|
Log-Analyse und Auswertung: Ihavenet Virus - wie kann ich ihn loswerdenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
24.07.2013, 15:30 | #1 |
| Ihavenet Virus - wie kann ich ihn loswerden Liebe Gemeinde, da ich mich leider fast gar nicht mit Computern auskenne, hoffe ich, dass ich hier richtig bin und mir jemand helfen kann. Ich habe seit einiger Zeit den Ihavenet Virus auf meinem Netbook. Seit einigen Tagen sind die Symptome (Umleitung auf eine Spamwebsite, wenn man bei Google etwas sucht) so drastisch geworden, dass ich fast bei jedem Suchvorgang weitergeleitet werde. Ich habe die Schritte mit den Logfiles befolgt (soweit ich das kapiert habe) und folgende Dateien wurden erstellt (Anhang). Es wäre super, wenn mit jemand helfen könnte. Vielen Dank im Voraus, Simone |
24.07.2013, 15:34 | #2 |
/// the machine /// TB-Ausbilder | Ihavenet Virus - wie kann ich ihn loswerden hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
24.07.2013, 15:51 | #3 |
| Ihavenet Virus - wie kann ich ihn loswerden FRST Logfile:
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-07-2013 Ran by Simone (administrator) on 24-07-2013 16:39:28 Running from C:\Users\Simone\Dropbox\Downloads Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe () C:\Windows\System32\AsusService.exe (Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe () C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE () C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe () C:\Program Files\ASUS\Eee Docking\Eee Docking.exe (AsusTek Computer Inc.) C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe (ASUSTeK Computer Inc.) C:\Program Files\EeePC\SHE\SuperHybridEngine.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (ASUS) C:\Program Files\EeePC\CapsHook\CapsHook.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\windows\system32\igfxsrvc.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Dropbox, Inc.) C:\Users\Simone\AppData\Roaming\Dropbox\bin\Dropbox.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotkeyService.exe (Adobe Systems Incorporated) C:\windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation) HKLM\...\Run: [EeeSplendidAgent] - C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe [x] HKLM\...\Run: [HotkeyMon] - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [95744 2010-09-02] (ASUSTeK Computer Inc.) HKLM\...\Run: [HotkeyService] - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [1245104 2010-09-03] (ASUSTeK Computer Inc.) HKLM\...\Run: [SuperHybridEngine] - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe [412600 2010-06-09] (ASUSTeK Computer Inc.) HKLM\...\Run: [LiveUpdate] - C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [1090984 2010-09-08] (AsusTek Computer Inc.) HKLM\...\Run: [CapsHook] - C:\Program Files\EeePC\CapsHook\CapsHook.exe [445344 2010-05-29] (ASUS) HKLM\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [414384 2010-06-10] () HKLM\...\Run: [VizorHtmlDialog.exe] - "C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\UI\pre_install_eula.html" "DEF" "DEF" "DEF" [x] HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [116008 2010-03-19] (Trend Micro Inc.) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9177632 2010-04-27] (Realtek Semiconductor) HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [548744 2010-06-10] (ELAN Microelectronic Corp.) HKLM\...\Run: [ASUSWebStorage] - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM\...\Runonce: [Del788817121] - cmd.exe /Q /D /c del "C:\Users\Simone\AppData\Local\Temp\0.del" [x] HKCU\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation) HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe -update plugin [814472 2013-06-12] (Adobe Systems Incorporated) HKCU\...\Runonce: [Del788817121] - cmd.exe /Q /D /c del "C:\Users\Simone\AppData\Local\Temp\0.del" [x] MountPoints2: E - E:\LaunchU3.exe -a MountPoints2: {2779ff43-19fb-11e2-aa92-bcaec53174f2} - E:\LaunchU3.exe -a MountPoints2: {2d0eea58-9818-11e0-8f48-bcaec53174f2} - E:\autorun.exe MountPoints2: {b1714ae7-75dc-11e1-84ff-bcaec53174f2} - E:\setup.exe -a HKU\Default\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-09-21] (AsusTek Computer Inc.) HKU\Default User\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-09-21] (AsusTek Computer Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Simone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Simone\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Simone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=821BBCAEC53174F2&affID=119357&tt=210713_nt&tsp=4950 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=821BBCAEC53174F2&affID=119357&tt=210713_nt&tsp=4950 BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\6teoa4cw.default FF user.js: detected! => C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\6teoa4cw.default\user.js FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\6teoa4cw.default\searchplugins\babylon.xml FF SearchPlugin: C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\6teoa4cw.default\searchplugins\delta.xml FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========================== Services (Whitelisted) ================= R2 AsusService; C:\Windows\System32\AsusService.exe [224680 2010-09-08] () S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) R2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [202048 2010-09-07] () R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=nb [x] ==================== Drivers (Whitelisted) ==================== R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11520 2010-03-31] () R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [102912 2010-07-21] (ELAN Microelectronic Corp.) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( ) S3 btwavdt; \SystemRoot\system32\DRIVERS\btwavdt.sys [x] S3 btwrchid; \SystemRoot\system32\DRIVERS\btwrchid.sys [x] S3 cmnsusbser; system32\DRIVERS\cmnsusbser.sys [x] U3 awdiqpog; \??\C:\Users\Simone\AppData\Local\Temp\awdiqpog.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2030-01-01 13:33 - 2010-11-20 14:40 - 00383786 __RSH C:\bootmgr 2013-07-24 16:38 - 2013-07-24 16:38 - 00000000 ____D C:\FRST 2013-07-21 23:53 - 2013-07-21 23:56 - 00052898 _____ C:\Users\Simone\Desktop\OTL.Txt 2013-07-21 23:39 - 2013-07-21 23:39 - 00023892 _____ C:\Users\Simone\Desktop\gmer.txt 2013-07-21 23:02 - 2013-07-21 23:02 - 00377856 _____ C:\Users\Simone\Desktop\gmer_2.1.19163.exe 2013-07-21 22:58 - 2013-07-21 22:58 - 00602112 _____ (OldTimer Tools) C:\Users\Simone\Desktop\OTL.exe 2013-07-21 22:39 - 2013-07-21 22:47 - 00000474 _____ C:\Users\Simone\Desktop\defogger_disable.log 2013-07-21 22:39 - 2013-07-21 22:39 - 00000000 _____ C:\Users\Simone\defogger_reenable 2013-07-21 22:38 - 2013-07-21 22:39 - 00050477 _____ C:\Users\Simone\Desktop\Defogger.exe 2013-07-21 22:26 - 2013-07-21 22:29 - 00000000 ____D C:\Users\Simone\AppData\Roaming\BabSolution 2013-07-21 22:26 - 2013-07-21 22:26 - 00000290 _____ C:\windows\Tasks\DSite.job 2013-07-21 22:26 - 2013-07-21 22:26 - 00000000 ____D C:\Users\Simone\AppData\Roaming\DSite 2013-07-21 22:26 - 2013-07-21 22:26 - 00000000 ____D C:\ProgramData\BrowserDefender 2013-07-21 22:26 - 2013-07-21 22:26 - 00000000 ____D C:\ProgramData\Babylon 2013-07-21 22:25 - 2013-07-21 22:25 - 00000000 ____D C:\Users\Simone\AppData\Roaming\Babylon 2013-07-21 22:23 - 2013-07-21 22:23 - 00793536 _____ C:\ZipOpenerSetup.exe 2013-07-12 19:32 - 2013-07-12 19:32 - 00000000 ____D C:\Users\Simone\AppData\Local\{5934BD1B-E394-445E-AA4D-514F623640B8} 2013-07-12 18:48 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2013-07-12 18:48 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2013-07-12 18:47 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2013-07-12 18:47 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2013-07-12 18:47 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2013-07-12 18:47 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2013-07-12 18:47 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2013-07-12 18:47 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2013-07-12 18:47 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2013-07-12 18:47 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2013-07-12 18:47 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2013-07-12 18:47 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2013-07-12 18:47 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll 2013-07-12 18:47 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2013-07-12 18:47 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2013-07-12 18:47 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe 2013-07-10 19:48 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2013-07-10 19:48 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll 2013-07-10 19:48 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL 2013-07-10 19:48 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll 2013-07-02 14:56 - 2013-07-02 15:25 - 00000000 ____D C:\Users\Simone\Desktop\ABIBALL2013 2013-07-02 14:41 - 2013-07-12 19:21 - 00000314 _____ C:\windows\Tasks\HPYWNZYVY.job 2013-07-02 14:41 - 2013-07-02 14:41 - 00475136 __RSH C:\windows\system32\bitsprx6R.dll 2013-06-26 18:11 - 2013-07-21 22:26 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-06-25 15:52 - 2013-06-25 15:52 - 00000000 ____D C:\Users\Simone\AppData\Local\{D8B03983-EB02-4FC6-A9A1-4524870C22F6} ==================== One Month Modified Files and Folders ======= 2030-01-01 13:33 - 2009-07-14 06:57 - 00029696 ___SH C:\windows\system32\config\BCD-Template.LOG 2030-01-01 13:33 - 2009-07-14 06:52 - 00032768 _____ C:\windows\system32\config\BCD-Template 2013-07-24 16:38 - 2013-07-24 16:38 - 00000000 ____D C:\FRST 2013-07-24 16:38 - 2011-06-16 18:17 - 00000000 ____D C:\Users\Simone\AppData\Roaming\Dropbox 2013-07-24 16:07 - 2012-12-04 17:24 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2013-07-23 00:12 - 2011-06-17 05:43 - 02029543 _____ C:\windows\WindowsUpdate.log 2013-07-21 23:56 - 2013-07-21 23:53 - 00052898 _____ C:\Users\Simone\Desktop\OTL.Txt 2013-07-21 23:53 - 2011-06-16 20:49 - 00000000 ___RD C:\Users\Simone\Desktop 2013-07-21 23:39 - 2013-07-21 23:39 - 00023892 _____ C:\Users\Simone\Desktop\gmer.txt 2013-07-21 23:02 - 2013-07-21 23:02 - 00377856 _____ C:\Users\Simone\Desktop\gmer_2.1.19163.exe 2013-07-21 22:58 - 2013-07-21 22:58 - 00602112 _____ (OldTimer Tools) C:\Users\Simone\Desktop\OTL.exe 2013-07-21 22:47 - 2013-07-21 22:39 - 00000474 _____ C:\Users\Simone\Desktop\defogger_disable.log 2013-07-21 22:39 - 2013-07-21 22:39 - 00000000 _____ C:\Users\Simone\defogger_reenable 2013-07-21 22:39 - 2013-07-21 22:38 - 00050477 _____ C:\Users\Simone\Desktop\Defogger.exe 2013-07-21 22:39 - 2011-06-16 20:49 - 00000000 ____D C:\Users\Simone 2013-07-21 22:30 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Public\Desktop 2013-07-21 22:29 - 2013-07-21 22:26 - 00000000 ____D C:\Users\Simone\AppData\Roaming\BabSolution 2013-07-21 22:26 - 2013-07-21 22:26 - 00000290 _____ C:\windows\Tasks\DSite.job 2013-07-21 22:26 - 2013-07-21 22:26 - 00000000 ____D C:\Users\Simone\AppData\Roaming\DSite 2013-07-21 22:26 - 2013-07-21 22:26 - 00000000 ____D C:\ProgramData\BrowserDefender 2013-07-21 22:26 - 2013-07-21 22:26 - 00000000 ____D C:\ProgramData\Babylon 2013-07-21 22:26 - 2013-06-26 18:11 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-07-21 22:25 - 2013-07-21 22:25 - 00000000 ____D C:\Users\Simone\AppData\Roaming\Babylon 2013-07-21 22:23 - 2013-07-21 22:23 - 00793536 _____ C:\ZipOpenerSetup.exe 2013-07-17 20:31 - 2009-07-25 09:50 - 01500254 _____ C:\windows\system32\PerfStringBackup.INI 2013-07-17 16:39 - 2011-07-07 18:34 - 00000000 ____D C:\Users\Simone\Fotos 2013-07-16 20:39 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-16 20:39 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-15 21:48 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET 2013-07-12 19:32 - 2013-07-12 19:32 - 00000000 ____D C:\Users\Simone\AppData\Local\{5934BD1B-E394-445E-AA4D-514F623640B8} 2013-07-12 19:32 - 2011-06-16 18:20 - 00000000 ___RD C:\Users\Simone\Dropbox 2013-07-12 19:31 - 2012-04-16 19:23 - 00000000 ____D C:\Users\Simone\Tracing 2013-07-12 19:21 - 2013-07-02 14:41 - 00000314 _____ C:\windows\Tasks\HPYWNZYVY.job 2013-07-12 19:21 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-07-12 19:21 - 2009-07-14 06:39 - 00080228 _____ C:\windows\setupact.log 2013-07-12 19:21 - 2009-07-14 06:33 - 00320376 _____ C:\windows\system32\FNTCACHE.DAT 2013-07-12 19:19 - 2012-05-27 22:17 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-07-12 19:19 - 2012-05-11 17:14 - 00072416 _____ C:\windows\PFRO.log 2013-07-12 19:19 - 2010-11-02 02:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-07-12 19:17 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender 2013-07-12 18:46 - 2011-07-04 11:32 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-07-12 18:33 - 2013-02-26 21:05 - 75699896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2013-07-02 15:25 - 2013-07-02 14:56 - 00000000 ____D C:\Users\Simone\Desktop\ABIBALL2013 2013-07-02 14:41 - 2013-07-02 14:41 - 00475136 __RSH C:\windows\system32\bitsprx6R.dll 2013-06-28 20:49 - 2013-02-18 20:09 - 00000000 ____D C:\Program Files\Full Tilt Poker.Eu 2013-06-25 15:52 - 2013-06-25 15:52 - 00000000 ____D C:\Users\Simone\AppData\Local\{D8B03983-EB02-4FC6-A9A1-4524870C22F6} Files to move or delete: ==================== C:\ProgramData\FullRemove.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-22 00:18 ==================== End Of Log ============================ --- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-07-2013 Ran by Simone at 2013-07-24 16:41:44 Running from C:\Users\Simone\Dropbox\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 32 Bit HP CIO Components Installer (Version: 1.1.0) 7-Zip 9.20 Acrobat.com (Version: 1.6.65) Adobe AIR (Version: 2.0.4.13090) Adobe Flash Player 11 ActiveX (Version: 11.7.700.224) Adobe Flash Player 11 Plugin (Version: 11.7.700.224) Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03) ASUS WebStorage (Version: 3.0.108.222) ASUSUpdate for Eee PC (Version: 1.04.01) AsusVibe2.0 (Version: 2.0.9.157) Atheros Client Installation Program (Version: 7.0) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.29) Bing Bar (Version: 7.0.850.0) CapsHook (Version: 1.0.0.5) Cisco EAP-FAST Module (Version: 2.2.14) Cisco LEAP Module (Version: 1.0.19) Cisco PEAP Module (Version: 1.1.6) Complément Messenger (Version: 15.4.3502.0922) Contrôle ActiveX Windows Live Mesh pour connexions à distance (Version: 15.4.5722.2) D3DX10 (Version: 15.4.2368.0902) Dropbox (HKCU Version: 2.0.22) ebi.BookReader3J (Version: 3.75.14) E-Cam (Version: 2.0.2.6) Eee Docking 3.8.1 (Version: 3.8.1) EeeSplendid (Version: 5.1.2.0011) ETDWare PS/2-x86 7.0.5.13_WHQL (Version: 7.0.5.13) FontResizer (Version: 1.01.0011) Full Tilt Poker.Eu (Version: 4.55.4.WIN.FullTilt.EU) Galerie de photos Windows Live (Version: 15.4.3502.0922) Game Park Console (Version: 6.2.0.3) Hotkey Service (Version: 1.32) Intel(R) Graphics Media Accelerator Driver (Version: 8.14.10.2364) Intel® Matrix Storage Manager Java 7 Update 25 (Version: 7.0.250) Java Auto Updater (Version: 2.1.9.5) Junk Mail filter update (Version: 15.4.3502.0922) LiveUpdate (Version: 1.24) LocaleMe (Version: 1.3) McAfee Security Scan Plus (Version: 3.0.318.3) Mesh Runtime (Version: 15.4.5722.2) Messenger Companion (Version: 15.4.3502.0922) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 (Version: 14.0.4763.1000) Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office File Validation Add-In (Version: 14.0.5130.5003) Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000) Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1) Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000) Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Standard 2007 (Version: 12.0.6612.1000) Microsoft Office Starter 2010 - Deutsch (Version: 14.0.4763.1000) Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) MotoHelper 2.0.24 Driver 4.7.1 (Version: 2.0.24) MotoHelper MergeModules (Version: 1.0.0) Motorola Mobile Drivers Installation 4.7.1 (Version: 4.7.1) Mozilla Firefox 22.0 (x86 de) (Version: 22.0) Mozilla Maintenance Service (Version: 22.0) MSVCRT (Version: 15.4.2862.0708) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0) MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0) MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0) OpenOffice.org 3.3 (Version: 3.3.9567) PokerStars.eu Raccolta foto di Windows Live (Version: 15.4.3502.0922) Ralink RT2860 Wireless LAN Card (Version: 1.5.1.0) Realtek High Definition Audio Driver (Version: 6.0.1.6098) REALTEK Wireless LAN Driver (Version: 1.00.0159) Skype Toolbars (Version: 5.3.7280) Skype™ 5.10 (Version: 5.10.116) Super Hybrid Engine (Version: 2.16) Times Reader (Version: 2.055) Trend Micro Titanium (Version: 1.0) Trend Micro Titanium (Version: 2.20) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition Update für Microsoft Office Excel 2007 Help (KB963678) Update für Microsoft Office Outlook 2007 Help (KB963677) Update für Microsoft Office Powerpoint 2007 Help (KB963669) Update für Microsoft Office Word 2007 Help (KB963665) Windows Driver Package - Broadcom Bluetooth (07/17/2009 6.2.0.9403) (Version: 07/17/2009 6.2.0.9403) Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0) (Version: 07/29/2009 6.1.7100.0) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800) Windows Live (Version: 15.4.3502.0922) Windows Live Communications Platform (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3555.0308) Windows Live Family Safety (Version: 15.4.3555.0308) Windows Live Fotogalerie (Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (Version: 15.4.3502.0922) Windows Live Mail (Version: 15.4.3502.0922) Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (Version: 15.4.5722.2) Windows Live Mesh (Version: 15.4.3502.0922) Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2) Windows Live Mesh ActiveX control for remote connections (Version: 15.4.5722.2) Windows Live Messenger (Version: 15.4.3538.0513) Windows Live Messenger Companion Core (Version: 15.4.3502.0922) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (Version: 15.4.3502.0922) Windows Live Photo Common (Version: 15.4.3502.0922) Windows Live Photo Gallery (Version: 15.4.3502.0922) Windows Live PIMT Platform (Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (Version: 15.4.3502.0922) Windows Live SOXE Definitions (Version: 15.4.3502.0922) Windows Live UX Platform (Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (Version: 15.4.3508.1109) Windows Live Writer (Version: 15.4.3502.0922) Windows Live Writer Resources (Version: 15.4.3502.0922) ==================== Restore Points ========================= 19-07-2013 13:42:53 OTL Restore Point - 19.07.2013 15:42:53 21-07-2013 19:23:04 Windows-Sicherung ==================== Hosts content: ========================== 2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0A49F1EB-C1A6-4EDC-9FA1-B75138083D44} - System32\Tasks\{B4CB4949-4F61-4D7B-B1D4-1E9CCCBD53FC} => C:\Program Files\Skype\\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.) Task: {0CCAAA3A-6185-46BD-BE7A-D23D4534926F} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {106C3B7A-B494-4D38-8692-4058185345D2} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation) Task: {1416FD1B-D684-450D-9419-ECFFB7814D26} - System32\Tasks\MotoHelper MUM => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07] () Task: {3AC2C94C-4A26-43D2-BBAA-9E3577D56522} - System32\Tasks\MotoHelper Update => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07] () Task: {49C4D7D3-F63D-4D2B-8B6A-2F9621938483} - System32\Tasks\MotoHelper Routing => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07] () Task: {50F8B3B9-971D-467F-8B8E-AAD512093E24} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation) Task: {51A08ACC-8000-490C-9CC0-7522BBDD58CF} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated) Task: {B19A53F0-1243-4258-ABEE-DE897CAE8DE5} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation) Task: {C55D890B-79B2-4309-98D8-DF8BCDD21D1B} - System32\Tasks\DSite => C:\Users\Simone\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE No File Task: {F7BA3910-49C6-461C-8544-BDDBEB4F537D} - System32\Tasks\HPYWNZYVY => C:\windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\DSite.job => ? Task: C:\windows\Tasks\HPYWNZYVY.job => C:\windows\system32\rundll32.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/24/2013 04:07:17 PM) (Source: CVHSVC) (User: ) Description: Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Error: (07/22/2013 06:35:43 AM) (Source: CVHSVC) (User: ) Description: Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Error: (07/22/2013 00:22:31 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (07/22/2013 00:22:31 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (07/22/2013 00:22:31 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (07/22/2013 00:22:31 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (07/22/2013 00:22:31 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (07/22/2013 00:22:31 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (07/22/2013 00:22:31 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (07/22/2013 00:22:29 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". System errors: ============= Error: (07/20/2013 07:37:59 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht. Error: (07/19/2013 06:11:19 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht. Error: (07/16/2013 08:34:17 PM) (Source: Server) (User: ) Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{16DFC67B-C0F2-4A3C-BA97-EDEB371E7C86} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden. Error: (07/16/2013 03:58:33 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht. Error: (07/15/2013 07:21:09 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Netman erreicht. Error: (07/12/2013 09:40:40 PM) (Source: DCOM) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (07/12/2013 07:22:00 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error: (07/10/2013 07:24:26 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht. Error: (07/10/2013 04:00:29 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WSearch erreicht. Error: (07/07/2013 09:33:28 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht. Microsoft Office Sessions: ========================= Error: (03/25/2013 01:24:18 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 169 seconds with 120 seconds of active time. This session ended with a crash. Error: (03/25/2013 01:20:59 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 265802 seconds with 2220 seconds of active time. This session ended with a crash. Error: (12/29/2012 03:52:56 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 90707 seconds with 1080 seconds of active time. This session ended with a crash. Error: (12/05/2012 08:02:08 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 96053 seconds with 2160 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Percentage of memory in use: 83% Total physical RAM: 1014.18 MB Available physical RAM: 168.34 MB Total Pagefile: 2081.85 MB Available Pagefile: 680.02 MB Total Virtual: 2047.88 MB Available Virtual: 1905.62 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:100 GB) (Free:60.43 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:117.87 GB) (Free:35.39 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 29133921) Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=15 GB) - (Type=1B) Partition 3: (Not Active) - (Size=118 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=20 MB) - (Type=EF) ==================== End Of Log ============================ |
24.07.2013, 16:08 | #4 | |
/// the machine /// TB-Ausbilder | Ihavenet Virus - wie kann ich ihn loswerdenCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
24.07.2013, 16:57 | #5 |
| Ihavenet Virus - wie kann ich ihn loswerdenCode:
ATTFilter ComboFix 13-07-24.02 - Simone 24.07.2013 17:27:42.1.2 - x86 Microsoft Windows 7 Starter 6.1.7601.1.1252.49.1031.18.1014.176 [GMT 2:00] ausgeführt von:: c:\users\Simone\Desktop\ComboFix.exe AV: Trend Micro Titanium *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50} SP: Trend Micro Titanium *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\FullRemove.exe c:\users\Simone\AppData\Local\TempFullTiltPokerEuSetup.exe c:\windows\system32\Thumbs.db . . ((((((((((((((((((((((( Dateien erstellt von 2013-06-24 bis 2013-07-24 )))))))))))))))))))))))))))))) . . 2030-01-01 11:33 . 2013-02-27 17:43 -------- d-----w- C:\Boot 2013-07-24 15:48 . 2013-07-24 15:48 -------- d-----w- c:\users\Simone\AppData\Local\temp 2013-07-24 15:48 . 2013-07-24 15:48 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-07-24 14:38 . 2013-07-24 14:38 -------- d-----w- C:\FRST 2013-07-21 20:26 . 2013-07-21 20:26 -------- d-----w- c:\programdata\BrowserDefender 2013-07-21 20:26 . 2013-07-21 20:29 -------- d-----w- c:\users\Simone\AppData\Roaming\BabSolution 2013-07-21 20:26 . 2013-07-21 20:26 -------- d-----w- c:\users\Simone\AppData\Roaming\DSite 2013-07-21 20:26 . 2013-07-21 20:26 -------- d-----w- c:\programdata\Babylon 2013-07-21 20:25 . 2013-07-21 20:25 -------- d-----w- c:\users\Simone\AppData\Roaming\Babylon 2013-07-21 20:23 . 2013-07-21 20:23 793536 ----a-w- C:\ZipOpenerSetup.exe 2013-07-12 16:48 . 2013-06-07 02:37 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2013-07-12 16:48 . 2013-06-11 23:43 217600 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2013-07-10 17:48 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll 2013-07-10 17:48 . 2013-06-04 04:53 509440 ----a-w- c:\windows\system32\qedit.dll 2013-07-10 17:48 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-07-10 17:48 . 2013-04-10 05:03 936448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2013-07-10 17:48 . 2013-06-05 03:05 2347520 ----a-w- c:\windows\system32\win32k.sys 2013-07-10 17:48 . 2013-05-27 04:57 680960 ----a-w- c:\program files\Windows Defender\MpSvc.dll 2013-07-10 17:48 . 2013-05-27 04:57 392704 ----a-w- c:\program files\Windows Defender\MpClient.dll 2013-07-10 17:48 . 2013-05-27 04:57 224768 ----a-w- c:\program files\Windows Defender\MpCommu.dll 2013-07-02 12:41 . 2013-07-02 12:41 475136 --sha-r- c:\windows\system32\bitsprx6R.dll 2013-07-02 12:36 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7879C9C-286D-4049-B45F-1E74948857A2}\mpengine.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-12 19:48 . 2012-04-27 14:51 867240 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-06-12 19:48 . 2011-06-28 14:01 789416 ----a-w- c:\windows\system32\deployJava1.dll 2013-06-12 19:48 . 2013-06-21 20:07 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-06-12 15:02 . 2012-12-04 15:24 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-06-12 15:02 . 2011-06-16 14:43 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-06-12 02:43 . 2013-06-12 02:43 9089416 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2013-05-13 04:45 . 2013-06-12 15:24 1160192 ----a-w- c:\windows\system32\crypt32.dll 2013-05-13 04:45 . 2013-06-12 15:24 103936 ----a-w- c:\windows\system32\cryptnet.dll 2013-05-13 04:45 . 2013-06-12 15:24 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2013-05-13 03:08 . 2013-06-12 15:24 903168 ----a-w- c:\windows\system32\certutil.exe 2013-05-13 03:08 . 2013-06-12 15:24 43008 ----a-w- c:\windows\system32\certenc.dll 2013-05-11 18:46 . 2012-04-16 17:09 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-10 03:20 . 2013-06-12 15:24 24576 ----a-w- c:\windows\system32\cryptdlg.dll 2013-05-08 05:38 . 2013-06-12 15:24 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-05-06 05:06 . 2013-06-12 15:24 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-05-06 05:06 . 2013-06-12 15:24 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-05-02 00:06 . 2012-01-08 13:48 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-04-26 04:55 . 2013-06-12 15:24 492544 ----a-w- c:\windows\system32\win32spl.dll 2013-04-25 23:30 . 2013-06-12 15:24 1505280 ----a-w- c:\windows\system32\d3d11.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}" [HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{618A47A2-528B-4D9A-AFC8-97D3233511E2}" [HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Simone\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Simone\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Simone\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] "HotkeyMon"="AsusSender.exe" [2010-09-08 34728] "HotkeyService"="AsusSender.exe" [2010-09-08 34728] "SuperHybridEngine"="AsusSender.exe" [2010-09-08 34728] "LiveUpdate"="AsusSender.exe" [2010-09-08 34728] "CapsHook"="AsusSender.exe" [2010-09-08 34728] "Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2010-06-10 414384] "VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\VizorHtmlDialog.exe" [2010-06-07 689488] "Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-03-19 116008] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-27 9177632] "ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2010-06-10 548744] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-19 142104] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-19 174360] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-19 150808] "ASUSWebStorage"="c:\program files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Del788817121"="del" [X] . c:\users\Simone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Simone\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968] OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ AsusVibeLauncher.lnk - c:\program files\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2012-2-22 549040] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-07-13 160944] R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6016] R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216] R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2010-06-18 19968] R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 8320] R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 23424] R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2010-01-25 9472] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-03-31 11520] S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x] S2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2010-09-08 224680] S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648] S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2010-09-07 202048] S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-07-21 102912] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-05-10 68208] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304] S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - AWDIQPOG *Deregistered* - awdiqpog . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Inhalt des "geplante Tasks" Ordners . 2013-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-04 19:49] . 2013-07-24 c:\windows\Tasks\HPYWNZYVY.job - c:\windows\system32\bitsprx6R.dll [2013-07-02 12:41] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=821BBCAEC53174F2&affID=119357&tt=210713_nt&tsp=4950 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{16DFC67B-C0F2-4A3C-BA97-EDEB371E7C86}\3757075627B6F64756: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\6teoa4cw.default\ FF - user.js: extensions.delta.tlbrSrchUrl - FF - user.js: extensions.delta.id - 821bf16d000000000000bcaec53174f2 FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} FF - user.js: extensions.delta.instlDay - 15907 FF - user.js: extensions.delta.vrsn - 1.8.21.5 FF - user.js: extensions.delta.vrsni - 1.8.21.5 FF - user.js: extensions.delta.vrsnTs - 1.8.21.522:26 FF - user.js: extensions.delta.prtnrId - delta FF - user.js: extensions.delta.prdct - delta FF - user.js: extensions.delta.aflt - babsst FF - user.js: extensions.delta.smplGrp - none FF - user.js: extensions.delta.tlbrId - base FF - user.js: extensions.delta.instlRef - sst FF - user.js: extensions.delta.dfltLng - de FF - user.js: extensions.delta.excTlbr - false FF - user.js: extensions.delta.ffxUnstlRst - true FF - user.js: extensions.delta.admin - false FF - user.js: extensions.delta_i.babTrack - affID=119357&tt=210713_nt&tsp=4950 FF - user.js: extensions.delta_i.babExt - FF - user.js: extensions.delta_i.srcExt - ss FF - user.js: extensions.delta.autoRvrt - false FF - user.js: extensions.delta.rvrt - false FF - user.js: extensions.delta.newTab - false . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) HKLM-Run-EeeSplendidAgent - c:\program files\ASUS\EPC\EeeSplendid\AsAgent.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,df,b0,76,7e,d4,99,43,a8,c3,2e,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,df,b0,76,7e,d4,99,43,a8,c3,2e,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-07-24 17:53:15 ComboFix-quarantined-files.txt 2013-07-24 15:53 . Vor Suchlauf: 10 Verzeichnis(se), 65.536.901.120 Bytes frei Nach Suchlauf: 17 Verzeichnis(se), 66.870.820.864 Bytes frei . - - End Of File - - E218FE2D0079769B0E36247DD1972A34 A36C5E4F47E84449FF07ED3517B43A31 |
24.07.2013, 21:32 | #6 |
/// the machine /// TB-Ausbilder | Ihavenet Virus - wie kann ich ihn loswerden Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Ihavenet Virus - wie kann ich ihn loswerden |
25.07.2013, 10:36 | #7 |
| Ihavenet Virus - wie kann ich ihn loswerdenCode:
ATTFilter # AdwCleaner v2.306 - Datei am 25/07/2013 um 11:04:25 erstellt # Aktualisiert am 19/07/2013 von Xplode # Betriebssystem : Windows 7 Starter Service Pack 1 (32 bits) # Benutzer : Simone - SIMONE-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Simone\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\6teoa4cw.default\searchplugins\Babylon.xml Datei Gelöscht : C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\6teoa4cw.default\searchplugins\delta.xml Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\ProgramData\BrowserDefender Ordner Gelöscht : C:\Users\Simone\AppData\Roaming\BabSolution Ordner Gelöscht : C:\Users\Simone\AppData\Roaming\Babylon Ordner Gelöscht : C:\Users\Simone\AppData\Roaming\DSite ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\BabSolution Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar Schlüssel Gelöscht : HKCU\Software\InstallCore Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Schlüssel Gelöscht : HKLM\SOFTWARE\534df8be23dea15 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} ***** [Internet Browser] ***** -\\ Internet Explorer v10.0.9200.16635 Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=821BBCAEC53174F2&affID=119357&tt=210713_nt&tsp=4950 --> hxxp://www.google.com -\\ Mozilla Firefox v22.0 (de) Datei : C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\6teoa4cw.default\prefs.js C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\6teoa4cw.default\user.js ... Gelöscht ! Gelöscht : user_pref("extensions.delta.admin", false); Gelöscht : user_pref("extensions.delta.aflt", "babsst"); Gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); Gelöscht : user_pref("extensions.delta.autoRvrt", "false"); Gelöscht : user_pref("extensions.delta.dfltLng", "de"); Gelöscht : user_pref("extensions.delta.excTlbr", false); Gelöscht : user_pref("extensions.delta.ffxUnstlRst", true); Gelöscht : user_pref("extensions.delta.id", "821bf16d000000000000bcaec53174f2"); Gelöscht : user_pref("extensions.delta.instlDay", "15907"); Gelöscht : user_pref("extensions.delta.instlRef", "sst"); Gelöscht : user_pref("extensions.delta.newTab", false); Gelöscht : user_pref("extensions.delta.prdct", "delta"); Gelöscht : user_pref("extensions.delta.prtnrId", "delta"); Gelöscht : user_pref("extensions.delta.rvrt", "false"); Gelöscht : user_pref("extensions.delta.smplGrp", "none"); Gelöscht : user_pref("extensions.delta.tlbrId", "base"); Gelöscht : user_pref("extensions.delta.tlbrSrchUrl", ""); Gelöscht : user_pref("extensions.delta.vrsn", "1.8.21.5"); Gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.21.522:26:23"); Gelöscht : user_pref("extensions.delta.vrsni", "1.8.21.5"); Gelöscht : user_pref("extensions.delta_i.babExt", ""); Gelöscht : user_pref("extensions.delta_i.babTrack", "affID=119357&tt=210713_nt&tsp=4950"); Gelöscht : user_pref("extensions.delta_i.srcExt", "ss"); ************************* AdwCleaner[S1].txt - [4154 octets] - [25/07/2013 11:04:25] ########## EOF - C:\AdwCleaner[S1].txt - [4214 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.2.2 (07.22.2013:2) OS: Windows 7 Starter x86 Ran by Simone on 25.07.2013 at 11:16:16,26 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{00AD9C2E-5814-40F4-8264-0BEEE335911A} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{026106AE-06EC-4A9B-9369-54016FD5E27F} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{02A52E8C-2F37-45AA-B4C4-DA3DAAD92BB6} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{0B9014E7-32DE-4E96-BEE9-FCB1E2234D67} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{0E12B2D7-C1F2-4877-B6E0-EDB8C1CD35B7} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{0E6F4310-C6C3-4433-8698-9760FB7C31DF} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{0EC1B818-195F-4FC7-B0AF-D11A26429A66} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{10077E65-B030-4EDC-8F59-81CEE40D280B} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{10C48F51-69C0-4C5D-9C5A-732FF91187A0} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{11617B58-920E-49D3-AF98-B57623B27A7C} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{1285E8EE-83E4-4FD6-8A52-90979B8B3F94} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{12A30E45-D37F-4825-9BF2-C1C23EB0B376} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{12E5D62A-C030-4A83-B907-FC21223D65E5} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{1304DD0A-1240-4FB9-AE0E-167CA0F239FD} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{1400ACA6-94E4-47BC-8E2D-31D0D9CB0C94} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{155077EE-2B95-4AB8-9788-B3EEE3C8B4A7} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{16BFFB0A-9138-43BF-A61F-E344581D59E0} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{17C20A5C-8512-438E-8BB0-074486EBEB12} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{1A40A807-CC1F-4948-BA9B-88147F3E7A2C} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{1B0606E9-AC94-474F-A6D9-58C3301E8AAB} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{1B7A1CCF-AC13-4A0C-AFA1-8CDCC4F97769} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{1B7D2724-DF54-443E-BBF6-DD73F3B933B1} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{1FEE3A7C-B66A-471B-8B4C-0AB19DCB7B7A} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{20F06D1B-8710-4051-B33C-C5DD164CA1C3} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{22BB8BC5-D534-4B90-989D-FCD0D8716C5D} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{24752CED-1AAA-4296-929C-CCD9056FF4B8} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{2772A39F-A6AD-41AB-9BC8-B27D64B3BA1F} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{29938967-AE3E-4C1A-B576-A3514ACC2BC3} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{299C237C-13DB-4AE4-A151-8B4B85A46FCE} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{2A2FD755-1849-4216-BF21-1A449DF5443D} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{2DB5701E-8253-48CE-836E-067BFFBC45BB} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{2EF6D592-FEAD-48FD-A887-8D3541402D6F} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{3467D496-B2BA-43A8-BDED-3D21256E5D0F} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{353A5AB0-93E4-4C2D-BC98-057A70E81275} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{35DF4972-0CD8-466A-A552-511C39F6976F} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{36075806-4F47-4DF8-8201-1B8377FB7A53} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{3626FA01-58A6-4C43-B652-8323BA998B44} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{36D53DF4-0C6C-4213-A156-DC40F2CF575D} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{37B911FE-F5C2-406D-B0C1-8BD44CC92CD0} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{37DB12BA-364A-4948-A5F4-618948E83632} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{3ABA95B2-68D1-4774-B5D0-8EE4A1ED79A0} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{3D6AFB13-325B-4992-A8A3-FFF2BF04473E} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{3E624797-B9BA-47F2-A179-F3A4B24CDA17} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{3F73A652-5CD0-4CB5-A46A-8FA62F490FED} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{4034F3DE-F947-4C34-B070-CAFCFBBD47D8} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{405FC2CE-B553-498E-9817-81B961B85326} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{409EB747-82D2-42D5-B0A7-DD7CB0539909} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{40B96C5E-F2A1-4A9B-BE59-9C404980ACE8} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{43126A28-A3C4-4AD2-A82A-654932D77C4A} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{44BBCF5A-A510-4A29-BF6D-D25A9BA35CC7} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{4C99AC8C-35C0-467E-A445-9E305CBC674B} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{501E7503-7386-4C50-B199-62DA444F4238} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{51806D54-6424-4F32-A6FA-9A259EF628CB} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{53F3FECF-D82F-4560-8F15-6934FD865F84} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{541604B5-E55B-45BC-BB62-96FFA6F9B238} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{5934BD1B-E394-445E-AA4D-514F623640B8} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{594AEF56-063B-426F-8342-66CE0E9EA5EF} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{5ABBBD19-9834-4504-B62B-844DBFAA2A48} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{5B150A8A-2605-45E6-9620-06F6A28C2D57} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{5B1B637F-1808-4D76-ABE5-F79E00A0F047} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{5F49D1CD-B9B3-417B-AB59-BC6EBC4AACEC} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{605C37D9-ED36-4775-BE55-FD08893C760F} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{6221AA18-3BFE-4EFA-90E8-4937E4C947F4} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{6295848F-2E7C-4762-A7E9-BB704B34F68B} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{634751A0-FA96-46FA-AC6E-B49D10DDC8F1} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{649708E7-0F46-4A48-83B1-D10A2D911543} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{64A8CD1D-E598-4741-A088-B7DD730114F1} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{656A07B8-0F90-4B78-BD6E-782FC2E26E21} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{66287B95-DA25-490D-B561-46182C8148D7} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{6EA219FE-58F4-44F0-A120-60F81F5FEBAD} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{6F4E8C9B-0E89-438F-84F4-B6347EF8DAB6} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{6F6EE965-BE09-46B0-94C3-09C832A8B931} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{70E9100E-EC9A-4DB3-9D99-D77B19F1A6D2} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{70EDC547-646D-4244-90B3-F454C780D32E} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{7186DB87-53D1-40F9-9B1C-23C378866194} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{72140CF5-474A-4C13-A0DA-94F7E2CCED04} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{723F5431-E6CD-4ABC-B16C-A0B24CD6412B} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{7441FC0E-2B03-4D61-9E02-AC911D00BBB4} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{763A34F6-3650-4730-BCD3-589ACEA2C4FE} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{77275705-AAC5-4A57-8B61-99C5C4EC3642} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{777518D8-F74F-4583-B396-134E58084601} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{7B20D3FD-952F-4FFE-A40A-367DC5BCB465} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{7BA226F4-C76F-4B0F-9210-F0FA3EF64537} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{7D4A938A-A009-4B86-8618-956CB4D8570B} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{7F35DF96-A26E-41F7-9378-43600024F41A} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{845FA6D5-6FF1-435D-B030-A3BD8EB3F5F9} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{87BF9429-1243-439F-B2EE-7DFBC286C789} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{87F3AEA8-6F09-4E22-AB1C-7D90AFE61F07} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{8ADC8C7A-