| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows 7 hartnäckiger VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.01.2015, 21:14
| #16 |
| /// TB-Ausbilder   |  Windows 7 hartnäckiger Virus Hau gleich noch nen Fix hinterher: Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\S-1-5-21-2266551883-2310591651-913177673-1000\...\Run: [HDRealtek_Audio] => C:\ProgramData\Realtek\xsljqlotg.exe [353792 2015-01-13] (Microsoft Corporation)
C:\ProgramData\Realtek\xsljqlotg.exe
C:\Users\Admin\AppData\Local\win32ehdrminitRec
C:\Windows\SysWOW64\rootmsmpeg2vdecMonitor
C:\Users\Admin\AppData\Local\keyboardcercredSched
C:\Windows\SysWOW64\desktopwdmaudProvider
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Und zur Sicherheit noch: Bitte lade dir  GMER herunter: (Dateiname zufällig)
 Tauchen Probleme auf?
Und bitte neue FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken 
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
|
21.01.2015, 21:41
| #17 |
 | Windows 7 hartnäckiger Virus Fixlog
__________________Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by Admin at 2015-01-21 21:17:15 Run:3
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin (Available profiles: Admin)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKU\S-1-5-21-2266551883-2310591651-913177673-1000\...\Run: [HDRealtek_Audio] => C:\ProgramData\Realtek\xsljqlotg.exe [353792 2015-01-13] (Microsoft Corporation)
C:\ProgramData\Realtek\xsljqlotg.exe
C:\Users\Admin\AppData\Local\win32ehdrminitRec
C:\Windows\SysWOW64\rootmsmpeg2vdecMonitor
C:\Users\Admin\AppData\Local\keyboardcercredSched
C:\Windows\SysWOW64\desktopwdmaudProvider
*****************
HKU\S-1-5-21-2266551883-2310591651-913177673-1000\Software\Microsoft\Windows\CurrentVersion\Run\\HDRealtek_Audio => value deleted successfully.
Could not move "C:\ProgramData\Realtek\xsljqlotg.exe" => Scheduled to move on reboot.
"C:\Users\Admin\AppData\Local\win32ehdrminitRec" => File/Directory not found.
C:\Windows\SysWOW64\rootmsmpeg2vdecMonitor => Moved successfully.
C:\Users\Admin\AppData\Local\keyboardcercredSched => Moved successfully.
C:\Windows\SysWOW64\desktopwdmaudProvider => Moved successfully.
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-01-21 21:21:12)<=
C:\ProgramData\Realtek\xsljqlotg.exe => Is moved successfully.
==== End of Fixlog 21:21:12 ====
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2015-01-21 21:37:53 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006e TOSHIBA_ rev.MS2O 931,51GB Running: 8utz339k.exe; Driver: C:\Users\Admin\AppData\Local\Temp\aglorpod.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e61465 2 bytes [E6, 76] .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e614bb 2 bytes [E6, 76] .text ... * 2 .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e61465 2 bytes [E6, 76] .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e614bb 2 bytes [E6, 76] .text ... * 2 .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e61465 2 bytes [E6, 76] .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e614bb 2 bytes [E6, 76] .text ... * 2 .text C:\Windows\SysWOW64\PnkBstrA.exe[2812] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073d71a22 2 bytes [D7, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2812] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073d71ad0 2 bytes [D7, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2812] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073d71b08 2 bytes [D7, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2812] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073d71bba 2 bytes [D7, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2812] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073d71bda 2 bytes [D7, 73] .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e61465 2 bytes [E6, 76] .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e614bb 2 bytes [E6, 76] .text ... * 2 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e61465 2 bytes [E6, 76] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e614bb 2 bytes [E6, 76] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e61465 2 bytes [E6, 76] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e614bb 2 bytes [E6, 76] .text ... * 2 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e61465 2 bytes [E6, 76] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e614bb 2 bytes [E6, 76] .text ... * 2 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e61465 2 bytes [E6, 76] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e614bb 2 bytes [E6, 76] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e61465 2 bytes [E6, 76] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e614bb 2 bytes [E6, 76] .text ... * 2 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[6064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e61465 2 bytes [E6, 76] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[6064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e614bb 2 bytes [E6, 76] .text ... * 2 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e61465 2 bytes [E6, 76] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e614bb 2 bytes [E6, 76] .text ... * 2 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[1304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e61465 2 bytes [E6, 76] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[1304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e614bb 2 bytes [E6, 76] .text ... * 2 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e61465 2 bytes [E6, 76] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e614bb 2 bytes [E6, 76] .text ... * 2 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\MBAMSwissArmy@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\services\MBAMSwissArmy ---- EOF - GMER 2.1 ---- FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015 Ran by Admin (administrator) on ADMIN-PC on 21-01-2015 21:39:59 Running from C:\Users\Admin\Downloads Loaded Profiles: Admin (Available profiles: Admin) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe () C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Desktop.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Highresolution Enterprises) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Game Inc.) C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe () C:\Users\Admin\Downloads\8utz339k.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7203032 2013-10-22] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2463552 2014-10-04] (NVIDIA Corporation) HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [1261712 2014-04-30] (Highresolution Enterprises) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation) HKLM-x32\...\Run: [GamingKeyboard] => C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe [1803264 2012-06-07] (Game Inc.) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated) HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282632 2013-07-23] (CANON INC.) HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [454248 2013-08-02] (CANON INC.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) HKU\S-1-5-21-2266551883-2310591651-913177673-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.) HKU\S-1-5-21-2266551883-2310591651-913177673-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd) HKU\S-1-5-21-2266551883-2310591651-913177673-1000\...