Virus der Browser lahmlegt?

Nemo1234 · 24.01.2015, 18:25

So: Hier die Logs... Ich habe aber keine Addition.txt bekommen....
Fixlog:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01
Ran by nemoj_000 at 2015-01-24 18:16:39 Run:1
Running from F:\Nemo Grippa\Desktop
Loaded Profiles: nemoj_000 (Available profiles: UpdatusUser & nemoj_000)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\$Recycle.Bin

C:\Users\nemoj_000\AppData\Local\Microsoft\Windows\INetCache\IE\KDI0IPW4\setup[1].exe

C:\Users\nemoj_000\AppData\Local\Microsoft\Windows\INetCache\IE\KDI0IPW4\StormWatchSetup[1].exe

C:\Users\nemoj_000\AppData\Local\Microsoft\Windows\INetCache\IE\OVM78TKY\dl[1].htm

C:\Users\nemoj_000\AppData\Local\Microsoft\Windows\INetCache\IE\U1P6N5HH\BiTool[1].dll

C:\Users\nemoj_000\AppData\Roaming\SZQWEYRE

C:\Users\nemoj_000\AppData\Roaming\TPNY

F:\Nemo Grippa\Downloads\clipgrab-3.4.8.exe

F:\Nemo Grippa\Downloads\DTLite4491-0356.exe

F:\Nemo Grippa\Downloads\OpenOffice - CHIP-Installer.exe

F:\Nemo Grippa\Downloads\VLC media player 32 Bit - CHIP-Installer.exe

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: {1648A44D-1523-453D-B6BD-A834B492A5AB} - \SPBIW_UpdateTask_Time_333937343137383238312d23787845322a5b3434322d57 No Task File <==== ATTENTION

Task: {9E09F3D8-B3AE-4CED-A20C-D53F8BDDC635} - \Microsoft\Windows\Maintenance\SMupdate2 No Task File <==== ATTENTION

Task: {C14E2EB2-9903-43E1-B172-FDBBB24DEC95} - \upfs7235 No Task File <==== ATTENTION

Task: {F7669198-21CC-462D-A95E-3AB5DB1E0D22} - \Microsoft\Windows\Multimedia\SMupdate3 No Task File <==== ATTENTION

Task: {F93B776A-D06F-4E9C-91D2-F01B9B4F7EC2} - System32\Tasks\TPNY => C:\Users\nemoj_000\AppData\Roaming\TPNY.exe <==== ATTENTION

Task: C:\WINDOWS\Tasks\TPNY.job => C:\Users\nemoj_000\AppData\Roaming\TPNY.exe <==== ATTENTION
C:\Users\nemoj_000\AppData\Roaming\TPNY.exe
Emptytemp:

*****************

C:\$Recycle.Bin => Moved successfully.
"C:\Users\nemoj_000\AppData\Local\Microsoft\Windows\INetCache\IE\KDI0IPW4\setup[1].exe" => File/Directory not found.
"C:\Users\nemoj_000\AppData\Local\Microsoft\Windows\INetCache\IE\KDI0IPW4\StormWatchSetup[1].exe" => File/Directory not found.
"C:\Users\nemoj_000\AppData\Local\Microsoft\Windows\INetCache\IE\OVM78TKY\dl[1].htm" => File/Directory not found.
"C:\Users\nemoj_000\AppData\Local\Microsoft\Windows\INetCache\IE\U1P6N5HH\BiTool[1].dll" => File/Directory not found.
"C:\Users\nemoj_000\AppData\Roaming\SZQWEYRE" => File/Directory not found.
"C:\Users\nemoj_000\AppData\Roaming\TPNY" => File/Directory not found.
"F:\Nemo Grippa\Downloads\clipgrab-3.4.8.exe" => File/Directory not found.
"F:\Nemo Grippa\Downloads\DTLite4491-0356.exe" => File/Directory not found.
"F:\Nemo Grippa\Downloads\OpenOffice - CHIP-Installer.exe" => File/Directory not found.
"F:\Nemo Grippa\Downloads\VLC media player 32 Bit - CHIP-Installer.exe" => File/Directory not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1648A44D-1523-453D-B6BD-A834B492A5AB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1648A44D-1523-453D-B6BD-A834B492A5AB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPBIW_UpdateTask_Time_333937343137383238312d23787845322a5b3434322d57" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9E09F3D8-B3AE-4CED-A20C-D53F8BDDC635}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E09F3D8-B3AE-4CED-A20C-D53F8BDDC635}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\SMupdate2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C14E2EB2-9903-43E1-B172-FDBBB24DEC95}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C14E2EB2-9903-43E1-B172-FDBBB24DEC95}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\upfs7235" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F7669198-21CC-462D-A95E-3AB5DB1E0D22}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7669198-21CC-462D-A95E-3AB5DB1E0D22}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SMupdate3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F93B776A-D06F-4E9C-91D2-F01B9B4F7EC2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F93B776A-D06F-4E9C-91D2-F01B9B4F7EC2}" => Key deleted successfully.
C:\Windows\System32\Tasks\TPNY => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TPNY" => Key deleted successfully.
C:\WINDOWS\Tasks\TPNY.job => Moved successfully.
"C:\Users\nemoj_000\AppData\Roaming\TPNY.exe" => File/Directory not found.
EmptyTemp: => Removed 880 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 18:17:18 ====

Und das Normale Log:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by nemoj_000 (administrator) on GRIPPA on 24-01-2015 18:19:50
Running from F:\Nemo Grippa\Desktop
Loaded Profiles: nemoj_000 (Available profiles: UpdatusUser & nemoj_000)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\avpui.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\x64\wmi64.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [iTunesHelper] => "E:\iTunesHelper.exe"
HKU\S-1-5-21-3996313335-4000323584-3887137229-1003\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3996313335-4000323584-3887137229-1003\...\Run: [Akamai NetSession Interface] => C:\Users\nemoj_000\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3996313335-4000323584-3887137229-1003\...\MountPoints2: {864b9978-8550-11e4-be77-b888e3cae501} - "H:\Autorun.exe" 
HKU\S-1-5-21-3996313335-4000323584-3887137229-1003\...\MountPoints2: {864b998c-8550-11e4-be77-b888e3cae501} - "I:\EAWXLauncher.exe" 
HKU\S-1-5-21-3996313335-4000323584-3887137229-1003\...\MountPoints2: {87f158a3-98bd-11e4-be81-b888e3cae501} - "G:\Launch.exe" 
HKU\S-1-5-21-3996313335-4000323584-3887137229-1003\...\MountPoints2: {9ae69c99-9289-11e4-be7d-b888e3cae501} - "H:\LaunchEAWG.exe" 
Startup: C:\Users\nemoj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice 4.1.1.lnk
ShortcutTarget: OpenOffice 4.1.1.lnk -> E:\OpenOffice 4\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3996313335-4000323584-3887137229-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3996313335-4000323584-3887137229-1003 -> {87CE7462-14F4-4ECF-9534-7EE4E6BC8AA7} URL = 
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\nemoj_000\AppData\Roaming\Mozilla\Firefox\Profiles\4rxkk4rd.default
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> E:\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-3996313335-4000323584-3887137229-1003: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-10]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-10]
FF Extension: No Name - G:\Nemo\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome: 
=======
CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hp&ts=1420201766&from=cvs4&uid=WDCXWD5000BPVT-22HXZT3_WD-WXB1E62UWT04UWT04
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1420201766&from=cvs4&uid=WDCXWD5000BPVT-22HXZT3_WD-WXB1E62UWT04UWT04"
CHR DefaultSearchKeyword: Default -> webssearches
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\nemoj_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\nemoj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-07]
CHR Extension: (Google Docs) - C:\Users\nemoj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-07]
CHR Extension: (Google Drive) - C:\Users\nemoj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\nemoj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-07]
CHR Extension: (YouTube) - C:\Users\nemoj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-07]
CHR Extension: (Google-Suche) - C:\Users\nemoj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-07]
CHR Extension: (Kaspersky Protection) - C:\Users\nemoj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-01-20]
CHR Extension: (Google Tabellen) - C:\Users\nemoj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-07]
CHR Extension: (Google Wallet) - C:\Users\nemoj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-07]
CHR Extension: (Google Mail) - C:\Users\nemoj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-07]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S3 DeviceFastLaneService; C:\Program Files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-10-10] (Dritek System INC.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-07-31] (Atheros)
S2 cae99edb; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\Super Optimizer\SupOptStats.dll",ENT

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2015-01-10] (Disc Soft Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [150536 2015-01-18] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [247480 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [799944 2015-01-18] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [68616 2015-01-18] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [77512 2015-01-18] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\1D7D3E64.sys [129752 2015-01-19] (Malwarebytes Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-10-10] (Dritek System Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
S2 SPDRIVER_1458.0.0.0; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1458.0.0.0\jsdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-24 15:09 - 2015-01-24 15:42 - 00000000 ____D () C:\Users\nemoj_000\AppData\Local\TQVault
2015-01-24 15:09 - 2015-01-24 15:09 - 00002569 _____ () C:\Users\Public\Desktop\TQVault.lnk
2015-01-24 15:09 - 2015-01-24 15:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TQVault
2015-01-24 14:41 - 2015-01-24 14:41 - 00000832 _____ () C:\Users\Public\Desktop\Titan Quest - Immortal Throne.lnk
2015-01-24 14:37 - 2015-01-24 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
2015-01-24 14:37 - 2007-01-03 14:16 - 00040960 ____R () C:\WINDOWS\SysWOW64\psfind.dll
2015-01-24 14:37 - 2006-07-11 18:43 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71.dll
2015-01-20 21:23 - 2015-01-20 21:23 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-19 14:11 - 2015-01-19 14:11 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\1D7D3E64.sys
2015-01-18 21:07 - 2015-01-18 21:07 - 00000707 _____ () C:\Users\nemoj_000\Desktop\JRT.txt
2015-01-18 20:59 - 2015-01-18 20:59 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-18 20:45 - 2015-01-18 20:47 - 00000000 ____D () C:\AdwCleaner
2015-01-18 20:33 - 2015-01-18 20:33 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-18 17:46 - 2015-01-18 17:46 - 00000425 _____ () C:\Users\nemoj_000\AppData\Local\UserProducts.xml
2015-01-18 17:46 - 2015-01-18 17:46 - 00000003 _____ () C:\Users\nemoj_000\AppData\Local\updater.log
2015-01-18 17:46 - 2015-01-18 17:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2015-01-18 17:46 - 2015-01-18 17:46 - 00000000 ____D () C:\Program Files (x86)\Skillbrains
2015-01-18 14:43 - 2015-01-24 18:19 - 00000000 ____D () C:\FRST
2015-01-18 10:25 - 2015-01-20 20:14 - 00000000 ____D () C:\WINDOWS\CryptoGuard
2015-01-18 10:25 - 2015-01-18 10:25 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert
2015-01-18 09:47 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-18 09:47 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-18 09:47 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-18 09:47 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-18 09:47 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-18 09:47 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-18 09:47 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-18 09:47 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-18 09:47 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-18 09:47 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-18 09:47 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-18 09:47 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-18 09:47 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-18 09:47 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-18 09:47 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-10 13:21 - 2015-01-10 13:21 - 00000000 ____D () C:\Users\nemoj_000\AppData\Roaming\InstallShield
2015-01-10 13:12 - 2015-01-10 13:12 - 00283064 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtsoftbus01.sys
2015-01-10 13:11 - 2015-01-10 13:12 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2015-01-10 13:11 - 2015-01-10 13:11 - 00001973 _____ () C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2015-01-10 11:58 - 2015-01-10 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2015-01-10 11:58 - 2015-01-10 11:57 - 00002114 _____ () C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2015-01-10 11:57 - 2015-01-24 18:19 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-10 11:57 - 2015-01-10 11:57 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-01-10 11:57 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2015-01-10 11:56 - 2014-08-12 18:32 - 00247480 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klhk.sys
2015-01-10 11:53 - 2015-01-10 12:07 - 00002479 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
2015-01-10 11:53 - 2015-01-10 12:07 - 00002467 _____ () C:\Users\Public\Desktop\Safari.lnk
2015-01-10 11:51 - 2015-01-10 11:51 - 00001466 _____ () C:\WINDOWS\IE11_main.log
2015-01-10 11:35 - 2015-01-10 11:35 - 00000000 ____D () C:\Users\nemoj_000\AppData\Roaming\Mozilla
2015-01-10 11:35 - 2015-01-10 11:35 - 00000000 ____D () C:\Users\nemoj_000\AppData\Local\Mozilla
2015-01-08 16:05 - 2015-01-10 10:46 - 00000000 ____D () C:\Users\nemoj_000\AppData\Local\Akamai
2015-01-08 16:04 - 2015-01-09 19:57 - 00000000 ____D () C:\Users\nemoj_000\AppData\Local\Turbine
2015-01-08 16:03 - 2015-01-08 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Turbine
2015-01-05 21:51 - 2015-01-05 21:51 - 00000000 ____D () C:\Users\nemoj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LucasArts
2015-01-04 21:01 - 2015-01-04 21:01 - 00000000 ____D () C:\Users\nemoj_000\AppData\Local\ModLauncher
2015-01-04 21:00 - 2015-01-04 21:00 - 00001673 _____ () C:\Users\UpdatusUser\Desktop\UEAW v4.lnk
2015-01-04 21:00 - 2015-01-04 21:00 - 00001673 _____ () C:\Users\nemoj_000\Desktop\UEAW v4.lnk
2015-01-04 21:00 - 2015-01-04 21:00 - 00000000 ____D () C:\Users\nemoj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ultimate Empire at War v4
2015-01-04 21:00 - 2015-01-04 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultimate Empire at War v4
2015-01-03 23:21 - 2015-01-04 12:51 - 00000000 ____D () C:\Users\nemoj_000\AppData\Roaming\vlc
2015-01-03 23:21 - 2015-01-03 23:21 - 00001093 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-01-03 23:21 - 2015-01-03 23:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-01-03 23:20 - 2015-01-03 23:20 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2015-01-02 17:30 - 2015-01-02 17:32 - 00001072 _____ () C:\Users\UpdatusUser\Desktop\Petroglyph EaW Launcher.lnk
2015-01-02 17:30 - 2015-01-02 17:32 - 00001072 _____ () C:\Users\nemoj_000\Desktop\Petroglyph EaW Launcher.lnk
2015-01-02 17:23 - 2015-01-02 17:23 - 00000000 ____D () C:\WINDOWS\uninstall
2015-01-02 16:41 - 2015-01-02 16:43 - 00000000 ____D () C:\Users\nemoj_000\AppData\Roaming\Petroglyph
2015-01-02 14:41 - 2015-01-02 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2015-01-02 13:43 - 2015-01-03 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-02 13:23 - 2015-01-02 13:23 - 00000000 ____D () C:\ProgramData\InstallShield
2015-01-01 21:37 - 2015-01-01 21:37 - 00000000 ____D () C:\Users\nemoj_000\AppData\Local\PackageStaging

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-24 18:19 - 2014-12-07 17:27 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-24 18:18 - 2013-08-22 15:46 - 00332378 _____ () C:\WINDOWS\setupact.log
2015-01-24 18:18 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-24 18:17 - 2014-12-15 20:36 - 01491715 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-24 18:17 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-24 18:03 - 2013-08-22 15:44 - 00362872 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-24 18:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-24 16:32 - 2014-12-07 17:27 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-24 15:48 - 2014-12-06 14:17 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3996313335-4000323584-3887137229-1003
2015-01-24 14:41 - 2014-12-13 10:59 - 00159654 _____ () C:\WINDOWS\DirectX.log
2015-01-24 14:41 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-24 14:39 - 2012-10-10 20:59 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-24 14:29 - 2014-12-16 18:56 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{AA7BAA69-6F5C-4261-B7BA-6BD3BE1A6CAB}
2015-01-24 14:29 - 2014-09-24 07:17 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-24 14:29 - 2014-09-24 06:43 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2015-01-24 14:29 - 2014-09-24 06:43 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2015-01-21 10:06 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-20 19:24 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-01-20 19:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-19 22:32 - 2014-12-21 11:41 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-19 22:32 - 2014-12-21 11:41 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-18 21:03 - 2014-12-07 20:19 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-18 20:56 - 2014-08-20 18:04 - 00799944 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klif.sys
2015-01-18 20:56 - 2014-08-18 14:43 - 00150536 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klflt.sys
2015-01-18 20:56 - 2014-08-13 19:34 - 00077512 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klwtp.sys
2015-01-18 20:56 - 2014-07-25 13:13 - 00068616 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klwfp.sys
2015-01-18 20:49 - 2014-09-23 22:06 - 00060968 _____ () C:\WINDOWS\PFRO.log
2015-01-10 13:26 - 2014-12-16 20:36 - 00000000 ____D () C:\Program Files (x86)\LucasArts
2015-01-10 11:57 - 2012-07-26 09:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-01-10 11:57 - 2012-07-26 06:37 - 00000000 ____D () C:\Users\Default.migrated
2015-01-10 11:44 - 2014-12-06 13:40 - 00000000 ____D () C:\Users\nemoj_000\AppData\Local\Packages
2015-01-10 11:39 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-10 11:34 - 2014-12-13 10:08 - 00000000 ____D () C:\Users\nemoj_000\AppData\Roaming\Apple Computer
2015-01-10 11:34 - 2014-12-13 10:08 - 00000000 ____D () C:\Users\nemoj_000\AppData\Local\Apple Computer
2015-01-10 11:01 - 2014-12-15 20:43 - 00000000 ____D () C:\Users\nemoj_000
2015-01-10 10:46 - 2014-12-20 11:17 - 00000000 ____D () C:\Users\nemoj_000\AppData\Roaming\uTorrent
2015-01-10 10:36 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\registration
2015-01-10 09:38 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\tracing
2015-01-08 16:03 - 2013-08-22 16:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-02 13:32 - 2014-12-16 18:23 - 00001461 _____ () C:\Users\nemoj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-02 13:22 - 2014-12-18 15:05 - 00000000 ____D () C:\Users\nemoj_000\AppData\Roaming\DAEMON Tools Lite
2014-12-30 16:39 - 2014-12-19 14:03 - 00000000 ____D () C:\Users\nemoj_000\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
2014-12-29 20:26 - 2014-12-15 12:17 - 00000000 ____D () C:\Users\nemoj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ

==================== Files in the root of some directories =======

2015-01-18 17:46 - 2015-01-18 17:46 - 0000003 _____ () C:\Users\nemoj_000\AppData\Local\updater.log
2015-01-18 17:46 - 2015-01-18 17:46 - 0000425 _____ () C:\Users\nemoj_000\AppData\Local\UserProducts.xml

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-18 10:43

==================== End Of Log ============================

--- --- ---

Virus der Browser lahmlegt?

Plagegeister aller Art und deren Bekämpfung: Virus der Browser lahmlegt?

Virus der Browser lahmlegt?

Ähnliche Themen: Virus der Browser lahmlegt?