Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Ihavenet Virus - wie kann ich ihn loswerden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 24.07.2013, 15:30   #1
SimoneSch.
 
Ihavenet Virus  - wie kann ich ihn loswerden - Standard

Ihavenet Virus - wie kann ich ihn loswerden



Liebe Gemeinde,

da ich mich leider fast gar nicht mit Computern auskenne, hoffe ich, dass ich hier richtig bin und mir jemand helfen kann.

Ich habe seit einiger Zeit den Ihavenet Virus auf meinem Netbook. Seit einigen Tagen sind die Symptome (Umleitung auf eine Spamwebsite, wenn man bei Google etwas sucht) so drastisch geworden, dass ich fast bei jedem Suchvorgang weitergeleitet werde.

Ich habe die Schritte mit den Logfiles befolgt (soweit ich das kapiert habe) und folgende Dateien wurden erstellt (Anhang).

Es wäre super, wenn mit jemand helfen könnte.
Vielen Dank im Voraus,
Simone

Alt 24.07.2013, 15:34   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Ihavenet Virus  - wie kann ich ihn loswerden - Standard

Ihavenet Virus - wie kann ich ihn loswerden



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 24.07.2013, 15:51   #3
SimoneSch.
 
Ihavenet Virus  - wie kann ich ihn loswerden - Standard

Ihavenet Virus - wie kann ich ihn loswerden



FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-07-2013
Ran by Simone (administrator) on 24-07-2013 16:39:28
Running from C:\Users\Simone\Dropbox\Downloads
Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
() C:\Windows\System32\AsusService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
() C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
() C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
() C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
(AsusTek Computer Inc.) C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(ASUS) C:\Program Files\EeePC\CapsHook\CapsHook.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dropbox, Inc.) C:\Users\Simone\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
(Adobe Systems Incorporated) C:\windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [EeeSplendidAgent] - C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe [x]
HKLM\...\Run: [HotkeyMon] - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [95744 2010-09-02] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotkeyService] - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [1245104 2010-09-03] (ASUSTeK Computer Inc.)
HKLM\...\Run: [SuperHybridEngine] - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe [412600 2010-06-09] (ASUSTeK Computer Inc.)
HKLM\...\Run: [LiveUpdate] - C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [1090984 2010-09-08] (AsusTek Computer Inc.)
HKLM\...\Run: [CapsHook] - C:\Program Files\EeePC\CapsHook\CapsHook.exe [445344 2010-05-29] (ASUS)
HKLM\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [414384 2010-06-10] ()
HKLM\...\Run: [VizorHtmlDialog.exe] - "C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\UI\pre_install_eula.html" "DEF" "DEF" "DEF" [x]
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [116008 2010-03-19] (Trend Micro Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9177632 2010-04-27] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [548744 2010-06-10] (ELAN Microelectronic Corp.)
HKLM\...\Run: [ASUSWebStorage] - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Runonce: [Del788817121] - cmd.exe /Q /D /c del "C:\Users\Simone\AppData\Local\Temp\0.del" [x]
HKCU\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe -update plugin [814472 2013-06-12] (Adobe Systems Incorporated)
HKCU\...\Runonce: [Del788817121] - cmd.exe /Q /D /c del "C:\Users\Simone\AppData\Local\Temp\0.del" [x]
MountPoints2: E - E:\LaunchU3.exe -a
MountPoints2: {2779ff43-19fb-11e2-aa92-bcaec53174f2} - E:\LaunchU3.exe -a
MountPoints2: {2d0eea58-9818-11e0-8f48-bcaec53174f2} - E:\autorun.exe
MountPoints2: {b1714ae7-75dc-11e1-84ff-bcaec53174f2} - E:\setup.exe -a
HKU\Default\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-09-21] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-09-21] (AsusTek Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Simone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Simone\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Simone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=821BBCAEC53174F2&affID=119357&tt=210713_nt&tsp=4950
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=821BBCAEC53174F2&affID=119357&tt=210713_nt&tsp=4950
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\6teoa4cw.default
FF user.js: detected! => C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\6teoa4cw.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\6teoa4cw.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\6teoa4cw.default\searchplugins\delta.xml
FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========================== Services (Whitelisted) =================

R2 AsusService; C:\Windows\System32\AsusService.exe [224680 2010-09-08] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [202048 2010-09-07] ()
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=nb [x]

==================== Drivers (Whitelisted) ====================

R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11520 2010-03-31] ()
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [102912 2010-07-21] (ELAN Microelectronic Corp.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
S3 btwavdt; \SystemRoot\system32\DRIVERS\btwavdt.sys [x]
S3 btwrchid; \SystemRoot\system32\DRIVERS\btwrchid.sys [x]
S3 cmnsusbser; system32\DRIVERS\cmnsusbser.sys [x]
U3 awdiqpog; \??\C:\Users\Simone\AppData\Local\Temp\awdiqpog.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2030-01-01 13:33 - 2010-11-20 14:40 - 00383786 __RSH C:\bootmgr
2013-07-24 16:38 - 2013-07-24 16:38 - 00000000 ____D C:\FRST
2013-07-21 23:53 - 2013-07-21 23:56 - 00052898 _____ C:\Users\Simone\Desktop\OTL.Txt
2013-07-21 23:39 - 2013-07-21 23:39 - 00023892 _____ C:\Users\Simone\Desktop\gmer.txt
2013-07-21 23:02 - 2013-07-21 23:02 - 00377856 _____ C:\Users\Simone\Desktop\gmer_2.1.19163.exe
2013-07-21 22:58 - 2013-07-21 22:58 - 00602112 _____ (OldTimer Tools) C:\Users\Simone\Desktop\OTL.exe
2013-07-21 22:39 - 2013-07-21 22:47 - 00000474 _____ C:\Users\Simone\Desktop\defogger_disable.log
2013-07-21 22:39 - 2013-07-21 22:39 - 00000000 _____ C:\Users\Simone\defogger_reenable
2013-07-21 22:38 - 2013-07-21 22:39 - 00050477 _____ C:\Users\Simone\Desktop\Defogger.exe
2013-07-21 22:26 - 2013-07-21 22:29 - 00000000 ____D C:\Users\Simone\AppData\Roaming\BabSolution
2013-07-21 22:26 - 2013-07-21 22:26 - 00000290 _____ C:\windows\Tasks\DSite.job
2013-07-21 22:26 - 2013-07-21 22:26 - 00000000 ____D C:\Users\Simone\AppData\Roaming\DSite
2013-07-21 22:26 - 2013-07-21 22:26 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-07-21 22:26 - 2013-07-21 22:26 - 00000000 ____D C:\ProgramData\Babylon
2013-07-21 22:25 - 2013-07-21 22:25 - 00000000 ____D C:\Users\Simone\AppData\Roaming\Babylon
2013-07-21 22:23 - 2013-07-21 22:23 - 00793536 _____ C:\ZipOpenerSetup.exe
2013-07-12 19:32 - 2013-07-12 19:32 - 00000000 ____D C:\Users\Simone\AppData\Local\{5934BD1B-E394-445E-AA4D-514F623640B8}
2013-07-12 18:48 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-12 18:48 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-12 18:47 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-12 18:47 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-12 18:47 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-12 18:47 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-12 18:47 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-12 18:47 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-12 18:47 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-12 18:47 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-12 18:47 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-12 18:47 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-07-12 18:47 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-07-12 18:47 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-07-12 18:47 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-07-12 18:47 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-07-10 19:48 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-10 19:48 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-10 19:48 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-10 19:48 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2013-07-02 14:56 - 2013-07-02 15:25 - 00000000 ____D C:\Users\Simone\Desktop\ABIBALL2013
2013-07-02 14:41 - 2013-07-12 19:21 - 00000314 _____ C:\windows\Tasks\HPYWNZYVY.job
2013-07-02 14:41 - 2013-07-02 14:41 - 00475136 __RSH C:\windows\system32\bitsprx6R.dll
2013-06-26 18:11 - 2013-07-21 22:26 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-25 15:52 - 2013-06-25 15:52 - 00000000 ____D C:\Users\Simone\AppData\Local\{D8B03983-EB02-4FC6-A9A1-4524870C22F6}

==================== One Month Modified Files and Folders =======

2030-01-01 13:33 - 2009-07-14 06:57 - 00029696 ___SH C:\windows\system32\config\BCD-Template.LOG
2030-01-01 13:33 - 2009-07-14 06:52 - 00032768 _____ C:\windows\system32\config\BCD-Template
2013-07-24 16:38 - 2013-07-24 16:38 - 00000000 ____D C:\FRST
2013-07-24 16:38 - 2011-06-16 18:17 - 00000000 ____D C:\Users\Simone\AppData\Roaming\Dropbox
2013-07-24 16:07 - 2012-12-04 17:24 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-07-23 00:12 - 2011-06-17 05:43 - 02029543 _____ C:\windows\WindowsUpdate.log
2013-07-21 23:56 - 2013-07-21 23:53 - 00052898 _____ C:\Users\Simone\Desktop\OTL.Txt
2013-07-21 23:53 - 2011-06-16 20:49 - 00000000 ___RD C:\Users\Simone\Desktop
2013-07-21 23:39 - 2013-07-21 23:39 - 00023892 _____ C:\Users\Simone\Desktop\gmer.txt
2013-07-21 23:02 - 2013-07-21 23:02 - 00377856 _____ C:\Users\Simone\Desktop\gmer_2.1.19163.exe
2013-07-21 22:58 - 2013-07-21 22:58 - 00602112 _____ (OldTimer Tools) C:\Users\Simone\Desktop\OTL.exe
2013-07-21 22:47 - 2013-07-21 22:39 - 00000474 _____ C:\Users\Simone\Desktop\defogger_disable.log
2013-07-21 22:39 - 2013-07-21 22:39 - 00000000 _____ C:\Users\Simone\defogger_reenable
2013-07-21 22:39 - 2013-07-21 22:38 - 00050477 _____ C:\Users\Simone\Desktop\Defogger.exe
2013-07-21 22:39 - 2011-06-16 20:49 - 00000000 ____D C:\Users\Simone
2013-07-21 22:30 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Public\Desktop
2013-07-21 22:29 - 2013-07-21 22:26 - 00000000 ____D C:\Users\Simone\AppData\Roaming\BabSolution
2013-07-21 22:26 - 2013-07-21 22:26 - 00000290 _____ C:\windows\Tasks\DSite.job
2013-07-21 22:26 - 2013-07-21 22:26 - 00000000 ____D C:\Users\Simone\AppData\Roaming\DSite
2013-07-21 22:26 - 2013-07-21 22:26 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-07-21 22:26 - 2013-07-21 22:26 - 00000000 ____D C:\ProgramData\Babylon
2013-07-21 22:26 - 2013-06-26 18:11 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-21 22:25 - 2013-07-21 22:25 - 00000000 ____D C:\Users\Simone\AppData\Roaming\Babylon
2013-07-21 22:23 - 2013-07-21 22:23 - 00793536 _____ C:\ZipOpenerSetup.exe
2013-07-17 20:31 - 2009-07-25 09:50 - 01500254 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-17 16:39 - 2011-07-07 18:34 - 00000000 ____D C:\Users\Simone\Fotos
2013-07-16 20:39 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-16 20:39 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-15 21:48 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET
2013-07-12 19:32 - 2013-07-12 19:32 - 00000000 ____D C:\Users\Simone\AppData\Local\{5934BD1B-E394-445E-AA4D-514F623640B8}
2013-07-12 19:32 - 2011-06-16 18:20 - 00000000 ___RD C:\Users\Simone\Dropbox
2013-07-12 19:31 - 2012-04-16 19:23 - 00000000 ____D C:\Users\Simone\Tracing
2013-07-12 19:21 - 2013-07-02 14:41 - 00000314 _____ C:\windows\Tasks\HPYWNZYVY.job
2013-07-12 19:21 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-12 19:21 - 2009-07-14 06:39 - 00080228 _____ C:\windows\setupact.log
2013-07-12 19:21 - 2009-07-14 06:33 - 00320376 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-12 19:19 - 2012-05-27 22:17 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-12 19:19 - 2012-05-11 17:14 - 00072416 _____ C:\windows\PFRO.log
2013-07-12 19:19 - 2010-11-02 02:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 19:17 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 18:46 - 2011-07-04 11:32 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-12 18:33 - 2013-02-26 21:05 - 75699896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-07-02 15:25 - 2013-07-02 14:56 - 00000000 ____D C:\Users\Simone\Desktop\ABIBALL2013
2013-07-02 14:41 - 2013-07-02 14:41 - 00475136 __RSH C:\windows\system32\bitsprx6R.dll
2013-06-28 20:49 - 2013-02-18 20:09 - 00000000 ____D C:\Program Files\Full Tilt Poker.Eu
2013-06-25 15:52 - 2013-06-25 15:52 - 00000000 ____D C:\Users\Simone\AppData\Local\{D8B03983-EB02-4FC6-A9A1-4524870C22F6}

Files to move or delete:
====================
C:\ProgramData\FullRemove.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-22 00:18

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-07-2013
Ran by Simone at 2013-07-24 16:41:44
Running from C:\Users\Simone\Dropbox\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

32 Bit HP CIO Components Installer (Version: 1.1.0)
7-Zip 9.20
Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 2.0.4.13090)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03)
ASUS WebStorage (Version: 3.0.108.222)
ASUSUpdate for Eee PC (Version: 1.04.01)
AsusVibe2.0 (Version: 2.0.9.157)
Atheros Client Installation Program (Version: 7.0)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.29)
Bing Bar (Version: 7.0.850.0)
CapsHook (Version: 1.0.0.5)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Complément Messenger (Version: 15.4.3502.0922)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (Version: 15.4.5722.2)
D3DX10 (Version: 15.4.2368.0902)
Dropbox (HKCU Version: 2.0.22)
ebi.BookReader3J (Version: 3.75.14)
E-Cam (Version: 2.0.2.6)
Eee Docking 3.8.1 (Version: 3.8.1)
EeeSplendid (Version: 5.1.2.0011)
ETDWare PS/2-x86 7.0.5.13_WHQL (Version: 7.0.5.13)
FontResizer (Version: 1.01.0011)
Full Tilt Poker.Eu (Version: 4.55.4.WIN.FullTilt.EU)
Galerie de photos Windows Live (Version: 15.4.3502.0922)
Game Park Console (Version: 6.2.0.3)
Hotkey Service (Version: 1.32)
Intel(R) Graphics Media Accelerator Driver (Version: 8.14.10.2364)
Intel® Matrix Storage Manager
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Junk Mail filter update (Version: 15.4.3502.0922)
LiveUpdate (Version: 1.24)
LocaleMe (Version: 1.3)
McAfee Security Scan Plus (Version: 3.0.318.3)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Standard 2007 (Version: 12.0.6612.1000)
Microsoft Office Starter 2010 - Deutsch (Version: 14.0.4763.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MotoHelper 2.0.24 Driver 4.7.1 (Version: 2.0.24)
MotoHelper MergeModules (Version: 1.0.0)
Motorola Mobile Drivers Installation 4.7.1 (Version: 4.7.1)
Mozilla Firefox 22.0 (x86 de) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
OpenOffice.org 3.3 (Version: 3.3.9567)
PokerStars.eu
Raccolta foto di Windows Live (Version: 15.4.3502.0922)
Ralink RT2860 Wireless LAN Card (Version: 1.5.1.0)
Realtek High Definition Audio Driver (Version: 6.0.1.6098)
REALTEK Wireless LAN Driver (Version: 1.00.0159)
Skype Toolbars (Version: 5.3.7280)
Skype™ 5.10 (Version: 5.10.116)
Super Hybrid Engine (Version: 2.16)
Times Reader (Version: 2.055)
Trend Micro Titanium (Version: 1.0)
Trend Micro Titanium (Version: 2.20)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Windows Driver Package - Broadcom Bluetooth  (07/17/2009 6.2.0.9403) (Version: 07/17/2009 6.2.0.9403)
Windows Driver Package - Broadcom Bluetooth  (07/29/2009 6.1.7100.0) (Version: 07/29/2009 6.1.7100.0)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800)
Windows Live (Version: 15.4.3502.0922)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live Fotogalerie (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (Version: 15.4.5722.2)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Mesh ActiveX control for remote connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
 

==================== Restore Points  =========================

19-07-2013 13:42:53 OTL Restore Point - 19.07.2013 15:42:53
21-07-2013 19:23:04 Windows-Sicherung

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0A49F1EB-C1A6-4EDC-9FA1-B75138083D44} - System32\Tasks\{B4CB4949-4F61-4D7B-B1D4-1E9CCCBD53FC} => C:\Program Files\Skype\\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {0CCAAA3A-6185-46BD-BE7A-D23D4534926F} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {106C3B7A-B494-4D38-8692-4058185345D2} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {1416FD1B-D684-450D-9419-ECFFB7814D26} - System32\Tasks\MotoHelper MUM => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07] ()
Task: {3AC2C94C-4A26-43D2-BBAA-9E3577D56522} - System32\Tasks\MotoHelper Update => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07] ()
Task: {49C4D7D3-F63D-4D2B-8B6A-2F9621938483} - System32\Tasks\MotoHelper Routing => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07] ()
Task: {50F8B3B9-971D-467F-8B8E-AAD512093E24} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {51A08ACC-8000-490C-9CC0-7522BBDD58CF} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {B19A53F0-1243-4258-ABEE-DE897CAE8DE5} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {C55D890B-79B2-4309-98D8-DF8BCDD21D1B} - System32\Tasks\DSite => C:\Users\Simone\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE No File
Task: {F7BA3910-49C6-461C-8544-BDDBEB4F537D} - System32\Tasks\HPYWNZYVY => C:\windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\DSite.job => ?
Task: C:\windows\Tasks\HPYWNZYVY.job => C:\windows\system32\rundll32.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/24/2013 04:07:17 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (07/22/2013 06:35:43 AM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (07/22/2013 00:22:31 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/22/2013 00:22:31 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/22/2013 00:22:31 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/22/2013 00:22:31 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/22/2013 00:22:31 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/22/2013 00:22:31 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/22/2013 00:22:31 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/22/2013 00:22:29 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (07/20/2013 07:37:59 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.

Error: (07/19/2013 06:11:19 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.

Error: (07/16/2013 08:34:17 PM) (Source: Server) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{16DFC67B-C0F2-4A3C-BA97-EDEB371E7C86} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (07/16/2013 03:58:33 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.

Error: (07/15/2013 07:21:09 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Netman erreicht.

Error: (07/12/2013 09:40:40 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (07/12/2013 07:22:00 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (07/10/2013 07:24:26 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht.

Error: (07/10/2013 04:00:29 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WSearch erreicht.

Error: (07/07/2013 09:33:28 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.


Microsoft Office Sessions:
=========================
Error: (03/25/2013 01:24:18 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 169 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (03/25/2013 01:20:59 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 265802 seconds with 2220 seconds of active time.  This session ended with a crash.

Error: (12/29/2012 03:52:56 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 90707 seconds with 1080 seconds of active time.  This session ended with a crash.

Error: (12/05/2012 08:02:08 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 96053 seconds with 2160 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 83%
Total physical RAM: 1014.18 MB
Available physical RAM: 168.34 MB
Total Pagefile: 2081.85 MB
Available Pagefile: 680.02 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.62 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100 GB) (Free:60.43 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:117.87 GB) (Free:35.39 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 29133921)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=15 GB) - (Type=1B)
Partition 3: (Not Active) - (Size=118 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=20 MB) - (Type=EF)

==================== End Of Log ============================
         
Ich hoffe, das ist richtig so?! (Danke schon mal für diese schnelle Reaktion)
__________________

Alt 24.07.2013, 16:08   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Ihavenet Virus  - wie kann ich ihn loswerden - Standard

Ihavenet Virus - wie kann ich ihn loswerden



Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 24.07.2013, 16:57   #5
SimoneSch.
 
Ihavenet Virus  - wie kann ich ihn loswerden - Standard

Ihavenet Virus - wie kann ich ihn loswerden



Code:
ATTFilter
ComboFix 13-07-24.02 - Simone 24.07.2013  17:27:42.1.2 - x86
Microsoft Windows 7 Starter   6.1.7601.1.1252.49.1031.18.1014.176 [GMT 2:00]
ausgeführt von:: c:\users\Simone\Desktop\ComboFix.exe
AV: Trend Micro Titanium *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
SP: Trend Micro Titanium *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Simone\AppData\Local\TempFullTiltPokerEuSetup.exe
c:\windows\system32\Thumbs.db
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-06-24 bis 2013-07-24  ))))))))))))))))))))))))))))))
.
.
2030-01-01 11:33 . 2013-02-27 17:43	--------	d-----w-	C:\Boot
2013-07-24 15:48 . 2013-07-24 15:48	--------	d-----w-	c:\users\Simone\AppData\Local\temp
2013-07-24 15:48 . 2013-07-24 15:48	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-07-24 14:38 . 2013-07-24 14:38	--------	d-----w-	C:\FRST
2013-07-21 20:26 . 2013-07-21 20:26	--------	d-----w-	c:\programdata\BrowserDefender
2013-07-21 20:26 . 2013-07-21 20:29	--------	d-----w-	c:\users\Simone\AppData\Roaming\BabSolution
2013-07-21 20:26 . 2013-07-21 20:26	--------	d-----w-	c:\users\Simone\AppData\Roaming\DSite
2013-07-21 20:26 . 2013-07-21 20:26	--------	d-----w-	c:\programdata\Babylon
2013-07-21 20:25 . 2013-07-21 20:25	--------	d-----w-	c:\users\Simone\AppData\Roaming\Babylon
2013-07-21 20:23 . 2013-07-21 20:23	793536	----a-w-	C:\ZipOpenerSetup.exe
2013-07-12 16:48 . 2013-06-07 02:37	2706432	----a-w-	c:\windows\system32\mshtml.tlb
2013-07-12 16:48 . 2013-06-11 23:43	217600	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2013-07-10 17:48 . 2013-04-09 23:34	1247744	----a-w-	c:\windows\system32\DWrite.dll
2013-07-10 17:48 . 2013-06-04 04:53	509440	----a-w-	c:\windows\system32\qedit.dll
2013-07-10 17:48 . 2013-05-06 04:56	1620480	----a-w-	c:\windows\system32\WMVDECOD.DLL
2013-07-10 17:48 . 2013-04-10 05:03	936448	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 17:48 . 2013-06-05 03:05	2347520	----a-w-	c:\windows\system32\win32k.sys
2013-07-10 17:48 . 2013-05-27 04:57	680960	----a-w-	c:\program files\Windows Defender\MpSvc.dll
2013-07-10 17:48 . 2013-05-27 04:57	392704	----a-w-	c:\program files\Windows Defender\MpClient.dll
2013-07-10 17:48 . 2013-05-27 04:57	224768	----a-w-	c:\program files\Windows Defender\MpCommu.dll
2013-07-02 12:41 . 2013-07-02 12:41	475136	--sha-r-	c:\windows\system32\bitsprx6R.dll
2013-07-02 12:36 . 2013-06-12 04:18	7068072	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7879C9C-286D-4049-B45F-1E74948857A2}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 19:48 . 2012-04-27 14:51	867240	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-06-12 19:48 . 2011-06-28 14:01	789416	----a-w-	c:\windows\system32\deployJava1.dll
2013-06-12 19:48 . 2013-06-21 20:07	94632	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-06-12 15:02 . 2012-12-04 15:24	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-06-12 15:02 . 2011-06-16 14:43	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 02:43 . 2013-06-12 02:43	9089416	----a-w-	c:\windows\system32\FlashPlayerInstaller.exe
2013-05-13 04:45 . 2013-06-12 15:24	1160192	----a-w-	c:\windows\system32\crypt32.dll
2013-05-13 04:45 . 2013-06-12 15:24	103936	----a-w-	c:\windows\system32\cryptnet.dll
2013-05-13 04:45 . 2013-06-12 15:24	140288	----a-w-	c:\windows\system32\cryptsvc.dll
2013-05-13 03:08 . 2013-06-12 15:24	903168	----a-w-	c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 15:24	43008	----a-w-	c:\windows\system32\certenc.dll
2013-05-11 18:46 . 2012-04-16 17:09	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-10 03:20 . 2013-06-12 15:24	24576	----a-w-	c:\windows\system32\cryptdlg.dll
2013-05-08 05:38 . 2013-06-12 15:24	1293672	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-05-06 05:06 . 2013-06-12 15:24	3968872	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-05-06 05:06 . 2013-06-12 15:24	3913576	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-05-02 00:06 . 2012-01-08 13:48	238872	------w-	c:\windows\system32\MpSigStub.exe
2013-04-26 04:55 . 2013-06-12 15:24	492544	----a-w-	c:\windows\system32\win32spl.dll
2013-04-25 23:30 . 2013-06-12 15:24	1505280	----a-w-	c:\windows\system32\d3d11.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Simone\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Simone\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Simone\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"HotkeyMon"="AsusSender.exe" [2010-09-08 34728]
"HotkeyService"="AsusSender.exe" [2010-09-08 34728]
"SuperHybridEngine"="AsusSender.exe" [2010-09-08 34728]
"LiveUpdate"="AsusSender.exe" [2010-09-08 34728]
"CapsHook"="AsusSender.exe" [2010-09-08 34728]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2010-06-10 414384]
"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\VizorHtmlDialog.exe" [2010-06-07 689488]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-03-19 116008]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-27 9177632]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2010-06-10 548744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-19 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-19 174360]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-19 150808]
"ASUSWebStorage"="c:\program files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Del788817121"="del" [X]
.
c:\users\Simone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Simone\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2012-2-22 549040]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6016]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2010-06-18 19968]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 8320]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 23424]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2010-01-25 9472]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-03-31 11520]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2010-09-08 224680]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2010-09-07 202048]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-07-21 102912]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-05-10 68208]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - AWDIQPOG
*Deregistered* - awdiqpog
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-04 19:49]
.
2013-07-24 c:\windows\Tasks\HPYWNZYVY.job
- c:\windows\system32\bitsprx6R.dll [2013-07-02 12:41]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=821BBCAEC53174F2&affID=119357&tt=210713_nt&tsp=4950
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{16DFC67B-C0F2-4A3C-BA97-EDEB371E7C86}\3757075627B6F64756: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\6teoa4cw.default\
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - 821bf16d000000000000bcaec53174f2
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15907
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.522:26
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - de
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119357&tt=210713_nt&tsp=4950
FF - user.js: extensions.delta_i.babExt - 
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-EeeSplendidAgent - c:\program files\ASUS\EPC\EeeSplendid\AsAgent.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,df,b0,76,7e,d4,99,43,a8,c3,2e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,df,b0,76,7e,d4,99,43,a8,c3,2e,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-24  17:53:15
ComboFix-quarantined-files.txt  2013-07-24 15:53
.
Vor Suchlauf: 10 Verzeichnis(se), 65.536.901.120 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 66.870.820.864 Bytes frei
.
- - End Of File - - E218FE2D0079769B0E36247DD1972A34
A36C5E4F47E84449FF07ED3517B43A31
         


Alt 24.07.2013, 21:32   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Ihavenet Virus  - wie kann ich ihn loswerden - Standard

Ihavenet Virus - wie kann ich ihn loswerden



Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Ihavenet Virus - wie kann ich ihn loswerden

Alt 25.07.2013, 10:36   #7
SimoneSch.
 
Ihavenet Virus  - wie kann ich ihn loswerden - Standard

Ihavenet Virus - wie kann ich ihn loswerden



Code:
ATTFilter
# AdwCleaner v2.306 - Datei am 25/07/2013 um 11:04:25 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Starter Service Pack 1 (32 bits)
# Benutzer : Simone - SIMONE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Simone\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\6teoa4cw.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\6teoa4cw.default\searchplugins\delta.xml
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BrowserDefender
Ordner Gelöscht : C:\Users\Simone\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\Simone\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Simone\AppData\Roaming\DSite

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\534df8be23dea15
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=821BBCAEC53174F2&affID=119357&tt=210713_nt&tsp=4950 --> hxxp://www.google.com

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\6teoa4cw.default\prefs.js

C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\6teoa4cw.default\user.js ... Gelöscht !

Gelöscht : user_pref("extensions.delta.admin", false);
Gelöscht : user_pref("extensions.delta.aflt", "babsst");
Gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Gelöscht : user_pref("extensions.delta.dfltLng", "de");
Gelöscht : user_pref("extensions.delta.excTlbr", false);
Gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Gelöscht : user_pref("extensions.delta.id", "821bf16d000000000000bcaec53174f2");
Gelöscht : user_pref("extensions.delta.instlDay", "15907");
Gelöscht : user_pref("extensions.delta.instlRef", "sst");
Gelöscht : user_pref("extensions.delta.newTab", false);
Gelöscht : user_pref("extensions.delta.prdct", "delta");
Gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Gelöscht : user_pref("extensions.delta.rvrt", "false");
Gelöscht : user_pref("extensions.delta.smplGrp", "none");
Gelöscht : user_pref("extensions.delta.tlbrId", "base");
Gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.delta.vrsn", "1.8.21.5");
Gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.21.522:26:23");
Gelöscht : user_pref("extensions.delta.vrsni", "1.8.21.5");
Gelöscht : user_pref("extensions.delta_i.babExt", "");
Gelöscht : user_pref("extensions.delta_i.babTrack", "affID=119357&tt=210713_nt&tsp=4950");
Gelöscht : user_pref("extensions.delta_i.srcExt", "ss");

*************************

AdwCleaner[S1].txt - [4154 octets] - [25/07/2013 11:04:25]

########## EOF - C:\AdwCleaner[S1].txt - [4214 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.2 (07.22.2013:2)
OS: Windows 7 Starter x86
Ran by Simone on 25.07.2013 at 11:16:16,26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{00AD9C2E-5814-40F4-8264-0BEEE335911A}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{026106AE-06EC-4A9B-9369-54016FD5E27F}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{02A52E8C-2F37-45AA-B4C4-DA3DAAD92BB6}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{0B9014E7-32DE-4E96-BEE9-FCB1E2234D67}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{0E12B2D7-C1F2-4877-B6E0-EDB8C1CD35B7}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{0E6F4310-C6C3-4433-8698-9760FB7C31DF}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{0EC1B818-195F-4FC7-B0AF-D11A26429A66}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{10077E65-B030-4EDC-8F59-81CEE40D280B}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{10C48F51-69C0-4C5D-9C5A-732FF91187A0}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{11617B58-920E-49D3-AF98-B57623B27A7C}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{1285E8EE-83E4-4FD6-8A52-90979B8B3F94}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{12A30E45-D37F-4825-9BF2-C1C23EB0B376}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{12E5D62A-C030-4A83-B907-FC21223D65E5}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{1304DD0A-1240-4FB9-AE0E-167CA0F239FD}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{1400ACA6-94E4-47BC-8E2D-31D0D9CB0C94}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{155077EE-2B95-4AB8-9788-B3EEE3C8B4A7}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{16BFFB0A-9138-43BF-A61F-E344581D59E0}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{17C20A5C-8512-438E-8BB0-074486EBEB12}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{1A40A807-CC1F-4948-BA9B-88147F3E7A2C}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{1B0606E9-AC94-474F-A6D9-58C3301E8AAB}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{1B7A1CCF-AC13-4A0C-AFA1-8CDCC4F97769}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{1B7D2724-DF54-443E-BBF6-DD73F3B933B1}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{1FEE3A7C-B66A-471B-8B4C-0AB19DCB7B7A}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{20F06D1B-8710-4051-B33C-C5DD164CA1C3}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{22BB8BC5-D534-4B90-989D-FCD0D8716C5D}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{24752CED-1AAA-4296-929C-CCD9056FF4B8}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{2772A39F-A6AD-41AB-9BC8-B27D64B3BA1F}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{29938967-AE3E-4C1A-B576-A3514ACC2BC3}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{299C237C-13DB-4AE4-A151-8B4B85A46FCE}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{2A2FD755-1849-4216-BF21-1A449DF5443D}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{2DB5701E-8253-48CE-836E-067BFFBC45BB}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{2EF6D592-FEAD-48FD-A887-8D3541402D6F}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{3467D496-B2BA-43A8-BDED-3D21256E5D0F}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{353A5AB0-93E4-4C2D-BC98-057A70E81275}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{35DF4972-0CD8-466A-A552-511C39F6976F}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{36075806-4F47-4DF8-8201-1B8377FB7A53}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{3626FA01-58A6-4C43-B652-8323BA998B44}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{36D53DF4-0C6C-4213-A156-DC40F2CF575D}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{37B911FE-F5C2-406D-B0C1-8BD44CC92CD0}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{37DB12BA-364A-4948-A5F4-618948E83632}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{3ABA95B2-68D1-4774-B5D0-8EE4A1ED79A0}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{3D6AFB13-325B-4992-A8A3-FFF2BF04473E}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{3E624797-B9BA-47F2-A179-F3A4B24CDA17}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{3F73A652-5CD0-4CB5-A46A-8FA62F490FED}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{4034F3DE-F947-4C34-B070-CAFCFBBD47D8}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{405FC2CE-B553-498E-9817-81B961B85326}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{409EB747-82D2-42D5-B0A7-DD7CB0539909}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{40B96C5E-F2A1-4A9B-BE59-9C404980ACE8}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{43126A28-A3C4-4AD2-A82A-654932D77C4A}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{44BBCF5A-A510-4A29-BF6D-D25A9BA35CC7}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{4C99AC8C-35C0-467E-A445-9E305CBC674B}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{501E7503-7386-4C50-B199-62DA444F4238}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{51806D54-6424-4F32-A6FA-9A259EF628CB}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{53F3FECF-D82F-4560-8F15-6934FD865F84}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{541604B5-E55B-45BC-BB62-96FFA6F9B238}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{5934BD1B-E394-445E-AA4D-514F623640B8}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{594AEF56-063B-426F-8342-66CE0E9EA5EF}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{5ABBBD19-9834-4504-B62B-844DBFAA2A48}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{5B150A8A-2605-45E6-9620-06F6A28C2D57}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{5B1B637F-1808-4D76-ABE5-F79E00A0F047}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{5F49D1CD-B9B3-417B-AB59-BC6EBC4AACEC}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{605C37D9-ED36-4775-BE55-FD08893C760F}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{6221AA18-3BFE-4EFA-90E8-4937E4C947F4}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{6295848F-2E7C-4762-A7E9-BB704B34F68B}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{634751A0-FA96-46FA-AC6E-B49D10DDC8F1}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{649708E7-0F46-4A48-83B1-D10A2D911543}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{64A8CD1D-E598-4741-A088-B7DD730114F1}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{656A07B8-0F90-4B78-BD6E-782FC2E26E21}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{66287B95-DA25-490D-B561-46182C8148D7}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{6EA219FE-58F4-44F0-A120-60F81F5FEBAD}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{6F4E8C9B-0E89-438F-84F4-B6347EF8DAB6}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{6F6EE965-BE09-46B0-94C3-09C832A8B931}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{70E9100E-EC9A-4DB3-9D99-D77B19F1A6D2}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{70EDC547-646D-4244-90B3-F454C780D32E}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{7186DB87-53D1-40F9-9B1C-23C378866194}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{72140CF5-474A-4C13-A0DA-94F7E2CCED04}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{723F5431-E6CD-4ABC-B16C-A0B24CD6412B}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{7441FC0E-2B03-4D61-9E02-AC911D00BBB4}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{763A34F6-3650-4730-BCD3-589ACEA2C4FE}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{77275705-AAC5-4A57-8B61-99C5C4EC3642}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{777518D8-F74F-4583-B396-134E58084601}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{7B20D3FD-952F-4FFE-A40A-367DC5BCB465}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{7BA226F4-C76F-4B0F-9210-F0FA3EF64537}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{7D4A938A-A009-4B86-8618-956CB4D8570B}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{7F35DF96-A26E-41F7-9378-43600024F41A}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{845FA6D5-6FF1-435D-B030-A3BD8EB3F5F9}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{87BF9429-1243-439F-B2EE-7DFBC286C789}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{87F3AEA8-6F09-4E22-AB1C-7D90AFE61F07}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{8ADC8C7A-C9FE-492B-916B-9FD93156C4DB}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{8D532DD6-88C1-4235-8105-A5BAE1403CC9}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{8D61A0EE-C595-4807-BDD3-513963DDCE61}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{908EB760-D015-4EB1-AC57-E5286D6C4995}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{90B5743D-FD93-41CC-AE2B-932BC24A201D}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{92182B15-311F-4E2A-8BAB-CF1472DDC0B1}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{93E84CD6-0885-4134-B2AA-8C05A621789C}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{95226888-1454-488A-91AC-580853F04842}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{9647023E-CB19-49F4-AFDB-C4C1FD40BE06}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{97EDC56E-CDCB-463A-97D1-9C11E483B406}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{9B08C619-0F19-47BE-B001-B1C4240F1B37}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{9CCBDCE4-05D2-41E9-9672-89113CB6BB83}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{9EAD4611-D35E-4623-8EEC-BCC17FD5332D}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{9FC0B633-F0E2-4C65-BC0D-4FBAF9CE91F6}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{A0C2D75F-C59E-4C9F-819C-6D6D4AB1F703}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{A345B905-C613-413A-B3C9-6D7A7476E77E}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{A6D943F6-6A64-407F-AD28-199C7DBB2C72}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{A8278D0C-C0C5-4CB1-9C7C-EE831F0B2895}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{A913D1F3-EDC1-4997-A730-FD612C279611}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{AB935271-2991-442C-8AA1-86CFE9D536E4}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{AD19B03F-E0EF-4EC5-A6F6-FD6E07549E40}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{ADC7D45F-DA1A-4701-A3F3-3FF64A0057FD}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{AE1E2854-64C3-4C2B-AD0D-DF4B40C1C975}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{AFCC0C30-96D1-4813-B41D-49FFB593D849}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{B12CD594-A6F4-476F-95FD-560AAF4F7192}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{B3BA7780-A88D-4CC6-8BB2-E464861C5296}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{B4C98078-4BCA-4078-8588-936A0C3849ED}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{B4F0F504-66B8-4E2B-8667-35234927E86B}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{B56EC6F1-A721-4F37-9A93-BC3D662FDC26}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{B6523151-D4C3-4350-B8C3-FF01B1B09AF8}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{B6A762FA-F743-40C0-8E1D-4DC6340E66DB}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{B99E969C-6303-47FF-8025-EA1ADD48189A}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{BB3DF1CE-EECF-4F0C-955E-DCDB34A97616}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{BC2912D7-A693-42E8-AA1C-9AAD9DFF797C}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{BEC14EF8-E3F6-4351-8932-29EE3977B251}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{C5878051-0E94-49C6-98CF-13C8A6B04F9A}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{C5F45433-9993-41F3-9741-6779FB5F6563}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{C659CEBA-8025-43F6-BD33-52C5747CB1FD}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{C6633562-3BE0-4AA6-9465-7990E2949127}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{CA857043-5A8F-48BE-89EA-6A81853B89B9}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{CB4B0133-3FE7-4A6D-972C-38F15C6B4667}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{CCE3A924-C679-47F1-9AF7-66810B641E7F}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{CD4A6E23-F68A-4590-8059-C9C5AA08E386}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{D103896B-8C7D-4747-A61D-71B5757E573E}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{D4A4A6DC-BDE1-4C55-9B73-AEEFBFFEE2CA}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{D5F2EDC6-3344-4B1D-8ABA-C9F40DB042DC}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{D5F8F411-729A-4BA0-92DA-DC9D34A6D88A}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{D6A7593B-3A6E-4262-8CE3-4818714667E5}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{D7CB5854-1066-48BC-A2F9-8CCE26EBACDF}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{D8377740-B3E4-410E-A085-AFFF94838C88}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{D8B03983-EB02-4FC6-A9A1-4524870C22F6}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{D9723C43-D209-4C4B-B61F-7737E4CADD8A}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{D9F5AB15-58A2-42F0-BE7E-F38479407413}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{DAD1D913-F75C-42DA-9D0B-A2113D4E764C}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{DAD5428D-3479-4017-99FB-7E8830E661FE}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{DFE18BD8-0081-4E07-97D9-F7BEA723B7E5}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{E0640B2E-B0A5-4E4D-A256-03F1F73F7F94}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{E0A57AC8-1B09-436F-80E4-72BAE3EC6F9A}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{E2866ABE-CB67-4BF2-8D8C-D52657ACD636}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{E4698698-2C4B-4451-8CBE-16385D5E54B8}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{E4FBE132-9BD4-4F60-A293-9845D8D7421F}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{E728CE33-8F2C-4D76-80A7-CE94F856602A}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{E7C226A1-3405-437C-A0F9-EF1B42A81FF9}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{E9588818-881A-48C4-9086-ECF9FD69605A}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{E979A064-32A1-49B3-8825-AC0C6B4C3312}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{EA799804-9056-4706-A8F0-27D4FF8A21DC}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{EAEDB16D-EC47-49F2-8507-5A26D82E8FCD}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{EB1421C9-2A09-4E18-9B99-DAAEF1127621}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{EBF27EBA-EA6D-415E-8EB9-188179FB2C5E}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{EDB3AAB0-BE09-47FA-BFAB-A21B6A3B5E02}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{EFB720E8-0574-4C83-99BD-71EF948D98E4}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{F0DA7CC1-AF51-40F1-8C1C-08C41A01A7A2}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{F0FFDFDD-ABD1-4E48-A73B-3B45204F7047}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{F3808D4E-B84D-4840-909D-F9433A2DDB02}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{F62CCF0A-C2C0-43F6-A5B0-B3AB83675DFC}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{F7DBCD65-6B40-4310-94D8-B9231BB513BE}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{F8E7DB06-4263-4C98-94A1-0F4CF32C72BB}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{FA12AF24-610A-4A2B-A5D4-746ECA3EB238}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{FB20CD6E-56F3-4811-9D35-60D5AA2083FE}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{FB703D6D-24F3-49C2-A4B1-3BF18C0C54C1}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{FEA9BAF6-380F-4DBE-9295-1E02E36A0CCA}



~~~ FireFox

Successfully deleted: [File] C:\Users\Simone\AppData\Roaming\mozilla\firefox\profiles\6teoa4cw.default\invalidprefs.js
Emptied folder: C:\Users\Simone\AppData\Roaming\mozilla\firefox\profiles\6teoa4cw.default\minidumps [40 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.07.2013 at 11:21:43,06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-07-2013
Ran by Simone (administrator) on 25-07-2013 11:28:13
Running from C:\Users\Simone\Desktop
Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
() C:\Windows\System32\AsusService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
() C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(AsusTek Computer Inc.) C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUS) C:\Program Files\EeePC\CapsHook\CapsHook.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
(Dropbox, Inc.) C:\Users\Simone\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
() C:\Program Files\Asus\Eee Docking\Eee Docking.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [HotkeyMon] - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [95744 2010-09-02] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotkeyService] - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [1245104 2010-09-03] (ASUSTeK Computer Inc.)
HKLM\...\Run: [SuperHybridEngine] - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe [412600 2010-06-09] (ASUSTeK Computer Inc.)
HKLM\...\Run: [LiveUpdate] - C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [1090984 2010-09-08] (AsusTek Computer Inc.)
HKLM\...\Run: [CapsHook] - C:\Program Files\EeePC\CapsHook\CapsHook.exe [445344 2010-05-29] (ASUS)
HKLM\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [414384 2010-06-10] ()
HKLM\...\Run: [VizorHtmlDialog.exe] - "C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\UI\pre_install_eula.html" "DEF" "DEF" "DEF" [x]
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [116008 2010-03-19] (Trend Micro Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9177632 2010-04-27] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [548744 2010-06-10] (ELAN Microelectronic Corp.)
HKLM\...\Run: [ASUSWebStorage] - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\Default\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-09-21] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-09-21] (AsusTek Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Simone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Simone\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Simone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\6teoa4cw.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========================== Services (Whitelisted) =================

R2 AsusService; C:\Windows\System32\AsusService.exe [224680 2010-09-08] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [202048 2010-09-07] ()
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=nb [x]

==================== Drivers (Whitelisted) ====================

R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11520 2010-03-31] ()
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [102912 2010-07-21] (ELAN Microelectronic Corp.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
S3 btwavdt; \SystemRoot\system32\DRIVERS\btwavdt.sys [x]
S3 btwrchid; \SystemRoot\system32\DRIVERS\btwrchid.sys [x]
S3 catchme; \??\C:\Users\Simone\AppData\Local\Temp\catchme.sys [x]
S3 cmnsusbser; system32\DRIVERS\cmnsusbser.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2030-01-01 13:33 - 2010-11-20 14:40 - 00383786 __RSH C:\bootmgr
2013-07-25 11:21 - 2013-07-25 11:23 - 00018959 _____ C:\Users\Simone\Desktop\JRT.txt
2013-07-25 11:16 - 2013-07-25 11:16 - 00000000 ____D C:\windows\ERUNT
2013-07-25 11:13 - 2013-07-25 11:13 - 00004283 _____ C:\Users\Simone\Desktop\AdwCleaner[S1].txt
2013-07-25 11:11 - 2013-07-25 11:12 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\Simone\Desktop\JRT.exe
2013-07-25 11:04 - 2013-07-25 11:05 - 00004283 _____ C:\AdwCleaner[S1].txt
2013-07-25 11:02 - 2013-07-25 11:02 - 00666633 _____ C:\Users\Simone\Desktop\adwcleaner.exe
2013-07-24 17:55 - 2013-07-24 17:55 - 00015132 _____ C:\Users\Simone\Desktop\combofix.txt
2013-07-24 17:53 - 2013-07-24 17:53 - 00015132 _____ C:\ComboFix.txt
2013-07-24 17:22 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2013-07-24 17:22 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2013-07-24 17:22 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-07-24 17:22 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-07-24 17:22 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-07-24 17:22 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2013-07-24 17:22 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2013-07-24 17:22 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2013-07-24 17:21 - 2013-07-24 17:53 - 00000000 ____D C:\Qoobox
2013-07-24 17:20 - 2013-07-24 17:50 - 00000000 ____D C:\windows\erdnt
2013-07-24 17:17 - 2013-07-24 17:17 - 05092950 ____R (Swearware) C:\Users\Simone\Desktop\ComboFix.exe
2013-07-24 16:38 - 2013-07-24 16:38 - 00000000 ____D C:\FRST
2013-07-24 16:36 - 2013-07-24 16:37 - 01220240 _____ (Farbar) C:\Users\Simone\Desktop\FRST.exe
2013-07-21 23:53 - 2013-07-21 23:56 - 00052898 _____ C:\Users\Simone\Desktop\OTL.Txt
2013-07-21 23:39 - 2013-07-21 23:39 - 00023892 _____ C:\Users\Simone\Desktop\gmer.txt
2013-07-21 23:02 - 2013-07-21 23:02 - 00377856 _____ C:\Users\Simone\Desktop\gmer_2.1.19163.exe
2013-07-21 22:58 - 2013-07-21 22:58 - 00602112 _____ (OldTimer Tools) C:\Users\Simone\Desktop\OTL.exe
2013-07-21 22:39 - 2013-07-21 22:47 - 00000474 _____ C:\Users\Simone\Desktop\defogger_disable.log
2013-07-21 22:39 - 2013-07-21 22:39 - 00000000 _____ C:\Users\Simone\defogger_reenable
2013-07-21 22:38 - 2013-07-21 22:39 - 00050477 _____ C:\Users\Simone\Desktop\Defogger.exe
2013-07-21 22:23 - 2013-07-21 22:23 - 00793536 _____ C:\ZipOpenerSetup.exe
2013-07-12 18:48 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-12 18:48 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-12 18:47 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-12 18:47 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-12 18:47 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-12 18:47 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-12 18:47 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-12 18:47 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-12 18:47 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-12 18:47 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-12 18:47 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-12 18:47 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-07-12 18:47 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-07-12 18:47 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-07-12 18:47 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-07-12 18:47 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-07-10 19:48 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-10 19:48 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-10 19:48 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-10 19:48 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2013-07-02 14:56 - 2013-07-02 15:25 - 00000000 ____D C:\Users\Simone\Desktop\ABIBALL2013
2013-07-02 14:41 - 2013-07-25 11:17 - 00000314 _____ C:\windows\Tasks\HPYWNZYVY.job
2013-07-02 14:41 - 2013-07-02 14:41 - 00475136 __RSH C:\windows\system32\bitsprx6R.dll
2013-06-26 18:11 - 2013-07-21 22:26 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2030-01-01 13:33 - 2009-07-14 06:57 - 00029696 ___SH C:\windows\system32\config\BCD-Template.LOG
2030-01-01 13:33 - 2009-07-14 06:52 - 00032768 _____ C:\windows\system32\config\BCD-Template
2013-07-25 11:27 - 2011-06-16 20:49 - 00000000 ___RD C:\Users\Simone\Desktop
2013-07-25 11:27 - 2011-06-16 18:17 - 00000000 ____D C:\Users\Simone\AppData\Roaming\Dropbox
2013-07-25 11:23 - 2013-07-25 11:21 - 00018959 _____ C:\Users\Simone\Desktop\JRT.txt
2013-07-25 11:17 - 2013-07-02 14:41 - 00000314 _____ C:\windows\Tasks\HPYWNZYVY.job
2013-07-25 11:16 - 2013-07-25 11:16 - 00000000 ____D C:\windows\ERUNT
2013-07-25 11:15 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-25 11:15 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-25 11:13 - 2013-07-25 11:13 - 00004283 _____ C:\Users\Simone\Desktop\AdwCleaner[S1].txt
2013-07-25 11:12 - 2013-07-25 11:11 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\Simone\Desktop\JRT.exe
2013-07-25 11:09 - 2011-06-16 18:20 - 00000000 ___RD C:\Users\Simone\Dropbox
2013-07-25 11:07 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-25 11:06 - 2012-05-11 17:14 - 00087258 _____ C:\windows\PFRO.log
2013-07-25 11:06 - 2009-07-14 06:39 - 00080284 _____ C:\windows\setupact.log
2013-07-25 11:05 - 2013-07-25 11:04 - 00004283 _____ C:\AdwCleaner[S1].txt
2013-07-25 11:05 - 2011-06-17 05:43 - 02064669 _____ C:\windows\WindowsUpdate.log
2013-07-25 11:02 - 2013-07-25 11:02 - 00666633 _____ C:\Users\Simone\Desktop\adwcleaner.exe
2013-07-25 10:49 - 2012-12-04 17:24 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-07-24 17:55 - 2013-07-24 17:55 - 00015132 _____ C:\Users\Simone\Desktop\combofix.txt
2013-07-24 17:53 - 2013-07-24 17:53 - 00015132 _____ C:\ComboFix.txt
2013-07-24 17:53 - 2013-07-24 17:21 - 00000000 ____D C:\Qoobox
2013-07-24 17:53 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-07-24 17:53 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-07-24 17:50 - 2013-07-24 17:20 - 00000000 ____D C:\windows\erdnt
2013-07-24 17:48 - 2009-07-14 04:04 - 00000215 _____ C:\windows\system.ini
2013-07-24 17:35 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Public\Desktop
2013-07-24 17:34 - 2012-10-30 22:11 - 00000000 ____D C:\Users\Simone\Desktop\Schule
2013-07-24 17:17 - 2013-07-24 17:17 - 05092950 ____R (Swearware) C:\Users\Simone\Desktop\ComboFix.exe
2013-07-24 16:38 - 2013-07-24 16:38 - 00000000 ____D C:\FRST
2013-07-24 16:37 - 2013-07-24 16:36 - 01220240 _____ (Farbar) C:\Users\Simone\Desktop\FRST.exe
2013-07-21 23:56 - 2013-07-21 23:53 - 00052898 _____ C:\Users\Simone\Desktop\OTL.Txt
2013-07-21 23:39 - 2013-07-21 23:39 - 00023892 _____ C:\Users\Simone\Desktop\gmer.txt
2013-07-21 23:02 - 2013-07-21 23:02 - 00377856 _____ C:\Users\Simone\Desktop\gmer_2.1.19163.exe
2013-07-21 22:58 - 2013-07-21 22:58 - 00602112 _____ (OldTimer Tools) C:\Users\Simone\Desktop\OTL.exe
2013-07-21 22:47 - 2013-07-21 22:39 - 00000474 _____ C:\Users\Simone\Desktop\defogger_disable.log
2013-07-21 22:39 - 2013-07-21 22:39 - 00000000 _____ C:\Users\Simone\defogger_reenable
2013-07-21 22:39 - 2013-07-21 22:38 - 00050477 _____ C:\Users\Simone\Desktop\Defogger.exe
2013-07-21 22:39 - 2011-06-16 20:49 - 00000000 ____D C:\Users\Simone
2013-07-21 22:26 - 2013-06-26 18:11 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-21 22:23 - 2013-07-21 22:23 - 00793536 _____ C:\ZipOpenerSetup.exe
2013-07-17 20:31 - 2009-07-25 09:50 - 01500254 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-17 16:39 - 2011-07-07 18:34 - 00000000 ____D C:\Users\Simone\Fotos
2013-07-15 21:48 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET
2013-07-12 19:31 - 2012-04-16 19:23 - 00000000 ____D C:\Users\Simone\Tracing
2013-07-12 19:21 - 2009-07-14 06:33 - 00320376 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-12 19:19 - 2012-05-27 22:17 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-12 19:19 - 2010-11-02 02:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 19:17 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 18:46 - 2011-07-04 11:32 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-12 18:33 - 2013-02-26 21:05 - 75699896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-07-02 15:25 - 2013-07-02 14:56 - 00000000 ____D C:\Users\Simone\Desktop\ABIBALL2013
2013-07-02 14:41 - 2013-07-02 14:41 - 00475136 __RSH C:\windows\system32\bitsprx6R.dll
2013-06-28 20:49 - 2013-02-18 20:09 - 00000000 ____D C:\Program Files\Full Tilt Poker.Eu

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-22 00:18

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 25.07.2013, 12:30   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Ihavenet Virus  - wie kann ich ihn loswerden - Standard

Ihavenet Virus - wie kann ich ihn loswerden




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.07.2013, 09:18   #9
SimoneSch.
 
Ihavenet Virus  - wie kann ich ihn loswerden - Standard

Ihavenet Virus - wie kann ich ihn loswerden



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=0d616c5b7514d3408b28b53a3db6f54b
# engine=14527
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-26 08:35:55
# local_time=2013-07-26 10:35:55 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 1178311 126458946 0 0
# scanned=40890
# found=0
# cleaned=0
# scan_time=59819
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=0d616c5b7514d3408b28b53a3db6f54b
# engine=14536
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-26 05:40:12
# local_time=2013-07-26 07:40:12 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 1210968 126491603 0 0
# scanned=154732
# found=0
# cleaned=0
# scan_time=32497
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=0d616c5b7514d3408b28b53a3db6f54b
# engine=14542
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-26 06:50:49
# local_time=2013-07-26 08:50:49 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 1215205 126495840 0 0
# scanned=40914
# found=0
# cleaned=0
# scan_time=4149
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=0d616c5b7514d3408b28b53a3db6f54b
# engine=14542
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-27 02:46:22
# local_time=2013-07-27 04:46:22 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 1243738 126524373 0 0
# scanned=158145
# found=2
# cleaned=0
# scan_time=28463
sh=E5D061DCE077318314B73B2B18329B893A4A63AF ft=1 fh=d2f9a47e07a14475 vn="Win32/Conficker.X worm" ac=I fn="E:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx"
sh=3B0F6568801F9FBC65754890ADFAE7F350A42E56 ft=0 fh=0000000000000000 vn="Win32/Adware.1ClickDownload.AM application" ac=I fn="E:\THORSTEN-PC\Backup Set 2013-05-26 124032\Backup Files 2013-05-26 124032\Backup files 41.zip"
         
Beim SecurityCheck kommt immer nur folgende Meldung:

UNSUPPORTED OPERATING SYSTEM! ABORTED!


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-07-2013
Ran by Simone (administrator) on 27-07-2013 10:12:31
Running from C:\Users\Simone\Desktop
Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
() C:\Windows\System32\AsusService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
() C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(AsusTek Computer Inc.) C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUS) C:\Program Files\EeePC\CapsHook\CapsHook.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
(Dropbox, Inc.) C:\Users\Simone\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
() C:\Program Files\Asus\Eee Docking\Eee Docking.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
() C:\Users\Simone\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\windows\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [HotkeyMon] - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [95744 2010-09-02] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotkeyService] - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [1245104 2010-09-03] (ASUSTeK Computer Inc.)
HKLM\...\Run: [SuperHybridEngine] - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe [412600 2010-06-09] (ASUSTeK Computer Inc.)
HKLM\...\Run: [LiveUpdate] - C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [1090984 2010-09-08] (AsusTek Computer Inc.)
HKLM\...\Run: [CapsHook] - C:\Program Files\EeePC\CapsHook\CapsHook.exe [445344 2010-05-29] (ASUS)
HKLM\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [414384 2010-06-10] ()
HKLM\...\Run: [VizorHtmlDialog.exe] - "C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\UI\pre_install_eula.html" "DEF" "DEF" "DEF" [x]
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [116008 2010-03-19] (Trend Micro Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9177632 2010-04-27] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [548744 2010-06-10] (ELAN Microelectronic Corp.)
HKLM\...\Run: [ASUSWebStorage] - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\Default\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-09-21] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-09-21] (AsusTek Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Simone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Simone\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Simone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\6teoa4cw.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========================== Services (Whitelisted) =================

R2 AsusService; C:\Windows\System32\AsusService.exe [224680 2010-09-08] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [202048 2010-09-07] ()
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=nb [x]

==================== Drivers (Whitelisted) ====================

R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11520 2010-03-31] ()
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [102912 2010-07-21] (ELAN Microelectronic Corp.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
S3 btwavdt; \SystemRoot\system32\DRIVERS\btwavdt.sys [x]
S3 btwrchid; \SystemRoot\system32\DRIVERS\btwrchid.sys [x]
S3 catchme; \??\C:\Users\Simone\AppData\Local\Temp\catchme.sys [x]
S3 cmnsusbser; system32\DRIVERS\cmnsusbser.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2030-01-01 13:33 - 2010-11-20 14:40 - 00383786 __RSH C:\bootmgr
2013-07-27 10:08 - 2013-07-27 10:08 - 00891062 _____ C:\Users\Simone\Desktop\SecurityCheck.exe
2013-07-25 17:54 - 2013-07-25 17:54 - 00000000 ____D C:\Program Files\ESET
2013-07-25 17:53 - 2013-07-25 17:53 - 02347384 _____ (ESET) C:\Users\Simone\Desktop\esetsmartinstaller_enu.exe
2013-07-25 11:21 - 2013-07-25 11:23 - 00018959 _____ C:\Users\Simone\Desktop\JRT.txt
2013-07-25 11:16 - 2013-07-25 11:16 - 00000000 ____D C:\windows\ERUNT
2013-07-25 11:13 - 2013-07-25 11:13 - 00004283 _____ C:\Users\Simone\Desktop\AdwCleaner[S1].txt
2013-07-25 11:11 - 2013-07-25 11:12 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\Simone\Desktop\JRT.exe
2013-07-25 11:04 - 2013-07-25 11:05 - 00004283 _____ C:\AdwCleaner[S1].txt
2013-07-25 11:02 - 2013-07-25 11:02 - 00666633 _____ C:\Users\Simone\Desktop\adwcleaner.exe
2013-07-24 17:55 - 2013-07-24 17:55 - 00015132 _____ C:\Users\Simone\Desktop\combofix.txt
2013-07-24 17:53 - 2013-07-24 17:53 - 00015132 _____ C:\ComboFix.txt
2013-07-24 17:22 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2013-07-24 17:22 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2013-07-24 17:22 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-07-24 17:22 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-07-24 17:22 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-07-24 17:22 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2013-07-24 17:22 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2013-07-24 17:22 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2013-07-24 17:21 - 2013-07-24 17:53 - 00000000 ____D C:\Qoobox
2013-07-24 17:20 - 2013-07-24 17:50 - 00000000 ____D C:\windows\erdnt
2013-07-24 17:17 - 2013-07-24 17:17 - 05092950 ____R (Swearware) C:\Users\Simone\Desktop\ComboFix.exe
2013-07-24 16:38 - 2013-07-24 16:38 - 00000000 ____D C:\FRST
2013-07-24 16:36 - 2013-07-24 16:37 - 01220240 _____ (Farbar) C:\Users\Simone\Desktop\FRST.exe