\Run: [HDRealtek_Audio] => "C:\ProgramData\Realtek\xsljqlotg.exe" ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2266551883-2310591651-913177673-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) Toolbar: HKU\S-1-5-21-2266551883-2310591651-913177673-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s9xzam76.default-1421852547514 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll () FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems) FF Plugin HKU\S-1-5-21-2266551883-2310591651-913177673-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Extension: Adblock Edge - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s9xzam76.default-1421852547514\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-01-21] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Präsentationen) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-21] CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-21] CHR Extension: (Google Tabellen) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-21] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-05-07] () S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [182304 2014-12-20] (EasyAntiCheat Ltd) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-10-04] (NVIDIA Corporation) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] () R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation) S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3191392 2014-05-15] (INCA Internet Co., Ltd.) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-10-04] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-10-04] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-29] (Electronic Arts) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2014-12-01] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] () R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-08-10] (AVG Technologies) R3 GameKB; C:\Windows\System32\drivers\GameKB.sys [27648 2012-05-11] () R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) U4 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-21] (Malwarebytes Corporation) U3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-10-04] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation) S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2012-05-14] (Realtek Semiconductor Corporation ) R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [768680 2013-06-26] (Microsoft Corporation) R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2013-06-26] (Microsoft Corporation) R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29352 2013-06-26] (Microsoft Corporation) R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2013-06-26] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X] S3 X6va028; \??\C:\Windows\SysWOW64\Drivers\X6va028 [X] U3 aglorpod; \??\C:\Users\Admin\AppData\Local\Temp\aglorpod.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-21 21:37 - 2015-01-21 21:37 - 00008790 _____ () C:\Users\Admin\Desktop\gmer.log 2015-01-21 21:22 - 2015-01-21 21:22 - 00380416 _____ () C:\Users\Admin\Downloads\8utz339k.exe 2015-01-21 21:22 - 2015-01-21 21:22 - 00001450 _____ () C:\Users\Admin\Desktop\Neues Textdokument (2).txt 2015-01-21 20:08 - 2015-01-21 20:08 - 00001200 _____ () C:\Users\Admin\Desktop\mbam.txt 2015-01-21 19:45 - 2015-01-21 19:45 - 00000770 _____ () C:\Users\Admin\Desktop\JRT.txt 2015-01-21 19:38 - 2015-01-21 19:38 - 00000000 ____D () C:\Windows\ERUNT 2015-01-21 19:31 - 2015-01-21 19:31 - 01707939 _____ (Thisisu) C:\Users\Admin\Desktop\JRT.exe 2015-01-21 19:30 - 2015-01-21 19:30 - 02186752 _____ () C:\Users\Admin\Downloads\AdwCleaner_4.108 (1).exe 2015-01-21 19:29 - 2015-01-21 19:29 - 01039251 _____ () C:\Users\Admin\Downloads\AdwCleaner_4.108(1).exe 2015-01-21 19:15 - 2015-01-21 19:15 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk 2015-01-21 19:15 - 2015-01-21 19:15 - 00001162 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk 2015-01-21 19:14 - 2015-01-21 19:15 - 07822880 _____ (TeamViewer GmbH) C:\Users\Admin\Downloads\TeamViewer_Setup.exe 2015-01-21 19:06 - 2015-01-21 19:06 - 00028736 _____ () C:\ComboFix.txt 2015-01-21 18:57 - 2015-01-21 19:06 - 00000000 ____D () C:\ComboFix 2015-01-21 18:57 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-01-21 18:57 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-01-21 18:57 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-01-21 18:57 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-01-21 18:57 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-01-21 18:57 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-01-21 18:57 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-01-21 18:57 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-01-21 18:53 - 2015-01-21 19:06 - 00000000 ____D () C:\Qoobox 2015-01-21 18:52 - 2015-01-21 19:05 - 00000000 ____D () C:\Windows\erdnt 2015-01-21 18:51 - 2015-01-21 18:51 - 05608785 ____R (Swearware) C:\Users\Admin\Downloads\ComboFix.exe 2015-01-21 17:24 - 2015-01-21 21:40 - 00020384 _____ () C:\Users\Admin\Downloads\FRST.txt 2015-01-21 17:24 - 2015-01-21 21:40 - 00000000 ____D () C:\FRST 2015-01-21 17:24 - 2015-01-21 17:25 - 00032504 _____ () C:\Users\Admin\Downloads\Addition.txt 2015-01-21 17:23 - 2015-01-21 17:23 - 02126848 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe 2015-01-21 17:18 - 2015-01-21 17:18 - 02953520 _____ (AVAST Software) C:\Users\Admin\Downloads\avast-browser-cleanup_9.0.0.224.exe 2015-01-21 16:28 - 2015-01-21 16:28 - 00015680 _____ () C:\Users\Admin\Desktop\install.txt 2015-01-21 16:13 - 2015-01-21 16:13 - 00000000 ____D () C:\Users\Admin\mbar 2015-01-21 16:12 - 2015-01-21 16:12 - 09700640 _____ (Malwarebytes Corp.) C:\Users\Admin\Downloads\mbar-1.08.3.1004.exe 2015-01-21 15:58 - 2015-01-21 15:58 - 01188194 _____ () C:\Users\Admin\Downloads\ProcessExplorer.zip 2015-01-21 15:58 - 2015-01-21 15:58 - 00000000 ____D () C:\Users\Admin\Downloads\ProcessExplorer 2015-01-21 15:54 - 2015-01-21 15:54 - 00000000 ____D () C:\zoek_backup 2015-01-21 15:42 - 2015-01-21 19:34 - 00149496 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-21 15:40 - 2015-01-21 21:18 - 00000840 _____ () C:\Windows\setupact.log 2015-01-21 15:40 - 2015-01-21 19:32 - 05165816 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-01-21 15:40 - 2015-01-21 19:32 - 00001532 _____ () C:\Windows\PFRO.log 2015-01-21 15:40 - 2015-01-21 15:40 - 00000000 _____ () C:\Windows\setuperr.log 2015-01-21 15:35 - 2015-01-21 15:35 - 02186752 _____ () C:\Users\Admin\Downloads\adwcleaner_4.108.exe 2015-01-21 15:32 - 2015-01-21 15:32 - 03007700 _____ () C:\Users\Admin\Downloads\revouninstaller.zip 2015-01-21 14:29 - 2015-01-21 21:28 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-21 14:29 - 2015-01-21 14:29 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-21 14:29 - 2015-01-21 14:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-21 14:28 - 2015-01-21 14:29 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-21 14:28 - 2015-01-21 14:28 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.4.1028.exe 2015-01-21 14:28 - 2015-01-21 14:28 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-21 14:28 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-21 14:28 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-21 14:28 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-01-21 14:14 - 2015-01-21 14:14 - 00000000 ____D () C:\Program Files (x86)\Google Translate 2015-01-21 14:13 - 2015-01-21 14:13 - 00000000 ____D () C:\ProgramData\hpemadepfkkgdmiphlhpahlocokndjgp 2015-01-21 14:13 - 2015-01-21 14:13 - 00000000 ____D () C:\Program Files (x86)\unniSaales 2015-01-20 17:55 - 2015-01-21 21:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-20 17:55 - 2015-01-20 17:55 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-20 17:55 - 2015-01-20 17:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-20 17:55 - 2015-01-20 17:55 