\Users\Jey ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: AHDM1T37 IDE Controller Description: AHDM1T37 IDE Controller Class Guid: Manufacturer: Service: at9o4kps Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39) Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= ==================== Memory info =========================== Processor: AMD E-450 APU with Radeon(tm) HD Graphics Percentage of memory in use: 43% Total physical RAM: 4076.05 MB Available physical RAM: 2315.45 MB Total Pagefile: 8150.29 MB Available Pagefile: 6042.82 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (Windows 7) (Fixed) (Total:69.33 GB) (Free:22.75 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:196.19 GB) (Free:169.41 GB) NTFS Drive e: () (Fixed) (Total:200.13 GB) (Free:104.39 GB) NTFS Drive g: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: BDB50846) Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=196.2 GB) - (Type=07 NTFS) Partition 3: (Active) - (Size=69.3 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=200.1 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
20.11.2014, 01:09 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Leihlaptop mit hoher CPU-Auslastung (100%) Okay, dann Kontrollscans mit MBAM und ESET bitte: Downloade Dir bitte Malwarebytes Anti-Malware
ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
20.11.2014, 13:21 | #5 |
| Leihlaptop mit hoher CPU-Auslastung (100%) Okay, ESET hat ziemlich lange gedauert, aber nachdem Malywarebytes Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 20.11.2014 Suchlauf-Zeit: 01:11:30 Logdatei: Malewarebytes.txt Administrator: Ja Version: 2.00.3.1025 Malware Datenbank: v2014.11.19.07 Rootkit Datenbank: v2014.11.18.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Jey Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 315497 Verstrichene Zeit: 38 Min, 29 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 1 PUP.Optional.SupraSavings.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Supra Savings, Löschen bei Neustart, [5f44c578017bb4820c6c3c2a33d040c0], Registrierungswerte: 1 PUP.Optional.FirstSeenToday.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fst_de_85, In Quarantäne, [2d769da0512b96a0fe19e67c9a69b64a], Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 1 PUP.Optional.SupraSavings.A, C:\temp\t.msi, In Quarantäne, [8221c578b6c6ff37140b40ddd92c936d], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=f3bb5bfe661efd4984b84228bc803aa7 # engine=21173 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-11-20 02:12:57 # local_time=2014-11-20 03:12:57 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Avira Desktop' # compatibility_mode=1810 16777213 100 99 24704 12150375 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 157067 168079426 0 0 # scanned=28672 # found=5 # cleaned=0 # scan_time=4265 sh=4E475FD620FBCCBB37453AF2BD0427BDA73109FF ft=1 fh=70875884387ffbdb vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir" sh=95D8C7F2851240F836D46EBD0DCB0BBAE3C9C3C8 ft=1 fh=c39b2415a29978f2 vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginService\PluginService.exe.vir" sh=311437CF4EC68FC9E3F298BBF883F8D286FB793C ft=1 fh=6d2ccfecc66b253f vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jey\AppData\Roaming\RHEng\36594921D9F941A8B015C743111C4CDD\13443.exe.vir" sh=51062F03695661A139E4AB7494B22329107B9771 ft=1 fh=c7823bc4c632c674 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir" sh=8B67C4946B050285FE89EFE36AB6DC2F7B3E2D2F ft=1 fh=d91722da20002316 vn="Variante von Win64/Riskware.NetFilter.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\netfilter64.sys.vir" ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=f3bb5bfe661efd4984b84228bc803aa7 # engine=21176 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-11-20 12:08:32 # local_time=2014-11-20 01:08:32 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Avira Desktop' # compatibility_mode=1810 16777213 100 99 60440 12186111 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 192803 168115162 0 0 # scanned=191470 # found=5 # cleaned=0 # scan_time=11184 sh=4E475FD620FBCCBB37453AF2BD0427BDA73109FF ft=1 fh=70875884387ffbdb vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir" sh=95D8C7F2851240F836D46EBD0DCB0BBAE3C9C3C8 ft=1 fh=c39b2415a29978f2 vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginService\PluginService.exe.vir" sh=311437CF4EC68FC9E3F298BBF883F8D286FB793C ft=1 fh=6d2ccfecc66b253f vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jey\AppData\Roaming\RHEng\36594921D9F941A8B015C743111C4CDD\13443.exe.vir" sh=51062F03695661A139E4AB7494B22329107B9771 ft=1 fh=c7823bc4c632c674 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir" sh=8B67C4946B050285FE89EFE36AB6DC2F7B3E2D2F ft=1 fh=d91722da20002316 vn="Variante von Win64/Riskware.NetFilter.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\netfilter64.sys.vir" |
20.11.2014, 13:42 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Leihlaptop mit hoher CPU-Auslastung (100%) Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter EmptyTemp: Hosts: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ --> Leihlaptop mit hoher CPU-Auslastung (100%) |
20.11.2014, 14:34 | #7 |
| Leihlaptop mit hoher CPU-Auslastung (100%) Die Fixlog.txt Datei enthält: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-11-2014 Ran by Jey at 2014-11-20 14:27:15 Run:2 Running from C:\Users\Jey\Downloads Loaded Profile: Jey (Available profiles: Jey) Boot Mode: Normal ============================================== Content of fixlist: ***************** EmptyTemp: Hosts: ***************** C:\Windows\System32\Drivers\etc\hosts => Moved successfully. Hosts was reset successfully. EmptyTemp: => Removed 253.5 MB temporary data. The system needed a reboot. ==== End of Fixlog ==== |
20.11.2014, 14:46 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Leihlaptop mit hoher CPU-Auslastung (100%) Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ist aber nur optional. Um Usertracking zu verhindern kann man gut die Firefox-Erweiterung Ghostery verwenden. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
20.11.2014, 15:02 | #9 |
| Leihlaptop mit hoher CPU-Auslastung (100%) Erstmal vielen vielen Dank! Auch ein dickes Dankeschön von der Besitzerin Ich habe auf meinem Computer damals auch Ghostery genutzt und werde es hier auch anwenden. Jetzt ist die CPU-Auslastung wieder normal. Ansonsten hatte ich keine Probleme mit dem Laptop. Noch einmal Danke. (Ich werd euch einfach weiterhin weiterempfehlen, wenn jemand Hilfe bei Computerproblemen braucht.) Zinke |
20.11.2014, 15:04 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Leihlaptop mit hoher CPU-Auslastung (100%) Dann wären wir durch! Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board Die Programme, die hier zum Einsatz kamen, können alle deinstalliert werden. Es empfiehlt sich Malwarebytes Anti-Malware zu behalten und damit wöchentlich nach Malware zu scannen. Helfen kann dir dabei delfix: Die Reihenfolge ist hier entscheidend.
Bitte abschließend noch die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => Browsers and Plugins - FilePony.de Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |