|
Werbeblöcke ohne Bild Hallo liebe Gemeinde, wir haben seit ca. 4 Tagen trotz ccleaner, etc immer wieder Werbeeinblendungen allerdings nur als Ton. Was kann ich tun? Liebe Grüße Michael FRST Logfile: FRST Logfile: Code: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014--- --- --- FRST Additions Logfile: Code: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014 |
hi, Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Scan mit Combofix
|
Log Editor Combofix Logfile: Code: ComboFix 14-12-25.01 - Liebe 29.12.2014 21:28:33.1.4 - x64Hi habs einfach so reinkopiert, weiss nicht was du mit Code-Tags meinst. Nach Neustart öffnen sich allerdings ungefragt weiterhin Werbeblöcke nur mit Ton oder Seiten wie: Powered by Info oder Reimage Repair oder McAfee Offizieller Shop - Deutschland und eFix Pro Hab ich was falsch gemacht bzw. woran liegt es? LG Michael Hi Schrauber, leider ist es jetzt schlimmer als vorher. Ständig werde ich auf Werbeseiten gelinkt bzw. Seiten zum PC-Cleanen öffnen sich. Brauche dringend Hilfe da ich nichtso firm bin und auch nicht weiss was ich machen kann und was nicht...?? Onlinebanking geht das oder eher nicht? LG Michael Hi Schrauber, leider ist es jetzt schlimmer als vorher. Ständig werde ich auf Werbeseiten gelinkt bzw. Seiten zum PC-Cleanen öffnen sich. Brauche dringend Hilfe da ich nichtso firm bin und auch nicht weiss was ich machen kann und was nicht...?? Onlinebanking geht das oder eher nicht? LG Michael |
Wir sind ja auch noch nicht fertig :) Lass Onlinebanking erstmal weg. Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte. |
Hier kommt erstmal die mbam.txt datei Malwarebytes Anti-Malware Malwarebytes | Free Anti-Malware & Internet Security Software Suchlauf Datum: 30.12.2014 Suchlauf-Zeit: 20:10:30 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2014.12.30.07 Rootkit Datenbank: v2014.12.29.02 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Liebe Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 357216 Verstrichene Zeit: 17 Min, 4 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 1 PUP.Optional.WordProser.A, HKLM\SOFTWARE\WOW6432NODE\WordProser_1.10.0.5, In Quarantäne, [53ac1256afcd3df93c28086256ada060], Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 6 PUP.Optional.CrossRider.A, C:\Users\Liebe\AppData\Roaming\NFZZXI.exe, In Quarantäne, [ac53fa6e007c82b4ef92dadbfa0b768a], PUP.Optional.CrossRider.A, C:\Users\Liebe\AppData\Roaming\RLL.exe, In Quarantäne, [ec135b0d94e82b0bf988bff628ddbc44], PUP.Optional.Flowsurf.A, C:\Windows\System32\abengineOff.ini, In Quarantäne, [78872444e29ae551b022d986fc07738d], PUP.Optional.Flowsurf.A, C:\Windows\SysWOW64\abengineOff.ini, In Quarantäne, [7788660286f653e326ac62fd62a16a96], PUP.Optional.Flowsurf.A, C:\Windows\SysWOW64\abengine.ini, In Quarantäne, [7f804c1c5626aa8c20b3491627dc39c7], PUP.Optional.Flowsurf.A, C:\Windows\System32\Tasks\upfs7235, In Quarantäne, [14eba9bf7ffdfb3bebeafa6558ab7e82], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 30.12.2014 Suchlauf-Zeit: 20:10:30 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2014.12.30.07 Rootkit Datenbank: v2014.12.29.02 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Liebe Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 357216 Verstrichene Zeit: 17 Min, 4 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 1 PUP.Optional.WordProser.A, HKLM\SOFTWARE\WOW6432NODE\WordProser_1.10.0.5, In Quarantäne, [53ac1256afcd3df93c28086256ada060], Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 6 PUP.Optional.CrossRider.A, C:\Users\Liebe\AppData\Roaming\NFZZXI.exe, In Quarantäne, [ac53fa6e007c82b4ef92dadbfa0b768a], PUP.Optional.CrossRider.A, C:\Users\Liebe\AppData\Roaming\RLL.exe, In Quarantäne, [ec135b0d94e82b0bf988bff628ddbc44], PUP.Optional.Flowsurf.A, C:\Windows\System32\abengineOff.ini, In Quarantäne, [78872444e29ae551b022d986fc07738d], PUP.Optional.Flowsurf.A, C:\Windows\SysWOW64\abengineOff.ini, In Quarantäne, [7788660286f653e326ac62fd62a16a96], PUP.Optional.Flowsurf.A, C:\Windows\SysWOW64\abengine.ini, In Quarantäne, [7f804c1c5626aa8c20b3491627dc39c7], PUP.Optional.Flowsurf.A, C:\Windows\System32\Tasks\upfs7235, In Quarantäne, [14eba9bf7ffdfb3bebeafa6558ab7e82], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) AdwCleaner Logfile: Code: # AdwCleaner v4.106 - Bericht erstellt am 30/12/2014 um 20:48:00~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.1 (12.28.2014:1) OS: Windows 7 Home Premium x64 Ran by Liebe on 30.12.2014 at 20:57:29,27 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\Liebe\appdata\local\{0C886E43-0260-4BB4-B982-2BBF8E97E47A} Successfully deleted: [Empty Folder] C:\Users\Liebe\appdata\local\{30A69B01-9AF5-4A53-AF84-B6F9300B8D85} Successfully deleted: [Empty Folder] C:\Users\Liebe\appdata\local\{4DF1B71B-6D56-4F88-A10B-63C89406A3A7} Successfully deleted: [Empty Folder] C:\Users\Liebe\appdata\local\{57CE7E9D-5A14-425E-A344-BB96971ED31D} Successfully deleted: [Empty Folder] C:\Users\Liebe\appdata\local\{59D3433A-F616-4B4A-AA88-84C4B6FB2077} Successfully deleted: [Empty Folder] C:\Users\Liebe\appdata\local\{725F87A1-7E78-40FD-BA4F-191AF6A288EC} Successfully deleted: [Empty Folder] C:\Users\Liebe\appdata\local\{726F2E99-CF16-4D61-8B1E-637E97C13698} Successfully deleted: [Empty Folder] C:\Users\Liebe\appdata\local\{76613C3B-883C-4691-BE41-B3A23AC64DDB} Successfully deleted: [Empty Folder] C:\Users\Liebe\appdata\local\{8E081ADF-CB33-447D-9209-AC7397EDCD2F} Successfully deleted: [Empty Folder] C:\Users\Liebe\appdata\local\{8FA1B9C3-75BA-4EB3-8C5B-2F0E877E7FA3} Successfully deleted: [Empty Folder] C:\Users\Liebe\appdata\local\{904DC1DF-F82E-4C4F-92C8-3E9FFB94EAD6} Successfully deleted: [Empty Folder] C:\Users\Liebe\appdata\local\{ACF3D4E8-C6D7-4893-AD96-656E6EE45CF4} Successfully deleted: [Empty Folder] C:\Users\Liebe\appdata\local\{B0A57004-7CD6-4699-B3D5-E9CA7A6AC200} Successfully deleted: [Empty Folder] C:\Users\Liebe\appdata\local\{BF0B2628-07AD-482D-AE9E-9E379FF2549E} Successfully deleted: [Empty Folder] C:\Users\Liebe\appdata\local\{C902854D-6786-4403-8870-18C3A8C2CA32} Successfully deleted: [Empty Folder] C:\Users\Liebe\appdata\local\{E8B78C08-3CAF-41F3-97F9-08EE4238F0D6} Successfully deleted: [Empty Folder] C:\Users\Liebe\appdata\local\{F8C383E0-E3E9-45EC-9EF3-8AE93D3D68F5} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 30.12.2014 at 21:00:09,61 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ leider öffnet sich immer noch ein kleines Fenster rechtsunten bei Firefox wenn ich Firefox starte. :confused: Allerdings poppen keine Werbeblöcke mehr auf....:applaus: Auch aufden normalen Seiten gibt es leere Kästen bei denen steht immer Ads by Info und Ad Options und wenn ich es anklicke kommt zB folgende Seite: Browser-Enabled Online Advertising oder Browser-Enabled Online Advertising Malwarebytes Anti-Malware Malwarebytes | Free Anti-Malware & Internet Security Software Suchlauf Datum: 30.12.2014 Suchlauf-Zeit: 23:25:10 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2014.12.30.08 Rootkit Datenbank: v2014.12.30.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Liebe Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 356790 Verstrichene Zeit: 16 Min, 36 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) AdwCleaner Logfile: Code: # AdwCleaner v4.106 - Bericht erstellt am 31/12/2014 um 14:38:38und JRT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.1 (12.28.2014:1) OS: Windows 7 Home Premium x64 Ran by Liebe on 31.12.2014 at 14:48:06,10 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\Liebe\AppData\Roaming\mozilla\firefox\profiles\19gg9pjl.default-1419368670155\minidumps [1 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 31.12.2014 at 14:50:51,47 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Leider öffnen sich nun nachwievor neue Werbeseiten. Hauptsächlich um mir Viren-Software anzubieten. Was mir schon öfters aufgefallen ist, in letzter Zeit kurz befor sich der Bildschirm richtig geöffnet hat, sehe ich wie eine Seite sich öffnet um aber wie ein Schemen sofort zu verschwinden.... Der Paptop scheint auch langsamer zu werden..... |
Das frische FRST log fehlt noch. In welchem Browser kommen die Werbeseiten? |
FRST Log: FRST Logfile: Code: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014 |
meine Frage? |
Firefox... |
Revo Uninstaller - Download - Filepony damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.mozilla.org/de/kb/fi...einfach-loesen Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code: C:\Program Files (x86)\TorSpeichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
|
Fixlog.txt Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-01-2015 Ran by Liebe at 2015-01-01 15:49:57 Run:1 Running from C:\Users\Liebe\Downloads Loaded Profile: Liebe (Available profiles: Liebe) Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Program Files (x86)\Tor HKLM-x32\...\Run: [] => [X] HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-2965614916-3253371305-2247639429-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Extension: 259dbfcf5f8a4bbcbfb05b4811b9c585 - C:\Users\Liebe\AppData\Roaming\Mozilla\Firefox\Profiles\19gg9pjl.default-1419368670155\Extensions\{259dbfcf-5f8a-4bbc-bfb0-5b4811b9c585} [2014-12-29] FF Extension: Adblock Plus - C:\Users\Liebe\AppData\Roaming\Mozilla\Firefox\Profiles\19gg9pjl.default-1419368670155\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-28] R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-08-23] () [File not signed] S1 bfbvumng; \??\C:\Windows\system32\drivers\bfbvumng.sys [X] 2014-12-29 21:13 - 2013-12-13 07:51 - 00000000 ____D () C:\ProgramData\InstallMate Emptytemp: ***************** C:\Program Files (x86)\Tor => Moved successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\EnableShellExecuteHooks => value deleted successfully. "HKU\S-1-5-21-2965614916-3253371305-2247639429-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0" => Key deleted successfully. C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll => Moved successfully. C:\Users\Liebe\AppData\Roaming\Mozilla\Firefox\Profiles\19gg9pjl.default-1419368670155\Extensions\{259dbfcf-5f8a-4bbc-bfb0-5b4811b9c585} not found. C:\Users\Liebe\AppData\Roaming\Mozilla\Firefox\Profiles\19gg9pjl.default-1419368670155\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi not found. tor => Service stopped successfully. tor => Service deleted successfully. bfbvumng => Service deleted successfully. C:\ProgramData\InstallMate => Moved successfully. EmptyTemp: => Removed 254.4 MB temporary data. The system needed a reboot. ==== End of Fixlog 15:50:30 ==== |
Bestehen die Probleme noch? |
Die visuellen Werbeblöcke sowohl als neue Seiten als auch die auf selbstgeöffneten sind weg. Allerdings habe ich eben als ich Firefox öffnete wieder eine akkustische Werbung gehört gehabt. Kann aber sein dass es von ner Werbung einer schon geöffneten Seite kam. Melde mich falls Probleme wieder auftreten. Erstmal Danke Zu welcher (möglichst kostenloser) Software würdes du mir raten, um solchen Problem vorzubeugen. LG rossel13 |
Ich empfehle immer Emsisoft Falls aber aus irgend einem Grund 11 Cent am Tag zuviel sind dann Avast, aber dann bekomste auch Toolbars und Werbung mitgeliefert ;) |
Hintergrund Werbung Hallo Schrauber, heute haben wir wieder Hintergrundgeräusche gehört. Sehr leise aber da....:-( Auch nicht so oft wie vorher.... Hmmmm was nun? LG rossel13 |
War dabei ein Browser offen? Was genau wurde gemacht? Es steht nit zufällig eine Musikanlage oder ein Radio in der Näher, oder Lautsprecherkabel? |
Firefox war geöffnet und ja ein Lautsprecherkabel läuft neben der Couch entlang. Die Werbegeräusche kamen aber vom Laptop, wenn auch sehr leise. LG Michael |
Das die vom Laptop kommen is klar. Ich hatte aber schon zweimal den Fall dass es das normale Radio war, durch die Nähe zum Lautsprecherkabel hat man das Radio leise auf dem Laptop gehört :) Bitte mal Standort wechseln mit dem Laptop. Dann FRST öffnen, Haken setzen bei Addition und scannen, poste bitte beide Logfiles. |
FRST Logfile: FRST Logfile: Code: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2015--- --- --- FRST Additions Logfile: Code: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2015Was hälst du von Microsaft Security Essentials? |
Als Freeware in Ordnung, das Minimum. Aber für AV Software darf man auch gerne Geld ausgeben. Ich empfehle immer Emsisoft Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code: Task: {0F73C11F-BB77-4ED1-90C7-5372182A3EA8} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTIONSpeichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Revo Uninstaller - Download - Filepony damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.mozilla.org/de/kb/fi...einfach-loesen Noch Probleme? |
Fixlog.txt Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-01-2015 Ran by Liebe at 2015-01-05 21:16:39 Run:2 Running from C:\Users\Liebe\Documents Loaded Profile: Liebe (Available profiles: Liebe) Boot Mode: Normal ============================================== Content of fixlist: ***************** Task: {0F73C11F-BB77-4ED1-90C7-5372182A3EA8} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION Task: {368A74C3-72F0-48C0-8F8A-197BEBBE1511} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION Task: {9260F0D4-F8FB-441C-BF35-2C5C37F9D938} - \upfs7235 No Task File <==== ATTENTION Task: {0EFFDE03-E59E-4AC1-90D1-23F2F5020A0E} - System32\Tasks\{70A5ECE0-09F7-40CD-B266-7576380BA0B3} => Firefox.exe Task: {73E14D1C-A223-4073-A4B8-7D1B91023C21} - System32\Tasks\{96874B31-4F1A-4711-B76D-3268267568F8} => Firefox.exe Task: {A34C3432-5A2F-4EE7-98B1-54E1A7ED60A1} - System32\Tasks\{127D2A26-C56C-4D87-8D43-235D0D2332EF} => Firefox.exe Task: {EA8F344E-3507-45FA-958C-0D3865C7D91B} - System32\Tasks\{517C14FE-338A-462C-B369-4A157238D942} => Firefox.exe Emptytemp: ***************** "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0F73C11F-BB77-4ED1-90C7-5372182A3EA8}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F73C11F-BB77-4ED1-90C7-5372182A3EA8}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeFlashPlayerUpdate" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{368A74C3-72F0-48C0-8F8A-197BEBBE1511}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{368A74C3-72F0-48C0-8F8A-197BEBBE1511}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeFlashPlayerUpdate 2" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9260F0D4-F8FB-441C-BF35-2C5C37F9D938}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9260F0D4-F8FB-441C-BF35-2C5C37F9D938}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\upfs7235" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0EFFDE03-E59E-4AC1-90D1-23F2F5020A0E}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0EFFDE03-E59E-4AC1-90D1-23F2F5020A0E}" => Key deleted successfully. C:\Windows\System32\Tasks\{70A5ECE0-09F7-40CD-B266-7576380BA0B3} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{70A5ECE0-09F7-40CD-B266-7576380BA0B3}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{73E14D1C-A223-4073-A4B8-7D1B91023C21}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73E14D1C-A223-4073-A4B8-7D1B91023C21}" => Key deleted successfully. C:\Windows\System32\Tasks\{96874B31-4F1A-4711-B76D-3268267568F8} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{96874B31-4F1A-4711-B76D-3268267568F8}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A34C3432-5A2F-4EE7-98B1-54E1A7ED60A1}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A34C3432-5A2F-4EE7-98B1-54E1A7ED60A1}" => Key deleted successfully. C:\Windows\System32\Tasks\{127D2A26-C56C-4D87-8D43-235D0D2332EF} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{127D2A26-C56C-4D87-8D43-235D0D2332EF}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA8F344E-3507-45FA-958C-0D3865C7D91B}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA8F344E-3507-45FA-958C-0D3865C7D91B}" => Key deleted successfully. C:\Windows\System32\Tasks\{517C14FE-338A-462C-B369-4A157238D942} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{517C14FE-338A-462C-B369-4A157238D942}" => Key deleted successfully. EmptyTemp: => Removed 539.6 MB temporary data. The system needed a reboot. ==== End of Fixlog 21:17:06 ==== Mal schauen ob sich die Werbeeinblendungen verabchiedet haben.... Melde mich wenn sie weg bleiben..bzw. noch da sind. LG rossel13 |
ok :) |
visuelle Werbeeinblendung erneut vorgekommen. Habe schnell Firefox geschlossen Werbung lief weiter....mmhhhh Als ich das Internet trennte verstummte die Werbung. |
Ok. Wie verbindest Du dich mit dem Internet? LAN oder WLAN? |
Wlan |
Router schon mal auf Werkseinstellungen zurückgesetzt? Wenn nein das jetzt machen, komplett resetten, dann Verbindungsdaten neu eingeben, dann nochmal Firefox komplett resetten. |
wie resette ich den Router? Einfach vom Strom nehmen? Habe von Vodafone ne Easybox..... |
Zwischen USB und Power müsste ein kleines Loch sein, Knof darin 10 Sekunden drücken. Dann auf die Weboberfläche einloggen vom Router und Verbindungsdaten neu eingeben. Erst checken ob die Verbindungsdaten auch da sin, also schriftlich vorliegen ;) |
Hi Schrauber, hatte das mit dem Resetten nicht machen gekonnt da ich weg war. Jetzt wollte ich es machen und habe im Windows Task-Manager folgende Seite entdeckt: ib.pixadsserve.com die sich nicht schliessen lässt. Habe im Internet gelesen dass es sich um einen Wurm handeln soll.... Was kann ich machen? LG rossel13 |
Ja, deswegen ja Router resetten. |
Hallo Schrauber, alles so gemacht und Router und Firefox gelöscht bzw. resettet. Auf Internet Explorer ist aber auf dem Task-Manager immer noch die Seite hxxp://ib.pixadsserve.com/?s=......etc zu finden bzw. am ausführen und lässt sich im Gegensatz zu den anderen Servern nicht schließen bzw. löschen. Im Internet habe ich gelesen dass das ein Wurm sei der Passwörter klaut...... Stimmt das und was soll ich machen. Die Werbung ist erstmal weg..... LG rossel13 |
FRST öffnen, Haken setzen bei Addition und scannen, poste bitte beide Logs. Passwörter von anderm Rechner aus ändern. |
FRST Additions Logfile: [CODE]Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2015 02 Ran by Liebe at 2015-01-13 20:23:11 Running from C:\Users\Liebe\Documents Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1} AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.) Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC) Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.) AudibleManager (HKLM-x32\...\AudibleManager) (Version: 1995586798.48.56.38808322 - Audible, Inc.) Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.6.8941 - ) Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Bing Bar (HKLM-x32\...\{A7E8CB11-B09E-46F8-9BAE-B2E01EBF7E51}) (Version: 7.0.831.0 - Microsoft Corporation) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Cake Mania (x32 Version: 2.2.0.98 - WildTangent) Hidden Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - ) Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: - ) Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - ) Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - ) Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - ) Canon MG4100 series Benutzerregistrierung (HKLM-x32\...\Canon MG4100 series Benutzerregistrierung) (Version: - ) Canon MG4100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4100_series) (Version: - ) Canon MG4100 series On-screen Manual (HKLM-x32\...\Canon MG4100 series On-screen Manual) (Version: - ) Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - ) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - ) Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform) Chaos auf Deponia (HKLM-x32\...\Deponia 2) (Version: 1.0 - Daedalic Entertainment) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.2.4725 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC) ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{768A6276-5822-489C-8A2B-67190F745655}) (Version: 4.1.2 - Hewlett-Packard) Evernote v. 4.5.2 (HKLM-x32\...\{8CE152BA-1D16-11E1-867D-984BE15F174E}) (Version: 4.5.2.5904 - Evernote Corp.) Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden Fishdom (TM) 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden Freemake Video Converter Version 4.1.1 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.1 - Ellora Assets Corporation) Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP 3D DriveGuard (HKLM\...\{AB5BCC55-18E2-46C7-9405-FF61CB888F05}) (Version: 4.2.9.1 - Hewlett-Packard Company) HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company) HP Documentation (HKLM-x32\...\{EDA2B6DE-C67C-4FD7-AF6A-9D79E002707C}) (Version: 1.1.0.0 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent) HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company) HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company) HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company) HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company) HP Security Assistant (HKLM\...\{F9DF0B5D-554B-45D2-8698-7C467FAF4BCA}) (Version: 2.0.2 - Hewlett-Packard Company) HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15109.3899 - Hewlett-Packard Company) HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company) HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company) Ich sehe was ... die große Schatzsuche (HKLM-x32\...\{3170BDC4-4BF9-42AE-81BC-14D4F60569C0}) (Version: 1.00.0000 - ) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6392.0 - IDT) Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation) Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2618 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation) Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan) iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.) Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle) Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle) Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Jewel Quest II (x32 Version: 2.2.0.97 - WildTangent) Hidden Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Konz 2012 (HKLM-x32\...\InstallShield_{1D33BCF7-B5B6-4148-B888-9CC2EC208556}) (Version: 1.00.0000 - USM) Konz 2012 (x32 Version: 1.00.0000 - USM) Hidden Konz 2013 (HKLM-x32\...\InstallShield_{76651FD7-2B71-4B61-9F3A-E82F52F08D92}) (Version: 1.00.0000 - USM) Konz 2013 (x32 Version: 1.00.0000 - USM) Hidden KONZ-Steuer-2014 (HKLM-x32\...\InstallShield_{20F1078B-E3B6-4DA1-9570-003DE110890A}) (Version: 1.00.0000 - USM) KONZ-Steuer-2014 (x32 Version: 1.00.0000 - USM) Hidden kreawi Prüfungstrainer (HKLM-x32\...\kreawi Prüfungstrainer) (Version: - ) LEGO® Star Wars™: Die Komplette Saga (HKLM-x32\...\InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}) (Version: 1.00.0000 - LucasArts) LEGO® Star Wars™: The Complete Saga (x32 Version: 1.00.0000 - LucasArts) Hidden LibreOffice 4.0 Help Pack (German) (HKLM-x32\...\{A74C73B1-BED6-4737-B6FF-74158ABDCC4D}) (Version: 4.0.2.2 - The Document Foundation) LibreOffice 4.0.2.2 (HKLM-x32\...\{1062AD6C-80F4-4BC6-AB7C-A28892B497B8}) (Version: 4.0.2.2 - The Document Foundation) Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS) Mahjongg Artifacts (x32 Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.) Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.1.5 - CEWE Stiftung u Co. KGaA) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla) MP3 Skype Recorder (HKLM-x32\...\{CB606F47-7D0E-40DF-95BB-0E5413A1295F}) (Version: 3.1.3 - Alexander Nikiforov) MPC-HC 1.7.0 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.0.7858 - MPC-HC Team) MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Murata Chip S-Parameter & Impedance Library Ver3.17.0 (HKLM-x32\...\Murata Chip S-Parameter & Impedance Library Ver3.17.0) (Version: - ) Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden Nokia Connectivity Cable Driver (HKLM-x32\...\{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}) (Version: 7.1.101.0 - Nokia) Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.7.22.0 - Nokia) Nokia Suite (x32 Version: 3.7.22.0 - Nokia) Hidden opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden Opera 12.16 (HKLM-x32\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA) Opera Stable 26.0.1656.60 (HKLM-x32\...\Opera 26.0.1656.60) (Version: 26.0.1656.60 - Opera Software ASA) PC Connectivity Solution (HKLM-x32\...\{6B722793-E77B-41F5-BAB3-6C9832274E75}) (Version: 12.0.76.0 - Nokia) Personal ID (HKLM-x32\...\{F722209B-739E-40E4-ADB1-062BD032A0DB}) (Version: 1.8.5 - coolspot AG) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Ralink RT5390R 802.11b/g/n Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.25.0 - Mediatek) Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version: - ) Reader for PC (HKLM-x32\...\{7FAEB610-D6B1-42CE-9EEA-6A5001C2E732}) (Version: 2.1.00.06250 - Sony Corporation) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29004 - Realtek Semiconductor Corp.) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia) Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.) Steuer 2011 (HKLM-x32\...\{4785CED6-73B3-45FA-AFE6-EDEDFDE67842}) (Version: 19.00.7304 - Buhl Data Service GmbH) Steuer 2012 (HKLM-x32\...\{01159E8A-44F7-4885-A7F9-872CE4D74063}) (Version: 20.00.8137 - Buhl Data Service GmbH) Steuer 2013 (HKLM-x32\...\{05AEF487-8926-48A9-B5BA-9BED72BC6B1C}) (Version: 21.00.8480 - Buhl Data Service GmbH) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.1.0 - Synaptics Incorporated) Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia) WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware) Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 01-01-2015 14:00:48 Revo Uninstaller's restore point - Mozilla Firefox 34.0.5 (x86 de) 04-01-2015 19:09:48 Windows Update 05-01-2015 21:26:38 Revo Uninstaller's restore point - Mozilla Firefox 34.0.5 (x86 de) 08-01-2015 19:12:04 Windows Update 13-01-2015 07:52:52 Windows Update 13-01-2015 19:00:57 Revo Uninstaller's restore point - Mozilla Firefox 34.0.5 (x86 de) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0C371C5F-5180-4848-8BDE-5964FE365B97} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {1378E10F-1348-4A8D-A22F-E0E1EC45FD0F} - System32\Tasks\{3CA9953D-2200-4419-A6F1-C12E943C1E33} => pcalua.exe -a C:\Users\Liebe\Downloads\AudibleDM_iTunesSetup(1).exe -d "C:\Program Files (x86)\Mozilla Firefox" Task: {326F8F35-CD3A-4EA4-98A6-7AC42BBD2C1B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {39CA2993-26D2-4C72-A487-0A8E8F14D6FC} - System32\Tasks\HPCeeScheduleForLiebe => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {3F83E4BA-FCAA-461B-916A-8815E39ECFD0} - System32\Tasks\{E2116929-C88C-480A-A4A2-E675F79779C9} => pcalua.exe -a C:\Users\Liebe\Downloads\AudibleDM_iTunesSetup(2).exe -d "C:\Program Files (x86)\Mozilla Firefox" Task: {45362FF4-6975-44FC-9D14-41E1381C80D0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd) Task: {75CB53E6-977D-46E6-B994-34A0F5C765AA} - System32\Tasks\{5E76FDED-06C7-4B37-9F79-D6725BD13D6C} => pcalua.exe -a C:\Users\Liebe\Downloads\pidsetup.exe -d C:\Users\Liebe\Downloads Task: {80FD5B43-8233-4279-B10F-5CC6AC04155B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard) Task: {84EB6F6A-9089-440B-BDD3-B8AE66AE3A89} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {91483675-315F-405F-9487-E69B1C7B2771} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-11-28] (CyberLink) Task: {AC6BB475-5488-418C-BA9B-14587C72C7F2} - System32\Tasks\{6F3A2332-63E5-43C1-BF10-2CF81DD58552} => pcalua.exe -a C:\Users\Liebe\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=cvs4 <==== ATTENTION Task: {B9590ED1-089C-4805-AA37-1D17B1C004EE} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {BA7E8455-FFD7-4575-A49A-52D93C87F4D0} - System32\Tasks\{F55B720B-3AE7-4F14-A764-2F1185103B44} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-10-15] (Apple Inc.) Task: {D3E4D042-C1EF-4C7F-A7A0-E9BBF12A6D4C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {DFE803C2-0CC3-4570-BFC1-0950024069AE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated) Task: {EFBAD78B-3055-46AB-86DC-CD3961B49189} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {F31CA3C3-D017-4891-95EE-1459BDDD204A} - System32\Tasks\{372E9826-0A91-49B7-B818-D7DA3396369C} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-10-15] (Apple Inc.) Task: {FC9E82A5-FF10-4543-915C-03F09D270B4A} - System32\Tasks\Opera scheduled Autoupdate 1389550501 => C:\Program Files (x86)\Opera\launcher.exe [2014-12-16] (Opera Software) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\HPCeeScheduleForLiebe.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2012-09-06 06:45 - 2011-02-07 08:56 - 00138192 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE 2012-06-01 01:52 - 2011-12-16 21:37 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe 2012-01-06 02:24 - 2012-01-06 02:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2011-12-19 22:34 - 2011-12-19 22:34 - 00108880 _____ () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe 2014-01-10 06:26 - 2014-01-10 06:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe 2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2012-12-21 16:57 - 2012-12-21 16:57 - 08507384 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll 2012-12-21 16:57 - 2012-12-21 16:57 - 02354168 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll 2012-12-21 16:57 - 2012-12-21 16:57 - 01014776 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll 2012-12-21 16:57 - 2012-12-21 16:57 - 00364536 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll 2012-12-21 16:57 - 2012-12-21 16:57 - 02481144 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll 2012-12-21 16:57 - 2012-12-21 16:57 - 01347064 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll 2012-12-21 16:57 - 2012-12-21 16:57 - 00206328 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll 2012-12-21 16:57 - 2012-12-21 16:57 - 02653176 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll 2012-12-21 16:57 - 2012-12-21 16:57 - 00033272 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll 2012-12-21 16:57 - 2012-12-21 16:57 - 00035832 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll 2012-12-21 16:57 - 2012-12-21 16:57 - 00207352 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll 2012-12-21 16:57 - 2012-12-21 16:57 - 11166712 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll 2012-12-21 16:57 - 2012-12-21 16:57 - 00276984 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll 2012-12-21 14:29 - 2012-12-21 14:29 - 00391600 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll 2012-12-21 14:29 - 2012-12-21 14:29 - 00059280 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll 2012-12-21 16:56 - 2012-12-21 16:56 - 00438264 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll 2012-12-21 16:57 - 2012-12-21 16:57 - 00446456 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll 2012-12-21 16:57 - 2012-12-21 16:57 - 00520696 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll 2012-12-21 16:57 - 2012-12-21 16:57 - 00720888 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll 2012-12-21 16:56 - 2012-12-21 16:56 - 00606200 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll 2012-12-21 16:57 - 2012-12-21 16:57 - 00093176 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll 2012-12-21 14:29 - 2012-12-21 14:29 - 00110080 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\mediaservice\dsengine.dll 2014-12-23 21:10 - 2014-12-23 21:10 - 00133120 _____ () C:\Users\Liebe\AppData\Roaming\awcrthop\colers.dll 2013-06-25 17:23 - 2013-06-25 17:23 - 00880640 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll 2013-06-25 17:24 - 2013-06-25 17:24 - 00040264 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll 2013-06-25 17:24 - 2013-06-25 17:24 - 00239944 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll 2013-06-25 17:24 - 2013-06-25 17:24 - 00026952 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll 2013-05-23 18:54 - 2013-05-23 18:54 - 00798720 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll 2013-06-25 17:24 - 2013-06-25 17:24 - 00125256 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll 2013-06-25 17:24 - 2013-06-25 17:24 - 00016200 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll 2013-06-25 17:24 - 2013-06-25 17:24 - 00024904 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll 2013-06-25 17:24 - 2013-06-25 17:24 - 00017224 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll 2013-06-25 17:24 - 2013-06-25 17:24 - 00015176 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll 2013-06-25 17:24 - 2013-06-25 17:24 - 00034632 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll 2013-06-25 17:24 - 2013-06-25 17:24 - 00018760 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll 2013-06-25 17:24 - 2013-06-25 17:24 - 00092488 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll 2013-06-25 17:24 - 2013-06-25 17:24 - 00149832 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll 2013-06-25 17:24 - 2013-06-25 17:24 - 00178504 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll 2014-01-10 06:28 - 2014-01-10 06:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll 2014-10-16 17:33 - 2014-10-16 17:33 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\92a1650dbe9fad5f46633b835420e1a8\IsdiInterop.ni.dll 2012-06-01 01:52 - 2011-11-29 19:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2012-06-01 01:51 - 2011-12-16 19:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2015-01-13 19:13 - 2015-01-09 10:05 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-12-17 19:37 - 2014-12-28 16:29 - 16843952 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Liebe\Downloads\DivX.Web.Player.Installer__8420_i1429783573_il445808.exe:typelib AlternateDataStreams: C:\Users\Liebe\Downloads\DivX.Web.Player.Installer__8420_i1429803366_il451544.exe:typelib ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-2965614916-3253371305-2247639429-500 - Administrator - Disabled) Gast (S-1-5-21-2965614916-3253371305-2247639429-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2965614916-3253371305-2247639429-1002 - Limited - Enabled) Liebe (S-1-5-21-2965614916-3253371305-2247639429-1000 - Administrator - Enabled) => C:\Users\Liebe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/13/2015 07:07:45 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/13/2015 03:35:47 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (01/13/2015 02:57:08 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm Skype.exe, Version 6.16.60.105 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: f08 Startzeit: 01d02f344e1b0d71 Endzeit: 302 Anwendungspfad: C:\Program Files (x86)\Skype\Phone\Skype.exe Berichts-ID: Error: (01/13/2015 02:25:09 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/13/2015 07:39:34 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 33736932 Error: (01/13/2015 07:39:34 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 33736932 Error: (01/13/2015 07:39:34 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/13/2015 07:39:33 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 33735918 Error: (01/13/2015 07:39:33 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 33735918 Error: (01/13/2015 07:39:33 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (01/13/2015 08:11:40 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C} Error: (01/10/2015 06:32:03 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (01/10/2015 06:32:02 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (01/10/2015 06:32:02 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (01/10/2015 00:36:06 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C} Error: (01/10/2015 09:20:27 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (01/10/2015 09:20:27 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (01/10/2015 09:20:27 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (01/10/2015 09:20:27 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (01/10/2015 00:21:22 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C} Microsoft Office Sessions: ========================= Error: (01/13/2015 07:07:45 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/13/2015 03:35:47 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files\CCleaner\CCleaner.exe Error: (01/13/2015 02:57:08 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Skype.exe6.16.60.105f0801d02f344e1b0d71302C:\Program Files (x86)\Skype\Phone\Skype.exe Error: (01/13/2015 02:25:09 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/13/2015 07:39:34 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 33736932 Error: (01/13/2015 07:39:34 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 33736932 Error: (01/13/2015 07:39:34 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/13/2015 07:39:33 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 33735918 Error: (01/13/2015 07:39:33 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 33735918 Error: (01/13/2015 07:39:33 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz Percentage of memory in use: 51% Total physical RAM: 3994.36 MB Available physical RAM: 1951.5 MB Total Pagefile: 7986.89 MB Available Pagefile: 5284.32 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:276.29 GB) (Free:165.29 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (Recovery) (Fixed) (Total:21.51 GB) (Free:2.25 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive e: (Gehirnjogging) (CDROM) (Total:0.57 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 6992D5EF) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=276.3 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=21.5 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ==================== End Of Log ============================ FRST Logfile: Code: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015 02--- --- --- |
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code: Task: {AC6BB475-5488-418C-BA9B-14587C72C7F2} - System32\Tasks\{6F3A2332-63E5-43C1-BF10-2CF81DD58552} => pcalua.exe -a C:\Users\Liebe\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=cvs4 <==== ATTENTIONSpeichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
|
Fixlog.txt Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-01-2015 01 Ran by Liebe at 2015-01-14 21:11:37 Run:3 Running from C:\Users\Liebe\Documents Loaded Profiles: Liebe (Available profiles: Liebe) Boot Mode: Normal ============================================== Content of fixlist: ***************** Task: {AC6BB475-5488-418C-BA9B-14587C72C7F2} - System32\Tasks\{6F3A2332-63E5-43C1-BF10-2CF81DD58552} => pcalua.exe -a C:\Users\Liebe\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=cvs4 <==== ATTENTION Task: {B9590ED1-089C-4805-AA37-1D17B1C004EE} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc C:\Users\Liebe\AppData\Roaming\webssearches Toolbar: HKU\S-1-5-21-2965614916-3253371305-2247639429-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Emptytemp: ***************** "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC6BB475-5488-418C-BA9B-14587C72C7F2}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC6BB475-5488-418C-BA9B-14587C72C7F2}" => Key deleted successfully. C:\Windows\System32\Tasks\{6F3A2332-63E5-43C1-BF10-2CF81DD58552} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6F3A2332-63E5-43C1-BF10-2CF81DD58552}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B9590ED1-089C-4805-AA37-1D17B1C004EE}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9590ED1-089C-4805-AA37-1D17B1C004EE}" => Key deleted successfully. C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => Key deleted successfully. "C:\Users\Liebe\AppData\Roaming\webssearches" => File/Directory not found. HKU\S-1-5-21-2965614916-3253371305-2247639429-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully. HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found. EmptyTemp: => Removed 672 MB temporary data. The system needed a reboot. ==== End of Fixlog 21:11:50 ==== |
Was ist jetzt aktueller Stand`? |
Bis jetzt sieht es ganz gut aus ohne Werbung und auf dem Taskmanager ist auch alles okay. Können wir wieder onlinebanken? Bzw wie sieht man denn ob der Virus bzw Wurm weg ist. |
Behalte das ganze Mal im Auge, Taskmanager nebenbei offen lassen. Passwörter ändern, dann normal mit dem Rechner arbeiten. |
http://ib.pixadsserve.com.... wieder da... Hi habe soeben nachdem mein Sohn eine Kindersendung angeschaut hat, in den Taskmanager geschaut und dort wieder diese Seite hxxp://ib.pixadsserve.com.... gefunden. Lässt sich wiederum nicht schliessen....;-( Was nun? |
Nicht schön. Bitte FRST öffnen, Haken setzen bei Addition und scannen, poste bitte beide Logfiles. |
hier kommen beide files FRST Additions Logfile: [CODE]Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-01-2015 01 Ran by Liebe at 2015-01-18 17:51:59 Running from C:\Users\Liebe\Documents Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1} AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.) Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC) Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.) AudibleManager (HKLM-x32\...\AudibleManager) (Version: 1995586798.48.56.38808322 - Audible, Inc.) Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.6.8941 - ) Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Bing Bar (HKLM-x32\...\{A7E8CB11-B09E-46F8-9BAE-B2E01EBF7E51}) (Version: 7.0.831.0 - Microsoft Corporation) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Cake Mania (x32 Version: 2.2.0.98 - WildTangent) Hidden Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - ) Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: - ) Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - ) Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - ) Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - ) Canon MG4100 series Benutzerregistrierung (HKLM-x32\...\Canon MG4100 series Benutzerregistrierung) (Version: - ) Canon MG4100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4100_series) (Version: - ) Canon MG4100 series On-screen Manual (HKLM-x32\...\Canon MG4100 series On-screen Manual) (Version: - ) Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - ) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - ) Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform) Chaos auf Deponia (HKLM-x32\...\Deponia 2) (Version: 1.0 - Daedalic Entertainment) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.2.4725 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC) ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{768A6276-5822-489C-8A2B-67190F745655}) (Version: 4.1.2 - Hewlett-Packard) Evernote v. 4.5.2 (HKLM-x32\...\{8CE152BA-1D16-11E1-867D-984BE15F174E}) (Version: 4.5.2.5904 - Evernote Corp.) Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden Fishdom (TM) 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden Freemake Video Converter Version 4.1.1 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.1 - Ellora Assets Corporation) Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP 3D DriveGuard (HKLM\...\{AB5BCC55-18E2-46C7-9405-FF61CB888F05}) (Version: 4.2.9.1 - Hewlett-Packard Company) HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company) HP Documentation (HKLM-x32\...\{EDA2B6DE-C67C-4FD7-AF6A-9D79E002707C}) (Version: 1.1.0.0 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent) HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company) HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company) HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company) HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company) HP Security Assistant (HKLM\...\{F9DF0B5D-554B-45D2-8698-7C467FAF4BCA}) (Version: 2.0.2 - Hewlett-Packard Company) HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15109.3899 - Hewlett-Packard Company) HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company) HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company) Ich sehe was ... die große Schatzsuche (HKLM-x32\...\{3170BDC4-4BF9-42AE-81BC-14D4F60569C0}) (Version: 1.00.0000 - ) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6392.0 - IDT) Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation) Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2618 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation) Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan) iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.) Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle) Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle) Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Jewel Quest II (x32 Version: 2.2.0.97 - WildTangent) Hidden Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Konz 2012 (HKLM-x32\...\InstallShield_{1D33BCF7-B5B6-4148-B888-9CC2EC208556}) (Version: 1.00.0000 - USM) Konz 2012 (x32 Version: 1.00.0000 - USM) Hidden Konz 2013 (HKLM-x32\...\InstallShield_{76651FD7-2B71-4B61-9F3A-E82F52F08D92}) (Version: 1.00.0000 - USM) Konz 2013 (x32 Version: 1.00.0000 - USM) Hidden KONZ-Steuer-2014 (HKLM-x32\...\InstallShield_{20F1078B-E3B6-4DA1-9570-003DE110890A}) (Version: 1.00.0000 - USM) KONZ-Steuer-2014 (x32 Version: 1.00.0000 - USM) Hidden kreawi Prüfungstrainer (HKLM-x32\...\kreawi Prüfungstrainer) (Version: - ) LEGO® Star Wars™: Die Komplette Saga (HKLM-x32\...\InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}) (Version: 1.00.0000 - LucasArts) LEGO® Star Wars™: The Complete Saga (x32 Version: 1.00.0000 - LucasArts) Hidden LibreOffice 4.0 Help Pack (German) (HKLM-x32\...\{A74C73B1-BED6-4737-B6FF-74158ABDCC4D}) (Version: 4.0.2.2 - The Document Foundation) LibreOffice 4.0.2.2 (HKLM-x32\...\{1062AD6C-80F4-4BC6-AB7C-A28892B497B8}) (Version: 4.0.2.2 - The Document Foundation) Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS) Mahjongg Artifacts (x32 Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.) Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.1.5 - CEWE Stiftung u Co. KGaA) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla) MP3 Skype Recorder (HKLM-x32\...\{CB606F47-7D0E-40DF-95BB-0E5413A1295F}) (Version: 3.1.3 - Alexander Nikiforov) MPC-HC 1.7.0 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.0.7858 - MPC-HC Team) MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Murata Chip S-Parameter & Impedance Library Ver3.17.0 (HKLM-x32\...\Murata Chip S-Parameter & Impedance Library Ver3.17.0) (Version: - ) Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden Nokia Connectivity Cable Driver (HKLM-x32\...\{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}) (Version: 7.1.101.0 - Nokia) Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.7.22.0 - Nokia) Nokia Suite (x32 Version: 3.7.22.0 - Nokia) Hidden opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden Opera 12.16 (HKLM-x32\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA) Opera Stable 26.0.1656.60 (HKLM-x32\...\Opera 26.0.1656.60) (Version: 26.0.1656.60 - Opera Software ASA) PC Connectivity Solution (HKLM-x32\...\{6B722793-E77B-41F5-BAB3-6C9832274E75}) (Version: 12.0.76.0 - Nokia) Personal ID (HKLM-x32\...\{F722209B-739E-40E4-ADB1-062BD032A0DB}) (Version: 1.8.5 - coolspot AG) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Ralink RT5390R 802.11b/g/n Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.25.0 - Mediatek) Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version: - ) Reader for PC (HKLM-x32\...\{7FAEB610-D6B1-42CE-9EEA-6A5001C2E732}) (Version: 2.1.00.06250 - Sony Corporation) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29004 - Realtek Semiconductor Corp.) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia) Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.) Steuer 2011 (HKLM-x32\...\{4785CED6-73B3-45FA-AFE6-EDEDFDE67842}) (Version: 19.00.7304 - Buhl Data Service GmbH) Steuer 2012 (HKLM-x32\...\{01159E8A-44F7-4885-A7F9-872CE4D74063}) (Version: 20.00.8137 - Buhl Data Service GmbH) Steuer 2013 (HKLM-x32\...\{05AEF487-8926-48A9-B5BA-9BED72BC6B1C}) (Version: 21.00.8480 - Buhl Data Service GmbH) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.1.0 - Synaptics Incorporated) Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia) WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware) Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 01-01-2015 14:00:48 Revo Uninstaller's restore point - Mozilla Firefox 34.0.5 (x86 de) 04-01-2015 19:09:48 Windows Update 05-01-2015 21:26:38 Revo Uninstaller's restore point - Mozilla Firefox 34.0.5 (x86 de) 08-01-2015 19:12:04 Windows Update 13-01-2015 07:52:52 Windows Update 13-01-2015 19:00:57 Revo Uninstaller's restore point - Mozilla Firefox 34.0.5 (x86 de) 14-01-2015 21:54:31 Windows Update 18-01-2015 14:52:05 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0C371C5F-5180-4848-8BDE-5964FE365B97} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {1378E10F-1348-4A8D-A22F-E0E1EC45FD0F} - System32\Tasks\{3CA9953D-2200-4419-A6F1-C12E943C1E33} => pcalua.exe -a C:\Users\Liebe\Downloads\AudibleDM_iTunesSetup(1).exe -d "C:\Program Files (x86)\Mozilla Firefox" Task: {326F8F35-CD3A-4EA4-98A6-7AC42BBD2C1B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {3F83E4BA-FCAA-461B-916A-8815E39ECFD0} - System32\Tasks\{E2116929-C88C-480A-A4A2-E675F79779C9} => pcalua.exe -a C:\Users\Liebe\Downloads\AudibleDM_iTunesSetup(2).exe -d "C:\Program Files (x86)\Mozilla Firefox" Task: {45362FF4-6975-44FC-9D14-41E1381C80D0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd) Task: {6045C8F1-DD85-429B-A146-83A09ED90C15} - System32\Tasks\HPCeeScheduleForLiebe => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {75CB53E6-977D-46E6-B994-34A0F5C765AA} - System32\Tasks\{5E76FDED-06C7-4B37-9F79-D6725BD13D6C} => pcalua.exe -a C:\Users\Liebe\Downloads\pidsetup.exe -d C:\Users\Liebe\Downloads Task: {80FD5B43-8233-4279-B10F-5CC6AC04155B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard) Task: {84EB6F6A-9089-440B-BDD3-B8AE66AE3A89} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {91483675-315F-405F-9487-E69B1C7B2771} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-11-28] (CyberLink) Task: {BA7E8455-FFD7-4575-A49A-52D93C87F4D0} - System32\Tasks\{F55B720B-3AE7-4F14-A764-2F1185103B44} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-10-15] (Apple Inc.) Task: {D3E4D042-C1EF-4C7F-A7A0-E9BBF12A6D4C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {DFE803C2-0CC3-4570-BFC1-0950024069AE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated) Task: {EFBAD78B-3055-46AB-86DC-CD3961B49189} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {F31CA3C3-D017-4891-95EE-1459BDDD204A} - System32\Tasks\{372E9826-0A91-49B7-B818-D7DA3396369C} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-10-15] (Apple Inc.) Task: {FC9E82A5-FF10-4543-915C-03F09D270B4A} - System32\Tasks\Opera scheduled Autoupdate 1389550501 => C:\Program Files (x86)\Opera\launcher.exe [2014-12-16] (Opera Software) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\HPCeeScheduleForLiebe.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2012-09-06 06:45 - 2011-02-07 08:56 - 00138192 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE 2012-06-01 01:52 - 2011-12-16 21:37 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe 2012-01-06 02:24 - 2012-01-06 02:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2011-12-19 22:34 - 2011-12-19 22:34 - 00108880 _____ () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe 2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2014-01-10 06:26 - 2014-01-10 06:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe 2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2012-12-21 16:57 - 2012-12-21 16:57 - 08507384 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll 2012-12-21 16:57 - 2012-12-21 16:57 - 02354168 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll 2012-12-21 16:57 - 2012-12-21 16:57 - 01014776 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll 2012-12-21 16:57 - 2012-12-21 16:57 - 00364536 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll 2012-12-21 16:57 - 2012-12-21 16:57 - 02481144 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll 2012-12-21 16:57 - 2012-12-21 16:57 - 01347064 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll 2012-12-21 16:57 - 2012-12-21 16:57 - 00206328 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll 2012-12-21 16:57 - 2012-12-21 16:57 - 02653176 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll 2012-12-21 16:57 - 2012-12-21 16:57 - 00033272 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll 2012-12-21 16:57 - 2012-12-21 16:57 - 00035832 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll 2012-12-21 16:57 - 2012-12-21 16:57 - 00207352 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll 2012-12-21 16:57 - 2012-12-21 16:57 - 11166712 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll 2012-12-21 16:57 - 2012-12-21 16:57 - 00276984 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll 2012-12-21 14:29 - 2012-12-21 14:29 - 00391600 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll 2012-12-21 14:29 - 2012-12-21 14:29 - 00059280 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll 2012-12-21 16:57 - 2012-12-21 16:57 - 00446456 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll 2012-12-21 16:57 - 2012-12-21 16:57 - 00520696 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll 2012-12-21 16:57 - 2012-12-21 16:57 - 00720888 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll 2012-12-21 16:56 - 2012-12-21 16:56 - 00438264 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll 2012-12-21 16:56 - 2012-12-21 16:56 - 00606200 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll 2012-12-21 16:57 - 2012-12-21 16:57 - 00093176 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll 2012-12-21 14:29 - 2012-12-21 14:29 - 00110080 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\mediaservice\dsengine.dll 2014-12-23 21:10 - 2014-12-23 21:10 - 00133120 _____ () C:\Users\Liebe\AppData\Roaming\awcrthop\colers.dll 2013-06-25 17:23 - 2013-06-25 17:23 - 00880640 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll 2013-06-25 17:24 - 2013-06-25 17:24 - 00040264 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll 2013-06-25 17:24 - 2013-06-25 17:24 - 00239944 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll 2013-06-25 17:24 - 2013-06-25 17:24 - 00026952 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll 2013-05-23 18:54 - 2013-05-23 18:54 - 00798720 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll 2013-06-25 17:24 - 2013-06-25 17:24 - 00125256 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll 2013-06-25 17:24 - 2013-06-25 17:24 - 00016200 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll 2013-06-25 17:24 - 2013-06-25 17:24 - 00024904 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll 2013-06-25 17:24 - 2013-06-25 17:24 - 00017224 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll 2013-06-25 17:24 - 2013-06-25 17:24 - 00015176 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll 2013-06-25 17:24 - 2013-06-25 17:24 - 00034632 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll 2013-06-25 17:24 - 2013-06-25 17:24 - 00018760 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll 2013-06-25 17:24 - 2013-06-25 17:24 - 00092488 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll 2013-06-25 17:24 - 2013-06-25 17:24 - 00149832 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll 2013-06-25 17:24 - 2013-06-25 17:24 - 00178504 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll 2014-01-10 06:28 - 2014-01-10 06:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll 2015-01-13 19:13 - 2015-01-09 10:05 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-10-16 17:33 - 2014-10-16 17:33 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\92a1650dbe9fad5f46633b835420e1a8\IsdiInterop.ni.dll 2012-06-01 01:52 - 2011-11-29 19:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2012-06-01 01:51 - 2011-12-16 19:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Liebe\Downloads\DivX.Web.Player.Installer__8420_i1429783573_il445808.exe:typelib AlternateDataStreams: C:\Users\Liebe\Downloads\DivX.Web.Player.Installer__8420_i1429803366_il451544.exe:typelib ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-2965614916-3253371305-2247639429-500 - Administrator - Disabled) Gast (S-1-5-21-2965614916-3253371305-2247639429-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2965614916-3253371305-2247639429-1002 - Limited - Enabled) Liebe (S-1-5-21-2965614916-3253371305-2247639429-1000 - Administrator - Enabled) => C:\Users\Liebe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/18/2015 04:29:16 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (01/18/2015 02:41:19 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/16/2015 06:57:05 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/16/2015 08:47:02 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/15/2015 10:05:36 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6624520 Error: (01/15/2015 10:05:36 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 6624520 Error: (01/15/2015 10:05:36 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/15/2015 08:15:15 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4056 Error: (01/15/2015 08:15:15 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 4056 Error: (01/15/2015 08:15:15 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (01/13/2015 08:11:40 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C} Error: (01/10/2015 06:32:03 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (01/10/2015 06:32:02 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (01/10/2015 06:32:02 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (01/10/2015 00:36:06 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C} Error: (01/10/2015 09:20:27 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (01/10/2015 09:20:27 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (01/10/2015 09:20:27 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (01/10/2015 09:20:27 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (01/10/2015 00:21:22 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C} Microsoft Office Sessions: ========================= Error: (01/18/2015 04:29:16 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files\CCleaner\CCleaner.exe Error: (01/18/2015 02:41:19 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/16/2015 06:57:05 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/16/2015 08:47:02 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/15/2015 10:05:36 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6624520 Error: (01/15/2015 10:05:36 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 6624520 Error: (01/15/2015 10:05:36 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/15/2015 08:15:15 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4056 Error: (01/15/2015 08:15:15 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 4056 Error: (01/15/2015 08:15:15 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz Percentage of memory in use: 50% Total physical RAM: 3994.36 MB Available physical RAM: 1971.97 MB Total Pagefile: 7986.89 MB Available Pagefile: 5275.94 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:276.29 GB) (Free:163.04 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (Recovery) (Fixed) (Total:21.51 GB) (Free:2.25 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive e: (Gehirnjogging) (CDROM) (Total:0.57 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 6992D5EF) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=276.3 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=21.5 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ==================== End Of Log ============================ FRST Logfile: Code: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-01-2015 01--- --- --- |
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code: Task: {75CB53E6-977D-46E6-B994-34A0F5C765AA} - System32\Tasks\{5E76FDED-06C7-4B37-9F79-D6725BD13D6C} => pcalua.exe -a C:\Users\Liebe\Downloads\pidsetup.exe -d C:\Users\Liebe\DownloadsSpeichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Jetzt bitte nochmal beobachten. |
Fixlog.txt Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-01-2015 01 Ran by Liebe at 2015-01-18 20:00:37 Run:4 Running from C:\Users\Liebe\Documents Loaded Profiles: Liebe (Available profiles: Liebe) Boot Mode: Normal ============================================== Content of fixlist: ***************** Task: {75CB53E6-977D-46E6-B994-34A0F5C765AA} - System32\Tasks\{5E76FDED-06C7-4B37-9F79-D6725BD13D6C} => pcalua.exe -a C:\Users\Liebe\Downloads\pidsetup.exe -d C:\Users\Liebe\Downloads AlternateDataStreams: C:\Users\Liebe\Downloads\DivX.Web.Player.Installer__8420_i1429783573_il445808.exe:typelib AlternateDataStreams: C:\Users\Liebe\Downloads\DivX.Web.Player.Installer__8420_i1429803366_il451544.exe:typelib HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2012-06-01] (EasyBits Software Corp.) C:\Windows\SysWOW64\ezUPBHook.dll R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed] ezSharedSvcHost.exe 2012-10-02 11:56 - 2014-12-16 21:55 - 0007680 _____ () C:\Users\Liebe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Emptytemp: ***************** "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{75CB53E6-977D-46E6-B994-34A0F5C765AA}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75CB53E6-977D-46E6-B994-34A0F5C765AA}" => Key deleted successfully. C:\Windows\System32\Tasks\{5E76FDED-06C7-4B37-9F79-D6725BD13D6C} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5E76FDED-06C7-4B37-9F79-D6725BD13D6C}" => Key deleted successfully. C:\Users\Liebe\Downloads\DivX.Web.Player.Installer__8420_i1429783573_il445808.exe => ":typelib" ADS removed successfully. C:\Users\Liebe\Downloads\DivX.Web.Player.Installer__8420_i1429803366_il451544.exe => ":typelib" ADS removed successfully. HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value deleted successfully. HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value deleted successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{E54729E8-BB3D-4270-9D49-7389EA579090} => value deleted successfully. "HKCR\Wow6432Node\CLSID\{E54729E8-BB3D-4270-9D49-7389EA579090}" => Key deleted successfully. C:\Windows\SysWOW64\ezUPBHook.dll => Moved successfully. ezSharedSvc => Service stopped successfully. ezSharedSvc => Service deleted successfully. ezSharedSvcHost.exe => Error: No automatic fix found for this entry. C:\Users\Liebe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => Moved successfully. EmptyTemp: => Removed 292 MB temporary data. The system needed a reboot. ==== End of Fixlog 20:00:48 ==== also jetzt ist der Taskmanager wieder mal frei.... was ist das denn für eine Bedrohung ist es ein Wurm oder ein Virus und wie kommt es dass er wieder erscheint? und wieso bekommt ihn das Antivirenprogramm nicht zu fassen bzw. entdeckt ihn noch nicht einmal? |
Das ist Adware die den IE hijacked. Kein AV schützt 100%. |
FRST Additions Logfile: Code: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-01-2015 01FRST Logfile: FRST Logfile: FRST Logfile: Code: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-01-2015 01--- --- --- --- --- --- Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-01-2015 01 Ran by Liebe at 2015-01-19 22:21:13 Run:5 Running from C:\Users\Liebe\Documents Loaded Profiles: Liebe (Available profiles: Liebe) Boot Mode: Normal ============================================== Content of fixlist: ***************** Task: {75CB53E6-977D-46E6-B994-34A0F5C765AA} - System32\Tasks\{5E76FDED-06C7-4B37-9F79-D6725BD13D6C} => pcalua.exe -a C:\Users\Liebe\Downloads\pidsetup.exe -d C:\Users\Liebe\Downloads AlternateDataStreams: C:\Users\Liebe\Downloads\DivX.Web.Player.Installer__8420_i1429783573_il445808.exe:typelib AlternateDataStreams: C:\Users\Liebe\Downloads\DivX.Web.Player.Installer__8420_i1429803366_il451544.exe:typelib HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2012-06-01] (EasyBits Software Corp.) C:\Windows\SysWOW64\ezUPBHook.dll R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed] ezSharedSvcHost.exe 2012-10-02 11:56 - 2014-12-16 21:55 - 0007680 _____ () C:\Users\Liebe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Emptytemp: ***************** HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75CB53E6-977D-46E6-B994-34A0F5C765AA} => Key not found. C:\Windows\System32\Tasks\{5E76FDED-06C7-4B37-9F79-D6725BD13D6C} not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5E76FDED-06C7-4B37-9F79-D6725BD13D6C} => Key not found. "C:\Users\Liebe\Downloads\DivX.Web.Player.Installer__8420_i1429783573_il445808.exe" => ":typelib" ADS not found. "C:\Users\Liebe\Downloads\DivX.Web.Player.Installer__8420_i1429803366_il451544.exe" => ":typelib" ADS not found. HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => Value not found. HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => Value not found. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{E54729E8-BB3D-4270-9D49-7389EA579090} => Value not found. HKCR\Wow6432Node\CLSID\{E54729E8-BB3D-4270-9D49-7389EA579090} => Key not found. "C:\Windows\SysWOW64\ezUPBHook.dll" => File/Directory not found. ezSharedSvc => Service not found. ezSharedSvcHost.exe => Error: No automatic fix found for this entry. "C:\Users\Liebe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini" => File/Directory not found. EmptyTemp: => Removed 83.8 MB temporary data. The system needed a reboot. ==== End of Fixlog 22:21:20 ==== es war weg dann im Internet rumgesurvt und da war es wieder da auf dem Taskmanager... Jetzt wieder gleiches Prozedere gemacht und wieder ist es weg... und ewig grüßt das Murmeltier.... |
Definier mal bitte "rumgesurft": Welcher Browser? Welche Seiten? |
schon wieder das Problem So jetzt isser wieder da aufm Taskmanager heisst jetzt hxxp://cdn.usersyncads.com/?s=(dann 3,4 oder 5 Zahlen die ständig wechseln) -Intern... mehr sehe ich nicht auf dem Taskmanager. Ab und zu nennt sich die Seite auch timesherold.com oder cycling.com. Nachwievor auf dem Internetexplorer zu finden und ist nicht zu öffnen oder zu schliessen. Nur auf dem Taskmanager bleibt sie zu finden. Ich surfe manchmal in einem Erotikforum wo wir angemeldet sind (Joyclub). Ich dachte schon dass dort die Ursache liegen könnte. Allerdings tauchte diese Seite wieder auf ohne dass ich darauf war. Ich weiss natürlich nicht wo meine beiden pubertierenden Kinder noch draufwaren. Allerdings haben die ihren eigenen PC bzw Laptop. Was kann ich machen? Auf em Laptop sind wir eigentlich nur im Firefox. Die Seite im Taskmanager befindet sich aber im InternetExplorer. |
Downloade Dir HitmanProhttp://deeprybka.trojaner-board.de/b.../hitmanpro.pngauf Deinen Desktop: HitmanPro-32 Bit Version HitmanPro-64 Bit Version
|
Hier kommt die Logdatei Code: HitmanPro 3.7.9.234 |
POste jetzt bitte nochmal ein frisches FRST log. |
frst log FRST Logfile: FRST Logfile: Code: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01--- --- --- Habe einen Neustart gemacht leider ist die Seite immer noch da auf dem Taskmanager. Als ich den FRST machte erschien kurzerhand das gleiche Bild des FRsT-Scan um augenblicklich wieder zu verschwinden mit ihm öffnete sich ein weiteres Fenster welches auch mitverschwand.... Vielleicht sagt dir ja das etwas. LG rossel13 |
Ich würde ja jetzt Daten sichern und neu aufsetzen. Ausser du hast Bock weiter rum zu probieren, dann machen wir weiter. |
wie gehe ich denn da vor beim neuaufsetzen? ich glaube nicht dass ich eine "Discovery-CD" habe. Kenne mich auch nicht so gut aus wie ich da vorgehen muss ohne Daten zu verlieren bzw. auf was ich achten muss. |
Also erstmal speicherst Du jetzt alle wichtigen persönlichen Daten extern, dann meldest Du dich wieder, dann machen wir das :) |
könnte die malware sich nicht an irgendwelche Daten dranhängen? Bist du denn jetzt zur Bereit und kannst mich anleiten? LG rossel13 |
Nein, du sollst ja nur deine privaten wichtigen Daten wie Bilder, Texte, Musik und Videos speichern. Da passiert nix. http://www.trojaner-board.de/104197-...anleitung.html |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 15:59 Uhr. |
Copyright ©2000-2025, Trojaner-Board
dann auf 
und dann auf 
. 
WARNUNG an die MITLESER: 