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-20 17:55 - 2015-01-20 17:55 - 00000000 ____D () C:\ProgramData\McAfee 2015-01-18 20:43 - 2015-01-18 20:43 - 00000000 ____D () C:\Users\Admin\Downloads\CS GO GiveWay 2015-01-18 14:39 - 2015-01-21 14:17 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\ED5DD71E-4715-4127-92F3-4D2E6488B55F 2015-01-17 14:31 - 2015-01-17 14:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-16 15:36 - 2015-01-16 15:36 - 00000000 ___HD () C:\Users\Public\Temp 2015-01-14 14:05 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 14:05 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 14:05 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-14 14:05 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-14 14:05 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-14 14:05 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-14 14:05 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-14 14:05 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-14 14:05 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-14 14:05 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 14:05 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 14:05 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-14 14:05 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-13 16:17 - 2015-01-21 21:17 - 00000000 __SHD () C:\ProgramData\Realtek 2015-01-09 17:52 - 2015-01-09 17:52 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieBrowserModeList 2015-01-02 18:20 - 2015-01-03 14:47 - 22764208 _____ () C:\Users\Admin\Desktop\TechnicLauncher.exe 2015-01-02 17:03 - 2015-01-03 14:39 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\.technic 2015-01-02 16:43 - 2015-01-02 16:43 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2015-01-02 16:43 - 2015-01-02 16:43 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2015-01-02 16:43 - 2015-01-02 16:43 - 00000000 ____D () C:\Program Files\CCleaner 2015-01-02 16:30 - 2015-01-02 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2015-01-02 16:24 - 2015-01-02 14:27 - 00320936 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2015-01-02 16:24 - 2015-01-02 14:27 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2015-01-02 16:24 - 2015-01-02 14:27 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2015-01-02 14:31 - 2015-01-02 14:31 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\java 2015-01-02 14:27 - 2015-01-02 14:27 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2015-01-02 14:26 - 2015-01-02 16:30 - 00000000 ____D () C:\Program Files\Java 2015-01-02 14:23 - 2015-01-02 14:23 - 01174352 _____ () C:\Users\Admin\Downloads\Java Runtime Environment 64 Bit - CHIP-Installer.exe 2015-01-02 13:47 - 2015-01-02 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-01-02 13:47 - 2015-01-02 13:47 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2015-01-02 13:47 - 2015-01-02 13:47 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2015-01-02 13:47 - 2015-01-02 13:47 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2015-01-02 13:47 - 2015-01-02 13:47 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-01-02 13:47 - 2015-01-02 13:47 - 00000000 ____D () C:\Program Files (x86)\Java 2014-12-31 17:41 - 2014-12-31 17:42 - 00060344 _____ () C:\Users\Admin\Documents\ts3_clientui-win64-1407159763-2014-12-31 17_41_48.788132.dmp 2014-12-31 15:14 - 2015-01-09 20:05 - 00000000 ____D () C:\Users\Admin\Documents\DragonNest 2014-12-30 19:21 - 2015-01-11 19:03 - 00000000 ____D () C:\Users\Admin\Desktop\Lukas Handy 2014-12-27 22:30 - 2014-12-29 19:57 - 00000000 ____D () C:\Users\Admin\Documents\SCANIA Truck Driving Simulator 2014-12-27 17:41 - 2014-12-27 17:43 - 00000923 _____ () C:\Users\Public\Desktop\DS3 Tool.lnk 2014-12-27 15:02 - 2014-12-27 15:02 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-12-27 14:55 - 2014-12-27 14:55 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\globalip 2014-12-27 14:52 - 2014-12-27 14:53 - 00674881 _____ () C:\Users\Admin\Downloads\vpnautoconnect.zip ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-21 21:27 - 2014-09-03 17:09 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-21 21:26 - 2009-07-14 05:45 - 00035648 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-21 21:26 - 2009-07-14 05:45 - 00035648 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-21 21:23 - 2014-06-25 07:47 - 01417276 _____ () C:\Windows\WindowsUpdate.log 2015-01-21 21:20 - 2014-09-03 17:09 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-21 21:19 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-21 21:18 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-21 21:17 - 2014-06-25 08:12 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-01-21 21:07 - 2014-06-25 17:40 - 00700906 _____ () C:\Windows\system32\perfh007.dat 2015-01-21 21:07 - 2014-06-25 17:40 - 00150286 _____ () C:\Windows\system32\perfc007.dat 2015-01-21 21:07 - 2009-07-14 06:13 - 01625650 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-21 21:03 - 2014-08-09 13:18 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-01-21 21:00 - 2014-08-09 13:44 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TS3Client 2015-01-21 20:58 - 2014-10-19 10:11 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashDumps 2015-01-21 19:31 - 2014-11-24 23:47 - 00000000 ____D () C:\AdwCleaner 2015-01-21 19:06 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default 2015-01-21 19:04 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2015-01-21 18:29 - 2014-09-03 17:09 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-01-21 18:27 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-01-21 18:22 - 2014-09-03 17:09 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-01-21 18:22 - 2014-09-03 17:09 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-01-21 18:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy 2015-01-21 16:15 - 2014-08-09 13:13 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype 2015-01-21 16:13 - 2014-06-25 07:47 - 00000000 ____D () C:\Users\Admin 2015-01-21 16:02 - 2014-11-12 16:40 - 00000000 ____D () C:\Users\Admin\Desktop\Alte Firefox-Daten 2015-01-21 14:57 - 2014-10-28 13:51 - 00000000 ____D () C:\ProgramData\ecbaef90-5696-41e1-a1c3-3e8112ce2840 2015-01-21 14:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat 2015-01-21 14:03 - 2014-06-25 08:23 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\SoftGrid Client 2015-01-21 13:56 - 2014-09-03 19:08 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe 2015-01-20 16:59 - 2014-11-29 17:59 - 00000000 ____D () C:\ProgramData\CanonIJPLM 2015-01-20 16:58 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2015-01-19 17:45 - 2014-08-09 13:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\.minecraft 2015-01-18 16:27 - 2014-11-30 12:03 - 00000000 ____D () C:\Users\Admin\Desktop\Spiele 2015-01-18 16:24 - 2014-09-19 17:29 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2015-01-18 14:28 - 2014-08-09 13:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-16 18:50 - 2014-09-19 20:24 - 00000000 ____D () C:\Program Files\WinRAR 2015-01-16 15:53 - 2014-09-06 09:33 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software 2015-01-16 15:53 - 2014-09-02 21:30 - 00000000 ____D () C:\Windows\Minidump 2015-01-14 14:20 - 2014-06-25 11:37 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-14 14:17 - 2014-06-25 11:37 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-05 11:26 - 2014-08-18 15:15 - 00000000 ____D () C:\Users\Admin\AppData\Local\Windows Live 2015-01-02 16:56 - 2014-08-13 16:59 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TeamViewer 2015-01-02 16:55 - 2014-06-25 17:41 - 00000000 ____D () C:\Windows\Panther 2015-01-02 14:27 - 2014-08-09 13:05 - 00000000 ____D () C:\ProgramData\Oracle 2015-01-01 12:13 - 2014-11-30 12:00 - 00000000 ____D () C:\Users\Admin\Desktop\Bearbeitung 2015-01-01 12:13 - 2014-10-12 20:12 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Audacity 2015-01-01 11:29 - 2014-09-17 12:10 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-01-01 11:29 - 2014-08-09 13:13 - 00000000 ____D () C:\ProgramData\Skype 2014-12-31 12:14 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-12-27 17:43 - 2014-09-02 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy 2014-12-27 17:43 - 2014-09-02 12:07 - 00000000 ____D () C:\Program Files\MotioninJoy 2014-12-24 09:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache ==================== Files in the root of some directories ======= 2014-08-10 14:16 - 2014-09-04 16:04 - 0000000 _____ () C:\Program Files (x86)\Mozilla Firefoxwtu-secure-search.xml 2014-09-04 11:42 - 2014-09-04 11:42 - 0000112 _____ () C:\Users\Admin\AppData\Roaming\JP2K CS6 Prefs 2014-10-27 17:36 - 2014-10-28 20:36 - 0000060 _____ () C:\Users\Admin\AppData\Roaming\WB.CFG 2014-06-25 07:54 - 2014-06-25 07:54 - 0000000 ____H () C:\ProgramData\DP45977C.lfl ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-31 12:54 ==================== End Of Log ============================ Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Admin at 2015-01-21 21:40:27
Running from C:\Users\Admin\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe After Effects CC 2014 (HKLM-x32\...\{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.0.2 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.7.1.418 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.1 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 3.1.0.7 - AVG Technologies)
Battlefield: Bad Company 2 (HKLM-x32\...\Steam App 24960) (Version: - DICE)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brick-Force (HKLM-x32\...\{9853ABB2-6416-4C87-8650-DD8E528FF564}}_is1) (Version: 4.3.383.130.19 - Infernum Productions AG)
Bus-Simulator 2012 (HKLM-x32\...\Steam App 253770) (Version: - TML Studios)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version: - Treyarch)
Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version: - )
Call of Duty: Black Ops II (HKLM-x32\...\Steam App 202970) (Version: - Treyarch)
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version: - Infinity Ward)
Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version: - Infinity Ward)
Camtasia Studio 8 (HKLM-x32\...\{FB05EAA3-D938-4EDA-9A38-88543E52680C}) (Version: 8.4.3.1792 - TechSmith Corporation)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.1.4 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.4.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.5.14 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.2.0 - Canon Inc.)
Canon Kurzwahlprogramm (HKLM-x32\...\Speed Dial Utility) (Version: 1.4.0 - Canon Inc.)
Canon MX470 series Benutzerregistrierung (HKLM-x32\...\Canon MX470 series Benutzerregistrierung) (Version: - *Canon Inc.)
Canon MX470 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX470_series) (Version: 1.00 - Canon Inc.)
Canon MX470 series On-screen Manual (HKLM-x32\...\Canon MX470 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.1.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.1.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.3.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Chaos Domain (HKLM-x32\...\Steam App 287100) (Version: - Holy Warp)
Cinema 4D version R12 (HKLM-x32\...\{7D9D8134-9FA3-4FFF-ADA1-BF609F29997A}_is1) (Version: R12 - Salat Production)
Color Suite v11.1.4 (HKLM-x32\...\{99487911-8011-42BC-B594-8B02BFD32B1D}_is1) (Version: 11.1.4 - Red Giant, LLC)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dizzel (HKLM-x32\...\Steam App 315640) (Version: - NSStudio)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Dragon Nest Europe (HKLM-x32\...\Steam App 258700) (Version: - Eyedentity Games)
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version: - SCS Software)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Translate (HKLM-x32\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version: - )
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hazard Ops (HKLM-x32\...\Steam App 319150) (Version: - Yingpei Games)
Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version: - Reto-Moto)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{AA67D612-0BE5-44D6-9A91-592958F754A1}) (Version: 13.0.198 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 7 Update 71 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170710}) (Version: 1.7.0.710 - Oracle)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.6129.5001 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
NAVIGON Fresh 3.5.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.5.1 - NAVIGON)
NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.3 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.20.386 - Electronic Arts, Inc.)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version: - Sony Online Entertainment)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.988 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.75.827.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7071 - Realtek Semiconductor Corp.)
Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.8.100.5 - Red Giant, LLC)
Robocraft (HKLM-x32\...\Steam App 301520) (Version: - Freejam)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version: - Deep Silver Volition)
Scania Truck Driving Simulator (HKLM-x32\...\Steam App 258760) (Version: - SCS Software)
SHARKOON Skiller (HKLM-x32\...\{91C25547-9534-41A5-823A-1E54BA16EA3F}) (Version: 1.00.0000 - )
SHIELD Streaming (Version: 3.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.56 - NVIDIA Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
The Culling Of The Cows (HKLM-x32\...\Steam App 297020) (Version: - Decaying Logic)
TP-LINK TL-WN821N Driver (HKLM-x32\...\{26B52E5B-1620-4676-9B46-B6C56B8105CE}) (Version: 1.2.1 - TP-LINK)
Trapcode Suite 64-bit (HKLM-x32\...\InstallShield_{460D83C4-15D5-4C0E-9B7D-2204F196A010}) (Version: 12.1.3 - Red Giant)
Trapcode Suite 64-bit (Version: 12.1.3 - Red Giant) Hidden
Trapcode Suite v12.1.5 (HKLM-x32\...\{DFD2DC6B-C634-4C1C-81CC-5EF852E71CEE}_is1) (Version: 12.1.5 - Red Giant, LLC)
Unity Web Player (HKU\S-1-5-21-2266551883-2310591651-913177673-1000\...\UnityWebPlayer) (Version: 4.5.2f1 - Unity Technologies ApS)
Vegas Pro 13.0 (64-bit) (HKLM\...\{386F5740-091D-11E4-B13E-F04DA23A5C58}) (Version: 13.0.373 - Sony)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Warface (HKLM-x32\...\Steam App 291480) (Version: - Crytek)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
World of Tanks (HKU\S-1-5-21-2266551883-2310591651-913177673-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net)
X-Mouse Button Control 2.7 (HKLM-x32\...\X-Mouse Button Control) (Version: 2.7 - Highresolution Enterprises)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
18-01-2015 20:01:53 Windows-Sicherung
21-01-2015 18:57:22 ComboFix created restore point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2015-01-21 19:04 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {171C931F-5932-42F7-8E5E-3E8C5F9D102B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {3919E99A-4003-4356-AC2A-956780F46E8E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {3957E5D0-2C60-4A25-B8DB-8B68FB616D81} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-03] (Google Inc.)
