Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: ads by positive finds

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.02.2015, 20:21   #1
christo78
 
ads by positive finds - Standard

ads by positive finds



hallo zusammen,

habe mir gestern oder heute wohl einen virus eingefangen (ads by positive finds) und werde ihn nicht mehr los.

gestern habe ich die neue freestudio version von chip.de runtergeladen. das ist das einzige in der art, was ich in letzter zeit gemacht hab.

habe in der vergangenheit mehrfach dort dieses programm runtergeladen/aktualisiert. sonst war immer alles gut und kann mir eigentlich nicht vorstellen, dass der "virus" davon kommt aber wie gesagt, war das das einzige programm, was ich in letzter zeit runtergeladen habe.

seit heute poppen unten links/mitte werbefenster auf, auch die google suchergebnisse werden beeinflusst (ueber den eigentlichen suchergebnissen erscheinen "ads by positive finds" ergebnisse). und laptop langsamer. ausserdem, wenn ich auf ein google suchergebnis klicke, oeffnet sich ein neuer tab. vorher wurde ich nur weitergeleitet.

habe freestudio deinstalliert (mit revo uninstaller). habe auch spyhunter4 runtergeladen um den virus loszuwerden. habe durchlaufen lassen, hat probleme gefunden aber vor dem loeschen nach dem kauf der "richtigen" version verlangt, hab abgebrochen.

hab auch spyware terminator runtergeladen (auch von chip.de), hat nichts gefunden. hab auch glary utilities durchlaufen lassen, hat auch garnicht erst was problematisches gefunden. free antivirus sagt sogar der computer ist sicher. jetzt habe ich ad aware runtergeladen und es hat nach dem download ueber ne stunde installiert. habe dann abgebrochen und deinstalliert (wahrscheinlich. kann ja sein, dass es auch noch da ist, wie spyhunter4 (siehe unten)).

weiteres problem: obwohl ich spyhunter4 und spyware terminator wieder deinstalliert hab (mit revo uninstaller), oeffnen sich da auch zwischendurch wieder fenster mit dem "angebot" die "richtige" version zu bestellen. und spyware terminator erscheint trotz revo uninstall im control panel auf. bei rechtsklick nur option zum erstellen eines shortcuts.

habe windows 7, 32 bit, service pack 1

bitte um hilfe. danke.

mfg, christo

Alt 07.02.2015, 21:15   #2
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
ads by positive finds - Standard

ads by positive finds





Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.



Los geht's:

Schritt 1


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)




Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 07.02.2015, 23:29   #3
christo78
 
ads by positive finds - Standard

ads by positive finds



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-02-2015
Ran by Xristos (administrator) on XRISTOS-PC on 08-02-2015 01:13:09
Running from C:\Users\Xristos\Desktop
Loaded Profiles: Xristos (Available profiles: Xristos)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [162856 2013-06-10] (Geek Software GmbH)
HKLM\...\Run: [ITSecMng] => C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2008-12-19] (TOSHIBA CORPORATION)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
Startup: C:\Users\Xristos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk /p \??\I:autocheck autochk * 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-3895304933-1129374030-3498339244-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland ? jetzt mit dem Hotmail Nachfolger Outlook und dem Messenger Nachfolger Skype
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Windows\system32\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\system32\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\system32\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\system32\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9 28 C:\Windows\system32\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3895304933-1129374030-3498339244-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Xristos\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.ksta.de/
CHR StartupUrls: Default -> "hxxp://google.de/", "hxxp://www.default-search.net?sid=503&aid=101&itype=n&ver=13437&tm=421&src=hmp"
CHR DefaultSearchURL: Default -> hxxp://www.default-search.net/search?sid=503&aid=101&itype=n&ver=13437&tm=421&src=ds&p={searchTerms}
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Xristos\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bejeweled) - C:\Users\Xristos\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2014-11-09]
CHR Extension: (Google Docs) - C:\Users\Xristos\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-17]
CHR Extension: (Google Drive) - C:\Users\Xristos\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Xristos\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-03]
CHR Extension: (YouTube) - C:\Users\Xristos\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-17]
CHR Extension: (Google-Suche) - C:\Users\Xristos\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-17]
CHR Extension: (AdBlock) - C:\Users\Xristos\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-07-17]
CHR Extension: (Jewel Puzzle) - C:\Users\Xristos\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmamlingnopoifbhacjmoopjnhdfmjen [2014-11-09]
CHR Extension: (Relaxing PacMan) - C:\Users\Xristos\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmgkcbpcpncgblalmiafacphddepkghj [2014-11-09]
CHR Extension: (Glossy Blue) - C:\Users\Xristos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nheaocaplknjkpcnbadlgfpdfjaabiml [2013-07-20]
CHR Extension: (Google Wallet) - C:\Users\Xristos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Google Mail) - C:\Users\Xristos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-17]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [276248 2012-05-10] (Intel Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 LavasoftTcpService; C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.1.4\LavasoftTcpService.exe [X]
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [X]
S2 ST2012_Svc; "C:\Program Files\Spyware Terminator\st_rsser.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus.sys [14336 2012-03-02] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag.sys [20736 2012-03-02] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps.sys [20096 2012-03-02] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem.sys [25088 2012-03-02] (LG Electronics Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-02-07] ()
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-17] (Intel Corporation)
R3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtwlane.sys [998544 2012-07-26] (Realtek Semiconductor Corporation                           )
R1 sp_rsdrv2; C:\Windows\system32\drivers\sp_rsdrv2.sys [32768 2011-06-21] () [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-25] (Avira GmbH)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 Tosrfcom; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-08 01:13 - 2015-02-08 01:13 - 00011250 _____ () C:\Users\Xristos\Desktop\FRST.txt
2015-02-08 01:12 - 2015-02-08 01:13 - 00000000 ____D () C:\FRST
2015-02-08 00:22 - 2015-02-08 00:23 - 01124352 _____ (Farbar) C:\Users\Xristos\Desktop\FRST.exe
2015-02-07 21:58 - 2015-02-07 21:58 - 00005064 _____ () C:\Windows\system32\LavasoftTcpService.ini
2015-02-07 21:58 - 2015-02-07 21:58 - 00002760 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-02-07 21:57 - 2015-01-23 06:39 - 00332216 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService.dll
2015-02-07 21:56 - 2015-02-07 21:56 - 00000000 ____D () C:\Users\Xristos\AppData\Roaming\LavasoftStatistics
2015-02-07 21:29 - 2015-02-07 22:01 - 00000000 ____D () C:\Program Files\Lavasoft
2015-02-07 21:23 - 2015-02-07 21:23 - 00509776 _____ () C:\Users\Xristos\Desktop\bookmarks_07.02.15.html
2015-02-07 21:16 - 2015-02-07 22:01 - 00000000 ____D () C:\Users\Xristos\AppData\Roaming\Lavasoft
2015-02-07 21:04 - 2015-02-07 22:01 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-02-07 20:12 - 2015-02-08 01:01 - 00000000 ____D () C:\ProgramData\Spyware Terminator
2015-02-07 20:12 - 2015-02-07 20:12 - 00000000 ____D () C:\Users\Xristos\AppData\Roaming\Spyware Terminator
2015-02-07 20:12 - 2011-06-21 11:24 - 00032768 _____ () C:\Windows\system32\Drivers\sp_rsdrv2.sys
2015-02-07 18:50 - 2015-02-07 18:51 - 00000000 ____D () C:\sh4ldr
2015-02-07 18:45 - 2015-02-07 18:45 - 00019984 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-02-07 18:43 - 2015-02-07 18:43 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-02-07 18:16 - 2015-02-07 20:52 - 00000000 ____D () C:\AdwCleaner
2015-02-07 18:14 - 2015-02-07 18:14 - 02112512 _____ () C:\Users\Xristos\Desktop\adwcleaner_4.110.exe
2015-01-24 16:43 - 2014-11-25 22:50 - 02245219 _____ () C:\Users\Xristos\Desktop\MOV008.3gp
2015-01-14 17:42 - 2014-12-19 04:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 17:42 - 2014-12-19 03:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 17:42 - 2014-12-12 07:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 17:42 - 2014-12-12 07:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 17:42 - 2014-12-11 19:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 17:42 - 2014-12-06 05:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-08 01:13 - 2013-07-17 04:30 - 01868931 _____ () C:\Windows\WindowsUpdate.log
2015-02-08 01:12 - 2009-07-14 06:34 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-08 01:12 - 2009-07-14 06:34 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-08 01:04 - 2014-05-11 14:21 - 00000316 _____ () C:\Windows\Tasks\GlaryInitialize.job
2015-02-08 01:04 - 2013-07-17 19:28 - 00187500 _____ () C:\Windows\PFRO.log
2015-02-08 01:04 - 2013-07-17 19:16 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-08 01:04 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-08 01:04 - 2009-07-14 06:39 - 00036604 _____ () C:\Windows\setupact.log
2015-02-08 00:50 - 2013-07-17 19:16 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-08 00:27 - 2014-03-23 15:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-07 20:55 - 2013-07-20 12:37 - 00000000 ____D () C:\Users\Xristos\Desktop\Programme
2015-02-07 20:39 - 2013-07-20 17:02 - 00000000 ____D () C:\Users\Xristos\AppData\Roaming\Skype
2015-02-07 17:17 - 2013-07-17 19:39 - 00000000 ____D () C:\Users\Xristos\AppData\Roaming\DVDVideoSoft
2015-02-07 13:34 - 2013-07-17 19:36 - 00000000 ____D () C:\Users\Xristos\AppData\Roaming\MediaMonkey
2015-02-07 11:18 - 2013-07-17 20:01 - 00000000 ____D () C:\Users\Xristos\AppData\Local\SoulseekQt
2015-02-06 23:43 - 2013-07-20 17:02 - 00000000 ____D () C:\ProgramData\Skype
2015-02-06 23:42 - 2014-03-24 12:21 - 00000000 ___RD () C:\Program Files\Skype
2015-02-04 22:27 - 2014-03-23 15:46 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-04 22:27 - 2014-03-23 15:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-01 18:51 - 2014-08-14 21:37 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-01 18:51 - 2014-05-11 14:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-01 18:51 - 2014-05-11 14:05 - 00000000 ____D () C:\Program Files\Avira
2015-01-30 18:29 - 2013-08-19 11:58 - 00000000 ____D () C:\Users\Xristos\AppData\Roaming\vlc
2015-01-19 03:23 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-19 03:06 - 2013-07-16 20:58 - 00774404 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-15 03:07 - 2013-07-20 12:33 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 03:01 - 2013-07-16 21:58 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Xristos\AppData\Local\Temp\13a7bda6-2db0-4d93-9e5c-f640aa722ddf.exe
C:\Users\Xristos\AppData\Local\Temp\avgnt.exe
C:\Users\Xristos\AppData\Local\Temp\FreeStudio.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 06:46

==================== End Of Log ============================
         
--- --- ---

--- --- ---



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-02-2015
Ran by Xristos (administrator) on XRISTOS-PC on 08-02-2015 01:13:09
Running from C:\Users\Xristos\Desktop
Loaded Profiles: Xristos (Available profiles: Xristos)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [162856 2013-06-10] (Geek Software GmbH)
HKLM\...\Run: [ITSecMng] => C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2008-12-19] (TOSHIBA CORPORATION)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
Startup: C:\Users\Xristos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk /p \??\I:autocheck autochk * 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-3895304933-1129374030-3498339244-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland ? jetzt mit dem Hotmail Nachfolger Outlook und dem Messenger Nachfolger Skype
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Windows\system32\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\system32\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\system32\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\system32\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9 28 C:\Windows\system32\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3895304933-1129374030-3498339244-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Xristos\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.ksta.de/
CHR StartupUrls: Default -> "hxxp://google.de/", "hxxp://www.default-search.net?sid=503&aid=101&itype=n&ver=13437&tm=421&src=hmp"
CHR DefaultSearchURL: Default -> hxxp://www.default-search.net/search?sid=503&aid=101&itype=n&ver=13437&tm=421&src=ds&p={searchTerms}
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Xristos\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bejeweled) - C:\Users\Xristos\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2014-11-09]
CHR Extension: (Google Docs) - C:\Users\Xristos\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-17]
CHR Extension: (Google Drive) - C:\Users\Xristos\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Xristos\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-03]
CHR Extension: (YouTube) - C:\Users\Xristos\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-17]
CHR Extension: (Google-Suche) - C:\Users\Xristos\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-17]
CHR Extension: (AdBlock) - C:\Users\Xristos\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-07-17]
CHR Extension: (Jewel Puzzle) - C:\Users\Xristos\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmamlingnopoifbhacjmoopjnhdfmjen [2014-11-09]
CHR Extension: (Relaxing PacMan) - C:\Users\Xristos\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmgkcbpcpncgblalmiafacphddepkghj [2014-11-09]
CHR Extension: (Glossy Blue) - C:\Users\Xristos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nheaocaplknjkpcnbadlgfpdfjaabiml [2013-07-20]
CHR Extension: (Google Wallet) - C:\Users\Xristos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Google Mail) - C:\Users\Xristos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-17]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [276248 2012-05-10] (Intel Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 LavasoftTcpService; C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.1.4\LavasoftTcpService.exe [X]
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [X]
S2 ST2012_Svc; "C:\Program Files\Spyware Terminator\st_rsser.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus.sys [14336 2012-03-02] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag.sys [20736 2012-03-02] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps.sys [20096 2012-03-02] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem.sys [25088 2012-03-02] (LG Electronics Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-02-07] ()
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-17] (Intel Corporation)
R3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtwlane.sys [998544 2012-07-26] (Realtek Semiconductor Corporation                           )
R1 sp_rsdrv2; C:\Windows\system32\drivers\sp_rsdrv2.sys [32768 2011-06-21] () [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-25] (Avira GmbH)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 Tosrfcom; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-08 01:13 - 2015-02-08 01:13 - 00011250 _____ () C:\Users\Xristos\Desktop\FRST.txt
2015-02-08 01:12 - 2015-02-08 01:13 - 00000000 ____D () C:\FRST
2015-02-08 00:22 - 2015-02-08 00:23 - 01124352 _____ (Farbar) C:\Users\Xristos\Desktop\FRST.exe
2015-02-07 21:58 - 2015-02-07 21:58 - 00005064 _____ () C:\Windows\system32\LavasoftTcpService.ini
2015-02-07 21:58 - 2015-02-07 21:58 - 00002760 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-02-07 21:57 - 2015-01-23 06:39 - 00332216 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService.dll
2015-02-07 21:56 - 2015-02-07 21:56 - 00000000 ____D () C:\Users\Xristos\AppData\Roaming\LavasoftStatistics
2015-02-07 21:29 - 2015-02-07 22:01 - 00000000 ____D () C:\Program Files\Lavasoft
2015-02-07 21:23 - 2015-02-07 21:23 - 00509776 _____ () C:\Users\Xristos\Desktop\bookmarks_07.02.15.html
2015-02-07 21:16 - 2015-02-07 22:01 - 00000000 ____D () C:\Users\Xristos\AppData\Roaming\Lavasoft
2015-02-07 21:04 - 2015-02-07 22:01 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-02-07 20:12 - 2015-02-08 01:01 - 00000000 ____D () C:\ProgramData\Spyware Terminator
2015-02-07 20:12 - 2015-02-07 20:12 - 00000000 ____D () C:\Users\Xristos\AppData\Roaming\Spyware Terminator
2015-02-07 20:12 - 2011-06-21 11:24 - 00032768 _____ () C:\Windows\system32\Drivers\sp_rsdrv2.sys
2015-02-07 18:50 - 2015-02-07 18:51 - 00000000 ____D () C:\sh4ldr
2015-02-07 18:45 - 2015-02-07 18:45 - 00019984 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-02-07 18:43 - 2015-02-07 18:43 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-02-07 18:16 - 2015-02-07 20:52 - 00000000 ____D () C:\AdwCleaner
2015-02-07 18:14 - 2015-02-07 18:14 - 02112512 _____ () C:\Users\Xristos\Desktop\adwcleaner_4.110.exe
2015-01-24 16:43 - 2014-11-25 22:50 - 02245219 _____ () C:\Users\Xristos\Desktop\MOV008.3gp
2015-01-14 17:42 - 2014-12-19 04:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 17:42 - 2014-12-19 03:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 17:42 - 2014-12-12 07:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 17:42 - 2014-12-12 07:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 17:42 - 2014-12-11 19:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 17:42 - 2014-12-06 05:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-08 01:13 - 2013-07-17 04:30 - 01868931 _____ () C:\Windows\WindowsUpdate.log
2015-02-08 01:12 - 2009-07-14 06:34 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-08 01:12 - 2009-07-14 06:34 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-08 01:04 - 2014-05-11 14:21 - 00000316 _____ () C:\Windows\Tasks\GlaryInitialize.job
2015-02-08 01:04 - 2013-07-17 19:28 - 00187500 _____ () C:\Windows\PFRO.log
2015-02-08 01:04 - 2013-07-17 19:16 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-08 01:04 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-08 01:04 - 2009-07-14 06:39 - 00036604 _____ () C:\Windows\setupact.log
2015-02-08 00:50 - 2013-07-17 19:16 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-08 00:27 - 2014-03-23 15:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-07 20:55 - 2013-07-20 12:37 - 00000000 ____D () C:\Users\Xristos\Desktop\Programme
2015-02-07 20:39 - 2013-07-20 17:02 - 00000000 ____D () C:\Users\Xristos\AppData\Roaming\Skype
2015-02-07 17:17 - 2013-07-17 19:39 - 00000000 ____D () C:\Users\Xristos\AppData\Roaming\DVDVideoSoft
2015-02-07 13:34 - 2013-07-17 19:36 - 00000000 ____D () C:\Users\Xristos\AppData\Roaming\MediaMonkey
2015-02-07 11:18 - 2013-07-17 20:01 - 00000000 ____D () C:\Users\Xristos\AppData\Local\SoulseekQt
2015-02-06 23:43 - 2013-07-20 17:02 - 00000000 ____D () C:\ProgramData\Skype
2015-02-06 23:42 - 2014-03-24 12:21 - 00000000 ___RD () C:\Program Files\Skype
2015-02-04 22:27 - 2014-03-23 15:46 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-04 22:27 - 2014-03-23 15:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-01 18:51 - 2014-08-14 21:37 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-01 18:51 - 2014-05-11 14:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-01 18:51 - 2014-05-11 14:05 - 00000000 ____D () C:\Program Files\Avira
2015-01-30 18:29 - 2013-08-19 11:58 - 00000000 ____D () C:\Users\Xristos\AppData\Roaming\vlc
2015-01-19 03:23 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-19 03:06 - 2013-07-16 20:58 - 00774404 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-15 03:07 - 2013-07-20 12:33 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 03:01 - 2013-07-16 21:58 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Xristos\AppData\Local\Temp\13a7bda6-2db0-4d93-9e5c-f640aa722ddf.exe
C:\Users\Xristos\AppData\Local\Temp\avgnt.exe
C:\Users\Xristos\AppData\Local\Temp\FreeStudio.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 06:46

==================== End Of Log ============================
         
--- --- ---

--- --- ---
__________________

Alt 07.02.2015, 23:31   #4
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
ads by positive finds - Standard

ads by positive finds



Addition.txt fehlt...

