Windows 7: wie entferne ich Profiler.gen.ac und Win32/Matsnu.L?

Riela15 · 15.01.2015, 16:24

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-01-2015
Ran by ***** at 2015-01-15 16:07:16 Run:1
Running from C:\Users\*****\Desktop
Loaded Profiles: ***** (Available profiles: *****)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [ohpjimak] => C:\Users\*****\AppData\Roaming\Cmqyzsh\ypedimak.exe [117248 2015-01-14] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [pin-arrive] => C:\Users\*****\AppData\Local\Pin-phase\pin-slight.exe [142336 2015-01-08] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [ear-according] => C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe [67584 2015-01-12] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [doctor-cable] => C:\Users\*****\AppData\Local\Doctor-command\doctorshow.exe [135168 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [price-calendar] => C:\Users\*****\AppData\Local\Price-deposit\price-closet.exe [67584 2015-01-10] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [mountain-choose] => C:\Users\*****\AppData\Local\Mountainproposed\mountain-record.exe [146432 2015-01-15] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [farmer-raise] => C:\Users\*****\AppData\Local\Farmer-joke\farmer-manage.exe [67584 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [emergency_room] => C:\ProgramData\GameXN\Chat\windows_calendar\shuffle_all.exe [239616 2012-05-01] (Moritz Bunkus)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [validation] => C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\table\live_mesh.exe [239616 2014-11-25] (Moritz Bunkus)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [farmer-raise] => C:\Users\*****\AppData\Local\Farmer-joke\farmer-manage.exe [67584 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [ear-according] => C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe [67584 2015-01-12] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [price-calendar] => C:\Users\*****\AppData\Local\Price-deposit\price-closet.exe [67584 2015-01-10] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [mountain-choose] => C:\Users\*****\AppData\Local\Mountainproposed\mountain-record.exe [146432 2015-01-15] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [pin-arrive] => C:\Users\*****\AppData\Local\Pin-phase\pin-slight.exe [142336 2015-01-08] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [doctor-cable] => C:\Users\*****\AppData\Local\Doctor-command\doctorshow.exe [135168 2015-01-09] ()
C:\Users\*****\AppData\Roaming\Avira32
C:\Users\*****\AppData\Local\Firefox64
C:\Users\*****\AppData\Roaming\Win
C:\Users\*****\AppData\Roaming\Farmer_picture
C:\Users\*****\AppData\Roaming\Office7reg
C:\Users\*****\AppData\Roaming\Loader
C:\Users\*****\AppData\Roaming\Run
C:\Users\*****\AppData\Roaming\Script
C:\Users\*****\AppData\Roaming\Cmqyzsh
C:\Users\*****\AppData\Local\Cpecwmjid
C:\Users\*****\AppData\Roaming\Fbkkan
C:\Users\*****\AppData\Roaming\Wiyuws
C:\Users\*****\AppData\Local\Nfnbbvqez
C:\Users\*****\AppData\Roaming\Ppqbxpput
C:\Users\*****\AppData\Local\Gorebxesay
C:\Users\*****\AppData\Local\Lpsgds
C:\Users\*****\AppData\Local\Rnepwrqbck
C:\ProgramData\kjsdym
C:\Users\*****\AppData\Roaming\Ktaqfpqp
C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe
C:\Users\*****\install_reader11_de_ltr5x32d_awc_aih.exe
C:\Users\*****\AppData\Local\Temp\AskSLib.dll
C:\Users\*****\AppData\Local\Temp\contentDATs.exe
C:\Users\*****\AppData\Local\Temp\FileSystemView.dll
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate03.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate04.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate05.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate06.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate07.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate08.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate09.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate10.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate11.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate12.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate13.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate14.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate15.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate16.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate17.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate18.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate19.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate20.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate21.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate22.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate23.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate24.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate25.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate26.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate27.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate28.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate29.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate30.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate31.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate32.exe
C:\Users\*****\AppData\Local\Temp\GUR5F06.exe
C:\Users\*****\AppData\Local\Temp\GUR98D5.exe
C:\Users\*****\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
C:\Users\*****\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\*****\AppData\Local\Temp\SkypeSetup.exe
C:\Users\*****\AppData\Local\Temp\sqlite3.dll
C:\Users\*****\AppData\Local\Temp\_is11FB.exe
C:\Users\*****\AppData\Local\Temp\_is37A.exe
C:\Users\*****\AppData\Local\Temp\_is453B.exe
EmptyTemp:
Hosts:
*****************

