El-Hermano | 07.08.2014 21:57 | Antwort Teil 1:
Hallo,
habe nun das Programm "Anti-Malware" installiert und ausgeführt.
Allerdings hat der Suchlauf keine Viren/Funde gefunden.
Dennoch vollständigkeitshalber der "mbam.txt." : Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Protection, 06.08.2014 21:25:59, SYSTEM, ALIKUNDOLGA-PC, Protection, Malware Protection, Starting,
Protection, 06.08.2014 21:25:59, SYSTEM, ALIKUNDOLGA-PC, Protection, Malware Protection, Started,
Protection, 06.08.2014 21:25:59, SYSTEM, ALIKUNDOLGA-PC, Protection, Malicious Website Protection, Starting,
Update, 06.08.2014 21:26:04, SYSTEM, ALIKUNDOLGA-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.8.4.1,
Update, 06.08.2014 21:26:08, SYSTEM, ALIKUNDOLGA-PC, Manual, Malware Database, 2014.3.4.9, 2014.8.7.8,
Protection, 06.08.2014 21:26:09, SYSTEM, ALIKUNDOLGA-PC, Protection, Refresh, Starting,
Protection, 06.08.2014 21:26:22, SYSTEM, ALIKUNDOLGA-PC, Protection, Malicious Website Protection, Started,
Protection, 06.08.2014 21:26:22, SYSTEM, ALIKUNDOLGA-PC, Protection, Malicious Website Protection, Stopping,
Protection, 06.08.2014 21:26:22, SYSTEM, ALIKUNDOLGA-PC, Protection, Malicious Website Protection, Stopped,
Protection, 06.08.2014 21:26:27, SYSTEM, ALIKUNDOLGA-PC, Protection, Refresh, Success,
Protection, 06.08.2014 21:26:27, SYSTEM, ALIKUNDOLGA-PC, Protection, Malicious Website Protection, Starting,
Protection, 06.08.2014 21:26:27, SYSTEM, ALIKUNDOLGA-PC, Protection, Malicious Website Protection, Started,
Detection, 06.08.2014 21:40:29, SYSTEM, ALIKUNDOLGA-PC, Protection, Malicious Website Protection, IP, 41.233.125.6, 56141, Inbound, C:\Users\Alik und Olga\AppData\Roaming\uTorrent\uTorrent.exe,
Detection, 06.08.2014 21:40:30, SYSTEM, ALIKUNDOLGA-PC, Protection, Malicious Website Protection, IP, 41.233.125.6, 56141, Inbound, C:\Users\Alik und Olga\AppData\Roaming\uTorrent\uTorrent.exe,
Update, 06.08.2014 21:44:05, SYSTEM, ALIKUNDOLGA-PC, Scheduler, Malware Database, 2014.8.7.8, 2014.8.7.9,
(end)
Und eine andere Frage hätte ich auch noch: Darf ich die Programme schön löschen, die du mir beauftragst hattest runterzuladen oder sollte ich sie lieber auf dem Rechner lassen ?
Weil leider hat mein Vater schon "Combofix" gelöscht -.-
Ist das schlimm ? sollte ich es erneut runterladen ?
By the way: Facebook, Youtube etc. funktionieren wieder :)
EDIT:
Komme mit dem "AdwCleaner" nicht so zurecht. Nachdem ich "ok" bestätige kommt dann die Anzeige "Aut2exe funktioniert nicht mehr". Dann wird versucht das Problem zu lösen usw....
EDIT 2:
Hier der Junkware Code: Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Alik und Olga on 06.08.2014 at 22:38:33,20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Alik und Olga\AppData\Roaming\mozilla\firefox\profiles\trmqrlmd.default\minidumps [47 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.08.2014 at 22:49:50,23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Da ich schon zu oft editiert habe hier nochmal ein Doppelpost bezüglich des FST-Codes: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2014
Ran by Alik und Olga (administrator) on ALIKUNDOLGA-PC on 06-08-2014 22:53:48
Running from C:\Users\Alik und Olga\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Englisch (USA)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2792448 2009-12-04] (VIA)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2015-07-04] (AVAST Software)
HKU\S-1-5-21-828265620-4071660053-2745829792-1001\...\Run: [uTorrent] => C:\Users\Alik und Olga\AppData\Roaming\uTorrent\uTorrent.exe [1322832 2015-07-02] (BitTorrent Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF0551D5CE94ECF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Alik und Olga\AppData\Roaming\Mozilla\Firefox\Profiles\trmqrlmd.default
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Alik und Olga\AppData\Roaming\Mozilla\Firefox\Profiles\trmqrlmd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-10]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-02]
Chrome:
=======
CHR Extension: (Docs) - C:\Users\Alik und Olga\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-03]
CHR Extension: (Google Drive) - C:\Users\Alik und Olga\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-03]
CHR Extension: (YouTube) - C:\Users\Alik und Olga\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-03]
CHR Extension: (Google-Suche) - C:\Users\Alik und Olga\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-03]
CHR Extension: (Google Mail) - C:\Users\Alik und Olga\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-03]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-28]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-04-28] (AVAST Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-04-28] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2015-04-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-04-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-04-28] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2015-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2015-05-15] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2015-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2015-04-28] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-08-05 22:38 - 2015-08-05 22:38 - 00006906 _____ () C:\ComboFix.txt
2015-08-05 22:05 - 2015-08-05 22:38 - 00000000 ____D () C:\Qoobox
2015-08-05 22:05 - 2015-08-05 22:37 - 00000000 ____D () C:\Windows\erdnt
2015-08-05 22:05 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe |