Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: bizcoahing

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.07.2013, 20:58   #16
milkit54
 
bizcoahing - Standard

bizcoahing



Hallo Leo,
habe ich leider nicht. also noch einmal von vorne.
ich werde jetzt erst einmal die Programme runterladen und morgen früh mit frischen Mut erneut die Sache angehen.
Da meine Internet Verbindung über einen Stick läuft wird sie öfter unterbrochen und dann dauert es ziemlich lange bis ich dort weitermachen kann.
Daneben habe ich akt. eine Harnröhren OP und einen Katheder, so dass ich ständig rennen. muß. also bitte ich um Nachsicht und danke für die Zeit welche du her investierst.
Gruß Michael

Alt 30.09.2013, 18:24   #17
aharonov
/// TB-Ausbilder
 
bizcoahing - Standard

bizcoahing



Weiter geht's:


Downloade dir bitte Farbar Recovery Scan Tool 64-Bit und speichere es auf den Desktop.
  • Starte die FRST64.exe.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieser beiden Logfiles bitte hier in deinen Thread.
__________________

__________________

Alt 01.10.2013, 11:53   #18
milkit54
 
bizcoahing - Standard

bizcoahing



Hallo Leo,
das war eine Nacht. Ich hoffe ich habe es hinbekommen. Eset ist zwischendurch mehrmals abgestürzt dadurch war meine online Verbindung (stick) weg also wieder von vorne. Na ja mal sehen was du sagst.

by the way im Moment erhalte ich immer wenn ich einen neuen TAB in Firefox öffne folgende Nachricht: "SyntaxError: JSON.parse: unexpected end of data"

Nun die einzelnen Schritte:
Schritt 1OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 01.10.2013 12:13:55 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Micha\Desktop\TrojanerBoard Programme
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,79 Gb Available Physical Memory | 39,50% Memory free
4,22 Gb Paging File | 2,56 Gb Available in Paging File | 60,71% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,05 Gb Total Space | 86,98 Gb Free Space | 58,36% Space Free | Partition Type: NTFS
Drive D: | 15,54 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MICHA-PC | User Name: Micha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Micha\Desktop\TrojanerBoard Programme\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe ()
PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Nero\Nero PhotoShow 4\data\Xtras\mssysmgr.exe (Nero AG / Nero Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\LocaleMgrPlugin.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\SMSPlugin.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\NotifyServicePlugin.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\ConfigFilePlugin.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\DeviceMgrPlugin.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\NetInfoPlugin.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\DialUpPlugin.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\DeviceMgrUIPlugin.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\NDISAPI.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\atcomm.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\DetectDev.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\FileManager.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\XCodec.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\DeviceOperate.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\isaputrace.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe (McAfee, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FPLService) -- C:\Programme\TrueSuite\TrueSuite.Service.exe (AuthenTec, Inc)
SRV - (ATService) -- C:\Programme\Fingerprint Sensor\ATService.exe (AuthenTec, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\DRIVERS\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwusbdev) -- C:\Windows\SysNative\DRIVERS\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (ATSwpWDF) -- C:\Windows\SysNative\Drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV:64bit: - (SiFilter) -- C:\Windows\SysNative\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.)
DRV:64bit: - (SiRemFil) -- C:\Windows\SysNative\DRIVERS\SiRemFil.sys (Silicon Image, Inc.)
DRV:64bit: - (Si3531) -- C:\Windows\SysNative\DRIVERS\Si3531.sys (Silicon Image, Inc)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (NETw3v64) -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys (Intel Corporation)
DRV:64bit: - (XUIF) -- C:\Windows\SysNative\Drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (Agere Systems)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-615200554-2618334879-3151254164-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.n-tv.de/
IE - HKU\S-1-5-21-615200554-2618334879-3151254164-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-615200554-2618334879-3151254164-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-615200554-2618334879-3151254164-1000\..\SearchScopes\{012A1949-82A6-4C34-9F50-85A7CF7EC628}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-615200554-2618334879-3151254164-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&r=428
IE - HKU\S-1-5-21-615200554-2618334879-3151254164-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.n-tv.de/"
FF - prefs.js..extensions.enabledAddons: toolbar%40gmx.net:2.7.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.12.10 18:11:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\Extensions
[2013.07.03 20:46:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\zakxkdnl.default\extensions
[2013.09.30 09:05:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\zyozo4z0.default-1357032961107\extensions
[2013.09.15 15:26:51 | 000,579,981 | ---- | M] () (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\firefox\profiles\zyozo4z0.default-1357032961107\extensions\toolbar@gmx.net.xpi
[2013.09.15 15:26:53 | 000,001,050 | ---- | M] () -- C:\Users\Micha\AppData\Roaming\mozilla\firefox\profiles\zyozo4z0.default-1357032961107\searchplugins\11-suche.xml
[2013.09.15 15:26:54 | 000,002,418 | ---- | M] () -- C:\Users\Micha\AppData\Roaming\mozilla\firefox\profiles\zyozo4z0.default-1357032961107\searchplugins\englische-ergebnisse.xml
[2013.09.15 15:26:53 | 000,010,701 | ---- | M] () -- C:\Users\Micha\AppData\Roaming\mozilla\firefox\profiles\zyozo4z0.default-1357032961107\searchplugins\gmx-suche.xml
[2013.09.15 15:26:53 | 000,002,432 | ---- | M] () -- C:\Users\Micha\AppData\Roaming\mozilla\firefox\profiles\zyozo4z0.default-1357032961107\searchplugins\lastminute.xml
[2013.09.15 15:26:53 | 000,005,682 | ---- | M] () -- C:\Users\Micha\AppData\Roaming\mozilla\firefox\profiles\zyozo4z0.default-1357032961107\searchplugins\webde-suche.xml
[2013.09.15 15:20:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.08.17 11:26:44 | 000,000,000 | ---D | M] (TrueSuite Website Log On) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon_toolbar@truesuite.com
[2013.09.21 09:38:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013.09.21 09:38:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.10.01 00:18:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions
[2013.10.01 00:18:07 | 000,000,000 | ---D | M] (TrueSuite Website Log On) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\websitelogon_toolbar@truesuite.com
[2013.10.01 00:18:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions
[2013.10.01 00:18:18 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O3 - HKLM\..\Toolbar: (TrueSuite Web Log On) - {A28EC2CC-FD38-40d9-9E75-657D1E0B4686} - C:\Programme\TrueSuite\TrueSuite.IEToolBar.dll (AuthenTec Inc.)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [ClientAppLogon] C:\Programme\TrueSuite\TrueSuite.ClientAppLogonExe.exe (AuthenTec, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SystemTray] C:\Programme\TrueSuite\TrueSuite.SysTray.exe (AuthenTec, Inc)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-615200554-2618334879-3151254164-1000..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAE.EXE /FU "C:\Users\Micha\AppData\Local\Temp\E_SAFAF.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-615200554-2618334879-3151254164-1000..\Run: [EPSON Stylus DX4400 Series (Kopie 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAE.EXE /FU "C:\Users\Micha\AppData\Local\Temp\E_SE18E.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-615200554-2618334879-3151254164-1000..\Run: [Nero PhotoShow Media Manager] C:\Program Files (x86)\Nero\Nero PhotoShow 4\data\Xtras\mssysmgr.exe (Nero AG / Nero Inc.)
O4 - HKU\S-1-5-21-615200554-2618334879-3151254164-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.189.244.206 193.189.244.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23720F7B-3626-4A2A-8965-BA8C0BBEE03A}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D4A8F71-CDDF-4F84-AD66-C9E4AEA99B84}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E639478-42E9-4BFD-9D0C-D0E3BCE12B86}: DhcpNameServer = 193.189.244.206 193.189.244.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFDAF5FC-DAC4-4ADB-ABBF-F050BD828A7D}: DhcpNameServer = 193.189.244.206 193.189.244.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFBEEDF4-BF56-47FD-8355-A1F9A36A7C3A}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FDEAA796-34F8-49A7-88B3-1D468AD1BE13}: DhcpNameServer = 193.189.244.206 193.189.244.225
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.07.01 23:40:32 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - D:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2010.03.11 02:26:10 | 000,000,047 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{3752f1b3-b73b-11e2-8d3e-001b77ac59a8}\Shell - "" = AutoRun
O33 - MountPoints2\{3752f1b3-b73b-11e2-8d3e-001b77ac59a8}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{3e471afe-fd31-11e2-823c-001b77ac59a8}\Shell - "" = AutoRun
O33 - MountPoints2\{3e471afe-fd31-11e2-823c-001b77ac59a8}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{4299f0fb-58bd-11e2-9f45-001e101f7fb6}\Shell - "" = AutoRun
O33 - MountPoints2\{4299f0fb-58bd-11e2-9f45-001e101f7fb6}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{44f12c07-492d-11e2-a18a-001e101f2c0e}\Shell - "" = AutoRun
O33 - MountPoints2\{44f12c07-492d-11e2-a18a-001e101f2c0e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{459f8e08-4080-11e2-8759-001b77ac59a8}\Shell - "" = AutoRun
O33 - MountPoints2\{459f8e08-4080-11e2-8759-001b77ac59a8}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{459f8e13-4080-11e2-8759-001b77ac59a8}\Shell - "" = AutoRun
O33 - MountPoints2\{459f8e13-4080-11e2-8759-001b77ac59a8}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{470cc676-49d1-11e2-b6af-0016d3868ca9}\Shell - "" = AutoRun
O33 - MountPoints2\{470cc676-49d1-11e2-b6af-0016d3868ca9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{757efc16-5a7d-11e2-8402-001e101f4da1}\Shell - "" = AutoRun
O33 - MountPoints2\{757efc16-5a7d-11e2-8402-001e101f4da1}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{9f5b187d-026e-11e3-aab4-001b77ac59a8}\Shell - "" = AutoRun
O33 - MountPoints2\{9f5b187d-026e-11e3-aab4-001b77ac59a8}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{a5c0eca6-4224-11e2-a877-001b77ac59a8}\Shell - "" = AutoRun
O33 - MountPoints2\{a5c0eca6-4224-11e2-a877-001b77ac59a8}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{d0ef7d2a-4b65-11e2-a530-001b77ac59a8}\Shell - "" = AutoRun
O33 - MountPoints2\{d0ef7d2a-4b65-11e2-a530-001b77ac59a8}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d0ef7d65-4b65-11e2-a530-001b77ac59a8}\Shell - "" = AutoRun
O33 - MountPoints2\{d0ef7d65-4b65-11e2-a530-001b77ac59a8}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{fbe9b0eb-576d-11e2-b3b3-001e101f8aaa}\Shell - "" = AutoRun
O33 - MountPoints2\{fbe9b0eb-576d-11e2-b3b3-001e101f8aaa}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.10.01 09:42:50 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Micha\Desktop\esetsmartinstaller_enu.exe
[2013.09.30 22:37:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.09.30 22:21:42 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Systweak
 
========== Files - Modified Within 30 Days ==========
 
[2013.10.01 12:07:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.10.01 10:55:02 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.10.01 10:55:02 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.10.01 09:48:35 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Micha\Desktop\esetsmartinstaller_enu.exe
[2013.10.01 08:55:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.09.30 22:21:14 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2013.09.30 21:54:55 | 000,426,176 | ---- | M] () -- C:\Users\Micha\Desktop\bizcoahing - Seite 2 - Trojaner-Board.pdf
[2013.09.29 09:13:10 | 000,017,489 | ---- | M] () -- C:\Users\Micha\Documents\Berechnung Jan 2013.ods
[2013.09.28 11:40:15 | 000,847,958 | ---- | M] () -- C:\Users\Micha\Desktop\AEC 4x4 Armoured Command Vehicle Dorchester.pdf
[2013.09.25 15:39:36 | 000,070,144 | ---- | M] () -- C:\Users\Micha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.09.21 09:53:30 | 000,663,569 | ---- | M] () -- C:\Users\Micha\Desktop\Geistig fit, auch im Alter  So wird das Alzheimer-Risiko reduziert - n-tv.de.pdf
[2013.09.21 09:38:44 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.09.15 14:13:52 | 000,255,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.09.15 11:38:49 | 000,075,241 | ---- | M] () -- C:\Users\Micha\Desktop\Bilderservice  Fehlerbehebung.pdf
 
========== Files Created - No Company Name ==========
 
[2013.09.30 21:54:51 | 000,426,176 | ---- | C] () -- C:\Users\Micha\Desktop\bizcoahing - Seite 2 - Trojaner-Board.pdf
[2013.09.28 11:40:09 | 000,847,958 | ---- | C] () -- C:\Users\Micha\Desktop\AEC 4x4 Armoured Command Vehicle Dorchester.pdf
[2013.09.21 09:53:25 | 000,663,569 | ---- | C] () -- C:\Users\Micha\Desktop\Geistig fit, auch im Alter  So wird das Alzheimer-Risiko reduziert - n-tv.de.pdf
[2013.09.21 09:38:44 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.09.19 07:45:16 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
[2013.09.15 11:38:46 | 000,075,241 | ---- | C] () -- C:\Users\Micha\Desktop\Bilderservice  Fehlerbehebung.pdf
[2013.07.02 18:02:45 | 000,000,000 | ---- | C] () -- C:\Users\Micha\defogger_reenable
[2013.05.11 10:18:30 | 000,118,692 | ---- | C] () -- C:\Users\Micha\- Kurzfassung Persönliche Wendezeit 2013,.pdf
[2013.03.09 07:40:43 | 000,002,138 | ---- | C] () -- C:\Users\Micha\AppData\Local\recently-used.xbel
[2012.12.25 19:04:20 | 000,023,888 | ---- | C] () -- C:\Users\Micha\AppData\Roaming\UserTile.png
[2012.12.21 07:17:59 | 000,070,144 | ---- | C] () -- C:\Users\Micha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.12.19 06:42:54 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2012.12.19 06:42:13 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2012.12.19 06:41:35 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.12.16 09:00:55 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2012.12.07 15:46:48 | 000,000,732 | ---- | C] () -- C:\Users\Micha\AppData\Local\d3d9caps64.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 17:29:43 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 09:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.19 01:04:28 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.03.01 05:27:54 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\FreePDF
[2013.03.28 18:46:20 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\IrfanView
[2012.12.29 10:04:47 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\OpenOffice.org
[2012.12.25 19:04:20 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\PeerNetworking
[2013.09.15 12:39:21 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\PhotoScape
[2013.03.05 14:48:28 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Simple Star
[2013.09.30 22:21:42 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Systweak
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2013.09.26 04:51:48 | 097,892,804 | ---- | M] ()(C:\Windows\SysWow64\???J) -- C:\Windows\SysWow64\ᢟ炧᭄J
[2013.09.25 16:51:38 | 097,892,804 | ---- | C] ()(C:\Windows\SysWow64\???J) -- C:\Windows\SysWow64\ᢟ炧᭄J
[2013.09.18 23:02:43 | 098,201,083 | ---- | M] ()(C:\Windows\SysWow64\???D) -- C:\Windows\SysWow64\䔭烻᭄D
[2013.09.18 23:02:43 | 098,201,083 | ---- | C] ()(C:\Windows\SysWow64\???D) -- C:\Windows\SysWow64\䔭烻᭄D

< End of report >
         
--- --- ---

Schritt 2

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f7844ab3bb4d014484b03db984ef6ea0
# engine=15314
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-01 03:34:20
# local_time=2013-10-01 05:34:20 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776573 100 100 26920 218122460 0 0
# scanned=130248
# found=2
# cleaned=0
# scan_time=5421
sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll"
sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\Users\All Users\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f7844ab3bb4d014484b03db984ef6ea0
# engine=15317
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-01 09:37:17
# local_time=2013-10-01 11:37:17 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776573 100 100 0 218144237 0 0
# scanned=130163
# found=2
# cleaned=0
# scan_time=5440
sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll"
sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\Users\All Users\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll"

Schritt 3

Results of screen317's Security Check version 0.99.73
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 11.8.800.168
Adobe Reader 10.1.8 Adobe Reader out of Date!
Mozilla Firefox (23.0.1)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Schritt 4OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 01.10.2013 12:13:55 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Micha\Desktop\TrojanerBoard Programme
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,79 Gb Available Physical Memory | 39,50% Memory free
4,22 Gb Paging File | 2,56 Gb Available in Paging File | 60,71% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,05 Gb Total Space | 86,98 Gb Free Space | 58,36% Space Free | Partition Type: NTFS
Drive D: | 15,54 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MICHA-PC | User Name: Micha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Micha\Desktop\TrojanerBoard Programme\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe ()
PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Nero\Nero PhotoShow 4\data\Xtras\mssysmgr.exe (Nero AG / Nero Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\LocaleMgrPlugin.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\SMSPlugin.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\NotifyServicePlugin.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\ConfigFilePlugin.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\DeviceMgrPlugin.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\NetInfoPlugin.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\DialUpPlugin.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\DeviceMgrUIPlugin.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\NDISAPI.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\atcomm.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\DetectDev.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\FileManager.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\XCodec.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\DeviceOperate.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\isaputrace.dll ()
MOD - C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe (McAfee, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FPLService) -- C:\Programme\TrueSuite\TrueSuite.Service.exe (AuthenTec, Inc)
SRV - (ATService) -- C:\Programme\Fingerprint Sensor\ATService.exe (AuthenTec, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\DRIVERS\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwusbdev) -- C:\Windows\SysNative\DRIVERS\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (ATSwpWDF) -- C:\Windows\SysNative\Drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV:64bit: - (SiFilter) -- C:\Windows\SysNative\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.)
DRV:64bit: - (SiRemFil) -- C:\Windows\SysNative\DRIVERS\SiRemFil.sys (Silicon Image, Inc.)
DRV:64bit: - (Si3531) -- C:\Windows\SysNative\DRIVERS\Si3531.sys (Silicon Image, Inc)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (NETw3v64) -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys (Intel Corporation)
DRV:64bit: - (XUIF) -- C:\Windows\SysNative\Drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (Agere Systems)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-615200554-2618334879-3151254164-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.n-tv.de/
IE - HKU\S-1-5-21-615200554-2618334879-3151254164-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-615200554-2618334879-3151254164-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-615200554-2618334879-3151254164-1000\..\SearchScopes\{012A1949-82A6-4C34-9F50-85A7CF7EC628}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-615200554-2618334879-3151254164-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&r=428
IE - HKU\S-1-5-21-615200554-2618334879-3151254164-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.n-tv.de/"
FF - prefs.js..extensions.enabledAddons: toolbar%40gmx.net:2.7.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.12.10 18:11:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\Extensions
[2013.07.03 20:46:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\zakxkdnl.default\extensions
[2013.09.30 09:05:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\zyozo4z0.default-1357032961107\extensions
[2013.09.15 15:26:51 | 000,579,981 | ---- | M] () (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\firefox\profiles\zyozo4z0.default-1357032961107\extensions\toolbar@gmx.net.xpi
[2013.09.15 15:26:53 | 000,001,050 | ---- | M] () -- C:\Users\Micha\AppData\Roaming\mozilla\firefox\profiles\zyozo4z0.default-1357032961107\searchplugins\11-suche.xml
[2013.09.15 15:26:54 | 000,002,418 | ---- | M] () -- C:\Users\Micha\AppData\Roaming\mozilla\firefox\profiles\zyozo4z0.default-1357032961107\searchplugins\englische-ergebnisse.xml
[2013.09.15 15:26:53 | 000,010,701 | ---- | M] () -- C:\Users\Micha\AppData\Roaming\mozilla\firefox\profiles\zyozo4z0.default-1357032961107\searchplugins\gmx-suche.xml
[2013.09.15 15:26:53 | 000,002,432 | ---- | M] () -- C:\Users\Micha\AppData\Roaming\mozilla\firefox\profiles\zyozo4z0.default-1357032961107\searchplugins\lastminute.xml
[2013.09.15 15:26:53 | 000,005,682 | ---- | M] () -- C:\Users\Micha\AppData\Roaming\mozilla\firefox\profiles\zyozo4z0.default-1357032961107\searchplugins\webde-suche.xml
[2013.09.15 15:20:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.08.17 11:26:44 | 000,000,000 | ---D | M] (TrueSuite Website Log On) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon_toolbar@truesuite.com
[2013.09.21 09:38:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013.09.21 09:38:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.10.01 00:18:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions
[2013.10.01 00:18:07 | 000,000,000 | ---D | M] (TrueSuite Website Log On) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\websitelogon_toolbar@truesuite.com
[2013.10.01 00:18:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions
[2013.10.01 00:18:18 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O3 - HKLM\..\Toolbar: (TrueSuite Web Log On) - {A28EC2CC-FD38-40d9-9E75-657D1E0B4686} - C:\Programme\TrueSuite\TrueSuite.IEToolBar.dll (AuthenTec Inc.)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [ClientAppLogon] C:\Programme\TrueSuite\TrueSuite.ClientAppLogonExe.exe (AuthenTec, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SystemTray] C:\Programme\TrueSuite\TrueSuite.SysTray.exe (AuthenTec, Inc)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-615200554-2618334879-3151254164-1000..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAE.EXE /FU "C:\Users\Micha\AppData\Local\Temp\E_SAFAF.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-615200554-2618334879-3151254164-1000..\Run: [EPSON Stylus DX4400 Series (Kopie 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAE.EXE /FU "C:\Users\Micha\AppData\Local\Temp\E_SE18E.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-615200554-2618334879-3151254164-1000..\Run: [Nero PhotoShow Media Manager] C:\Program Files (x86)\Nero\Nero PhotoShow 4\data\Xtras\mssysmgr.exe (Nero AG / Nero Inc.)
O4 - HKU\S-1-5-21-615200554-2618334879-3151254164-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.189.244.206 193.189.244.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23720F7B-3626-4A2A-8965-BA8C0BBEE03A}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D4A8F71-CDDF-4F84-AD66-C9E4AEA99B84}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E639478-42E9-4BFD-9D0C-D0E3BCE12B86}: DhcpNameServer = 193.189.244.206 193.189.244.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFDAF5FC-DAC4-4ADB-ABBF-F050BD828A7D}: DhcpNameServer = 193.189.244.206 193.189.244.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFBEEDF4-BF56-47FD-8355-A1F9A36A7C3A}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FDEAA796-34F8-49A7-88B3-1D468AD1BE13}: DhcpNameServer = 193.189.244.206 193.189.244.225
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.07.01 23:40:32 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - D:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2010.03.11 02:26:10 | 000,000,047 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{3752f1b3-b73b-11e2-8d3e-001b77ac59a8}\Shell - "" = AutoRun
O33 - MountPoints2\{3752f1b3-b73b-11e2-8d3e-001b77ac59a8}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{3e471afe-fd31-11e2-823c-001b77ac59a8}\Shell - "" = AutoRun
O33 - MountPoints2\{3e471afe-fd31-11e2-823c-001b77ac59a8}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{4299f0fb-58bd-11e2-9f45-001e101f7fb6}\Shell - "" = AutoRun
O33 - MountPoints2\{4299f0fb-58bd-11e2-9f45-001e101f7fb6}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{44f12c07-492d-11e2-a18a-001e101f2c0e}\Shell - "" = AutoRun
O33 - MountPoints2\{44f12c07-492d-11e2-a18a-001e101f2c0e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{459f8e08-4080-11e2-8759-001b77ac59a8}\Shell - "" = AutoRun
O33 - MountPoints2\{459f8e08-4080-11e2-8759-001b77ac59a8}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{459f8e13-4080-11e2-8759-001b77ac59a8}\Shell - "" = AutoRun
O33 - MountPoints2\{459f8e13-4080-11e2-8759-001b77ac59a8}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{470cc676-49d1-11e2-b6af-0016d3868ca9}\Shell - "" = AutoRun
O33 - MountPoints2\{470cc676-49d1-11e2-b6af-0016d3868ca9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{757efc16-5a7d-11e2-8402-001e101f4da1}\Shell - "" = AutoRun
O33 - MountPoints2\{757efc16-5a7d-11e2-8402-001e101f4da1}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{9f5b187d-026e-11e3-aab4-001b77ac59a8}\Shell - "" = AutoRun
O33 - MountPoints2\{9f5b187d-026e-11e3-aab4-001b77ac59a8}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{a5c0eca6-4224-11e2-a877-001b77ac59a8}\Shell - "" = AutoRun
O33 - MountPoints2\{a5c0eca6-4224-11e2-a877-001b77ac59a8}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{d0ef7d2a-4b65-11e2-a530-001b77ac59a8}\Shell - "" = AutoRun
O33 - MountPoints2\{d0ef7d2a-4b65-11e2-a530-001b77ac59a8}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d0ef7d65-4b65-11e2-a530-001b77ac59a8}\Shell - "" = AutoRun
O33 - MountPoints2\{d0ef7d65-4b65-11e2-a530-001b77ac59a8}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009.08.24 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{fbe9b0eb-576d-11e2-b3b3-001e101f8aaa}\Shell - "" = AutoRun
O33 - MountPoints2\{fbe9b0eb-576d-11e2-b3b3-001e101f8aaa}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.10.01 09:42:50 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Micha\Desktop\esetsmartinstaller_enu.exe
[2013.09.30 22:37:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.09.30 22:21:42 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Systweak
 
========== Files - Modified Within 30 Days ==========
 
[2013.10.01 12:07:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.10.01 10:55:02 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.10.01 10:55:02 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.10.01 09:48:35 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Micha\Desktop\esetsmartinstaller_enu.exe
[2013.10.01 08:55:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.09.30 22:21:14 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2013.09.30 21:54:55 | 000,426,176 | ---- | M] () -- C:\Users\Micha\Desktop\bizcoahing - Seite 2 - Trojaner-Board.pdf
[2013.09.29 09:13:10 | 000,017,489 | ---- | M] () -- C:\Users\Micha\Documents\Berechnung Jan 2013.ods
[2013.09.28 11:40:15 | 000,847,958 | ---- | M] () -- C:\Users\Micha\Desktop\AEC 4x4 Armoured Command Vehicle Dorchester.pdf
[2013.09.25 15:39:36 | 000,070,144 | ---- | M] () -- C:\Users\Micha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.09.21 09:53:30 | 000,663,569 | ---- | M] () -- C:\Users\Micha\Desktop\Geistig fit, auch im Alter  So wird das Alzheimer-Risiko reduziert - n-tv.de.pdf
[2013.09.21 09:38:44 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.09.15 14:13:52 | 000,255,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.09.15 11:38:49 | 000,075,241 | ---- | M] () -- C:\Users\Micha\Desktop\Bilderservice  Fehlerbehebung.pdf
 
========== Files Created - No Company Name ==========
 
[2013.09.30 21:54:51 | 000,426,176 | ---- | C] () -- C:\Users\Micha\Desktop\bizcoahing - Seite 2 - Trojaner-Board.pdf
[2013.09.28 11:40:09 | 000,847,958 | ---- | C] () -- C:\Users\Micha\Desktop\AEC 4x4 Armoured Command Vehicle Dorchester.pdf
[2013.09.21 09:53:25 | 000,663,569 | ---- | C] () -- C:\Users\Micha\Desktop\Geistig fit, auch im Alter  So wird das Alzheimer-Risiko reduziert - n-tv.de.pdf
[2013.09.21 09:38:44 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.09.19 07:45:16 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
[2013.09.15 11:38:46 | 000,075,241 | ---- | C] () -- C:\Users\Micha\Desktop\Bilderservice  Fehlerbehebung.pdf
[2013.07.02 18:02:45 | 000,000,000 | ---- | C] () -- C:\Users\Micha\defogger_reenable
[2013.05.11 10:18:30 | 000,118,692 | ---- | C] () -- C:\Users\Micha\- Kurzfassung Persönliche Wendezeit 2013,.pdf
[2013.03.09 07:40:43 | 000,002,138 | ---- | C] () -- C:\Users\Micha\AppData\Local\recently-used.xbel
[2012.12.25 19:04:20 | 000,023,888 | ---- | C] () -- C:\Users\Micha\AppData\Roaming\UserTile.png
[2012.12.21 07:17:59 | 000,070,144 | ---- | C] () -- C:\Users\Micha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.12.19 06:42:54 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2012.12.19 06:42:13 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2012.12.19 06:41:35 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.12.16 09:00:55 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2012.12.07 15:46:48 | 000,000,732 | ---- | C] () -- C:\Users\Micha\AppData\Local\d3d9caps64.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 17:29:43 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 09:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.19 01:04:28 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.03.01 05:27:54 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\FreePDF
[2013.03.28 18:46:20 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\IrfanView
[2012.12.29 10:04:47 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\OpenOffice.org
[2012.12.25 19:04:20 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\PeerNetworking
[2013.09.15 12:39:21 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\PhotoScape
[2013.03.05 14:48:28 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Simple Star
[2013.09.30 22:21:42 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Systweak
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2013.09.26 04:51:48 | 097,892,804 | ---- | M] ()(C:\Windows\SysWow64\???J) -- C:\Windows\SysWow64\ᢟ炧᭄J
[2013.09.25 16:51:38 | 097,892,804 | ---- | C] ()(C:\Windows\SysWow64\???J) -- C:\Windows\SysWow64\ᢟ炧᭄J
[2013.09.18 23:02:43 | 098,201,083 | ---- | M] ()(C:\Windows\SysWow64\???D) -- C:\Windows\SysWow64\䔭烻᭄D
[2013.09.18 23:02:43 | 098,201,083 | ---- | C] ()(C:\Windows\SysWow64\???D) -- C:\Windows\SysWow64\䔭烻᭄D