Task: {3CC2EBD0-7D2C-4151-A6EF-8C45A747B8B4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-03] (Google Inc.)
Task: {401546A1-B3CC-4E5F-B0B6-984BC9501B2E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-20] (Adobe Systems Incorporated)
Task: {42DA083D-AD74-4504-BC89-6F81E0082BD7} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Red Giant Link.exe [2014-07-09] ()
Task: {639BA56A-CE23-41F6-8BBE-0ECE75609953} - System32\Tasks\{DE72BA9B-F7D0-4BA0-8265-2C2E3DFF118A} => pcalua.exe -a "C:\Users\Admin\AppData\Roaming\Security Systems\uninstall.exe"
Task: {65D86624-A989-4AD1-9CDE-FC7AE7786967} - System32\Tasks\AdobeAAMUpdater-1.0-Admin-PC-Admin => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {91C0E5DF-A009-48E8-90E5-72CC831066B4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe
Task: {E3163C33-301D-4730-A266-5518C5ED3967} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => BthUdTask.exe
Task: {ED23D713-98C0-4799-83A1-5BB6C2AE70E5} - System32\Tasks\FRAPS => C:\Fraps\fraps.exe [2013-02-26] (Beepa P/L)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-06-25 08:12 - 2014-03-04 14:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-06-25 07:50 - 2013-05-07 08:45 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2014-11-29 20:41 - 2013-06-28 07:28 - 00084616 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2014-07-16 10:06 - 2014-07-16 10:06 - 00672416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2014-12-01 18:23 - 2014-12-01 18:23 - 00075064 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-07-16 10:05 - 2014-07-16 10:05 - 05558432 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2015-01-21 21:22 - 2015-01-21 21:22 - 00380416 _____ () C:\Users\Admin\Downloads\8utz339k.exe
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-25 07:50 - 2015-01-21 21:18 - 00027648 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2014-06-25 07:50 - 2013-05-07 08:45 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2014-06-25 07:57 - 2013-09-16 11:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-07-03 05:45 - 2014-07-03 05:45 - 32733056 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll
2014-08-09 13:17 - 2012-05-25 03:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2015-01-17 14:31 - 2015-01-17 14:31 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-07-03 05:45 - 2014-07-03 05:45 - 00742784 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libglesv2.dll
2014-07-03 05:45 - 2014-07-03 05:45 - 00136576 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libegl.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Admin (S-1-5-21-2266551883-2310591651-913177673-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2266551883-2310591651-913177673-500 - Administrator - Disabled)
Gast (S-1-5-21-2266551883-2310591651-913177673-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/21/2015 09:19:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/21/2015 09:02:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/21/2015 08:58:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.0.5486, Zeitstempel: 0x54af7153
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.0.5486, Zeitstempel: 0x54af69d4
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1a68
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (01/21/2015 07:37:00 PM) (Source: SecurityCenter) (EventID: 3) (User: )
Description: Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der WMI herstellen, um Antiviren, AntiSpyware- und Firewallprogramme von Drittanbietern zu überwachen.
Error: (01/21/2015 07:33:28 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x80070020
Error: (01/21/2015 06:19:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/21/2015 04:00:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: procexp64.exe, Version: 16.4.0.0, Zeitstempel: 0x5404afa3
Name des fehlerhaften Moduls: procexp64.exe, Version: 16.4.0.0, Zeitstempel: 0x5404afa3
Ausnahmecode: 0xc0000417
Fehleroffset: 0x00000000000a4c05
ID des fehlerhaften Prozesses: 0x12d4
Startzeit der fehlerhaften Anwendung: 0xprocexp64.exe0
Pfad der fehlerhaften Anwendung: procexp64.exe1
Pfad des fehlerhaften Moduls: procexp64.exe2
Berichtskennung: procexp64.exe3
Error: (01/21/2015 03:43:02 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/21/2015 03:43:02 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.
Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/21/2015 03:43:02 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
System errors:
=============
Error: (01/21/2015 09:20:58 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Benutzerprofildienst" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (01/21/2015 09:20:58 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (01/21/2015 09:19:47 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Error: (01/21/2015 09:18:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (01/21/2015 09:18:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Designs" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (01/21/2015 09:18:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Shellhardwareerkennung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (01/21/2015 09:18:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benachrichtigungsdienst für Systemereignisse" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (01/21/2015 09:18:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Sekundäre Anmeldung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (01/21/2015 09:18:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Aufgabenplanung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (01/21/2015 09:18:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "RAS-Verbindungsverwaltung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office Sessions:
=========================
Error: (01/21/2015 09:19:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/21/2015 09:02:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/21/2015 08:58:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.0.548654af7153mozalloc.dll35.0.0.548654af69d480000003000014251a6801d035b49224820aC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllec1e1809-a1a7-11e4-b1c5-40167eaa3a0e
Error: (01/21/2015 07:37:00 PM) (Source: SecurityCenter) (EventID: 3) (User: )
Description:
Error: (01/21/2015 07:33:28 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x80070020
Error: (01/21/2015 06:19:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/21/2015 04:00:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: procexp64.exe16.4.0.05404afa3procexp64.exe16.4.0.05404afa3c000041700000000000a4c0512d401d0358ac590f14fC:\Users\Admin\AppData\Local\Temp\procexp64.exeC:\Users\Admin\AppData\Local\Temp\procexp64.exe4da8789b-a17e-11e4-b13e-40167eaa3a0e
Error: (01/21/2015 03:43:02 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/21/2015 03:43:02 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/21/2015 03:43:02 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz
Percentage of memory in use: 34%
Total physical RAM: 8127.48 MB
Available physical RAM: 5306.66 MB
Total Pagefile: 16253.14 MB
Available Pagefile: 13177.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.41 GB) (Free:544.51 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A25CC603)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
21.01.2015, 22:12
| #18 |
| /// TB-Ausbilder | Windows 7 hartnäckiger Virus Hast nach dem letzten Fix nen Neustart gemacht ?