Schritt 1



Bitte starte FRST erneut, markiere auch die checkbox und drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 07.02.2015, 23:32   #5
christo78
 
ads by positive finds - Standard

ads by positive finds



FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-02-2015
Ran by Xristos at 2015-02-08 01:13:59
Running from C:\Users\Xristos\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Avira (HKLM\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
Avira (Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v6.40.00(T) - TOSHIBA CORPORATION)
concept/design onlineTV 10 (HKLM\...\{DCAB9AAC-1D1C-4B94-99B7-AA7D2617BD64}_is1) (Version: 10.0.0.98 - concept/design GmbH)
Glary Utilities 2.56.0.1822 (HKLM\...\Glary Utilities_is1) (Version: 2.56.0.1822 - Glarysoft Ltd)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2752 - Intel Corporation)
LG United Mobile Driver (HKLM\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.8.1 - LG Electronics)
MediaMonkey 4.0 (HKLM\...\MediaMonkey_is1) (Version: 4.0 - Ventis Media Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MP3jam 1.1.1.9 (HKLM\...\MP3jam_is1) (Version: 1.1.1.9 - MP3jam)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
PDF24 Creator 5.6.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Realtek WLAN Driver (HKLM\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Schoener Fernsehen 0.0.0.1 (HKLM\...\Schoener Fernsehen) (Version: 0.0.0.1 - © schoener-fernsehen.com)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SoulseekQt (HKLM\...\SoulseekQt) (Version:  - )
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.19617 - TeamViewer)
TIPP10 Version 2.1.0 (HKLM\...\TIPP10_is1) (Version:  - (c) 2006-2011, Tom Thielicke IT Solutions)
TuneUp Utilities Language Pack (en-US) (Version: 13.0.3000.138 - TuneUp Software) Hidden
Unity Web Player (HKU\S-1-5-21-3895304933-1129374030-3498339244-1000\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
VLC media player 2.0.7 (HKLM\...\VLC media player) (Version: 2.0.7 - VideoLAN)
WinRAR 4.20 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3895304933-1129374030-3498339244-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Xristos\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)

==================== Restore Points  =========================

06-02-2015 23:31:49 Uniblue PC Mechanic installation
06-02-2015 23:38:28 Revo Uninstaller's restore point - PC Mechanic
07-02-2015 17:09:13 Revo Uninstaller's restore point - Free Studio version 6.4.3.128
07-02-2015 19:53:24 Revo Uninstaller's restore point - SpyHunter 4
07-02-2015 20:56:04 Revo Uninstaller's restore point - Spyware Terminator 2012
07-02-2015 21:04:27 AA11
07-02-2015 21:39:15 LavasoftWeCompanion
07-02-2015 21:59:41 AA11

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {18CC420B-2672-4254-85CF-8A16A11EE503} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {24CB10A2-EB11-43F3-AA9D-32A5B46C7FA3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {3066FA2C-89F2-4905-82B9-D90ED6AB15F8} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {331B8441-8067-4D85-A63E-DAFEB86D1E46} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-07-17] (Google Inc.)
Task: {4D0701FF-9A31-49C5-9AD4-537983A0DA3A} - System32\Tasks\{9CF3107E-D1FB-42BF-ACF9-37547BFE9734} => pcalua.exe -a "C:\Program Files\Toshiba\Bluetooth Toshiba Stack\As0.exe" -d "C:\Program Files\Toshiba\Bluetooth Toshiba Stack" -c /MODE=0 /q
Task: {93440C83-512D-41ED-BB1F-79B80D3CF6E7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-07-17] (Google Inc.)
Task: {EE4F41E0-DCA3-4FED-8EC9-2B05911EB08E} - System32\Tasks\GlaryInitialize => C:\Program Files\Glary Utilities\initialize.exe [2013-05-27] (Glarysoft Ltd)
Task: {F113DC57-FE81-4EA0-BC46-AFCBFC427B45} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files\Glary Utilities\initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-07-17 19:36 - 2012-11-12 00:38 - 00077824 _____ () C:\Program Files\MediaMonkey\DeskPlayer.dll
2012-05-10 14:16 - 2012-05-10 14:16 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2015-02-06 00:55 - 2015-02-04 11:02 - 01117512 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-06 00:55 - 2015-02-04 11:02 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-06 00:55 - 2015-02-04 11:02 - 09170760 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\pdf.dll
2015-02-06 00:55 - 2015-02-04 11:02 - 14965064 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3895304933-1129374030-3498339244-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Xristos\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3895304933-1129374030-3498339244-500 - Administrator - Disabled)
Guest (S-1-5-21-3895304933-1129374030-3498339244-501 - Limited - Disabled)
Xristos (S-1-5-21-3895304933-1129374030-3498339244-1000 - Administrator - Enabled) => C:\Users\Xristos

==================== Faulty Device Manager Devices =============

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/07/2015 07:53:15 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {7f96db55-1a7f-4d2e-bcf0-ee6e8ce53428}

Error: (02/07/2015 05:09:00 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {c58b8c91-9aa9-4564-a525-c635eb57bc94}

Error: (02/07/2015 09:28:16 AM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=40.0.2214.111;lang=;guid=361DD54ECDC045BBB6B5F403711FB844;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\bee2d0ee-1be7-4406-9665-a67ef2a0f19b.dmp

Error: (02/06/2015 11:31:39 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {b2ee50e8-8ae0-4f22-9779-e406b5e31c1c}

Error: (02/05/2015 07:43:11 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=39.0.2171.99;lang=;guid=361DD54ECDC045BBB6B5F403711FB844;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\f0aa59f5-8dc8-411d-aeeb-0f09f95f0af4.dmp

Error: (02/03/2015 08:07:18 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=39.0.2171.99;lang=;guid=361DD54ECDC045BBB6B5F403711FB844;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\d69bfb6d-1723-44bc-a940-a098be82c0e6.dmp

Error: (02/02/2015 01:48:31 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=39.0.2171.99;lang=;guid=361DD54ECDC045BBB6B5F403711FB844;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\88a7bb28-827a-4a00-bd49-04c65bdafe3a.dmp

Error: (02/01/2015 07:39:39 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=39.0.2171.99;lang=;guid=361DD54ECDC045BBB6B5F403711FB844;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\4f260cca-7352-4b0c-bdfa-d663004bb3ab.dmp

Error: (01/30/2015 07:03:46 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=39.0.2171.99;lang=;guid=361DD54ECDC045BBB6B5F403711FB844;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\65a911f3-bd38-43ad-9bf4-b86adfe9143c.dmp

Error: (01/29/2015 11:06:49 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=39.0.2171.99;lang=;guid=361DD54ECDC045BBB6B5F403711FB844;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\f05758eb-7b43-4a0d-9d53-cb0dbac18b55.dmp


System errors:
=============
Error: (02/08/2015 01:05:14 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Service Host service to connect.