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ohpjimak => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\Run\\pin-arrive => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ear-according => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\Run\\doctor-cable => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\Run\\price-calendar => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\Run\\mountain-choose => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\Run\\farmer-raise => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\Run\\emergency_room => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\Run\\validation => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\farmer-raise => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ear-according => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\price-calendar => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mountain-choose => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\pin-arrive => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\doctor-cable => value deleted successfully.
C:\Users\*****\AppData\Roaming\Avira32 => Moved successfully.
C:\Users\*****\AppData\Local\Firefox64 => Moved successfully.
C:\Users\*****\AppData\Roaming\Win => Moved successfully.
C:\Users\*****\AppData\Roaming\Farmer_picture => Moved successfully.
C:\Users\*****\AppData\Roaming\Office7reg => Moved successfully.
C:\Users\*****\AppData\Roaming\Loader => Moved successfully.
C:\Users\*****\AppData\Roaming\Run => Moved successfully.
C:\Users\*****\AppData\Roaming\Script => Moved successfully.
C:\Users\*****\AppData\Roaming\Cmqyzsh => Moved successfully.
C:\Users\*****\AppData\Local\Cpecwmjid => Moved successfully.
C:\Users\*****\AppData\Roaming\Fbkkan => Moved successfully.
C:\Users\*****\AppData\Roaming\Wiyuws => Moved successfully.
C:\Users\*****\AppData\Local\Nfnbbvqez => Moved successfully.
C:\Users\*****\AppData\Roaming\Ppqbxpput => Moved successfully.
C:\Users\*****\AppData\Local\Gorebxesay => Moved successfully.
C:\Users\*****\AppData\Local\Lpsgds => Moved successfully.
C:\Users\*****\AppData\Local\Rnepwrqbck => Moved successfully.
C:\ProgramData\kjsdym => Moved successfully.
C:\Users\*****\AppData\Roaming\Ktaqfpqp => Moved successfully.
Could not move "C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe" => Scheduled to move on reboot.
C:\Users\*****\install_reader11_de_ltr5x32d_awc_aih.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\AskSLib.dll => Moved successfully.
C:\Users\*****\AppData\Local\Temp\contentDATs.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FileSystemView.dll => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate01.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate02.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate03.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate04.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate05.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate06.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate07.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate08.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate09.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate10.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate11.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate12.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate13.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate14.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate15.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate16.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate17.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate18.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate19.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate20.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate21.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate22.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate23.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate24.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate25.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate26.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate27.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate28.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate29.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate30.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate31.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate32.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\GUR5F06.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\GUR98D5.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\SecurityScan_Release.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\*****\AppData\Local\Temp\_is11FB.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\_is37A.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\_is453B.exe => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 2.6 GB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-01-15 16:21:08)<=

C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe => Is moved successfully.

==== End of Fixlog 16:21:08 ====

Windows 7: wie entferne ich Profiler.gen.ac und Win32/Matsnu.L?

Plagegeister aller Art und deren Bekämpfung: Windows 7: wie entferne ich Profiler.gen.ac und Win32/Matsnu.L?

Windows 7: wie entferne ich Profiler.gen.ac und Win32/Matsnu.L?

Ähnliche Themen: Windows 7: wie entferne ich Profiler.gen.ac und Win32/Matsnu.L?