Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   WIN 7: TR/ADH.PA hat mein System kompromittiert (https://www.trojaner-board.de/168325-win-7-tr-adh-pa-hat-system-kompromittiert.html)

totalrookie 29.06.2015 19:14
WIN 7: TR/ADH.PA hat mein System kompromittiert
 
Hallo zusammen,

Leider hab ich meinen Laptop 2 Mal neu aufgesetzt nachdem ich Viren gefunden habe.
Ich habe auf meinem WIN 7 Prof Laptop einen Suchlauf mit Avira durchlaufen lassen und festgestellt folgende Schädlinge sind auf meinem Rechner:

• TR/Dldr.Troxen.723
• TR/Rogue.7742279
• TR/Dldr.Troxen723
TR/ADH.PA
• ADWARE/Adware.Gen2
• ADWARE/Adware.Gen2
• ADWARE/Adware.Gen2
• TR/ADH.PA
• PUA/DownloadSponsor.Gen
• TR/Dldr.Troxen.723

Kann mir jemand helfen dieses Ding wegzukriegen? Das letzte was ich bekommen hab war eben TR/ADH.PA. Ich hab auch Screenshots von den Ungereimtheiten gemacht. Beispielsweise hat der Sharebrowser von Bysoft seltsame Freigaben angezeigt. Die Hijackthis file konnte wegen der Hostdatei nicht komplett erstellt werden. Passwörter hab ich von meinem Smartphone im gleichen WLAN geändert. Aber bis jetzt wurden keine Passwörter abgeändert.

Wie soll ich mich weiter verhalten? Ich hab viele Logdateien vor dem Neuaufsetzen gemacht. Bitte sagt mir nur was ich posten soll.
Hab mittlerweile gefährliches Halbwissen, also können wir dieses Ding schon löschen…hoffentlich. :-)
Ab jetzt geh ich mit einem anderen Rechner ins Netz.

Mit freundlichen Grüßen

total rookie

cosinus 29.06.2015 19:21
Hi,

bitte alle Logs posten....

Zitat:
Ich hab viele Logdateien vor dem Neuaufsetzen gemacht. Bitte sagt mir nur was ich posten soll.
Wieso neu aufsetzen? Dann macht diese Logerstellerei und Auswerterei keinen Sinn...

totalrookie 29.06.2015 20:25
Fehlermeldung beim Starten von verschiedenen Tools


Code:
Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "o2" zum Namen "ROOKIE-LAPTOP" auf Transport "NetBT_Tcpip_{1A22C890-40B9-4C69-BBFB-3". Das Datagramm steht in den Daten. Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.
Code:
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Winlogon\Notifications\Components\TrustedInstaller\Events
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
Code:
Es wurde festgestellt, dass Ihre Registrierungsdatei noch von anderen Anwendungen oder Diensten verwendet wird. Die Datei wird nun entladen. Die Anwendungen oder Dienste, die Ihre Registrierungsdatei anhalten, funktionieren anschließend u. U. nicht mehr ordnungsgemäß.
Code:
DETAIL -
 3 user registry handles leaked from \Registry\User\S-1-5-21-2870278460-3259346148-2740153917-1000:
Process 1324 (\Device\HarddiskVolume2\Program Files\Avira\Launcher\Avira.ServiceHost.exe) has opened key \REGISTRY\USER\S-1-5-21-2870278460-3259346148-2740153917-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall
Process 1324 (\Device\HarddiskVolume2\Program Files\Avira\Launcher\Avira.ServiceHost.exe) has opened key \REGISTRY\USER\S-1-5-21-2870278460-3259346148-2740153917-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall
Process 2324 (\Device\HarddiskVolume2\Program Files\Avira\Antivirus\avguard.exe) has opened key \REGISTRY\USER\S-1-5-21-2870278460-3259346148-2740153917-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Die erste Hijackthis Log. Wegen der Hostdatei funktionierte der Scan nicht richtig.
Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:58:57, on 18.06.2015
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe
C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\SYSS\PROCEXP.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Felix\AppData\Local\Temp\Rar$EXa0.661\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Everything] "C:\Program Files\Everything\Everything.exe" -startup
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [GUDelayStartup] "C:\Program Files\Glary Utilities 5\StartupManager.exe" -delayrun
O4 - HKCU\..\Run: [NETGEARGenie] "C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{58AE2FD9-7A5D-4494-A58F-20FCB276DA4B}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4079F33-AF60-4E64-84B5-93BE3FCFD04D}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Email-Schutz (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit-Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Browser-Schutz (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: IRZSV - Sysinternals - www.sysinternals.com - C:\Users\Felix\AppData\Local\Temp\IRZSV.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MWOLVQETWVZUA - Sysinternals - www.sysinternals.com - C:\Users\Felix\AppData\Local\Temp\MWOLVQETWVZUA.exe
O23 - Service: NetDrive Service (ndsvc) - Bdrive Inc. - C:\Program Files\NetDrive\ndsvc.exe
O23 - Service: NETGEARGenieDaemon - NETGEAR - C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
O23 - Service: NRWVRK - Sysinternals - www.sysinternals.com - C:\Users\Felix\AppData\Local\Temp\NRWVRK.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QRZYPICL - Sysinternals - www.sysinternals.com - C:\Users\Felix\AppData\Local\Temp\QRZYPICL.exe
O23 - Service: SCICTEKNPSBW - Sysinternals - www.sysinternals.com - C:\Users\Felix\AppData\Local\Temp\SCICTEKNPSBW.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: VQ - Sysinternals - www.sysinternals.com - C:\Users\Felix\AppData\Local\Temp\VQ.exe

--
End of file - 6457 bytes
gmer rootkit malware_log. Ich glaub das war bevor ich ihn neu aufgesetzt habe.

Code:
GMER 1.0.14.14536 - hxxp://www.gmer.net
Rootkit scan 2015-06-19 19:08:19
Windows 6.1.7601 Service Pack 1


---- System - GMER 1.0.14 ----

SSDT            93253C7E                                                                                                                    ZwCreateSection
SSDT            93253C56                                                                                                                    ZwCreateSymbolicLinkObject
SSDT            93253C5B                                                                                                                    ZwLoadDriver
SSDT            93253C51                                                                                                                    ZwOpenSection
SSDT            93253C88                                                                                                                    ZwRequestWaitReplyPort
SSDT            93253C83                                                                                                                    ZwSetContextThread
SSDT            93253C8D                                                                                                                    ZwSetSecurityObject
SSDT            93253C60                                                                                                                    ZwSetSystemInformation
SSDT            93253C92                                                                                                                    ZwSystemDebugControl
SSDT            93253C1F                                                                                                                    ZwTerminateProcess
SSDT            93253C1A                                                                                                                    ZwWriteVirtualMemory

INT 0x1F        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                    83452AF8
INT 0x37        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                    83452104
INT 0xC1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                    834523F4
INT 0xD1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                    8343A634
INT 0xD2        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                    8343A898
INT 0xDF        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                    834521DC
INT 0xE1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                    83452958
INT 0xE3        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                    834526F8
INT 0xFD        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                    83452F2C
INT 0xFE        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                    834531A8

---- Kernel code sections - GMER 1.0.14 ----

.text          ntkrnlpa.exe!ZwRequestPort + 14AD                                                                                          8305CBB5 1 Byte  [ 06 ]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A4                                                                                      83096B94 17 Bytes  [ BA, F0, 07, 73, 09, 0F, 22, ... ]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                                        8309E0BC 4 Bytes  [ 7E, 3C, 25, 93 ]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 11FF                                                                                        8309E0C4 4 Bytes  [ 56, 3C, 25, 93 ]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1313                                                                                        8309E1D8 4 Bytes  [ 5B, 3C, 25, 93 ]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 13AF                                                                                        8309E274 4 Bytes  [ 51, 3C, 25, 93 ]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                                                        8309E418 4 Bytes  [ 88, 3C, 25, 93 ]
.text          ...                                                                                                                       
.text          peauth.sys                                                                                                                  A062FC9D 28 Bytes  [ D0, 9D, DF, FC, 83, 58, 76, ... ]
.text          peauth.sys                                                                                                                  A062FCC1 28 Bytes  [ D0, 9D, DF, FC, 83, 58, 76, ... ]
PAGE            peauth.sys                                                                                                                  A0635B9B 72 Bytes  [ 86, BC, 77, 87, 0F, E1, C7, ... ]
PAGE            peauth.sys                                                                                                                  A0635BEC 111 Bytes  [ E4, 18, B7, 9A, F1, 95, EB, ... ]
PAGE            peauth.sys                                                                                                                  A063602C 102 Bytes  [ 15, B3, 8B, 27, 89, 27, 83, ... ]

---- User code sections - GMER 1.0.14 ----

.text          C:\Program Files\Mozilla Firefox\firefox.exe[2316] ntdll.dll!NtCreateFile                                                  77A35620 5 Bytes  JMP 5F9D0BCB C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[2316] ntdll.dll!NtFlushBuffersFile                                            77A359B0 5 Bytes  JMP 5F9D0916 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[2316] ntdll.dll!NtQueryFullAttributesFile                                      77A36040 5 Bytes  JMP 5F9D0A43 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[2316] ntdll.dll!NtReadFile                                                    77A36310 5 Bytes  JMP 5F9D0950 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[2316] ntdll.dll!NtReadFileScatter                                              77A36320 5 Bytes  JMP 5FCE9BCE C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[2316] ntdll.dll!NtWriteFile                                                    77A36AC0 5 Bytes  JMP 5F9D0D6F C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[2316] ntdll.dll!NtWriteFileGather                                              77A36AD0 5 Bytes  JMP 5FCE9C1E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[2316] ntdll.dll!LdrLoadDll                                                    77A524C6 5 Bytes  JMP 6763921C C:\Program Files\Mozilla Firefox\mozglue.dll (Mozilla Foundation)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[2316] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D                            7769952E 7 Bytes  JMP 5FCD5622 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[2316] kernel32.dll!QueryPerformanceCounter + 13                                7769C535 7 Bytes  JMP 5FCD6DFA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[2316] kernel32.dll!LoadAppInitDlls + 355                                      7769F5F6 7 Bytes  JMP 5FA76358 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[2316] USER32.dll!GetWindowInfo                                                77594B5E 5 Bytes  JMP 606E8E4A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[2316] GDI32.dll!GetViewportOrgEx + 26C                                        77B9884B 7 Bytes  JMP 5FCD3E16 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- User IAT/EAT - GMER 1.0.14 ----

IAT            C:\Windows\system32\rundll32.exe[1328] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                      [758AFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\system32\rundll32.exe[1328] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                        [758AFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\system32\rundll32.exe[1328] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]                    [758AFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\system32\rundll32.exe[1328] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                      [758AFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2188] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                            [7464249F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2188] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                        [74625652] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2188] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                      [74625710] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2188] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                              [7464251A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2188] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                                    [7463857E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2188] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                      [74634D32] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2188] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                    [746350D9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2188] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                                    [746351AE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2188] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]                          [746366DB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2188] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                    [746382D5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2188] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                                [74638824] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2188] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                              [74639085] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2188] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                                    [7463E228] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2188] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                        [74634C64] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[2384] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                      [758AFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[2384] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                        [758AFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[2384] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]                    [758AFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[2384] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                      [758AFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe[2460] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [758AFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe[2460] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]    [758AFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe[2460] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [758AFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe[2460] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]  [758AFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe[2460] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]  [758AFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe[2800] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [758AFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe[2800] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]      [758AFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe[2800] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [758AFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe[2800] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]    [758AFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe[2800] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]    [758AFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Users\Felix\Downloads\gmer\gmer.exe[5196] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                [758AFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Users\Felix\Downloads\gmer\gmer.exe[5196] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                  [758AFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Users\Felix\Downloads\gmer\gmer.exe[5196] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                [758AFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Users\Felix\Downloads\gmer\gmer.exe[5196] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]              [758AFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Users\Felix\Downloads\gmer\gmer.exe[5196] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]                [758AFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\explorer.exe[5964] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc]                                            [7464249F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\explorer.exe[5964] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup]                                        [74625652] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\explorer.exe[5964] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown]                                      [74625710] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\explorer.exe[5964] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree]                                              [7464251A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\explorer.exe[5964] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics]                                    [7463857E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\explorer.exe[5964] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage]                                      [74634D32] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\explorer.exe[5964] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth]                                    [746350D9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\explorer.exe[5964] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight]                                    [746351AE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\explorer.exe[5964] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP]                          [746366DB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\explorer.exe[5964] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC]                                    [746382D5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\explorer.exe[5964] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode]                                [74638824] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\explorer.exe[5964] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode]                              [74639085] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\explorer.exe[5964] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI]                                    [7463E228] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\explorer.exe[5964] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage]                                        [74634C64] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.14 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                      rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                      rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                      rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                      rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                                      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                                      rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004d                                                                                          halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Registry - GMER 1.0.14 ----