Error: (02/08/2015 01:04:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spyware Terminator 2012 Realtime Shield Service service failed to start due to the following error: 
%%2

Error: (02/08/2015 01:04:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LavasoftTcpService service failed to start due to the following error: 
%%2

Error: (02/08/2015 01:04:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SpyHunter 4 Service service failed to start due to the following error: 
%%2

Error: (02/07/2015 09:50:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the IE Search Set service to connect.

Error: (02/07/2015 09:50:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the IE Search Set service to connect.

Error: (02/07/2015 06:19:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Service Host service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (02/07/2015 06:19:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (02/07/2015 06:19:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (02/07/2015 06:19:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (02/07/2015 07:53:15 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {7f96db55-1a7f-4d2e-bcf0-ee6e8ce53428}

Error: (02/07/2015 05:09:00 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {c58b8c91-9aa9-4564-a525-c635eb57bc94}

Error: (02/07/2015 09:28:16 AM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=40.0.2214.111;lang=;guid=361DD54ECDC045BBB6B5F403711FB844;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\bee2d0ee-1be7-4406-9665-a67ef2a0f19b.dmp

Error: (02/06/2015 11:31:39 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {b2ee50e8-8ae0-4f22-9779-e406b5e31c1c}

Error: (02/05/2015 07:43:11 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=39.0.2171.99;lang=;guid=361DD54ECDC045BBB6B5F403711FB844;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\f0aa59f5-8dc8-411d-aeeb-0f09f95f0af4.dmp

Error: (02/03/2015 08:07:18 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=39.0.2171.99;lang=;guid=361DD54ECDC045BBB6B5F403711FB844;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\d69bfb6d-1723-44bc-a940-a098be82c0e6.dmp

Error: (02/02/2015 01:48:31 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=39.0.2171.99;lang=;guid=361DD54ECDC045BBB6B5F403711FB844;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\88a7bb28-827a-4a00-bd49-04c65bdafe3a.dmp

Error: (02/01/2015 07:39:39 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=39.0.2171.99;lang=;guid=361DD54ECDC045BBB6B5F403711FB844;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\4f260cca-7352-4b0c-bdfa-d663004bb3ab.dmp

Error: (01/30/2015 07:03:46 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=39.0.2171.99;lang=;guid=361DD54ECDC045BBB6B5F403711FB844;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\65a911f3-bd38-43ad-9bf4-b86adfe9143c.dmp

Error: (01/29/2015 11:06:49 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=39.0.2171.99;lang=;guid=361DD54ECDC045BBB6B5F403711FB844;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\f05758eb-7b43-4a0d-9d53-cb0dbac18b55.dmp


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU B960 @ 2.20GHz
Percentage of memory in use: 61%
Total physical RAM: 2715.8 MB
Available physical RAM: 1040.85 MB
Total Pagefile: 5429.9 MB
Available Pagefile: 3291.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1878.23 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.56 GB) (Free:68.72 GB) NTFS
Drive d: () (Fixed) (Total:600.98 GB) (Free:491.63 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 84E0C100)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=601 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
--- --- ---


Alt 08.02.2015, 10:39   #6
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
ads by positive finds - Standard

ads by positive finds



Hi,

(hast schon mal verwendet. Bitte trotzdem neu auf den Desktop laden)
Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 2

  • Download
  • Installiere das Programm in den vorgegebenen Pfad.
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
  • Unter Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
  • Klicke im Anschluss auf "Suchlauf", wähle den Bedrohungssuchlauf aus, aktualisiere die Datenbanken und klicke auf "Suchlauf jetzt starten".
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. (geht so...)
  • Poste mir den Inhalt der Logdatei (geht so...). Klicke dazu auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Klicke auf "In Zwischenablage kopieren" poste mir den Inhalt in Code-Tags als Antwort in den Thread.
__________________
--> ads by positive finds

Alt 08.02.2015, 12:44   #7
christo78
 
ads by positive finds - Standard

ads by positive finds



AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v4.110 - Logfile created 08/02/2015 at 13:55:16
# Updated 05/02/2015 by Xplode
# Database : 2015-02-05.2 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x86)
# Username : Xristos - XRISTOS-PC
# Running from : C:\Users\Xristos\Desktop\AdwCleaner_4.110.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Google Chrome v40.0.2214.111

[C:\Users\Xristos\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://sportbild.bild.de/kddb/cms/websearchsport.do?query={searchTerms}
[C:\Users\Xristos\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Xristos\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Xristos\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.softonic.de/s/{searchTerms}
[C:\Users\Xristos\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.default-search.net/search?sid=503&aid=101&itype=n&ver=13437&tm=421&src=ds&p={searchTerms}

*************************

AdwCleaner[R2].txt - [2466 bytes] - [08/02/2015 13:49:18]
AdwCleaner[S1].txt - [2425 bytes] - [08/02/2015 13:55:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2484  bytes] ##########
         
--- --- ---


Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Scan Date: 08.02.2015
Scan Time: 13:59:57
Logfile: malwarbytes logs.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.08.04
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Xristos

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 292758
Time Elapsed: 14 min, 15 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Adware.Agent, C:\Users\Xristos\AppData\Local\Temp\PositiveFinds\Setup.exe, Quarantined, [c341de3e9bef41f5a624b650f40c39c7],

Physical Sectors: 0
(No malicious items detected)


(end)

ich habe jetzt mal nachgeschaut.

die google ergebnisse sind immernoch betroffen. ueber den normalen ergebnissen erscheinen diese ads by positive finds ergebnisse.

die werbung unten links und in der mitte werden "nur" noch auf einigen seiten angezeigt. vorher wurden sie auf fast jeder seite eingeblendet.

Alt 08.02.2015, 14:48   #8
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
ads by positive finds - Standard

ads by positive finds



Schritt 1


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Schritt 2
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    ATTFilter
    :filefind
    *Positive Finds*
    
    :folderfind
    *Positive Finds*
    
    :regfind
    PositiveFinds
             
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.

__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 08.02.2015, 19:18   #9
christo78
 
ads by positive finds - Standard

ads by positive finds



ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=9b82f73f14dcb64681f371412b88e87b
# engine=22365
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-08 07:04:27
# local_time=2015-02-08 09:04:27 (+0200, GTB Standard Time)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 20170 30108203 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 23612203 175053458 0 0
# scanned=120422
# found=26
# cleaned=0
# scan_time=6133
sh=E4B1E3AB66DE6D6599C76BCB1C3A19B56FFC61B7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3895304933-1129374030-3498339244-1000\$RJQRW15\Quarantine\C\Program Files\Go HD\9adc5a90-ccbb-4d8f-b9ef-4e84da4c5501.crx.vir"
sh=14BA9D7EB2316E6D47A4D2D4344998AB893F3D08 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3895304933-1129374030-3498339244-1000\$RJQRW15\Quarantine\C\Program Files\Go HD\9adc5a90-ccbb-4d8f-b9ef-4e84da4c5501.xpi.vir"
sh=F78CD746B7096355651062E3503CB41EDD8D1D56 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3895304933-1129374030-3498339244-1000\$RJQRW15\Quarantine\C\Program Files\Go HD\f1f86273-4705-4708-809e-eed2b99d63b0.crx.vir"
sh=06848BD3BE1D02CB51B4316E1239DAFDFE2980D1 ft=1 fh=7e007c0e18db059b vn="Variante von Win32/Toolbar.CrossRider.AW evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3895304933-1129374030-3498339244-1000\$RJQRW15\Quarantine\C\Program Files\Go HD\Uninstall.exe.vir"
sh=77951A2F96DA741C23CF16AD80E4F4AEDB1EE577 ft=1 fh=9d4b4d1c7062c0c3 vn="Win32/Packed.VMDetector.I evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3895304933-1129374030-3498339244-1000\$RJQRW15\Quarantine\C\Program Files\Go HD\utils.exe.vir"
sh=A3D182E6FBBA2CDC9EA6F741134906313058DF21 ft=1 fh=598238fe7a72c6cc vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3895304933-1129374030-3498339244-1000\$RJQRW15\Quarantine\C\Program Files\Settings Manager\systemk\Helper.dll.vir"
sh=D3A17DB947B22F74F4DBDC1040C8C7FE1A39E977 ft=1 fh=808f2365e16d80dd vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3895304933-1129374030-3498339244-1000\$RJQRW15\Quarantine\C\Program Files\Settings Manager\systemk\Internet Explorer Settings.exe.vir"
sh=D73EA0B7CD29DCE0958304A2D947EB11855E98E7 ft=1 fh=40cc0815a904b668 vn="Variante von Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3895304933-1129374030-3498339244-1000\$RJQRW15\Quarantine\C\Program Files\Settings Manager\systemk\smdmf.dll.vir"
sh=2B7D39B41FB9B6148C2977963ADDA56273699A18 ft=1 fh=37c833071feb9189 vn="Variante von Win32/Toolbar.SearchSuite.S evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3895304933-1129374030-3498339244-1000\$RJQRW15\Quarantine\C\Program Files\Settings Manager\systemk\smdmfldr.dll.vir"
sh=29E8D3623C294EC3ACAB51AE984E9C322914252A ft=1 fh=c7c6d331c79930fe vn="Variante von Win32/Toolbar.SearchSuite.S evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3895304933-1129374030-3498339244-1000\$RJQRW15\Quarantine\C\Program Files\Settings Manager\systemk\smdmfldr_u.dll.vir"
sh=64DD3AB3A1055A9B4EDFEE5CD926293DC7EE31C4 ft=1 fh=fc5782ea9e4e7fd8 vn="Variante von Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3895304933-1129374030-3498339244-1000\$RJQRW15\Quarantine\C\Program Files\Settings Manager\systemk\sysapcrt.dll.vir"
sh=C8361EAED7489D0686E6E6C3612C55B34C5D62E6 ft=1 fh=ab893130484eb95a vn="Variante von Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3895304933-1129374030-3498339244-1000\$RJQRW15\Quarantine\C\Program Files\Settings Manager\systemk\systemkbho.dll.vir"
sh=B2F0D5189CCE6823C2FE4A4BCE64577A6300A982 ft=1 fh=a6cee05192fbaa42 vn="Variante von Win32/AdWare.Bandoo.AG Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3895304933-1129374030-3498339244-1000\$RJQRW15\Quarantine\C\Program Files\Settings Manager\systemk\systemkmgrc2.cfg.vir"
sh=1627F96E60F1CFBCBEDA2030CA811BC700BF29F8 ft=1 fh=903352c0b8dc0bcb vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3895304933-1129374030-3498339244-1000\$RJQRW15\Quarantine\C\Program Files\Settings Manager\systemk\systemku.exe.vir"
sh=1AD29B8AC4F174DCEECB46A0140A8202E01A99A7 ft=1 fh=cf636633188dbf2b vn="Variante von Win32/Toolbar.SearchSuite.U evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3895304933-1129374030-3498339244-1000\$RJQRW15\Quarantine\C\Program Files\Settings Manager\systemk\tbicon.exe.vir"
sh=47B49D5EC8F2FFB6A65927F3F49D5205586A31C6 ft=1 fh=26472fc274222e57 vn="Variante von Win32/Toolbar.SearchSuite.AA.gen evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3895304933-1129374030-3498339244-1000\$RJQRW15\Quarantine\C\Program Files\Settings Manager\systemk\Uninstall.exe.vir"
sh=8B8C38089F107DED6CE7F1372DD4E23C48B4AA45 ft=1 fh=395c154e8cb82fab vn="Variante von Win32/Toolbar.SearchSuite.AA.gen evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3895304933-1129374030-3498339244-1000\$RJQRW15\Quarantine\C\Users\Xristos\AppData\Roaming\OpenCandy\28BB6238829A42C9A61E217F0B0F155B\SettingsManagerSetup.exe.vir"
sh=1A278C9611A807BB4319B4DBC0CC28D5B61139E2 ft=1 fh=dc9029d19ecf454f vn="Win32/Systweak.G evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3895304933-1129374030-3498339244-1000\$RJQRW15\Quarantine\C\Users\Xristos\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir"
sh=05F8836ECCA673FE6A2B982D7B23D45C11B9B9A2 ft=1 fh=62e2665616fbee55 vn="Variante von Win32/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3895304933-1129374030-3498339244-1000\$RJQRW15\Quarantine\C\Windows\system32\roboot.exe.vir"
sh=555DF40180DE40368CC0594D8E9C35F692A68857 ft=1 fh=fef808299896d418 vn="Win32/UniBlue.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Xristos\AppData\Local\Temp\is-NUJL7.tmp\pm-standalone-setup.exe"
sh=7F29C65D27184E6C1E65253A19154568335D994C ft=1 fh=8dfecc9f0b4d34d4 vn="Win32/AdvancedSystemProtector.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\sasnative32.exe"
sh=F5B20038C6E57AAEBF78CADA3FB93A2189F22F14 ft=1 fh=009962ef78bab5a2 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\Glary Utilities - CHIP-Downloader.exe"
sh=5E416D4C9A337FA87941F249A79589EEACFC978C ft=1 fh=c8671f48521ccade vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\MP3jam - CHIP-Downloader.exe"
sh=C55F013531F8A6516D78ACF9AB3CF47DFD40707F ft=1 fh=a9b7f598d3e9fc51 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\onlineTV - CHIP-Installer.exe"
sh=6C6F628150E2257E40D815752BD3C5BF8BC5E183 ft=1 fh=bcac78353c1f6729 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\Revo Uninstaller - CHIP-Downloader.exe"
sh=BF17CA421FA4095EB014F421CA9482DE378850A0 ft=1 fh=e997377514c241f7 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\Schoener Fernsehen - CHIP-Installer.exe"

SystemLook 30.07.11 by jpshortstuff
Log created at 21:11 on 08/02/2015 by Xristos
Administrator - Elevation successful

========== filefind ==========

Searching for "*Positive Finds*"
No files found.