2013-07-21 23:53 - 2013-07-21 23:56 - 00052898 _____ C:\Users\Simone\Desktop\OTL.Txt
2013-07-21 23:39 - 2013-07-21 23:39 - 00023892 _____ C:\Users\Simone\Desktop\gmer.txt
2013-07-21 23:02 - 2013-07-21 23:02 - 00377856 _____ C:\Users\Simone\Desktop\gmer_2.1.19163.exe
2013-07-21 22:58 - 2013-07-21 22:58 - 00602112 _____ (OldTimer Tools) C:\Users\Simone\Desktop\OTL.exe
2013-07-21 22:39 - 2013-07-21 22:47 - 00000474 _____ C:\Users\Simone\Desktop\defogger_disable.log
2013-07-21 22:39 - 2013-07-21 22:39 - 00000000 _____ C:\Users\Simone\defogger_reenable
2013-07-21 22:38 - 2013-07-21 22:39 - 00050477 _____ C:\Users\Simone\Desktop\Defogger.exe
2013-07-21 22:23 - 2013-07-21 22:23 - 00793536 _____ C:\ZipOpenerSetup.exe
2013-07-12 18:48 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-12 18:48 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-12 18:47 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-12 18:47 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-12 18:47 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-12 18:47 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-12 18:47 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-12 18:47 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-12 18:47 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-12 18:47 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-12 18:47 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-12 18:47 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-07-12 18:47 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-07-12 18:47 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-07-12 18:47 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-07-12 18:47 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-07-10 19:48 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-10 19:48 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-10 19:48 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-10 19:48 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2013-07-02 14:56 - 2013-07-02 15:25 - 00000000 ____D C:\Users\Simone\Desktop\ABIBALL2013
2013-07-02 14:41 - 2013-07-25 11:17 - 00000314 _____ C:\windows\Tasks\HPYWNZYVY.job
2013-07-02 14:41 - 2013-07-02 14:41 - 00475136 __RSH C:\windows\system32\bitsprx6R.dll

==================== One Month Modified Files and Folders =======

2030-01-01 13:33 - 2009-07-14 06:57 - 00029696 ___SH C:\windows\system32\config\BCD-Template.LOG
2030-01-01 13:33 - 2009-07-14 06:52 - 00032768 _____ C:\windows\system32\config\BCD-Template
2013-07-27 10:12 - 2011-06-16 20:49 - 00000000 ___RD C:\Users\Simone\Desktop
2013-07-27 10:10 - 2011-06-16 18:17 - 00000000 ____D C:\Users\Simone\AppData\Roaming\Dropbox
2013-07-27 10:08 - 2013-07-27 10:08 - 00891062 _____ C:\Users\Simone\Desktop\SecurityCheck.exe
2013-07-27 10:02 - 2012-12-04 17:24 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-07-27 04:42 - 2011-06-17 05:43 - 01091416 _____ C:\windows\WindowsUpdate.log
2013-07-27 02:20 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-27 02:20 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-25 17:56 - 2009-07-25 09:50 - 01500254 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-25 17:54 - 2013-07-25 17:54 - 00000000 ____D C:\Program Files\ESET
2013-07-25 17:53 - 2013-07-25 17:53 - 02347384 _____ (ESET) C:\Users\Simone\Desktop\esetsmartinstaller_enu.exe
2013-07-25 11:23 - 2013-07-25 11:21 - 00018959 _____ C:\Users\Simone\Desktop\JRT.txt
2013-07-25 11:17 - 2013-07-02 14:41 - 00000314 _____ C:\windows\Tasks\HPYWNZYVY.job
2013-07-25 11:16 - 2013-07-25 11:16 - 00000000 ____D C:\windows\ERUNT
2013-07-25 11:13 - 2013-07-25 11:13 - 00004283 _____ C:\Users\Simone\Desktop\AdwCleaner[S1].txt
2013-07-25 11:12 - 2013-07-25 11:11 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\Simone\Desktop\JRT.exe
2013-07-25 11:09 - 2011-06-16 18:20 - 00000000 ___RD C:\Users\Simone\Dropbox
2013-07-25 11:07 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-25 11:06 - 2012-05-11 17:14 - 00087258 _____ C:\windows\PFRO.log
2013-07-25 11:06 - 2009-07-14 06:39 - 00080284 _____ C:\windows\setupact.log
2013-07-25 11:05 - 2013-07-25 11:04 - 00004283 _____ C:\AdwCleaner[S1].txt
2013-07-25 11:02 - 2013-07-25 11:02 - 00666633 _____ C:\Users\Simone\Desktop\adwcleaner.exe
2013-07-24 17:55 - 2013-07-24 17:55 - 00015132 _____ C:\Users\Simone\Desktop\combofix.txt
2013-07-24 17:53 - 2013-07-24 17:53 - 00015132 _____ C:\ComboFix.txt
2013-07-24 17:53 - 2013-07-24 17:21 - 00000000 ____D C:\Qoobox
2013-07-24 17:53 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-07-24 17:53 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-07-24 17:50 - 2013-07-24 17:20 - 00000000 ____D C:\windows\erdnt
2013-07-24 17:48 - 2009-07-14 04:04 - 00000215 _____ C:\windows\system.ini
2013-07-24 17:35 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Public\Desktop
2013-07-24 17:34 - 2012-10-30 22:11 - 00000000 ____D C:\Users\Simone\Desktop\Schule
2013-07-24 17:17 - 2013-07-24 17:17 - 05092950 ____R (Swearware) C:\Users\Simone\Desktop\ComboFix.exe
2013-07-24 16:38 - 2013-07-24 16:38 - 00000000 ____D C:\FRST
2013-07-24 16:37 - 2013-07-24 16:36 - 01220240 _____ (Farbar) C:\Users\Simone\Desktop\FRST.exe
2013-07-21 23:56 - 2013-07-21 23:53 - 00052898 _____ C:\Users\Simone\Desktop\OTL.Txt
2013-07-21 23:39 - 2013-07-21 23:39 - 00023892 _____ C:\Users\Simone\Desktop\gmer.txt
2013-07-21 23:02 - 2013-07-21 23:02 - 00377856 _____ C:\Users\Simone\Desktop\gmer_2.1.19163.exe
2013-07-21 22:58 - 2013-07-21 22:58 - 00602112 _____ (OldTimer Tools) C:\Users\Simone\Desktop\OTL.exe
2013-07-21 22:47 - 2013-07-21 22:39 - 00000474 _____ C:\Users\Simone\Desktop\defogger_disable.log
2013-07-21 22:39 - 2013-07-21 22:39 - 00000000 _____ C:\Users\Simone\defogger_reenable
2013-07-21 22:39 - 2013-07-21 22:38 - 00050477 _____ C:\Users\Simone\Desktop\Defogger.exe
2013-07-21 22:39 - 2011-06-16 20:49 - 00000000 ____D C:\Users\Simone
2013-07-21 22:26 - 2013-06-26 18:11 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-21 22:23 - 2013-07-21 22:23 - 00793536 _____ C:\ZipOpenerSetup.exe
2013-07-17 16:39 - 2011-07-07 18:34 - 00000000 ____D C:\Users\Simone\Fotos
2013-07-15 21:48 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET
2013-07-12 19:31 - 2012-04-16 19:23 - 00000000 ____D C:\Users\Simone\Tracing
2013-07-12 19:21 - 2009-07-14 06:33 - 00320376 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-12 19:19 - 2012-05-27 22:17 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-12 19:19 - 2010-11-02 02:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 19:17 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 18:46 - 2011-07-04 11:32 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-12 18:33 - 2013-02-26 21:05 - 75699896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-07-02 15:25 - 2013-07-02 14:56 - 00000000 ____D C:\Users\Simone\Desktop\ABIBALL2013
2013-07-02 14:41 - 2013-07-02 14:41 - 00475136 __RSH C:\windows\system32\bitsprx6R.dll
2013-06-28 20:49 - 2013-02-18 20:09 - 00000000 ____D C:\Program Files\Full Tilt Poker.Eu

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-27 05:07

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 27.07.2013, 11:17   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Ihavenet Virus  - wie kann ich ihn loswerden - Standard

Ihavenet Virus - wie kann ich ihn loswerden



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
E:\RECYCLER
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.07.2013, 16:56   #11
SimoneSch.
 
Ihavenet Virus  - wie kann ich ihn loswerden - Standard

Ihavenet Virus - wie kann ich ihn loswerden



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-07-2013
Ran by Simone at 2013-07-27 17:53:59 Run:2
Running from C:\Users\Simone\Desktop
Boot Mode: Normal

==============================================

"E:\RECYCLER" => File/Directory not found.

==== End of Fixlog ====
         
habe ich was falsch gemacht?

Alt 27.07.2013, 18:19   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Ihavenet Virus  - wie kann ich ihn loswerden - Standard

Ihavenet Virus - wie kann ich ihn loswerden



Nee alles gut. Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.07.2013, 21:12   #13
SimoneSch.
 
Ihavenet Virus  - wie kann ich ihn loswerden - Standard

Ihavenet Virus - wie kann ich ihn loswerden



Ja krass... ich kann das gar nicht fassen, dass das jetzt alles so geklappt hat. Ich hab auch richtig viel gelernt.

Vielen, vielen Dank dafür. Das war ganz großes Kino hier :-)
Top!

Alt 28.07.2013, 07:12   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Ihavenet Virus  - wie kann ich ihn loswerden - Standard

Ihavenet Virus - wie kann ich ihn loswerden



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 28.07.2013, 17:23   #15
SimoneSch.
 
Ihavenet Virus  - wie kann ich ihn loswerden - Standard

Ihavenet Virus - wie kann ich ihn loswerden



Hm, scheint doch noch nicht weg zu sein... Werde immernoch von newsbusters umgeleitet :-(

Antwort

Themen zu Ihavenet Virus - wie kann ich ihn loswerden
anhang, befolgt, compu, computer, dateien, einiger, erstell, erstellt, folge, folgende, gemeinde, google, hoffe, ihavenet, ihavenet virus, liebe, logfiles, loswerden, richtig, schritte, sucht, super, tagen, umleitung, virus, weitergeleitet




Ähnliche Themen: Ihavenet Virus - wie kann ich ihn loswerden


  1. Positive finds Ads, wie kann ich es loswerden
    Plagegeister aller Art und deren Bekämpfung - 05.02.2015 (11)
  2. Windows 7: Kann search.fbdownloader.com nicht loswerden
    Log-Analyse und Auswertung - 13.12.2014 (11)
  3. Windows7: Windows-Sicherheitscenterdienst kann nicht gestartet werden und Google-Suche wurde zu ihavenet umgeleitet
    Log-Analyse und Auswertung - 06.02.2014 (21)
  4. ihavenet virus
    Log-Analyse und Auswertung - 09.10.2013 (28)
  5. Mit ihavenet.com Virus infiziert, kann es nicht beseitigen.
    Log-Analyse und Auswertung - 01.09.2013 (26)
  6. Was kann ich tun, um den ihavenet Trojaner loszuwerden?
    Plagegeister aller Art und deren Bekämpfung - 03.06.2013 (9)
  7. gestern mit GUV Trojaner infiziert - wie kann ich den wieder loswerden ?
    Plagegeister aller Art und deren Bekämpfung - 30.04.2013 (2)
  8. Ihavenet.com Browser Hijacker- bei Googlesuche öffnen sich andere Seiten (Weiterleitung über Ihavenet.com)
    Log-Analyse und Auswertung - 21.11.2012 (13)
  9. Ihavenet.com - Virus
    Plagegeister aller Art und deren Bekämpfung - 09.11.2012 (9)
  10. http://www.searchqu.com/406 kann ich nicht loswerden......
    Log-Analyse und Auswertung - 22.09.2011 (2)
  11. Ich kann Trojaner nicht loswerden.
    Log-Analyse und Auswertung - 13.02.2009 (10)
  12. Wie kann ich TR/Agent.ahze loswerden?
    Mülltonne - 11.11.2008 (0)
  13. Habe Viren, kann sie aber nicht loswerden
    Plagegeister aller Art und deren Bekämpfung - 18.01.2007 (20)
  14. Wie kann Kann man den Virus W32/Zmist loswerden ?
    Plagegeister aller Art und deren Bekämpfung - 02.09.2006 (5)
  15. TR/Dldr.Mediket.S.2 würde ich gerne loswerden, kann mir jemand helfen?
    Plagegeister aller Art und deren Bekämpfung - 30.09.2005 (5)
  16. Hilfe kann Dialer nicht loswerden
    Log-Analyse und Auswertung - 14.03.2005 (20)
  17. ich kann den dialer nicht loswerden
    Plagegeister aller Art und deren Bekämpfung - 24.04.2004 (3)

Zum Thema Ihavenet Virus - wie kann ich ihn loswerden - Liebe Gemeinde, da ich mich leider fast gar nicht mit Computern auskenne, hoffe ich, dass ich hier richtig bin und mir jemand helfen kann. Ich habe seit einiger Zeit den - Ihavenet Virus - wie kann ich ihn loswerden...
Archiv
Du betrachtest: Ihavenet Virus - wie kann ich ihn loswerden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.