Zurück   Trojaner-Board > Web/PC > Alles rund um Windows

Alles rund um Windows: Sicherheitsprogramme in Form eines/mehrerer Trojaner?

Windows 7 Hilfe zu allen Windows-Betriebssystemen: Windows XP, Windows Vista, Windows 7, Windows 8(.1) und Windows 10 - als auch zu sämtlicher Windows-Software. Alles zu Windows 10 ist auch gerne willkommen. Bitte benenne etwaige Fehler oder Bluescreens unter Windows mit dem Wortlaut der Fehlermeldung und Fehlercode. Erste Schritte für Hilfe unter Windows.

Antwort
Alt 03.02.2015, 13:57   #1
haward123
 
Sicherheitsprogramme in Form eines/mehrerer Trojaner? - Standard

Problem: Sicherheitsprogramme in Form eines/mehrerer Trojaner?



Hallo liebe Leute,

seit längerer Zeit öffnen sich Anti-Mail programme oder Programme im Allgemeinen, die sich nicht löschen lassen, geschweige den das Fenster sich überhaupt schließt.
Ich kann mich auch nicht daran erinnern, dass ich diese Programme je mal herunter-
geladen habe.

Seitdem ist mein pc extremst langsam geworden. Dies äußert sich daran, dass dieser ziemlich lange braucht einen Browser zu öffnen oder auch Programme (bspweise Word) oder andere Dateien.

Ich hoffe jemand kann mir behilflich sein! Das wäre echt super!

Liebe Grüße

Alt 03.02.2015, 13:57   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Sicherheitsprogramme in Form eines/mehrerer Trojaner? - Standard

Sicherheitsprogramme in Form eines/mehrerer Trojaner? Anleitung / Hilfe



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!




Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 03.02.2015, 14:10   #3
haward123
 
Sicherheitsprogramme in Form eines/mehrerer Trojaner? - Standard

Sicherheitsprogramme in Form eines/mehrerer Trojaner? Details




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Sey (administrator) on SEYHAN on 03-02-2015 15:03:06
Running from C:\Users\Sey\Downloads
Loaded Profiles: Sey (Available profiles: Sey)
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Security Stronghold) C:\Program Files (x86)\Stronghold AntiMalware\StrongholdAntiMalware.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneSvc.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneEvent.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2873744 2012-10-19] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-09-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-06-19] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2640408 2014-08-30] ()
HKLM-x32\...\Run: [Stronghold AntiMalware] => C:\Program Files (x86)\Stronghold AntiMalware\StrongholdAntiMalware.exe [6495144 2014-09-03] (Security Stronghold)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-254765840-3105052261-2340691044-1001\...\Run: [InetStat] => C:\Users\Sey\AppData\Roaming\InetStat\inetstat.exe [726542 2015-01-15] ()
Startup: C:\Users\Sey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1409425037&from=cvs2&uid=ST320LT020-9YG142_W049K8GTXXXXW049K8GT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1409425037&from=cvs2&uid=ST320LT020-9YG142_W049K8GTXXXXW049K8GT&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-254765840-3105052261-2340691044-1001 -> DefaultScope {06ECEAFC-6E70-4708-86C1-09FC12E7F9C6} URL = 
SearchScopes: HKU\S-1-5-21-254765840-3105052261-2340691044-1001 -> {06ECEAFC-6E70-4708-86C1-09FC12E7F9C6} URL = 
Toolbar: HKU\S-1-5-21-254765840-3105052261-2340691044-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

Chrome: 
=======
CHR DefaultSearchKeyword: Default -> webssearches
CHR DefaultSearchURL: Default -> hxxp://istart.webssearches.com/web/?type=ds&ts=1409425037&from=cvs2&uid=ST320LT020-9YG142_W049K8GTXXXXW049K8GT&q={searchTerms}
CHR DefaultSuggestURL: Default -> 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\Sey\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Sey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-13]
CHR Extension: (Google Drive) - C:\Users\Sey\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Sey\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\Sey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-13]
CHR Extension: (Google-Suche) - C:\Users\Sey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-13]
CHR Extension: (Avira Browserschutz) - C:\Users\Sey\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-12-06]
CHR Extension: (Allin1Convert) - C:\Users\Sey\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl [2015-02-03]
CHR Extension: (Google Wallet) - C:\Users\Sey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-13]
CHR Extension: (Google Mail) - C:\Users\Sey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-13]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [53320 2014-11-13] (Just Develop It) <==== ATTENTION
R3 DeviceFastLaneService; C:\Program Files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100752 2012-10-19] (ELAN Microelectronics Corp.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] ()
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-12-07] (Dritek System INC.)
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-30] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation)
S2 UpdaterSvcravingreyven; "C:\Program Files (x86)\raving reyven\updater.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-21] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-30] (AVG Technologies)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43064 2014-10-09] (Avira Operations GmbH & Co. KG)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-17] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4273192 2012-08-07] (Intel Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-12-07] (Dritek System Inc.)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52080 2013-06-19] (Cisco Systems, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 15:03 - 2015-02-03 15:04 - 00015565 _____ () C:\Users\Sey\Downloads\FRST.txt
2015-02-03 15:02 - 2015-02-03 15:03 - 00000000 ____D () C:\FRST
2015-02-03 15:02 - 2015-02-03 15:02 - 02131456 _____ (Farbar) C:\Users\Sey\Downloads\FRST64.exe
2015-02-03 13:04 - 2015-02-03 13:06 - 00000000 ____D () C:\Users\Sey\Desktop\türkan
2015-01-22 17:53 - 2015-01-22 17:53 - 00066702 _____ () C:\Users\Sey\Downloads\Demet Hanim Interview (1).odt
2015-01-22 12:32 - 2015-01-22 14:56 - 00066402 _____ () C:\Users\Sey\Downloads\Demet Hanim Interview.odt
2015-01-19 21:42 - 2015-01-19 21:42 - 00056686 _____ () C:\Users\Sey\Downloads\Nu0130NNu0130LER 17 OCAK 2015 RUHSALLIK VE HALK EZGu0130LERu0130  SON.jpeg
2015-01-18 18:14 - 2014-04-16 19:20 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2015-01-18 18:14 - 2014-04-16 19:20 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2015-01-14 10:57 - 2014-11-27 03:40 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-01-14 10:57 - 2014-11-27 02:28 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-01-14 10:56 - 2014-11-05 07:40 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-01-14 10:56 - 2014-11-05 07:39 - 01024512 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-01-14 10:56 - 2014-11-01 07:28 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-01-14 10:56 - 2014-10-29 15:21 - 00499008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2015-01-14 10:56 - 2014-10-27 23:10 - 00390841 _____ () C:\Windows\system32\ApnDatabase.xml
2015-01-14 10:55 - 2014-11-15 07:06 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-01-14 10:55 - 2014-11-15 06:13 - 03286016 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-01-14 10:55 - 2014-11-15 06:13 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-01-14 10:55 - 2014-11-15 06:13 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-01-14 10:55 - 2014-11-15 06:13 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-01-14 10:55 - 2014-11-15 06:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-01-14 10:55 - 2014-11-15 06:13 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-01-14 10:55 - 2014-11-15 06:13 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-01-14 10:55 - 2014-11-15 06:12 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-01-14 10:55 - 2014-11-15 04:54 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-01-14 10:55 - 2014-11-15 04:53 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-01-14 10:55 - 2014-11-15 04:53 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-01-14 10:55 - 2014-11-15 04:53 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-01-14 10:49 - 2014-12-19 07:48 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 10:49 - 2014-12-19 05:35 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 10:49 - 2014-12-11 08:35 - 06973248 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 10:49 - 2014-12-11 07:51 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 10:49 - 2014-12-06 08:53 - 00458240 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-14 10:49 - 2014-12-06 08:53 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-14 10:49 - 2014-12-06 08:52 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 10:49 - 2014-12-06 08:52 - 00357376 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 10:49 - 2014-12-06 08:52 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 10:49 - 2014-12-06 08:51 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-14 10:49 - 2014-12-06 08:51 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-14 10:49 - 2014-12-06 08:50 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-14 10:49 - 2014-12-06 07:10 - 00355840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-14 10:49 - 2014-12-06 07:10 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-14 10:49 - 2014-12-06 07:09 - 00332800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-14 10:49 - 2014-12-06 07:09 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 15:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2015-02-03 14:49 - 2014-09-14 16:58 - 00000000 ____D () C:\Users\Public\Documents\Stronghold AntiMalware
2015-02-03 14:31 - 2013-09-13 16:14 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-03 14:25 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-03 14:22 - 2014-09-15 12:31 - 01585736 _____ () C:\Windows\WindowsUpdate.log
2015-02-03 13:30 - 2013-10-14 20:33 - 00000000 ____D () C:\Users\Sey\AppData\Local\CrashDumps
2015-02-03 13:27 - 2013-09-13 16:05 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-254765840-3105052261-2340691044-1001
2015-02-03 13:03 - 2012-12-08 05:42 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2015-02-03 13:03 - 2012-12-08 05:42 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2015-02-03 13:03 - 2012-07-26 08:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-03 12:58 - 2013-09-13 16:14 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-03 12:58 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-02 13:00 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-28 23:19 - 2014-11-21 22:57 - 00000000 ___HD () C:\$Windows.~BT
2015-01-28 17:53 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-27 20:26 - 2013-09-13 16:18 - 00002147 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-24 21:20 - 2014-11-28 20:39 - 00714176 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 21:20 - 2014-11-28 20:39 - 00106432 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-22 14:55 - 2013-10-26 12:17 - 00066030 _____ () C:\Users\Sey\Desktop\OpenDocument Text (neu).odt
2015-01-22 14:55 - 2013-09-30 19:43 - 00103424 ___SH () C:\Users\Sey\Desktop\Thumbs.db
2015-01-20 20:14 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2015-01-19 11:47 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2015-01-19 11:39 - 2014-09-15 17:14 - 00047196 _____ () C:\Windows\PFRO.log
2015-01-18 18:35 - 2013-09-30 20:17 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-18 18:22 - 2013-09-30 20:17 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-15 19:32 - 2014-08-30 20:01 - 00000000 ____D () C:\Users\Sey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
2015-01-15 19:32 - 2014-08-30 20:01 - 00000000 ____D () C:\Users\Sey\AppData\Roaming\InetStat

Some content of TEMP:
====================
C:\Users\Sey\AppData\Local\Temp\avgnt.exe
C:\Users\Sey\AppData\Local\Temp\CloudBackup3959.exe
C:\Users\Sey\AppData\Local\Temp\Quarantine.exe
C:\Users\Sey\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-22 13:12

==================== End Of Log ============================
         
--- --- ---






Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by Sey at 2015-02-03 15:05:37
Running from C:\Users\Sey\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Catalyst Install Manager (HKLM\...\{1E654AA2-629D-C426-2561-01AAC1371950}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.1.9.799 - AVG Technologies)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04059 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04059 - Cisco Systems, Inc.) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4311.52 - CyberLink Corp.)
eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM)
ETDWare PS/2-X64 11.6.13.004_WHQL (HKLM\...\Elantech) (Version: 11.6.13.004 - ELAN Microelectronic Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Packard Bell)
InetStat (HKU\S-1-5-21-254765840-3105052261-2340691044-1001\...\InetStat) (Version: 0.5b - InetStat) <==== ATTENTION!
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{89478C31-5CE8-461A-9084-9A0AF059F84F}) (Version: 15.5.0.0344 - Intel Corporation)
Intel® PROSet/Wireless WiFi-Software (HKLM\...\{99FDAE3B-6905-45A6-8F73-595363AAD3D1}) (Version: 15.05.1000.1411 - Intel Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.5 - Packard Bell)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3004 - Packard Bell)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - JDi Backup Ltd) <==== ATTENTION
Nero 12 Essentials OEM.a01 (HKLM-x32\...\{9BF0D9FE-9893-4647-81B9-17B7BEA4E6FD}) (Version: 12.5.00000 - Nero AG)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{B2B0EC73-AD4A-4716-A3DE-CEA8440B309B}) (Version: 12.5.00000 - Nero AG)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Packard Bell Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Packard Bell)
Packard Bell Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Packard Bell)
Packard Bell Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Packard Bell)
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
raving reyven (HKLM\...\raving reyven) (Version: 2014.06.07.170121 - raving reyven) <==== ATTENTION!
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.9200.28127 - Realtek Semiconductor Corp.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

14-01-2015 09:03:54 Windows Modules Installer
17-01-2015 12:21:29 Windows Update
20-01-2015 17:05:06 Windows Update
23-01-2015 19:30:10 Windows Update
27-01-2015 17:13:56 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0C28A3A8-797F-4BF8-876E-275D88EF63A3} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe [2014-11-13] (MyPC Backup) <==== ATTENTION
Task: {131B36BA-1F07-4A47-9D5F-EA7050CAB521} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Packard Bell\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {2B13FE37-3C8A-4806-80DF-1E361E2A617A} - System32\Tasks\Power Management => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [2012-08-22] (Acer Incorporated)
Task: {31C5A268-FFAE-481F-8937-4B0B8F08ED59} - System32\Tasks\{47EF6FD5-35C9-460A-8B65-93F56E30D335} => pcalua.exe -a C:\Users\Sey\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=cvs2 <==== ATTENTION
Task: {6DD33C38-D88E-4AE9-8969-0A748BBBA552} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Packard Bell\Packard Bell Recovery Management\Notification\Notification.exe [2012-07-31] (Acer Incorporated)
Task: {C8C98B55-2736-48FE-98F2-FCC3A01C018F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-18] (Microsoft Corporation)
Task: {E23BA7CF-1D9F-4FA3-8EEC-EC31670C876B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-13] (Google Inc.)
Task: {E9E30DB8-E712-42AC-9687-BE0FD5E84C3E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-13] (Google Inc.)
Task: {F188C412-0332-456E-83C2-ADFC3D0F51B5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {F72FDF7C-80FA-4BAF-9DEF-579A19B6C0B6} - System32\Tasks\Open Chrome => Chrome.exe --new-window hxxp://toolbar.avg.com/almost-done?pid=safeguard&amp;lang=en
Task: {FCB98D0B-D119-47A6-8004-EC9D71128FC9} - System32\Tasks\ALU => C:\Program Files (x86)\Packard Bell\Live Updater\updater.exe [2012-08-30] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Open Chrome.job => c:\program files (x86)\Google\Chrome\Application\chrome.exe

==================== Loaded Modules (whitelisted) =============

2014-08-30 19:42 - 2014-08-30 19:41 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2012-07-26 08:58 - 2012-07-26 08:53 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2014-11-13 10:59 - 2014-11-13 10:58 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
2014-11-13 10:59 - 2014-11-13 10:57 - 00060928 _____ () C:\Program Files (x86)\MyPC Backup\LinqBridge.dll
2014-11-13 10:59 - 2014-11-13 10:57 - 00270336 _____ () C:\Program Files (x86)\MyPC Backup\AlphaFS.dll
2014-08-30 19:41 - 2014-08-30 19:41 - 02640408 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
2013-06-19 16:00 - 2013-06-19 16:00 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-30 19:42 - 2014-08-30 19:41 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
2015-01-27 20:22 - 2015-01-25 07:08 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libglesv2.dll
2015-01-27 20:21 - 2015-01-25 07:08 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libegl.dll
2015-01-27 20:22 - 2015-01-25 07:08 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\pdf.dll
2015-01-27 20:23 - 2015-01-25 07:08 - 14913864 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-254765840-3105052261-2340691044-500 - Administrator - Disabled)
Gast (S-1-5-21-254765840-3105052261-2340691044-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-254765840-3105052261-2340691044-1003 - Limited - Enabled)
Sey (S-1-5-21-254765840-3105052261-2340691044-1001 - Administrator - Enabled) => C:\Users\Sey

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/03/2015 01:38:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5148

Error: (02/03/2015 01:38:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5148

Error: (02/03/2015 01:38:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/03/2015 01:38:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2745

Error: (02/03/2015 01:38:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2745

Error: (02/03/2015 01:38:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/03/2015 01:29:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: inetstat.exe, Version: 0.0.0.0, Zeitstempel: 0x54a17008
Name des fehlerhaften Moduls: inetstat.exe, Version: 0.0.0.0, Zeitstempel: 0x54a17008
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00026ff3
ID des fehlerhaften Prozesses: 0x11b4
Startzeit der fehlerhaften Anwendung: 0xinetstat.exe0
Pfad der fehlerhaften Anwendung: inetstat.exe1
Pfad des fehlerhaften Moduls: inetstat.exe2
Berichtskennung: inetstat.exe3
Vollständiger Name des fehlerhaften Pakets: inetstat.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: inetstat.exe5

Error: (02/02/2015 05:15:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15351

Error: (02/02/2015 05:15:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15351

Error: (02/02/2015 05:15:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (02/03/2015 01:01:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (02/03/2015 01:01:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.

Error: (02/03/2015 00:58:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "UpdaterSvcravingreyven" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (02/03/2015 00:57:45 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (02/01/2015 04:45:32 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.

Error: (02/01/2015 04:21:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) PROSet/Wireless Zero Configuration Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/01/2015 04:20:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "UpdaterSvcravingreyven" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (02/01/2015 04:20:25 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (02/01/2015 04:20:37 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎01.‎02.‎2015 um 01:11:48 unerwartet heruntergefahren.

Error: (01/31/2015 04:21:13 PM) (Source: DCOM) (EventID: 10010) (User: SEYHAN)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}


Microsoft Office Sessions:
=========================
Error: (02/03/2015 01:38:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5148

Error: (02/03/2015 01:38:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5148

Error: (02/03/2015 01:38:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/03/2015 01:38:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2745

Error: (02/03/2015 01:38:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2745

Error: (02/03/2015 01:38:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/03/2015 01:29:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: inetstat.exe0.0.0.054a17008inetstat.exe0.0.0.054a17008c000000500026ff311b401d03fa8e118a8f3C:\Users\Sey\AppData\Roaming\InetStat\inetstat.exeC:\Users\Sey\AppData\Roaming\InetStat\inetstat.exe5a69f884-aba0-11e4-810c-b888e3ae176b

Error: (02/02/2015 05:15:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15351

Error: (02/02/2015 05:15:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15351

Error: (02/02/2015 05:15:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity Errors:
===================================
  Date: 2015-01-19 07:37:15.627
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Avira\AntiVir Desktop\update.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Avira\AntiVir Desktop\updrgui.exe with signing level Unsigned while the system requires signing level 6 or better to load.

  Date: 2015-01-19 01:34:32.517
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Avira\AntiVir Desktop\update.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Avira\AntiVir Desktop\updrgui.exe with signing level Unsigned while the system requires signing level 6 or better to load.


==================== Memory info =========================== 

Processor: AMD E1-1200 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 85%
Total physical RAM: 1610.25 MB
Available physical RAM: 239.14 MB
Total Pagefile: 4426.25 MB
Available Pagefile: 2420.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: (Packard Bell) (Fixed) (Total:280.19 GB) (Free:213.53 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: FE877462)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
__________________

Alt 03.02.2015, 14:11   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Sicherheitsprogramme in Form eines/mehrerer Trojaner? - Standard

Lösung: Sicherheitsprogramme in Form eines/mehrerer Trojaner?



Was ist mit meiner Frage nach bisherigen Virenfunden un den Logs dazu?

Außerdem:

Zukünftig bitte beachten:
Zitat:
Running from C:\Users\Sey\Downloads
Leider hast du unsere Anleitung nicht richtig befolgt:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind.
Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen.
Alle Tools bis zum Ende der Bereinigung auf dem Desktop lassen, evtl. benötigen wir manche öfter.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.02.2015, 14:36   #5
haward123
 
Sicherheitsprogramme in Form eines/mehrerer Trojaner? - Standard

Wie Sicherheitsprogramme in Form eines/mehrerer Trojaner?



Im Avira Programm in der Quarantäne wurden drei Dateien gefunden.
Ich schreibe diese gerade ab deshalb dauert das ganze ein wenig.

1.
gefunden: Adware/DownGuide.dmu
Dateiname: C:/Users/Sey/Downloads/operae.exe

2.
Dateiname: C:/Users/Sey/AppData/Local/Temp/is45637729/232296_stp/Generic_vo.exe

Gefunden: Adware/VOPack.174340

3.
Dateiname: C:/Users/Sey/AppData/Local/Temp/is45637729/1974523_stp/Generic_vo.exe


Ich habe das Programm nochmal auf mein Desktop geladen und die Daten nochmal hineingefügt


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Sey (administrator) on SEYHAN on 03-02-2015 15:19:20
Running from C:\Users\Sey\Desktop
Loaded Profiles: Sey (Available profiles: Sey)
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Security Stronghold) C:\Program Files (x86)\Stronghold AntiMalware\StrongholdAntiMalware.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneSvc.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneEvent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Sey\Desktop\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2873744 2012-10-19] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-09-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-06-19] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2640408 2014-08-30] ()
HKLM-x32\...\Run: [Stronghold AntiMalware] => C:\Program Files (x86)\Stronghold AntiMalware\StrongholdAntiMalware.exe [6495144 2014-09-03] (Security Stronghold)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-254765840-3105052261-2340691044-1001\...\Run: [InetStat] => C:\Users\Sey\AppData\Roaming\InetStat\inetstat.exe [726542 2015-01-15] ()
Startup: C:\Users\Sey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1409425037&from=cvs2&uid=ST320LT020-9YG142_W049K8GTXXXXW049K8GT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1409425037&from=cvs2&uid=ST320LT020-9YG142_W049K8GTXXXXW049K8GT&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-254765840-3105052261-2340691044-1001 -> DefaultScope {06ECEAFC-6E70-4708-86C1-09FC12E7F9C6} URL = 
SearchScopes: HKU\S-1-5-21-254765840-3105052261-2340691044-1001 -> {06ECEAFC-6E70-4708-86C1-09FC12E7F9C6} URL = 
Toolbar: HKU\S-1-5-21-254765840-3105052261-2340691044-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

Chrome: 
=======
CHR DefaultSearchKeyword: Default -> webssearches
CHR DefaultSearchURL: Default -> hxxp://istart.webssearches.com/web/?type=ds&ts=1409425037&from=cvs2&uid=ST320LT020-9YG142_W049K8GTXXXXW049K8GT&q={searchTerms}
CHR DefaultSuggestURL: Default -> 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\Sey\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Sey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-13]
CHR Extension: (Google Drive) - C:\Users\Sey\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Sey\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\Sey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-13]
CHR Extension: (Google-Suche) - C:\Users\Sey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-13]
CHR Extension: (Avira Browserschutz) - C:\Users\Sey\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-12-06]
CHR Extension: (Allin1Convert) - C:\Users\Sey\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl [2015-02-03]
CHR Extension: (Google Wallet) - C:\Users\Sey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-13]
CHR Extension: (Google Mail) - C:\Users\Sey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-13]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [53320 2014-11-13] (Just Develop It) <==== ATTENTION
R3 DeviceFastLaneService; C:\Program Files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100752 2012-10-19] (ELAN Microelectronics Corp.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] ()
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-12-07] (Dritek System INC.)
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-30] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation)
S2 UpdaterSvcravingreyven; "C:\Program Files (x86)\raving reyven\updater.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-21] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-30] (AVG Technologies)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43064 2014-10-09] (Avira Operations GmbH & Co. KG)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-17] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4273192 2012-08-07] (Intel Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-12-07] (Dritek System Inc.)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52080 2013-06-19] (Cisco Systems, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 15:19 - 2015-02-03 15:20 - 00015534 _____ () C:\Users\Sey\Desktop\FRST.txt
2015-02-03 15:15 - 2015-02-03 15:15 - 02131456 _____ (Farbar) C:\Users\Sey\Desktop\FRST64 (1).exe
2015-02-03 15:05 - 2015-02-03 15:07 - 00020531 _____ () C:\Users\Sey\Downloads\Addition.txt
2015-02-03 15:03 - 2015-02-03 15:07 - 00024659 _____ () C:\Users\Sey\Downloads\FRST.txt
2015-02-03 15:02 - 2015-02-03 15:19 - 00000000 ____D () C:\FRST
2015-02-03 15:02 - 2015-02-03 15:02 - 02131456 _____ (Farbar) C:\Users\Sey\Downloads\FRST64.exe
2015-02-03 13:04 - 2015-02-03 13:06 - 00000000 ____D () C:\Users\Sey\Desktop\türkan
2015-01-22 17:53 - 2015-01-22 17:53 - 00066702 _____ () C:\Users\Sey\Downloads\Demet Hanim Interview (1).odt
2015-01-22 12:32 - 2015-01-22 14:56 - 00066402 _____ () C:\Users\Sey\Downloads\Demet Hanim Interview.odt
2015-01-19 21:42 - 2015-01-19 21:42 - 00056686 _____ () C:\Users\Sey\Downloads\Nu0130NNu0130LER 17 OCAK 2015 RUHSALLIK VE HALK EZGu0130LERu0130  SON.jpeg
2015-01-18 18:14 - 2014-04-16 19:20 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2015-01-18 18:14 - 2014-04-16 19:20 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2015-01-14 10:57 - 2014-11-27 03:40 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-01-14 10:57 - 2014-11-27 02:28 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-01-14 10:56 - 2014-11-05 07:40 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-01-14 10:56 - 2014-11-05 07:39 - 01024512 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-01-14 10:56 - 2014-11-01 07:28 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-01-14 10:56 - 2014-10-29 15:21 - 00499008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2015-01-14 10:56 - 2014-10-27 23:10 - 00390841 _____ () C:\Windows\system32\ApnDatabase.xml
2015-01-14 10:55 - 2014-11-15 07:06 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-01-14 10:55 - 2014-11-15 06:13 - 03286016 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-01-14 10:55 - 2014-11-15 06:13 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-01-14 10:55 - 2014-11-15 06:13 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-01-14 10:55 - 2014-11-15 06:13 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-01-14 10:55 - 2014-11-15 06:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-01-14 10:55 - 2014-11-15 06:13 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-01-14 10:55 - 2014-11-15 06:13 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-01-14 10:55 - 2014-11-15 06:12 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-01-14 10:55 - 2014-11-15 04:54 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-01-14 10:55 - 2014-11-15 04:53 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-01-14 10:55 - 2014-11-15 04:53 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-01-14 10:55 - 2014-11-15 04:53 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-01-14 10:49 - 2014-12-19 07:48 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 10:49 - 2014-12-19 05:35 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 10:49 - 2014-12-11 08:35 - 06973248 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 10:49 - 2014-12-11 07:51 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 10:49 - 2014-12-06 08:53 - 00458240 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-14 10:49 - 2014-12-06 08:53 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-14 10:49 - 2014-12-06 08:52 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 10:49 - 2014-12-06 08:52 - 00357376 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 10:49 - 2014-12-06 08:52 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 10:49 - 2014-12-06 08:51 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-14 10:49 - 2014-12-06 08:51 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-14 10:49 - 2014-12-06 08:50 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-14 10:49 - 2014-12-06 07:10 - 00355840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-14 10:49 - 2014-12-06 07:10 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-14 10:49 - 2014-12-06 07:09 - 00332800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-14 10:49 - 2014-12-06 07:09 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 15:20 - 2014-09-15 12:31 - 01592444 _____ () C:\Windows\WindowsUpdate.log
2015-02-03 15:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2015-02-03 14:49 - 2014-09-14 16:58 - 00000000 ____D () C:\Users\Public\Documents\Stronghold AntiMalware
2015-02-03 14:31 - 2013-09-13 16:14 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-03 14:25 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-03 13:30 - 2013-10-14 20:33 - 00000000 ____D () C:\Users\Sey\AppData\Local\CrashDumps
2015-02-03 13:27 - 2013-09-13 16:05 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-254765840-3105052261-2340691044-1001
2015-02-03 13:03 - 2012-12-08 05:42 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2015-02-03 13:03 - 2012-12-08 05:42 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2015-02-03 13:03 - 2012-07-26 08:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-03 12:58 - 2013-09-13 16:14 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-03 12:58 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-02 13:00 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-28 23:19 - 2014-11-21 22:57 - 00000000 ___HD () C:\$Windows.~BT
2015-01-28 17:53 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-27 20:26 - 2013-09-13 16:18 - 00002147 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-24 21:20 - 2014-11-28 20:39 - 00714176 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 21:20 - 2014-11-28 20:39 - 00106432 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-22 14:55 - 2013-10-26 12:17 - 00066030 _____ () C:\Users\Sey\Desktop\OpenDocument Text (neu).odt
2015-01-22 14:55 - 2013-09-30 19:43 - 00103424 ___SH () C:\Users\Sey\Desktop\Thumbs.db
2015-01-20 20:14 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2015-01-19 11:47 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2015-01-19 11:39 - 2014-09-15 17:14 - 00047196 _____ () C:\Windows\PFRO.log
2015-01-18 18:35 - 2013-09-30 20:17 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-18 18:22 - 2013-09-30 20:17 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-15 19:32 - 2014-08-30 20:01 - 00000000 ____D () C:\Users\Sey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
2015-01-15 19:32 - 2014-08-30 20:01 - 00000000 ____D () C:\Users\Sey\AppData\Roaming\InetStat

Some content of TEMP:
====================
C:\Users\Sey\AppData\Local\Temp\avgnt.exe
C:\Users\Sey\AppData\Local\Temp\CloudBackup3959.exe
C:\Users\Sey\AppData\Local\Temp\Quarantine.exe
C:\Users\Sey\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-22 13:12

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by Sey at 2015-02-03 15:21:51
Running from C:\Users\Sey\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Catalyst Install Manager (HKLM\...\{1E654AA2-629D-C426-2561-01AAC1371950}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.1.9.799 - AVG Technologies)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04059 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04059 - Cisco Systems, Inc.) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4311.52 - CyberLink Corp.)
eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM)
ETDWare PS/2-X64 11.6.13.004_WHQL (HKLM\...\Elantech) (Version: 11.6.13.004 - ELAN Microelectronic Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Packard Bell)
InetStat (HKU\S-1-5-21-254765840-3105052261-2340691044-1001\...\InetStat) (Version: 0.5b - InetStat) <==== ATTENTION!
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{89478C31-5CE8-461A-9084-9A0AF059F84F}) (Version: 15.5.0.0344 - Intel Corporation)
Intel® PROSet/Wireless WiFi-Software (HKLM\...\{99FDAE3B-6905-45A6-8F73-595363AAD3D1}) (Version: 15.05.1000.1411 - Intel Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.5 - Packard Bell)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3004 - Packard Bell)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - JDi Backup Ltd) <==== ATTENTION
Nero 12 Essentials OEM.a01 (HKLM-x32\...\{9BF0D9FE-9893-4647-81B9-17B7BEA4E6FD}) (Version: 12.5.00000 - Nero AG)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{B2B0EC73-AD4A-4716-A3DE-CEA8440B309B}) (Version: 12.5.00000 - Nero AG)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Packard Bell Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Packard Bell)
Packard Bell Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Packard Bell)
Packard Bell Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Packard Bell)
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
raving reyven (HKLM\...\raving reyven) (Version: 2014.06.07.170121 - raving reyven) <==== ATTENTION!
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.9200.28127 - Realtek Semiconductor Corp.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

14-01-2015 09:03:54 Windows Modules Installer
17-01-2015 12:21:29 Windows Update
20-01-2015 17:05:06 Windows Update
23-01-2015 19:30:10 Windows Update
27-01-2015 17:13:56 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0C28A3A8-797F-4BF8-876E-275D88EF63A3} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe [2014-11-13] (MyPC Backup) <==== ATTENTION
Task: {131B36BA-1F07-4A47-9D5F-EA7050CAB521} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Packard Bell\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {2B13FE37-3C8A-4806-80DF-1E361E2A617A} - System32\Tasks\Power Management => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [2012-08-22] (Acer Incorporated)
Task: {31C5A268-FFAE-481F-8937-4B0B8F08ED59} - System32\Tasks\{47EF6FD5-35C9-460A-8B65-93F56E30D335} => pcalua.exe -a C:\Users\Sey\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=cvs2 <==== ATTENTION
Task: {6DD33C38-D88E-4AE9-8969-0A748BBBA552} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Packard Bell\Packard Bell Recovery Management\Notification\Notification.exe [2012-07-31] (Acer Incorporated)
Task: {C8C98B55-2736-48FE-98F2-FCC3A01C018F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-18] (Microsoft Corporation)
Task: {E23BA7CF-1D9F-4FA3-8EEC-EC31670C876B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-13] (Google Inc.)
Task: {E9E30DB8-E712-42AC-9687-BE0FD5E84C3E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-13] (Google Inc.)
Task: {F188C412-0332-456E-83C2-ADFC3D0F51B5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {F72FDF7C-80FA-4BAF-9DEF-579A19B6C0B6} - System32\Tasks\Open Chrome => Chrome.exe --new-window hxxp://toolbar.avg.com/almost-done?pid=safeguard&amp;lang=en
Task: {FCB98D0B-D119-47A6-8004-EC9D71128FC9} - System32\Tasks\ALU => C:\Program Files (x86)\Packard Bell\Live Updater\updater.exe [2012-08-30] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Open Chrome.job => c:\program files (x86)\Google\Chrome\Application\chrome.exe

==================== Loaded Modules (whitelisted) =============

2014-08-30 19:42 - 2014-08-30 19:41 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2012-07-26 08:58 - 2012-07-26 08:53 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2014-11-13 10:59 - 2014-11-13 10:58 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
2014-11-13 10:59 - 2014-11-13 10:57 - 00060928 _____ () C:\Program Files (x86)\MyPC Backup\LinqBridge.dll
2014-11-13 10:59 - 2014-11-13 10:57 - 00270336 _____ () C:\Program Files (x86)\MyPC Backup\AlphaFS.dll
2014-08-30 19:41 - 2014-08-30 19:41 - 02640408 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
2013-06-19 16:00 - 2013-06-19 16:00 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-30 19:42 - 2014-08-30 19:41 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
2015-01-27 20:22 - 2015-01-25 07:08 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libglesv2.dll
2015-01-27 20:21 - 2015-01-25 07:08 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libegl.dll
2015-01-27 20:22 - 2015-01-25 07:08 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\pdf.dll
2015-01-27 20:23 - 2015-01-25 07:08 - 14913864 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-254765840-3105052261-2340691044-500 - Administrator - Disabled)
Gast (S-1-5-21-254765840-3105052261-2340691044-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-254765840-3105052261-2340691044-1003 - Limited - Enabled)
Sey (S-1-5-21-254765840-3105052261-2340691044-1001 - Administrator - Enabled) => C:\Users\Sey

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/03/2015 01:38:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5148

Error: (02/03/2015 01:38:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5148

Error: (02/03/2015 01:38:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/03/2015 01:38:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2745

Error: (02/03/2015 01:38:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2745

Error: (02/03/2015 01:38:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/03/2015 01:29:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: inetstat.exe, Version: 0.0.0.0, Zeitstempel: 0x54a17008
Name des fehlerhaften Moduls: inetstat.exe, Version: 0.0.0.0, Zeitstempel: 0x54a17008
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00026ff3
ID des fehlerhaften Prozesses: 0x11b4
Startzeit der fehlerhaften Anwendung: 0xinetstat.exe0
Pfad der fehlerhaften Anwendung: inetstat.exe1
Pfad des fehlerhaften Moduls: inetstat.exe2
Berichtskennung: inetstat.exe3
Vollständiger Name des fehlerhaften Pakets: inetstat.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: inetstat.exe5

Error: (02/02/2015 05:15:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15351

Error: (02/02/2015 05:15:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15351

Error: (02/02/2015 05:15:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (02/03/2015 01:01:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (02/03/2015 01:01:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.

Error: (02/03/2015 00:58:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "UpdaterSvcravingreyven" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (02/03/2015 00:57:45 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (02/01/2015 04:45:32 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.

Error: (02/01/2015 04:21:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) PROSet/Wireless Zero Configuration Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/01/2015 04:20:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "UpdaterSvcravingreyven" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (02/01/2015 04:20:25 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (02/01/2015 04:20:37 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎01.‎02.‎2015 um 01:11:48 unerwartet heruntergefahren.

Error: (01/31/2015 04:21:13 PM) (Source: DCOM) (EventID: 10010) (User: SEYHAN)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}


Microsoft Office Sessions:
=========================
Error: (02/03/2015 01:38:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5148

Error: (02/03/2015 01:38:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5148

Error: (02/03/2015 01:38:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/03/2015 01:38:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2745

Error: (02/03/2015 01:38:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2745

Error: (02/03/2015 01:38:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/03/2015 01:29:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: inetstat.exe0.0.0.054a17008inetstat.exe0.0.0.054a17008c000000500026ff311b401d03fa8e118a8f3C:\Users\Sey\AppData\Roaming\InetStat\inetstat.exeC:\Users\Sey\AppData\Roaming\InetStat\inetstat.exe5a69f884-aba0-11e4-810c-b888e3ae176b

Error: (02/02/2015 05:15:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15351

Error: (02/02/2015 05:15:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15351

Error: (02/02/2015 05:15:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity Errors:
===================================
  Date: 2015-01-19 07:37:15.627
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Avira\AntiVir Desktop\update.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Avira\AntiVir Desktop\updrgui.exe with signing level Unsigned while the system requires signing level 6 or better to load.

  Date: 2015-01-19 01:34:32.517
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Avira\AntiVir Desktop\update.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Avira\AntiVir Desktop\updrgui.exe with signing level Unsigned while the system requires signing level 6 or better to load.


==================== Memory info =========================== 

Processor: AMD E1-1200 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 75%
Total physical RAM: 1610.25 MB
Available physical RAM: 388.07 MB
Total Pagefile: 4426.25 MB
Available Pagefile: 2346.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Packard Bell) (Fixed) (Total:280.19 GB) (Free:213.3 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: FE877462)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

Ich hoffe, ich habe jetzt alles richtig gemacht.

Ergänzung:

bei Punkt 3 fehlt noch Gefunden: Adware/VOPack.174340


Alt 03.02.2015, 14:39   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Sicherheitsprogramme in Form eines/mehrerer Trojaner? - Standard

Wo Sicherheitsprogramme in Form eines/mehrerer Trojaner? Lösung!



Ok bitte weiter machen mit MBAR:

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
--> Sicherheitsprogramme in Form eines/mehrerer Trojaner?

Alt 03.02.2015, 17:13   #7
haward123
 
Sicherheitsprogramme in Form eines/mehrerer Trojaner? - Standard

Sicherheitsprogramme in Form eines/mehrerer Trojaner?



Mir sind noch einige Dinge aufgefallen.
Und zwar während des Scanvorgangs hat sich der Avira Programm gemeldet, dass
wieder ADWARE Viren/Dateiein? gefunden wurde.
Des Weiteren hat sich beim öffnen des Browsers wieder das
websearch Suchseite eingenistet. Beim erneuten öffnen war es wieder weg.

Ich weiss nicht ob es relevant ist, aber ich dachte mir, ich berichte dir das mal


Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org

Database version:
  main:    v2014.11.18.05
  rootkit: v2014.11.12.01

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.17183
Sey :: SEYHAN [administrator]

03.02.2015 16:40:51
mbar-log-2015-02-03 (16-40-51).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 315594
Time elapsed: 44 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         

Alt 03.02.2015, 20:25   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Sicherheitsprogramme in Form eines/mehrerer Trojaner? - Standard

Sicherheitsprogramme in Form eines/mehrerer Trojaner?



Bei den nächsten Scans Avira deaktivieren, das nervt doch nur!

Adware/Junkware/Toolbars entfernen

(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!)

1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.02.2015, 12:02   #9
haward123
 
Sicherheitsprogramme in Form eines/mehrerer Trojaner? - Standard

Sicherheitsprogramme in Form eines/mehrerer Trojaner?



habe nun alle drei Scans durchgeführt:

Code:
ATTFilter
# Database : 2015-02-03.1 [Live]
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Sey - SEYHAN
# Gestartet von : C:\Users\Sey\Desktop\AdwCleaner_4.109.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Sey\AppData\Local\AVG SafeGuard toolbar

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.17183


-\\ Google Chrome v40.0.2214.93


*************************

AdwCleaner[R0].txt - [7385 octets] - [04/02/2015 11:51:38]
AdwCleaner[R1].txt - [929 octets] - [04/02/2015 12:18:13]
AdwCleaner[S0].txt - [7789 octets] - [04/02/2015 11:56:56]
AdwCleaner[S1].txt - [851 octets] - [04/02/2015 12:22:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [910 octets] ##########
         

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8 x64
Ran by Sey on 04.02.2015 at 12:50:29,72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.02.2015 at 12:55:14,28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         



FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Sey (administrator) on SEYHAN on 04-02-2015 12:58:24
Running from C:\Users\Sey\Desktop
Loaded Profiles: Sey (Available profiles: Sey)
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Security Stronghold) C:\Program Files (x86)\Stronghold AntiMalware\StrongholdAntiMalware.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Farbar) C:\Users\Sey\Desktop\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2873744 2012-10-19] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-09-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-06-19] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Stronghold AntiMalware] => C:\Program Files (x86)\Stronghold AntiMalware\StrongholdAntiMalware.exe [6495144 2014-09-03] (Security Stronghold)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-254765840-3105052261-2340691044-1001 -> {06ECEAFC-6E70-4708-86C1-09FC12E7F9C6} URL = 
Toolbar: HKU\S-1-5-21-254765840-3105052261-2340691044-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Sey\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Sey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-13]
CHR Extension: (Google Drive) - C:\Users\Sey\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Sey\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-04]
CHR Extension: (YouTube) - C:\Users\Sey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-13]
CHR Extension: (Google-Suche) - C:\Users\Sey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-13]
CHR Extension: (Avira Browserschutz) - C:\Users\Sey\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-02-04]
CHR Extension: (Allin1Convert) - C:\Users\Sey\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl [2015-02-04]
CHR Extension: (Google Wallet) - C:\Users\Sey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-04]
CHR Extension: (Google Mail) - C:\Users\Sey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-13]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S3 DeviceFastLaneService; C:\Program Files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100752 2012-10-19] (ELAN Microelectronics Corp.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] ()
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-12-07] (Dritek System INC.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation)
S2 UpdaterSvcravingreyven; "C:\Program Files (x86)\raving reyven\updater.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-21] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-30] (AVG Technologies)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43064 2014-10-09] (Avira Operations GmbH & Co. KG)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4273192 2012-08-07] (Intel Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-12-07] (Dritek System Inc.)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52080 2013-06-19] (Cisco Systems, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 12:56 - 2015-02-04 12:56 - 02131456 _____ (Farbar) C:\Users\Sey\Desktop\FRST64 (1).exe
2015-02-04 12:55 - 2015-02-04 12:55 - 00000610 _____ () C:\Users\Sey\Desktop\JRT.txt
2015-02-04 12:40 - 2015-02-04 12:40 - 01388274 _____ (Thisisu) C:\Users\Sey\Desktop\JRT.exe
2015-02-04 11:49 - 2015-02-04 12:22 - 00000000 ____D () C:\AdwCleaner
2015-02-04 11:47 - 2015-02-04 11:47 - 02194432 _____ () C:\Users\Sey\Desktop\AdwCleaner_4.109.exe
2015-02-03 15:50 - 2015-02-03 20:35 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-03 15:46 - 2015-02-03 20:35 - 00000000 ____D () C:\Users\Sey\Desktop\mbar
2015-02-03 15:43 - 2015-02-03 15:45 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Sey\Desktop\mbar-1.08.3.1004.exe
2015-02-03 15:21 - 2015-02-03 15:23 - 00020528 _____ () C:\Users\Sey\Desktop\Addition.txt
2015-02-03 15:19 - 2015-02-04 12:58 - 00012374 _____ () C:\Users\Sey\Desktop\FRST.txt
2015-02-03 15:05 - 2015-02-03 15:07 - 00020531 _____ () C:\Users\Sey\Downloads\Addition.txt
2015-02-03 15:03 - 2015-02-03 15:07 - 00024659 _____ () C:\Users\Sey\Downloads\FRST.txt
2015-02-03 15:02 - 2015-02-04 12:58 - 00000000 ____D () C:\FRST
2015-02-03 15:02 - 2015-02-03 15:02 - 02131456 _____ (Farbar) C:\Users\Sey\Downloads\FRST64.exe
2015-02-03 13:04 - 2015-02-03 21:29 - 00000000 ____D () C:\Users\Sey\Desktop\türkan
2015-01-22 17:53 - 2015-01-22 17:53 - 00066702 _____ () C:\Users\Sey\Downloads\Demet Hanim Interview (1).odt
2015-01-22 12:32 - 2015-01-22 14:56 - 00066402 _____ () C:\Users\Sey\Downloads\Demet Hanim Interview.odt
2015-01-19 21:42 - 2015-01-19 21:42 - 00056686 _____ () C:\Users\Sey\Downloads\Nu0130NNu0130LER 17 OCAK 2015 RUHSALLIK VE HALK EZGu0130LERu0130  SON.jpeg
2015-01-18 18:14 - 2014-04-16 19:20 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2015-01-18 18:14 - 2014-04-16 19:20 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2015-01-14 10:57 - 2014-11-27 03:40 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-01-14 10:57 - 2014-11-27 02:28 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-01-14 10:56 - 2014-11-05 07:40 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-01-14 10:56 - 2014-11-05 07:39 - 01024512 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-01-14 10:56 - 2014-11-01 07:28 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-01-14 10:56 - 2014-10-29 15:21 - 00499008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2015-01-14 10:56 - 2014-10-27 23:10 - 00390841 _____ () C:\Windows\system32\ApnDatabase.xml
2015-01-14 10:55 - 2014-11-15 07:06 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-01-14 10:55 - 2014-11-15 06:13 - 03286016 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-01-14 10:55 - 2014-11-15 06:13 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-01-14 10:55 - 2014-11-15 06:13 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-01-14 10:55 - 2014-11-15 06:13 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-01-14 10:55 - 2014-11-15 06:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-01-14 10:55 - 2014-11-15 06:13 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-01-14 10:55 - 2014-11-15 06:13 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-01-14 10:55 - 2014-11-15 06:12 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-01-14 10:55 - 2014-11-15 04:54 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-01-14 10:55 - 2014-11-15 04:53 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-01-14 10:55 - 2014-11-15 04:53 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-01-14 10:55 - 2014-11-15 04:53 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-01-14 10:49 - 2014-12-19 07:48 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 10:49 - 2014-12-19 05:35 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 10:49 - 2014-12-11 08:35 - 06973248 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 10:49 - 2014-12-11 07:51 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 10:49 - 2014-12-06 08:53 - 00458240 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-14 10:49 - 2014-12-06 08:53 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-14 10:49 - 2014-12-06 08:52 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 10:49 - 2014-12-06 08:52 - 00357376 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 10:49 - 2014-12-06 08:52 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 10:49 - 2014-12-06 08:51 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-14 10:49 - 2014-12-06 08:51 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-14 10:49 - 2014-12-06 08:50 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-14 10:49 - 2014-12-06 07:10 - 00355840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-14 10:49 - 2014-12-06 07:10 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-14 10:49 - 2014-12-06 07:09 - 00332800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-14 10:49 - 2014-12-06 07:09 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 12:31 - 2013-09-13 16:14 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-04 12:24 - 2013-09-13 16:14 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-04 12:23 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-04 12:22 - 2014-09-15 17:14 - 00052002 _____ () C:\Windows\PFRO.log
2015-02-04 12:22 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-04 12:09 - 2013-09-13 16:05 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-254765840-3105052261-2340691044-1001
2015-02-04 11:57 - 2013-09-13 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-04 11:57 - 2013-09-13 15:56 - 00001003 _____ () C:\Users\Sey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-03 21:28 - 2014-10-17 17:51 - 00000000 ____D () C:\Users\Sey\Desktop\Interview
2015-02-03 21:19 - 2013-10-14 20:33 - 00000000 ____D () C:\Users\Sey\AppData\Local\CrashDumps
2015-02-03 20:36 - 2014-09-15 12:31 - 01732360 _____ () C:\Windows\WindowsUpdate.log
2015-02-03 20:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2015-02-03 17:59 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-03 17:56 - 2013-09-30 19:43 - 00103424 ___SH () C:\Users\Sey\Desktop\Thumbs.db
2015-02-03 17:48 - 2014-09-15 11:09 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-03 17:45 - 2014-09-14 16:58 - 00000000 ____D () C:\Users\Public\Documents\Stronghold AntiMalware
2015-02-03 17:44 - 2014-09-15 11:08 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-03 13:03 - 2012-12-08 05:42 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2015-02-03 13:03 - 2012-12-08 05:42 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2015-02-03 13:03 - 2012-07-26 08:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-28 23:19 - 2014-11-21 22:57 - 00000000 ___HD () C:\$Windows.~BT
2015-01-28 17:53 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-27 20:26 - 2013-09-13 16:18 - 00002147 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-24 21:20 - 2014-11-28 20:39 - 00714176 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 21:20 - 2014-11-28 20:39 - 00106432 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-22 14:55 - 2013-10-26 12:17 - 00066030 _____ () C:\Users\Sey\Desktop\OpenDocument Text (neu).odt
2015-01-20 20:14 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2015-01-19 11:47 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2015-01-18 18:35 - 2013-09-30 20:17 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-18 18:22 - 2013-09-30 20:17 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Sey\AppData\Local\Temp\avgnt.exe
C:\Users\Sey\AppData\Local\Temp\CloudBackup3959.exe
C:\Users\Sey\AppData\Local\Temp\Quarantine.exe
C:\Users\Sey\AppData\Local\Temp\sqlite3.dll
C:\Users\Sey\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-22 13:12

==================== End Of Log ============================
         
--- --- ---

Alt 04.02.2015, 12:09   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Sicherheitsprogramme in Form eines/mehrerer Trojaner? - Standard

Sicherheitsprogramme in Form eines/mehrerer Trojaner? [gelöst]



Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.02.2015, 18:17   #11
haward123
 
Sicherheitsprogramme in Form eines/mehrerer Trojaner? - Standard

Sicherheitsprogramme in Form eines/mehrerer Trojaner? [gelöst]



Habe ich

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2015
Ran by Sey at 2015-02-04 19:15:24
Running from C:\Users\Sey\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Catalyst Install Manager (HKLM\...\{1E654AA2-629D-C426-2561-01AAC1371950}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04059 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04059 - Cisco Systems, Inc.) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4311.52 - CyberLink Corp.)
eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM)
ETDWare PS/2-X64 11.6.13.004_WHQL (HKLM\...\Elantech) (Version: 11.6.13.004 - ELAN Microelectronic Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Packard Bell)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{89478C31-5CE8-461A-9084-9A0AF059F84F}) (Version: 15.5.0.0344 - Intel Corporation)
Intel® PROSet/Wireless WiFi-Software (HKLM\...\{99FDAE3B-6905-45A6-8F73-595363AAD3D1}) (Version: 15.05.1000.1411 - Intel Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.5 - Packard Bell)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3004 - Packard Bell)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Nero 12 Essentials OEM.a01 (HKLM-x32\...\{9BF0D9FE-9893-4647-81B9-17B7BEA4E6FD}) (Version: 12.5.00000 - Nero AG)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{B2B0EC73-AD4A-4716-A3DE-CEA8440B309B}) (Version: 12.5.00000 - Nero AG)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Packard Bell Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Packard Bell)
Packard Bell Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Packard Bell)
Packard Bell Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Packard Bell)
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.9200.28127 - Realtek Semiconductor Corp.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

20-01-2015 17:05:06 Windows Update
23-01-2015 19:30:10 Windows Update
27-01-2015 17:13:56 Windows Update
04-02-2015 13:07:08 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {131B36BA-1F07-4A47-9D5F-EA7050CAB521} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Packard Bell\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {2B13FE37-3C8A-4806-80DF-1E361E2A617A} - System32\Tasks\Power Management => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [2012-08-22] (Acer Incorporated)
Task: {31C5A268-FFAE-481F-8937-4B0B8F08ED59} - System32\Tasks\{47EF6FD5-35C9-460A-8B65-93F56E30D335} => pcalua.exe -a C:\Users\Sey\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=cvs2 <==== ATTENTION
Task: {6DD33C38-D88E-4AE9-8969-0A748BBBA552} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Packard Bell\Packard Bell Recovery Management\Notification\Notification.exe [2012-07-31] (Acer Incorporated)
Task: {6E201068-1A7F-4828-A097-8D4FA8400ABF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-18] (Microsoft Corporation)
Task: {E23BA7CF-1D9F-4FA3-8EEC-EC31670C876B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-13] (Google Inc.)
Task: {E9E30DB8-E712-42AC-9687-BE0FD5E84C3E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-13] (Google Inc.)
Task: {F72FDF7C-80FA-4BAF-9DEF-579A19B6C0B6} - System32\Tasks\Open Chrome => Chrome.exe --new-window hxxp://toolbar.avg.com/almost-done?pid=safeguard&amp;lang=en
Task: {FCB98D0B-D119-47A6-8004-EC9D71128FC9} - System32\Tasks\ALU => C:\Program Files (x86)\Packard Bell\Live Updater\updater.exe [2012-08-30] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Open Chrome.job => c:\program files (x86)\Google\Chrome\Application\chrome.exe

==================== Loaded Modules (whitelisted) =============

2012-07-26 08:58 - 2012-07-26 08:53 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-08-30 05:40 - 2012-08-30 05:40 - 03331216 _____ () C:\Program Files (x86)\Packard Bell\Live Updater\updater.exe
2013-06-19 16:00 - 2013-06-19 16:00 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-04 16:42 - 2015-01-27 04:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libglesv2.dll
2015-02-04 16:42 - 2015-01-27 04:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libegl.dll
2015-02-04 16:42 - 2015-01-27 04:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll
2015-02-04 16:42 - 2015-01-27 04:44 - 14913864 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-254765840-3105052261-2340691044-500 - Administrator - Disabled)
Gast (S-1-5-21-254765840-3105052261-2340691044-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-254765840-3105052261-2340691044-1003 - Limited - Enabled)
Sey (S-1-5-21-254765840-3105052261-2340691044-1001 - Administrator - Enabled) => C:\Users\Sey

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/04/2015 05:21:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9438

Error: (02/04/2015 05:21:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9438

Error: (02/04/2015 05:21:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/04/2015 05:21:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5772

Error: (02/04/2015 05:21:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5772

Error: (02/04/2015 05:21:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/04/2015 05:21:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2901

Error: (02/04/2015 05:21:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2901

Error: (02/04/2015 05:21:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/04/2015 01:11:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6489


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (02/04/2015 05:21:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9438

Error: (02/04/2015 05:21:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9438

Error: (02/04/2015 05:21:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/04/2015 05:21:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5772

Error: (02/04/2015 05:21:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5772

Error: (02/04/2015 05:21:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/04/2015 05:21:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2901

Error: (02/04/2015 05:21:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2901

Error: (02/04/2015 05:21:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/04/2015 01:11:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6489


CodeIntegrity Errors:
===================================
  Date: 2015-01-19 07:37:15.627
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Avira\AntiVir Desktop\update.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Avira\AntiVir Desktop\updrgui.exe with signing level Unsigned while the system requires signing level 6 or better to load.

  Date: 2015-01-19 01:34:32.517
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Avira\AntiVir Desktop\update.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Avira\AntiVir Desktop\updrgui.exe with signing level Unsigned while the system requires signing level 6 or better to load.


==================== Memory info =========================== 

Processor: AMD E1-1200 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 69%
Total physical RAM: 1610.25 MB
Available physical RAM: 490.27 MB
Total Pagefile: 4426.25 MB
Available Pagefile: 2740.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Packard Bell) (Fixed) (Total:280.19 GB) (Free:215.78 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: FE877462)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

Alt 04.02.2015, 22:16   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Sicherheitsprogramme in Form eines/mehrerer Trojaner? - Standard

Sicherheitsprogramme in Form eines/mehrerer Trojaner? [gelöst]



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Deaktiviere vor dem Fix bitte deinen Virenscanner!!
Code:
ATTFilter
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-254765840-3105052261-2340691044-1001 -> {06ECEAFC-6E70-4708-86C1-09FC12E7F9C6} URL = 
Toolbar: HKU\S-1-5-21-254765840-3105052261-2340691044-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
C:\Users\Sey\AppData\Local\Temp\avgnt.exe
C:\Users\Sey\AppData\Local\Temp\CloudBackup3959.exe
C:\Users\Sey\AppData\Local\Temp\Quarantine.exe
C:\Users\Sey\AppData\Local\Temp\sqlite3.dll
C:\Users\Sey\AppData\Local\Temp\vcredist_x64.exe
Task: {31C5A268-FFAE-481F-8937-4B0B8F08ED59} - System32\Tasks\{47EF6FD5-35C9-460A-8B65-93F56E30D335} => pcalua.exe -a C:\Users\Sey\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=cvs2 <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9
C:\Users\Sey\AppData\Roaming\webssearches

EmptyTemp:
Hosts:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.02.2015, 15:42   #13
haward123
 
Sicherheitsprogramme in Form eines/mehrerer Trojaner? - Standard

Sicherheitsprogramme in Form eines/mehrerer Trojaner? [gelöst]



Ich hoffe, dass ist der richtige Inhalt.

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-02-2015
Ran by Sey at 2015-02-05 16:35:30 Run:3
Running from C:\Users\Sey\Desktop
Loaded Profiles: Sey (Available profiles: Sey)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-254765840-3105052261-2340691044-1001 -> {06ECEAFC-6E70-4708-86C1-09FC12E7F9C6} URL = 
Toolbar: HKU\S-1-5-21-254765840-3105052261-2340691044-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
C:\Users\Sey\AppData\Local\Temp\avgnt.exe
C:\Users\Sey\AppData\Local\Temp\CloudBackup3959.exe
C:\Users\Sey\AppData\Local\Temp\Quarantine.exe
C:\Users\Sey\AppData\Local\Temp\sqlite3.dll
C:\Users\Sey\AppData\Local\Temp\vcredist_x64.exe
Task: {31C5A268-FFAE-481F-8937-4B0B8F08ED59} - System32\Tasks\{47EF6FD5-35C9-460A-8B65-93F56E30D335} => pcalua.exe -a C:\Users\Sey\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=cvs2 <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9
C:\Users\Sey\AppData\Roaming\webssearches

EmptyTemp:
Hosts:
         
*****************

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-21-254765840-3105052261-2340691044-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{06ECEAFC-6E70-4708-86C1-09FC12E7F9C6} => Key not found. 
HKCR\CLSID\{06ECEAFC-6E70-4708-86C1-09FC12E7F9C6} => Key not found. 
HKU\S-1-5-21-254765840-3105052261-2340691044-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value not found.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found. 
HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => Key not found. 
C:\Users\Sey\AppData\Local\Temp\avgnt.exe => Moved successfully.
"C:\Users\Sey\AppData\Local\Temp\CloudBackup3959.exe" => File/Directory not found.
"C:\Users\Sey\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
"C:\Users\Sey\AppData\Local\Temp\sqlite3.dll" => File/Directory not found.
"C:\Users\Sey\AppData\Local\Temp\vcredist_x64.exe" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31C5A268-FFAE-481F-8937-4B0B8F08ED59} => Key not found. 
C:\Windows\System32\Tasks\{47EF6FD5-35C9-460A-8B65-93F56E30D335} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{47EF6FD5-35C9-460A-8B65-93F56E30D335} => Key not found. 
"C:\ProgramData\Temp" => ":CB0AACC9" ADS not found.
"C:\Users\Sey\AppData\Roaming\webssearches" => File/Directory not found.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.
EmptyTemp: => Removed 10.7 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 16:35:43 ====
         

Alt 05.02.2015, 15:46   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Sicherheitsprogramme in Form eines/mehrerer Trojaner? - Standard

Sicherheitsprogramme in Form eines/mehrerer Trojaner? [gelöst]



Virenscanner deaktivieren, Fix wiederholen
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.02.2015, 20:30   #15
haward123
 
Sicherheitsprogramme in Form eines/mehrerer Trojaner? - Standard

Sicherheitsprogramme in Form eines/mehrerer Trojaner? [gelöst]



Ich habs versucht abzuschalten.

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-02-2015
Ran by Sey at 2015-02-05 21:20:14 Run:4
Running from C:\Users\Sey\Desktop
Loaded Profiles: Sey (Available profiles: Sey)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-254765840-3105052261-2340691044-1001 -> {06ECEAFC-6E70-4708-86C1-09FC12E7F9C6} URL = 
Toolbar: HKU\S-1-5-21-254765840-3105052261-2340691044-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
C:\Users\Sey\AppData\Local\Temp\avgnt.exe
C:\Users\Sey\AppData\Local\Temp\CloudBackup3959.exe
C:\Users\Sey\AppData\Local\Temp\Quarantine.exe
C:\Users\Sey\AppData\Local\Temp\sqlite3.dll
C:\Users\Sey\AppData\Local\Temp\vcredist_x64.exe
Task: {31C5A268-FFAE-481F-8937-4B0B8F08ED59} - System32\Tasks\{47EF6FD5-35C9-460A-8B65-93F56E30D335} => pcalua.exe -a C:\Users\Sey\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=cvs2 <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9
C:\Users\Sey\AppData\Roaming\webssearches

EmptyTemp:
Hosts:
 
*****************

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-21-254765840-3105052261-2340691044-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{06ECEAFC-6E70-4708-86C1-09FC12E7F9C6} => Key not found. 
HKCR\CLSID\{06ECEAFC-6E70-4708-86C1-09FC12E7F9C6} => Key not found. 
HKU\S-1-5-21-254765840-3105052261-2340691044-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value not found.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found. 
HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => Key not found. 
C:\Users\Sey\AppData\Local\Temp\avgnt.exe => Moved successfully.
"C:\Users\Sey\AppData\Local\Temp\CloudBackup3959.exe" => File/Directory not found.
"C:\Users\Sey\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
"C:\Users\Sey\AppData\Local\Temp\sqlite3.dll" => File/Directory not found.
"C:\Users\Sey\AppData\Local\Temp\vcredist_x64.exe" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31C5A268-FFAE-481F-8937-4B0B8F08ED59} => Key not found. 
C:\Windows\System32\Tasks\{47EF6FD5-35C9-460A-8B65-93F56E30D335} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{47EF6FD5-35C9-460A-8B65-93F56E30D335} => Key not found. 
"C:\ProgramData\Temp" => ":CB0AACC9" ADS not found.
"C:\Users\Sey\AppData\Roaming\webssearches" => File/Directory not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 331.2 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 21:20:27 ====
         

Antwort

Themen zu Sicherheitsprogramme in Form eines/mehrerer Trojaner?
allgemeine, allgemeinen, andere, brauch, browser, extremst, fenster, hoffe, lange, langsam, leute, liebe, längerer, löschen, nicht löschen, programme, schließ, super, troja, trojaner, trojaner?, überhaupt, ziemlich, öffnen



Ähnliche Themen: Sicherheitsprogramme in Form eines/mehrerer Trojaner?


  1. Wer nutzt einen Security Token in Form eines USB Sticks
    Überwachung, Datenschutz und Spam - 25.02.2015 (0)
  2. Chrome/Chromium: Öffnen mehrerer Tabs / Search-Conduit Startseite / Ask-Toolbar
    Plagegeister aller Art und deren Bekämpfung - 22.02.2015 (11)
  3. Alle Sicherheitsprogramme und Internetverbindung defekt nach PC-Absturz
    Plagegeister aller Art und deren Bekämpfung - 06.01.2015 (3)
  4. Wieder mal eine Auswertung eines OTLPE-Logs eines GVU/GEMA Trojaner infizierten Systems
    Log-Analyse und Auswertung - 29.06.2013 (10)
  5. Kann keine Sicherheitsprogramme downloaden, PC schmiert ab, Virus?
    Log-Analyse und Auswertung - 07.04.2013 (3)
  6. Trojaner, Java Viren und Exploits - in Form von z.B. Rogue.KD, Kalika.E, Agent.MT verschiedene Exploits :(
    Plagegeister aller Art und deren Bekämpfung - 03.01.2013 (9)
  7. cash-trojaner in form von antivirus programm
    Plagegeister aller Art und deren Bekämpfung - 27.12.2012 (19)
  8. Befall mehrerer Rechner eines Netzwerks Eintrag wird nicht aktualisiert
    Mülltonne - 18.11.2012 (1)
  9. Weißer Bildschirm trojaner (BKA) in österreichischer form
    Plagegeister aller Art und deren Bekämpfung - 18.10.2012 (4)
  10. Deutschlandflagge-Trojaner in ganz neuer Form
    Plagegeister aller Art und deren Bekämpfung - 09.04.2012 (31)
  11. Virus in autostart sishzm32.exe hijackthis zeigt mir ein mehrerer einträge an
    Plagegeister aller Art und deren Bekämpfung - 11.12.2010 (72)
  12. Nach Entfernung mehrerer Trojaner funktioniert kein Browser mehr
    Plagegeister aller Art und deren Bekämpfung - 29.08.2010 (5)
  13. Warum koennen manche Sicherheitsprogramme bestimmte Viren nicht loeschen?
    Antiviren-, Firewall- und andere Schutzprogramme - 29.07.2010 (8)
  14. PC sehr langsam, trotz mehrerer Optimierungen
    Alles rund um Windows - 28.07.2010 (1)
  15. Anonym Surfen/IP Verschleiern/Beste Sicherheitsprogramme
    Antiviren-, Firewall- und andere Schutzprogramme - 04.05.2010 (1)
  16. Internet, Firewall und automatische Updates aller Sicherheitsprogramme deaktiviert
    Log-Analyse und Auswertung - 06.01.2010 (1)
  17. Fund mehrerer Trojaner auf Büro-PC (trojan.dropper / .agent / .crypt)
    Plagegeister aller Art und deren Bekämpfung - 03.02.2009 (3)

Zum Thema Sicherheitsprogramme in Form eines/mehrerer Trojaner? - Hallo liebe Leute, seit längerer Zeit öffnen sich Anti-Mail programme oder Programme im Allgemeinen, die sich nicht löschen lassen, geschweige den das Fenster sich überhaupt schließt. Ich kann mich auch - Sicherheitsprogramme in Form eines/mehrerer Trojaner?...
Archiv
Du betrachtest: Sicherheitsprogramme in Form eines/mehrerer Trojaner? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.