__________________Falls nein, bitte machen. Und dann: Downloade Dir bitte  SecurityCheck und:
Zum Schluss ESET, der dauert länger den schau ich mir auch erst frühestensmorgen an: ESET Online Scanner
__________________ |
|
21.01.2015, 22:43
| #19 |
| | Windows 7 hartnäckiger Virus Securitycheck hat einen autoit fehler recursion level has been exeeded und eset machen wir morgen |
|
22.01.2015, 09:04
| #20 |
| /// TB-Ausbilder | Windows 7 hartnäckiger Virus Lief Securitycheck als Admin ?
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
|
22.01.2015, 18:19
| #21 |
| | Windows 7 hartnäckiger Virus Hmm sehr komisch Security Check funktionierte nun hab es durch den Temp ordner gestartet. Code:
ATTFilter Results of screen317's Security Check version 0.99.93 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` AVG Web TuneUp Java 7 Update 71 Adobe Flash Player 16.0.0.257 Mozilla Firefox (35.0) Google Chrome 38.0.2125.111 Google Chrome out of date! ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials msseces.exe Windows Defender MSMpEng.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=6ffd535c853de940b68c0c725e26be12
# engine=22094
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-22 04:52:41
# local_time=2015-01-22 05:52:41 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 11566861 44929555 0 0
# scanned=256412
# found=77
# cleaned=0
# scan_time=16011
sh=BC669DA1A75D0484A6051C8FC212ECF604374F74 ft=1 fh=40844d7476871628 vn="Variante von Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies App\Datamngr\apcrtldr.dll.vir"
sh=8967148B998E2772877B4072E829E9F71F55E223 ft=1 fh=c92e5cb9a01c17e8 vn="Variante von Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies App\Datamngr\Datamngr.dll.vir"
sh=F883095C2B94610E0CA4D3AE967FDDA4B9FBEFBD ft=1 fh=021b07d06bb374c5 vn="Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies App\Datamngr\DatamngrCoordinator.exe.vir"
sh=56E0772D5BB4B7B90804283E2938134D7E2A5616 ft=1 fh=a506e25dd9fe1911 vn="Variante von Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies App\Datamngr\IEBHO.dll.vir"
sh=8AC8F889AE8CB7614EAA4BE92EB9B83E80745150 ft=1 fh=7e2bf4b2fad78869 vn="Variante von Win32/AdWare.Bandoo.AG Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies App\Datamngr\setmgrc2.cfg.vir"
sh=E21A4A28F04527BA1461BD6FD76B773A0E7B4361 ft=1 fh=b6484961b4dafe96 vn="Variante von Win32/Toolbar.SearchSuite.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies App\Datamngr\Uninstall.exe.vir"
sh=E4DC21092E714170182BC0EDAEC5CCCBCA825A4D ft=1 fh=0ab9f5ae6f6318b2 vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies App\Datamngr\SRTOOL~1\IE\dtuser.exe.vir"
sh=AE7F0548BC95A6F474B350965252139621D1ECBA ft=1 fh=6a0369f3591cfd86 vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies App\Datamngr\SRTOOL~1\IE\searchresultsDx.dll.vir"
sh=585E6E8CE3B8E6BF0020724D9FBBF976838AD2E2 ft=1 fh=9b3c31e4b016bbf1 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies App\Datamngr\SRTOOL~1\IE\searchresultstb.dll.vir"
sh=7DF4AD620CDFE446BF7FDFB0EB4CA76C9A5B062E ft=1 fh=c573e3ec9111c19d vn="Variante von Win64/Toolbar.SearchSuite.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies App\Datamngr\x64\apcrtldr.dll.vir"
sh=A756AD34DCAB2E9A1FE43C87F004C739B69D715F ft=1 fh=795cf2ca606d764f vn="Variante von Win64/Toolbar.SearchSuite.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies App\Datamngr\x64\Datamngr.dll.vir"
sh=E6770CC5775C979FBA7764BB1ADEB67C7E3AB0C7 ft=1 fh=12d5e19edea354ad vn="Variante von Win64/Toolbar.SearchSuite.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies App\Datamngr\x64\IEBHO.dll.vir"
sh=38614DE99FA6968B802052A00FC725F7F21FA4E8 ft=1 fh=c6828318b3e83260 vn="Variante von Win64/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies App\Datamngr\x64\mgrldr.dll.vir"
sh=EB1DC337905936463368239717C20F023FFAB9D5 ft=1 fh=b4321eff1e9304b0 vn="Variante von Win64/Adware.Bandoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies App\Datamngr\x64\setmgrc2.cfg.vir"
sh=2B55DF509EC5D62C5FB44E14E63AAC90371B917F ft=1 fh=918bb53878474d1f vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"
sh=7B02B544B8026489A659F1663F44FD67303F37DC ft=1 fh=c71c0011afdef376 vn="Variante von Win32/SProtector.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Interenet Optimizer\InterenetOptimizer.dll.vir"
sh=51EE74E3744D0F209267D26B1B63582C55B9B88A ft=1 fh=c71c00112dbeccc9 vn="Variante von Win64/SProtector.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Interenet Optimizer\InterenetOptimizer_x64.dll.vir"
sh=A088E810A12479CAC03B546F28653A1666AC5E49 ft=1 fh=3fecb59499fe35eb vn="Variante von Win32/Toolbar.SearchSuite.X evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\iLivid\Helper.dll.vir"
sh=48E3B50919861A40188614B935D109590D97F2BA ft=1 fh=9b84448774d5fc04 vn="Variante von Win32/iLivid.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\iLivid\Uninstall.exe.vir"
sh=E34662E458A0794DD330D3A4B14A74C2FB588BF0 ft=1 fh=78fe6f0790088c74 vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Temp\Security Systems\Setup.exe.vir"
sh=25F46CC62E1809D47B6A066128EE229C7254CBCC ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\torch\User Data\Default\Extensions\cnnckoodldcbgegkmlgponhofcngihnp\215\ASW.js.vir"
sh=47BBCA961D8EB720668B9A48831C77E1422B74FC ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\torch\User Data\Default\Extensions\lgaiealfkonhccobegbcncjgicaiiiin\1.5\DF.js.vir"
sh=6B206C8950A30FF5EAC976F4625BF3C7277556B6 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\torch\User Data\Default\Extensions\oifdfchgmkfglcccmkoofhbnmkdlbgag\141\lsdb.js.vir"