========== folderfind ==========

Searching for "*Positive Finds*"
C:\$Recycle.Bin\S-1-5-21-3895304933-1129374030-3498339244-1000\$RJQRW15\Quarantine\C\Program Files\Positive Finds d------ [16:19 07/02/2015]

========== regfind ==========

Searching for "PositiveFinds"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1da17428-323d-48ff-857c-98cfee48bfd5}]
"LocalService"="Update Mgr PositiveFinds"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{9c81d00a-3daa-48ab-90c7-8252119abb93}]
"LocalService"="Service Mgr PositiveFinds"

-= EOF =-

Alt 08.02.2015, 19:28   #10
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
ads by positive finds - Standard

ads by positive finds



Kannste mal bitte editieren und in Code-Tags posten...Danke
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 08.02.2015, 19:44   #11
christo78
 
ads by positive finds - Standard

ads by positive finds



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=9b82f73f14dcb64681f371412b88e87b
# engine=22365
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-08 07:04:27
# local_time=2015-02-08 09:04:27 (+0200, GTB Standard Time)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 20170 30108203 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 23612203 175053458 0 0
# scanned=120422
# found=26
# cleaned=0
# scan_time=6133
sh=E4B1E3AB66DE6D6599C76BCB1C3A19B56FFC61B7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3895304933-1129374030-3498339244-1000\$RJQRW15\Quarantine\C\Program Files\Go HD\9adc5a90-ccbb-4d8f-b9ef-4e84da4c5501.crx.vir"
sh=14BA9D7EB2316E6D47A4D2D4344998AB893F3D08 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3895304933-1129374030-3498339244-1000\$RJQRW15\Quarantine\C\Program Files\Go HD\9adc5a90-ccbb-4d8f-b9ef-4e84da4c5501.xpi.vir"
sh=F78CD746B7096355651062E3503CB41EDD8D1D56 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3895304933-1129374030-3498339244-1000\$RJQRW15\Quarantine\C\Program Files\Go HD\f1f86273-4705-4708-809e-eed2b99d63b0.crx.vir"
sh=06848BD3BE1D02CB51B4316E1239DAFDFE2980D1 ft=1 fh=7e007c0e18db059b vn="Variante von Win32/Toolbar.CrossRider.AW evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3895304933-1129374030-3498339244-1000\$RJQRW15\Quarantine\C\Program Files\Go HD\Uninstall.exe.vir"
sh=77951A2F96DA741C23CF16AD80E4F4AEDB1EE577 ft=1 fh=9d4b4d1c7062c0c3 vn="Win32/Packed.VMDetector.I evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3895304933-1129374030-3498339244-1000\$RJQRW15\Quarantine\C\Program Files\Go HD\utils.exe.vir"
sh=A3D182E6FBBA2CDC9EA6F741134906313058DF21 ft=1 fh=598238fe7a72c6cc vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3895304933-1129374030-3498339244-1000\$RJQRW15\Quarantine\C\Program Files\Settings Manager\systemk\Helper.dll.vir"
sh=D3A17DB947B22F74F4DBDC1040C8C7FE1A39E977 ft=1 fh=808f2365e16d80dd vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3895304933-1129374030-3498339244-1000\$RJQRW15\Quarantine\C\Program Files\Settings Manager\systemk\Internet Explorer Settings.exe.vir"
sh=D73EA0B7CD29DCE0958304A2D947EB11855E98E7 ft=1 fh=40cc0815a904b668 vn="Variante von Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3895304933-1129374030-3498339244-1000\$RJQRW15\Quarantine\C\Program Files\Settings Manager\systemk\smdmf.dll.vir"
sh=2B7D39B41FB9B6148C2977963ADDA56273699A18 ft=1 fh=37c833071feb9189 vn="Variante von Win32/Toolbar.SearchSuite.S evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3895304933-1129374030-3498339244-1000\$RJQRW15\Quarantine\C\Program Files\Settings Manager\systemk\smdmfldr.dll.vir"
sh=29E8D3623C294EC3ACAB51AE984E9C322914252A ft=1 fh=c7c6d331c79930fe vn="Variante von Win32/Toolbar.SearchSuite.S evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3895304933-1129374030-3498339244-1000\$RJQRW15\Quarantine\C\Program Files\Settings Manager\systemk\smdmfldr_u.dll.vir"
sh=64DD3AB3A1055A9B4EDFEE5CD926293DC7EE31C4 ft=1 fh=fc5782ea9e4e7fd8 vn="Variante von Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3895304933-1129374030-3498339244-1000\$RJQRW15\Quarantine\C\Program Files\Settings Manager\systemk\sysapcrt.dll.vir"
sh=C8361EAED7489D0686E6E6C3612C55B34C5D62E6 ft=1 fh=ab893130484eb95a vn="Variante von Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3895304933-1129374030-3498339244-1000\$RJQRW15\Quarantine\C\Program Files\Settings Manager\systemk\systemkbho.dll.vir"
sh=B2F0D5189CCE6823C2FE4A4BCE64577A6300A982 ft=1 fh=a6cee05192fbaa42 vn="Variante von Win32/AdWare.Bandoo.AG Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3895304933-1129374030-3498339244-1000\$RJQRW15\Quarantine\C\Program Files\Settings Manager\systemk\systemkmgrc2.cfg.vir"
sh=1627F96E60F1CFBCBEDA2030CA811BC700BF29F8 ft=1 fh=903352c0b8dc0bcb vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3895304933-1129374030-3498339244-1000\$RJQRW15\Quarantine\C\Program Files\Settings Manager\systemk\systemku.exe.vir"
sh=1AD29B8AC4F174DCEECB46A0140A8202E01A99A7 ft=1 fh=cf636633188dbf2b vn="Variante von Win32/Toolbar.SearchSuite.U evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3895304933-1129374030-3498339244-1000\$RJQRW15\Quarantine\C\Program Files\Settings Manager\systemk\tbicon.exe.vir"
sh=47B49D5EC8F2FFB6A65927F3F49D5205586A31C6 ft=1 fh=26472fc274222e57 vn="Variante von Win32/Toolbar.SearchSuite.AA.gen evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3895304933-1129374030-3498339244-1000\$RJQRW15\Quarantine\C\Program Files\Settings Manager\systemk\Uninstall.exe.vir"
sh=8B8C38089F107DED6CE7F1372DD4E23C48B4AA45 ft=1 fh=395c154e8cb82fab vn="Variante von Win32/Toolbar.SearchSuite.AA.gen evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3895304933-1129374030-3498339244-1000\$RJQRW15\Quarantine\C\Users\Xristos\AppData\Roaming\OpenCandy\28BB6238829A42C9A61E217F0B0F155B\SettingsManagerSetup.exe.vir"
sh=1A278C9611A807BB4319B4DBC0CC28D5B61139E2 ft=1 fh=dc9029d19ecf454f vn="Win32/Systweak.G evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3895304933-1129374030-3498339244-1000\$RJQRW15\Quarantine\C\Users\Xristos\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir"
sh=05F8836ECCA673FE6A2B982D7B23D45C11B9B9A2 ft=1 fh=62e2665616fbee55 vn="Variante von Win32/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3895304933-1129374030-3498339244-1000\$RJQRW15\Quarantine\C\Windows\system32\roboot.exe.vir"
sh=555DF40180DE40368CC0594D8E9C35F692A68857 ft=1 fh=fef808299896d418 vn="Win32/UniBlue.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Xristos\AppData\Local\Temp\is-NUJL7.tmp\pm-standalone-setup.exe"
sh=7F29C65D27184E6C1E65253A19154568335D994C ft=1 fh=8dfecc9f0b4d34d4 vn="Win32/AdvancedSystemProtector.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\sasnative32.exe"
sh=F5B20038C6E57AAEBF78CADA3FB93A2189F22F14 ft=1 fh=009962ef78bab5a2 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\Glary Utilities - CHIP-Downloader.exe"
sh=5E416D4C9A337FA87941F249A79589EEACFC978C ft=1 fh=c8671f48521ccade vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\MP3jam - CHIP-Downloader.exe"
sh=C55F013531F8A6516D78ACF9AB3CF47DFD40707F ft=1 fh=a9b7f598d3e9fc51 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\onlineTV - CHIP-Installer.exe"
sh=6C6F628150E2257E40D815752BD3C5BF8BC5E183 ft=1 fh=bcac78353c1f6729 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\Revo Uninstaller - CHIP-Downloader.exe"
sh=BF17CA421FA4095EB014F421CA9482DE378850A0 ft=1 fh=e997377514c241f7 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\Schoener Fernsehen - CHIP-Installer.exe"
         
Code:
ATTFilter
SystemLook 30.07.11 by jpshortstuff
Log created at 21:11 on 08/02/2015 by Xristos
Administrator - Elevation successful

========== filefind ==========

Searching for "*Positive Finds*"
No files found.

========== folderfind ==========

Searching for "*Positive Finds*"
C:\$Recycle.Bin\S-1-5-21-3895304933-1129374030-3498339244-1000\$RJQRW15\Quarantine\C\Program Files\Positive Finds	d------	[16:19 07/02/2015]

========== regfind ==========

Searching for "PositiveFinds"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1da17428-323d-48ff-857c-98cfee48bfd5}]
"LocalService"="Update Mgr PositiveFinds"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{9c81d00a-3daa-48ab-90c7-8252119abb93}]
"LocalService"="Service Mgr PositiveFinds"

-= EOF =-
         

Alt 08.02.2015, 21:58   #12
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
ads by positive finds - Standard

ads by positive finds



Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?

Falls ja,

Reset:

Code:
ATTFilter
chrome://settings/resetProfileSettings
         
in die URL-Zeile von chrome kopieren und ENTER drücken.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Antwort

Themen zu ads by positive finds
ads, ads by positive finds, angebot, antivirus, aware, computer, control, download, gen, google, hallo zusammen, klicke, laptop, neue, neuer, nicht mehr, probleme, programm, rechtsklick, spyware, suchergebnisse, version, virus, werbefenster, windows, windows 7



Ähnliche Themen: ads by positive finds


  1. Positive Finds ads
    Plagegeister aller Art und deren Bekämpfung - 26.02.2015 (10)
  2. Positive Finds ads auf meinem PC
    Plagegeister aller Art und deren Bekämpfung - 22.02.2015 (14)
  3. Positive Finds eingefangen.
    Plagegeister aller Art und deren Bekämpfung - 20.02.2015 (15)
  4. Positive Finds ads, ABP
    Log-Analyse und Auswertung - 19.02.2015 (8)
  5. Positive finds
    Plagegeister aller Art und deren Bekämpfung - 15.02.2015 (13)
  6. Positive Finds Ads entfernen
    Plagegeister aller Art und deren Bekämpfung - 15.02.2015 (19)
  7. Positive Finds Problem
    Plagegeister aller Art und deren Bekämpfung - 13.02.2015 (13)
  8. Positive finds
    Plagegeister aller Art und deren Bekämpfung - 12.02.2015 (52)
  9. positive finds Werbung
    Plagegeister aller Art und deren Bekämpfung - 11.02.2015 (3)
  10. Positive finds wie löschen?
    Plagegeister aller Art und deren Bekämpfung - 07.02.2015 (20)
  11. Positive finds ads Problem!
    Plagegeister aller Art und deren Bekämpfung - 07.02.2015 (9)
  12. Positive Finds - Windows 8.1
    Plagegeister aller Art und deren Bekämpfung - 05.02.2015 (15)
  13. Positive Finds
    Plagegeister aller Art und deren Bekämpfung - 04.02.2015 (13)
  14. Positive Finds Ads
    Plagegeister aller Art und deren Bekämpfung - 04.02.2015 (13)
  15. Positive Finds ads ist hartnäckig!
    Log-Analyse und Auswertung - 02.02.2015 (1)
  16. Probleme mit Positive Finds
    Plagegeister aller Art und deren Bekämpfung - 02.02.2015 (23)
  17. Positive finds ads entfernen
    Plagegeister aller Art und deren Bekämpfung - 31.01.2015 (21)

Zum Thema ads by positive finds - hallo zusammen, habe mir gestern oder heute wohl einen virus eingefangen (ads by positive finds) und werde ihn nicht mehr los. gestern habe ich die neue freestudio version von chip.de - ads by positive finds...
Archiv
Du betrachtest: ads by positive finds auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.