Reg            HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0016cee67296                                               
Reg            HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0016cee67296@0cfc832404ac                                    0x94 0x44 0xB2 0xE8 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0016cee67296@b8d9ce950e2d                                    0xEE 0x49 0x9D 0x56 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0016cee67296@000272e40d09                                    0xAA 0x27 0x3E 0xDC ...
Reg            HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0016cee67296                                                   
Reg            HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0016cee67296@0cfc832404ac                                        0x94 0x44 0xB2 0xE8 ...
Reg            HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0016cee67296@b8d9ce950e2d                                        0xEE 0x49 0x9D 0x56 ...
Reg            HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0016cee67296@000272e40d09                                        0xAA 0x27 0x3E 0xDC ...
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active                                         
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@6CDBF4B7                                477

---- EOF - GMER 1.0.14 ----
FRST

[CODE]Additional
FRST Logfile:
Code:
scan result of Farbar Recovery Scan Tool (x86) Version: 28-06-2015 01
Ran by Test at 2015-06-29 19:10:56
Running from C:\Users\Test\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-842833987-1011056286-3756103870-500 - Administrator - Disabled)
Gast (S-1-5-21-842833987-1011056286-3756103870-501 - Limited - Disabled)
Test (S-1-5-21-842833987-1011056286-3756103870-1000 - Administrator - Enabled) => C:\Users\Test

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: Kaspersky Total Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Total Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Kaspersky Total Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Audacity 2.1.0 (HKLM\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
BySoft Network Share Browser 1.0 (HKLM\...\BySoft Network Share Browser) (Version: 1.0 - BySoft)
FreeCommander XE (HKLM\...\FreeCommander XE_is1) (Version:  - Marek Jasinski)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Kaspersky Total Security (HKLM\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.361 - Kaspersky Lab)
Kaspersky Total Security (Version: 15.0.2.361 - Kaspersky Lab) Hidden
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 de) (HKLM\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
Mozilla Thunderbird 38.0.1 (x86 de) (HKLM\...\Mozilla Thunderbird 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
NetDrive (HKLM\...\NetDrive) (Version: 1.3.4.0 - Bdrive Inc.)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
NVIDIA PhysX (HKLM\...\{8AAB4176-A747-493A-A42C-B63CFADFD8E3}) (Version: 9.09.0010 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WSCC 2.5.0.0 (HKLM\...\WSCC_is1) (Version:  - KirySoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

25-06-2015 15:19:01 Installed Microsoft Office Home and Student 2010
26-06-2015 15:49:07 Windows Update
26-06-2015 18:29:33 Windows Update
26-06-2015 19:22:26 Windows Update
26-06-2015 23:10:46 Windows Update
27-06-2015 13:46:19 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2015-06-21 14:37 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1        www.007guard.com
127.0.0.1        007guard.com
127.0.0.1        008i.com
127.0.0.1        www.008k.com
127.0.0.1        008k.com
127.0.0.1        www.00hq.com
127.0.0.1        00hq.com
127.0.0.1        010402.com
127.0.0.1        www.032439.com
127.0.0.1        032439.com
127.0.0.1        www.0scan.com
127.0.0.1        0scan.com
127.0.0.1        1000gratisproben.com
127.0.0.1        www.1000gratisproben.com
127.0.0.1        1001namen.com
127.0.0.1        www.1001namen.com
127.0.0.1        100888290cs.com
127.0.0.1        www.100888290cs.com
127.0.0.1        www.100sexlinks.com
127.0.0.1        100sexlinks.com
127.0.0.1        10sek.com
127.0.0.1        www.10sek.com
127.0.0.1        www.1-2005-search.com
127.0.0.1        1-2005-search.com
127.0.0.1        123fporn.info
127.0.0.1        www.123fporn.info
127.0.0.1        123haustiereundmehr.com
127.0.0.1        www.123haustiereundmehr.com
127.0.0.1        123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {9F73BEA3-BF46-4A8D-A27E-34D7DB138AF7} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (Whitelisted) ==============

2011-03-22 10:08 - 2011-03-22 10:08 - 00138752 _____ () C:\Program Files\NetDrive\libexpat.dll
2015-06-21 14:13 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-06-21 14:13 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-06-21 14:13 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-06-21 14:13 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-06-21 14:13 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-12-23 16:54 - 2014-12-23 16:54 - 00338216 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\nponlinebanking.dll
2014-12-23 16:54 - 2014-12-23 16:54 - 00502056 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
2014-12-23 16:54 - 2014-12-23 16:54 - 00608040 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\27319205.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\27319205.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7866 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-842833987-1011056286-3756103870-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Test\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{BB434D9A-4F3D-4B64-AB11-03A16F865050}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{11C326DC-82DB-4EAD-B2D8-266B4E8B4A35}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{6E933BC9-7512-468F-99E5-A710E962B44C}] => (Allow) C:\Program Files\NetDrive\ndsvc.exe
FirewallRules: [{767D21CF-03DE-4FED-B106-9CBC82456EF9}] => (Allow) C:\Program Files\NetDrive\ndsvc.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: SMSC Fast Infrared Driver
Description: SMSC Fast Infrared Driver
Class Guid: {6bdd1fc5-810f-11d0-bec7-08002be2092f}
Manufacturer: SMSC
Service: SMSCIRDA
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: PCI FLASH-Speicher
Description: PCI FLASH-Speicher
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/29/2015 04:35:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/29/2015 03:42:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/29/2015 11:03:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.2.1.0, Zeitstempel: 0x00000004
Name des fehlerhaften Moduls: libqt4_plugin.dll, Version: 2.2.1.0, Zeitstempel: 0x00020002
Ausnahmecode: 0x40000015
Fehleroffset: 0x007ca10a
ID des fehlerhaften Prozesses: 0x9d0
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3

Error: (06/29/2015 09:37:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/28/2015 10:33:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/28/2015 00:53:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/28/2015 09:54:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/28/2015 00:55:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/27/2015 02:03:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/27/2015 01:59:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/29/2015 03:46:32 PM) (Source: Microsoft Antimalware) (EventID: 1119) (User: )
Description: Beim Anwenden von Aktionen auf Schadsoftware und potenziell unerwünschte Software wurde von %Behavior:Win32/Teerac.gen!A60 ein schwerwiegender Fehler festgestellt.

Weitere Informationen finden Sie hier:
%Behavior:Win32/Teerac.gen!A603

        Name: Behavior:Win32/Teerac.gen!A

        ID: 2147689325

        Schweregrad: %Behavior:Win32/Teerac.gen!A600

        Kategorie: %Behavior:Win32/Teerac.gen!A602

        Pfad: 4.8.0204.02

        Ursprung der Erkennung: 4.8.0204.04

        Typ der Erkennung: 4.8.0204.08

        Quelle der Erkennung: %Behavior:Win32/Teerac.gen!A608

        Benutzer: {0BA10BA5-6FAC-48D1-827E-CA8D7CD830FC}9

        Prozessname: %Behavior:Win32/Teerac.gen!A609

        Aktion: {0BA10BA5-6FAC-48D1-827E-CA8D7CD830FC}1

        Aktionsstatus:  {0BA10BA5-6FAC-48D1-827E-CA8D7CD830FC}8

        Fehlercode: {0BA10BA5-6FAC-48D1-827E-CA8D7CD830FC}3

        Fehlerbeschreibung: {0BA10BA5-6FAC-48D1-827E-CA8D7CD830FC}4

        Signaturversion: 2015-06-29T13:46:05.044Z1

        Modulversion: 2015-06-29T13:46:05.044Z2

Error: (06/29/2015 09:49:02 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {B8FB4AD7-EA4A-4B47-BFDC-BFC94160A8EA}

Error: (06/28/2015 02:31:41 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.

Error: (06/28/2015 10:08:48 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {B8FB4AD7-EA4A-4B47-BFDC-BFC94160A8EA}

Error: (06/28/2015 00:57:59 AM) (Source: Microsoft Antimalware) (EventID: 1119) (User: )
Description: Beim Anwenden von Aktionen auf Schadsoftware und potenziell unerwünschte Software wurde von %Behavior:Win32/Teerac.gen!A60 ein schwerwiegender Fehler festgestellt.

Weitere Informationen finden Sie hier:
%Behavior:Win32/Teerac.gen!A603

        Name: Behavior:Win32/Teerac.gen!A

        ID: 2147689325

        Schweregrad: %Behavior:Win32/Teerac.gen!A600

        Kategorie: %Behavior:Win32/Teerac.gen!A602

        Pfad: 4.8.0204.02

        Ursprung der Erkennung: 4.8.0204.04

        Typ der Erkennung: 4.8.0204.08

        Quelle der Erkennung: %Behavior:Win32/Teerac.gen!A608

        Benutzer: {A2A12F3F-1FFD-48CA-B634-A0CE25313894}9

        Prozessname: %Behavior:Win32/Teerac.gen!A609

        Aktion: {A2A12F3F-1FFD-48CA-B634-A0CE25313894}1

        Aktionsstatus:  {A2A12F3F-1FFD-48CA-B634-A0CE25313894}8

        Fehlercode: {A2A12F3F-1FFD-48CA-B634-A0CE25313894}3

        Fehlerbeschreibung: {A2A12F3F-1FFD-48CA-B634-A0CE25313894}4

        Signaturversion: 2015-06-27T22:57:42.873Z1

        Modulversion: 2015-06-27T22:57:42.873Z2

Error: (06/27/2015 04:22:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Computerbrowser" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (06/27/2015 04:22:49 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Browser erreicht.

Error: (06/27/2015 04:16:55 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.

Error: (06/27/2015 11:00:36 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {B8FB4AD7-EA4A-4B47-BFDC-BFC94160A8EA}

Error: (06/26/2015 06:19:08 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.


Microsoft Office:
=========================
Error: (06/29/2015 04:35:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/29/2015 03:42:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/29/2015 11:03:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.2.1.000000004libqt4_plugin.dll2.2.1.00002000240000015007ca10a9d001d0b24a77e584f0C:\Program Files\VideoLAN\VLC\vlc.exeC:\Program Files\VideoLAN\VLC\plugins\gui\libqt4_plugin.dllb9009d86-1e3d-11e5-9868-0016d44f11e6

Error: (06/29/2015 09:37:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/28/2015 10:33:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/28/2015 00:53:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/28/2015 09:54:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/28/2015 00:55:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/27/2015 02:03:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/27/2015 01:59:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz
Percentage of memory in use: 49%
Total physical RAM: 3070.12 MB
Available physical RAM: 1540.43 MB
Total Pagefile: 6138.55 MB
Available Pagefile: 4386.3 MB
Total Virtual: 2047.88 MB
Available Virtual: 1870.07 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:75.53 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 0003CD26)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

==================== End of log ============================
--- --- ---

Die aktuelle HJT Log, immernoch das Hostdateiproblem.

Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:51:46, on 22.06.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\avpui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Test\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: VirtualKeyboardBrowserHelperObject - {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {93BC2EA7-2F17-4729-948A-D2E03FFB2412} - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll
O2 - BHO: Safe Money Plugin - {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O9 - Extra button: Virtuelle Tastatur - {5547CE1F-74E9-41E5-9CBF-5211ECC37341} - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Kaspersky Anti-Virus Service 15.0.2 (AVP15.0.2) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe

--
End of file - 3274 bytes
Das sind so die aktuellen Logs. Des war leider eine Kurzschlussreaktion mit dem Windows neu installieren.:nono: Ich wäre euch aber trotzdem sehr dankbar, wenn ihr mir helfen könnt das System zu säubern.:applaus: Ich hatte auch schon Angst, es wäre ein BIOS Rootkit!

Ich muss nochmal überlegen, wann ich das System neu aufgesetzt habe. Ich glaube es war am 18.06.15

Also nochmal danke.

cosinus 29.06.2015 22:33
Wenn du neu installiert hast gibt es da nix mehr zu säubern. Jedenfalls nicht das, was mit dem Urspung deiner Frage zu tun hatte.

totalrookie 30.06.2015 10:21
Das bedeutet, dass noch mehr Sicherheitslücken in meinem System jetzt sein könnten, oder? :eek:
Cosinus, ich weiß ich hab Mist gebaut, aber was könnte ich jetzt noch machen?:headbang:
Kann ich das noch durchführen? "hxxp://www.bestsafeguardtools.com/Unknown/how+to+remove+TR%252FADH.PA.trojan.html"
Kennt ihr diesen Spy-Hunter-Installer.exe? Der auf der Seite angeboten ist? Oder ist der selbst ein Virus?

Grüße

cosinus 30.06.2015 10:33
Ich weiß ja nicht welches Posting du gelesen hast, aber meins mit Sicherheit nicht. Also nochmal:

1. du hast Adware
2. du formatierst
3. Adware ist weg
4. cosinus sagt dir, nach Formatierung ist Adware weg

Jetzt erklär doch mal wie du jetzt auf Sicherheitslücken und Mist bauen kommst :crazy:

Und was überhaupt an Problem offen ist nach der Neuinstallierei...

totalrookie 30.06.2015 10:49
Zitat:
Jedenfalls nicht das, was mit dem Urspung deiner Frage zu tun hatte.
Das hab ich mit Sicherheitslücken gemeint. Aber egal. Wenn das Problem jetzt behoben ist, dann passts ja. Also dann bedanke ich mich. :dankeschoen:
Kann man dann das Thema jetzt schließen?

Gruß
totalrookie

cosinus 30.06.2015 11:41
Wie gesagt, wenn du formatiert hast, ist die Werbung weg.

Das ändert aber nix daran, dass du dir wieder das neu installierte System mit Werbung verhunzen kannst.

Zitat:
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: Kaspersky Total Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
Beide Scanner gehen nicht, einer muss runter.

totalrookie 30.06.2015 13:35
Liste der Anhänge anzeigen (Anzahl: 4)
Hallo Cosinus,

scheinbar reden wir schon die ganze Zeit aneinander vorbei. ;-) Mir geht’s hier gar nicht um Adware. Mir geht es um diesen Trojaner TR/ADH.PA. Der hat, wie ich am Anfangspost erwähnt habe, quasi den Laptop aufgemacht wie ein Scheunentor.

Ich hänge jetzt einfach mal die Fehlermeldungen und Screenshots die mich stutzig machten an, dass auf einmal alle Laufwerke freigegeben waren, als ich den Rechner mit meiner PS3 zum Mediacenter machen wollte. Ich hab auch einen Link vorher gepostet, der sagt, dass dieser Trojaner gefährlich ist.

Mit Sysinterals Rootkit Revealer hab ich versucht das Ding zu löschen, doch da kam nur eine Fehlermeldung. Die Hijackthis kann ich immer noch nicht starten, wegen der Hostdatei.
Ich will nur dass mein Laptop wieder benutzt werden kann.

Danke ich werde den Scanner von Microsoft deaktivieren, oder?

Grüße

cosinus 30.06.2015 13:45
Zitat:
scheinbar reden wir schon die ganze Zeit aneinander vorbei. ;-) Mir geht’s hier gar nicht um Adware. Mir geht es um diesen Trojaner TR/ADH.PA. Der hat, wie ich am Anfangspost erwähnt habe, quasi den Laptop aufgemacht wie ein Scheunentor.
Nö, du verstehst nicht, dass du alles wegformatiert hast. Ob Adware oder sonstwas, das befallene OS hast du wegformatiert.

Und vergiss mal das steinzeitlich Hijackthis, das ist für heutige Analysen nicht mehr zu gebrauchen.

totalrookie 30.06.2015 13:53
Achso, ich dachte da kann noch was in der Registry drin sein, auch wenn ich eben alles formatiert habe. Na dann ist ja alles prima. Also dann vielen Dank. Dann brauch ich mir erstmal keine Sorgen mehr zu machen.
OK, Hijackthis ist veraltet. Also am Besten bei euch im Forum die Postregeln durchschauen. Da werden dann schon die richtigen Hilfsmittel genannt.

cosinus 30.06.2015 14:21
Die Registry ist doch auch "nur" auf der Platte abgelegt.
Überschreibst du die Platte, ist auch die Registry der versifften Windows-Installation im Nirvana.

totalrookie 30.06.2015 14:34
Also doch... ja ja meine versiffte Windowsinstallation :lach:
Deswegen Linux bei dir. :daumenhoc
Ich hab halt mal von einem BIOS Rootkit gehört. Hab mich halt dann gleich reingesteigert und das Schlimmste vermutet.

Cosinus: Friede mit Dir und dem Laptop!:dankeschoen:

cosinus 30.06.2015 14:37
Das eine hat nix mit dem anderen direkt zu tun. Zudem nutze ich auch Windows und es ist kein Hexenwerk das sauberzuhalten. Nur ist der Aufwand dafür viel größer, Wartung und Pflege ist in modernen Linux-Distros sehr viel komfortabler als die für Windows.


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:09 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28