sh=42703FB9ED042E6AAF82442A0A068D5E885FBE6B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\torch\User Data\Default\Extensions\oifdfchgmkfglcccmkoofhbnmkdlbgag\141\Nu.js.vir"
sh=4A8F0D599E83BA8DAA089E8D4531A3E69153B4FA ft=1 fh=3297d2d6b0a65189 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF10.dll.vir"
sh=7220A841EAE12646301353F37C5311D3DDA399CB ft=1 fh=ba67813e85cbdd8f vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF11.dll.vir"
sh=DD8055C3DD0F8614695BE2F3E81747BA53B56A6B ft=1 fh=16d9dfac3a89d5f2 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF12.dll.vir"
sh=066D039110C844280F01717F1CBF701790ED840C ft=1 fh=1951189c52edf34f vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF13.dll.vir"
sh=364B90594E94ECDCF75CB70D672836D984DA6C0F ft=1 fh=c38893cbccb6e0bc vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF14.dll.vir"
sh=7523872B4299B19FBE8499E3A2F42BFE1C23BA4F ft=1 fh=8f339060c004cb1e vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF15.dll.vir"
sh=CA60485108FAFD7089294A3C7628CD0069FB129E ft=1 fh=41e1dc7be1c45286 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF16.dll.vir"
sh=D7972EDC185303F4AFD1C25628FD767A8547F83D ft=1 fh=4086822c24c829a5 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF17.dll.vir"
sh=DC9164359D93294D4524BC0772895276593E0499 ft=1 fh=c84ee10172cae6c6 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF18.dll.vir"
sh=7801EC8F7E19A3EBAF9E3730B9B4C742137406E7 ft=1 fh=a0dfcc6576be9ef1 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF19.dll.vir"
sh=054F7D62751845805C51EFD0CB76A3561B9B4B3B ft=1 fh=9458798b62c8fac7 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF2.dll.vir"
sh=7E670821F246C429C3BF36C3A2E5D9D1113C090D ft=1 fh=6465b154677476c5 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF20.dll.vir"
sh=E7FB440D310A203DF2C1BA013926F6C3F4F0006A ft=1 fh=bb2d172716c29176 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF21.dll.vir"
sh=04E35E39001699859CE0828DEBB7CD61A1CD0662 ft=1 fh=7be10f78eb933bcd vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF22.dll.vir"
sh=E80234BF62469290FE42304A9AC8A8C39AE9BC27 ft=1 fh=6381f536b0081617 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF23.dll.vir"
sh=9C9CE686C401131EA0E75236BCEB59FB9A54AFA0 ft=1 fh=7cd7ede24e4b8ce6 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF24.dll.vir"
sh=8BF1C48CBF3E1ACC188EDA4EA1C6FC7F76F1651D ft=1 fh=8296418d6e6ffadc vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF25.dll.vir"
sh=67617F900E6EC464724B6C59B5A79D5280B2C439 ft=1 fh=e7f349f090c4fa78 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF26.dll.vir"
sh=6DB764D2B2A227A13E571155A98C64A910C73F41 ft=1 fh=24addb4719e5f0fa vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF27.dll.vir"
sh=1462451C85B0AF7D09D5FF5E1C9C13E6D51F54BA ft=1 fh=a1c31c6ce147d62f vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF28.dll.vir"
sh=CD2D832088B816006D5FF3360E04828331D320AA ft=1 fh=df158a50120a5e4c vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF29.dll.vir"
sh=690E5EE9A1F8588F38A752DE3E0472279592E95F ft=1 fh=a5bf940c56a73996 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF30.dll.vir"
sh=F0C4C775C3AFE3499A96F9294BF279C2D07D0355 ft=1 fh=078fb061f5bd4deb vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF31.dll.vir"
sh=5EB427B4638E4AF65BD495992876B9C0128C6D5D ft=1 fh=ab3429fbb8301f61 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF32.dll.vir"
sh=D71D538E3AF91E71EDDA658BBBB2361C0CAA070E ft=1 fh=9000c7cbe4d2e128 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF4.dll.vir"
sh=F17CDCAE3C701E3D70BFFEB1043A9D650D07E862 ft=1 fh=c81f983c63f2ea5d vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF5.dll.vir"
sh=325456C454B733B5958F42E1BB964FB40411ACE6 ft=1 fh=1063b22e7c6a72b1 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF6.dll.vir"
sh=485C959970534C6B9181BF0079847D2C61A19458 ft=1 fh=23be7d4639d7a081 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF7.dll.vir"
sh=B9631E25F6DD1CE9300605A0A886427C88AAEF63 ft=1 fh=17c1f6aab0d50a66 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF8.dll.vir"
sh=53F1C85A53AA45B44FB073764F4A7027E4904FAA ft=1 fh=1a934bc4d457b81f vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF9.dll.vir"
sh=DF58C3131D2A0F333119E7433AA1E1176EA473C8 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mds2jm8z.default-1415808179300\Extensions\m4PDx@M.com\content\bg.js.vir"
sh=A54B5A612CED9BE98D94BF6B7356A34A59AE36D4 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mds2jm8z.default-1415808179300\Extensions\WtyKhLI@cdmP.org\content\bg.js.vir"
sh=FA55D765ACECF0E142995558447BA1C0C64A95B9 ft=1 fh=8a5fed32a6adae19 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=B624AC838C20DFB6B5F296A1178665A217E428A9 ft=1 fh=c94d0150af5f51e0 vn="Variante von Win64/BrowseFox.CG evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{29302da5-1178-40ac-a178-4cb57ebcc501}Gw64.sys.vir"
sh=070BEFC48D69B53516F240A4850B6EAAF248F504 ft=1 fh=b7ceca62f99eb0de vn="Variante von Win64/BrowseFox.CG evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{c5db642e-a4dc-48dc-a9f5-088bcf85b719}Gw64.sys.vir"
sh=B2909777C29B48E61B72BE15296409AD202FB63B ft=1 fh=fc71352115be5159 vn="Variante von Win64/BrowseFox.CG evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{dda91daf-e6f8-4453-88d1-df18d861c904}Gw64.sys.vir"
sh=0F7EA736E433AF72EC2B213BCA087C222AB582B6 ft=1 fh=5172fb09f9e8424e vn="Variante von MSIL/Injector.HDX Trojaner" ac=I fn="C:\FRST\Quarantine\C\ProgramData\Realtek\xsljqlotg.exe.xBAD"
sh=CF7106FE53AE07F86C97D741A5B8294CEFD834E7 ft=1 fh=d1543f12e170c1c0 vn="Variante von Win32/Adware.Pirrit.Q Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Admin\AppData\Local\keyboardcercredSched\keyboardcercredSched.exe"
sh=FA62C8FCD9B3CC01B232A4DF031B7E3BCBD077C9 ft=1 fh=c71c001101c80823 vn="Win32/Adware.Pirrit.R Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Admin\AppData\Local\keyboardcercredSched\memorympg2spltx64.exe"
sh=9B1EE478F2A96CDFA2B679A868E259CECF3622A7 ft=1 fh=7d94be169bc52fe8 vn="Win32/NetToolDetect.C evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Admin\AppData\Local\keyboardcercredSched\SrDt.exe"
sh=2AF7E6189BBA7C17CA75EE903F7CF0967BA16368 ft=1 fh=21a23f1f8de08981 vn="Win32/Patched.NFS Trojaner" ac=I fn="C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\chrome.dll"
sh=A90C369F5ABF1E6000B67749BA93A12DB4D6B4FC ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\ProgramData\hpemadepfkkgdmiphlhpahlocokndjgp\KmAFJ.js"
sh=0A5B8738A28168119ADB321B8BA0E75CC7B30418 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Admin\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\189\J5zXU.js.vir"
sh=25F46CC62E1809D47B6A066128EE229C7254CBCC ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Admin\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cnnckoodldcbgegkmlgponhofcngihnp\215\ASW.js.vir"
sh=47BBCA961D8EB720668B9A48831C77E1422B74FC ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Admin\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lgaiealfkonhccobegbcncjgicaiiiin\1.5\DF.js.vir"
sh=6B206C8950A30FF5EAC976F4625BF3C7277556B6 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Admin\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oifdfchgmkfglcccmkoofhbnmkdlbgag\141\lsdb.js.vir"
sh=42703FB9ED042E6AAF82442A0A068D5E885FBE6B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Admin\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oifdfchgmkfglcccmkoofhbnmkdlbgag\141\Nu.js.vir"
sh=0F7EA736E433AF72EC2B213BCA087C222AB582B6 ft=1 fh=5172fb09f9e8424e vn="Variante von MSIL/Injector.HDX Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Admin\AppData\Roaming\svhost_64.exe.vir"
sh=0F7EA736E433AF72EC2B213BCA087C222AB582B6 ft=1 fh=5172fb09f9e8424e vn="Variante von MSIL/Injector.HDX Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Admin\AppData\Roaming\zzosrbi.exe.vir"
sh=2CDBFBC92C7782499C1DF1BAF5F917E29578FEE7 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.X evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Admin\Desktop\Alte Firefox-Daten\3we9glpg.default-1415530066210\extensions\{c5db642e-a4dc-48dc-a9f5-088bcf85b719}.xpi"
sh=6C7CDF532CF084BBB788A502ABDE2EF7D026C3CE ft=1 fh=bfb1a132be087506 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Admin\Downloads\Java Runtime Environment 64 Bit - CHIP-Installer.exe"
sh=505F355F53493553A44EC9791656A9B6D35F692F ft=1 fh=f3a7e9e22ac8661f vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Admin\Pictures\Donwload 2\Audacity - CHIP-Installer.exe"
sh=A90C369F5ABF1E6000B67749BA93A12DB4D6B4FC ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\All Users\hpemadepfkkgdmiphlhpahlocokndjgp\KmAFJ.js"
|
|
23.01.2015, 09:12
| #22 |
| /// TB-Ausbilder | Windows 7 hartnäckiger Virus Lad den Revo Uninstaller - Download - Filepony herunter ! Dann damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Wenn das durch ist: Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter "C:\ProgramData\hpemadepfkkgdmiphlhpahlocokndjgp\KmAFJ.js"
"C:\Users\All Users\hpemadepfkkgdmiphlhpahlocokndjgp\KmAFJ.js"
C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\chrome.dll
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
|
23.01.2015, 13:20
| #23 |
| | Windows 7 hartnäckiger VirusCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by Admin at 2015-01-23 13:18:56 Run:4
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin (Available profiles: Admin)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
"C:\ProgramData\hpemadepfkkgdmiphlhpahlocokndjgp\KmAFJ.js"
"C:\Users\All Users\hpemadepfkkgdmiphlhpahlocokndjgp\KmAFJ.js"
C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\chrome.dll
*****************
C:\ProgramData\hpemadepfkkgdmiphlhpahlocokndjgp\KmAFJ.js => Moved successfully.
"C:\Users\All Users\hpemadepfkkgdmiphlhpahlocokndjgp\KmAFJ.js" => File/Directory not found.
"C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\chrome.dll" => File/Directory not found.
==== End of Fixlog 13:18:56 ====
Sollte ich den PC neustarten wegen FRST? Habe dazu von FRST keine Meldung bekommen. |
|
23.01.2015, 13:23
| #24 |
| /// TB-Ausbilder | Windows 7 hartnäckiger Virus Nö musste nicht. Das sollte jetzt so passen. Hat der Rechner noch irgendwelche Anzeichen ? Ansonsten sind die Logs dann sauber. Die Reihenfolge ist hier entscheidend.
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems. Ändere regelmäßig alle deine Passwörter, jetzt, nach der Bereinigung ist ein idealer Zeitpunkt dafür
Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti-Viren-Programm und zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden. Mozilla Firefox
Performance
Was du vermeiden solltest:
Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
|
23.01.2015, 13:35
| #25 |
| | Windows 7 hartnäckiger Virus Danke für die nette Unterstützung! Alles funkt wieder richtig! Lg. Darkkiller |
|
| Themen zu Windows 7 hartnäckiger Virus |
| eingefangen, freund, gefangen, gen, guten, hartnäckiger, hilfe, malwarebytes, seite, seiten, teamviewer, virus, virus eingefangen, virustotal.com, werbung, windows, windows 7 |
Linear-Darstellung