< End of report >
         
--- --- ---

Gehe davon aus, dass du damit etwas anfangen kannst. Freue mich auf diene nächste Nachricht Gruß Micha
__________________

Alt 01.10.2013, 12:02   #19
aharonov
/// TB-Ausbilder
 
bizcoahing - Standard

bizcoahing



Hallo Micha,

das sieht eigentlich schon ganz gut aus.

Bei dir läuft im Moment kein Antivirenprogramm:

Hinweis: Kein Antivirenprogramm

Ich sehe in deinen Logfiles kein laufendes Antivirenprogramm mit Hintergrundwächter.

Das ist gefährlich. Auch wenn so ein Wächter niemals alle Bedrohungen abwehren kann, ist er doch ein wichtiger Bestandteil, um den Rechner sauber zu halten.
Downloade und installiere bitte ein Antivirenprogramm mit Hintergrundwächter. Hier sind zwei mögliche Vorschläge:



Und hierzu:
Zitat:
by the way im Moment erhalte ich immer wenn ich einen neuen TAB in Firefox öffne folgende Nachricht: "SyntaxError: JSON.parse: unexpected end of data"
Update den Firefox mal auf die neuste Version (wie folgt). Tritt das Probleme danach immer noch auf?

Dein Firefox ist nicht mehr aktuell.
Starte deinen Firefox als Administrator, klicke Hilfe --> Über Firefox und führe das angebotene Update durch.
Wiederhole diesen Schritt, bis Firefox als aktuell angezeigt wird.



Was für Probleme bestehen sonst noch? Oder läuft sonst alles gut mit dem Rechner?
__________________
cheers,
Leo

Alt 01.10.2013, 15:37   #20
milkit54
 
bizcoahing - Standard

bizcoahing



Hallo Leo,
vielen Dank für die bisherige Unterstützung. Jedoch habe ich das Problem, nicht zu erkennen was der Rechner macht und überhaupt etwas macht?
Antivir hatte ich während der Aktionen abgeschaltet. Ob er jetzt den avast läd vrmag ich nicht zu erkennen? keine Verlaufsanzeige.
Wenn ich firefox als admin starte behaupett er es wäre die aktuellste version kann das sein?
ich verzweifele langsam
gruß Michael


Alt 01.10.2013, 15:41   #21
aharonov
/// TB-Ausbilder
 
bizcoahing - Standard

bizcoahing



Hallo Michael,

ah wenn du Avira nur temporär entfernt hast, dann musst du natürlich kein anderes Antivirenprogramm installieren.

Zitat:
Jedoch habe ich das Problem, nicht zu erkennen was der Rechner macht und überhaupt etwas macht?
Das versteh ich nicht ganz. Kannst du es bitte etwas genauer erklären?

Zitat:
Wenn ich firefox als admin starte behaupett er es wäre die aktuellste version kann das sein?
Dann wird er schon recht haben. Zeigt er Version 24.0 an?
Wenn das Problem mit dem neuen Tab immer noch da ist, dann setz den Firefox mal zurück wie https://support.mozilla.org/de/kb/fi...einfach-loesen beschrieben.
__________________
--> bizcoahing

Geändert von aharonov (13.10.2013 um 12:40 Uhr)

Antwort

Themen zu bizcoahing
coachi, glaskugel, rechner




Zum Thema bizcoahing - Hallo Leo, habe ich leider nicht. also noch einmal von vorne. ich werde jetzt erst einmal die Programme runterladen und morgen früh mit frischen Mut erneut die Sache angehen. Da - bizcoahing...
Archiv
Du betrachtest: bizcoahing auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.