C9FE-492B-916B-9FD93156C4DB} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{8D532DD6-88C1-4235-8105-A5BAE1403CC9} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{8D61A0EE-C595-4807-BDD3-513963DDCE61} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{908EB760-D015-4EB1-AC57-E5286D6C4995} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{90B5743D-FD93-41CC-AE2B-932BC24A201D} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{92182B15-311F-4E2A-8BAB-CF1472DDC0B1} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{93E84CD6-0885-4134-B2AA-8C05A621789C} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{95226888-1454-488A-91AC-580853F04842} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{9647023E-CB19-49F4-AFDB-C4C1FD40BE06} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{97EDC56E-CDCB-463A-97D1-9C11E483B406} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{9B08C619-0F19-47BE-B001-B1C4240F1B37} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{9CCBDCE4-05D2-41E9-9672-89113CB6BB83} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{9EAD4611-D35E-4623-8EEC-BCC17FD5332D} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{9FC0B633-F0E2-4C65-BC0D-4FBAF9CE91F6} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{A0C2D75F-C59E-4C9F-819C-6D6D4AB1F703} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{A345B905-C613-413A-B3C9-6D7A7476E77E} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{A6D943F6-6A64-407F-AD28-199C7DBB2C72} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{A8278D0C-C0C5-4CB1-9C7C-EE831F0B2895} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{A913D1F3-EDC1-4997-A730-FD612C279611} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{AB935271-2991-442C-8AA1-86CFE9D536E4} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{AD19B03F-E0EF-4EC5-A6F6-FD6E07549E40} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{ADC7D45F-DA1A-4701-A3F3-3FF64A0057FD} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{AE1E2854-64C3-4C2B-AD0D-DF4B40C1C975} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{AFCC0C30-96D1-4813-B41D-49FFB593D849} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{B12CD594-A6F4-476F-95FD-560AAF4F7192} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{B3BA7780-A88D-4CC6-8BB2-E464861C5296} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{B4C98078-4BCA-4078-8588-936A0C3849ED} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{B4F0F504-66B8-4E2B-8667-35234927E86B} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{B56EC6F1-A721-4F37-9A93-BC3D662FDC26} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{B6523151-D4C3-4350-B8C3-FF01B1B09AF8} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{B6A762FA-F743-40C0-8E1D-4DC6340E66DB} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{B99E969C-6303-47FF-8025-EA1ADD48189A} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{BB3DF1CE-EECF-4F0C-955E-DCDB34A97616} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{BC2912D7-A693-42E8-AA1C-9AAD9DFF797C} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{BEC14EF8-E3F6-4351-8932-29EE3977B251} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{C5878051-0E94-49C6-98CF-13C8A6B04F9A} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{C5F45433-9993-41F3-9741-6779FB5F6563} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{C659CEBA-8025-43F6-BD33-52C5747CB1FD} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{C6633562-3BE0-4AA6-9465-7990E2949127} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{CA857043-5A8F-48BE-89EA-6A81853B89B9} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{CB4B0133-3FE7-4A6D-972C-38F15C6B4667} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{CCE3A924-C679-47F1-9AF7-66810B641E7F} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{CD4A6E23-F68A-4590-8059-C9C5AA08E386} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{D103896B-8C7D-4747-A61D-71B5757E573E} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{D4A4A6DC-BDE1-4C55-9B73-AEEFBFFEE2CA} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{D5F2EDC6-3344-4B1D-8ABA-C9F40DB042DC} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{D5F8F411-729A-4BA0-92DA-DC9D34A6D88A} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{D6A7593B-3A6E-4262-8CE3-4818714667E5} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{D7CB5854-1066-48BC-A2F9-8CCE26EBACDF} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{D8377740-B3E4-410E-A085-AFFF94838C88} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{D8B03983-EB02-4FC6-A9A1-4524870C22F6} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{D9723C43-D209-4C4B-B61F-7737E4CADD8A} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{D9F5AB15-58A2-42F0-BE7E-F38479407413} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{DAD1D913-F75C-42DA-9D0B-A2113D4E764C} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{DAD5428D-3479-4017-99FB-7E8830E661FE} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{DFE18BD8-0081-4E07-97D9-F7BEA723B7E5} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{E0640B2E-B0A5-4E4D-A256-03F1F73F7F94} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{E0A57AC8-1B09-436F-80E4-72BAE3EC6F9A} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{E2866ABE-CB67-4BF2-8D8C-D52657ACD636} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{E4698698-2C4B-4451-8CBE-16385D5E54B8} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{E4FBE132-9BD4-4F60-A293-9845D8D7421F} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{E728CE33-8F2C-4D76-80A7-CE94F856602A} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{E7C226A1-3405-437C-A0F9-EF1B42A81FF9} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{E9588818-881A-48C4-9086-ECF9FD69605A} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{E979A064-32A1-49B3-8825-AC0C6B4C3312} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{EA799804-9056-4706-A8F0-27D4FF8A21DC} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{EAEDB16D-EC47-49F2-8507-5A26D82E8FCD} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{EB1421C9-2A09-4E18-9B99-DAAEF1127621} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{EBF27EBA-EA6D-415E-8EB9-188179FB2C5E} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{EDB3AAB0-BE09-47FA-BFAB-A21B6A3B5E02} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{EFB720E8-0574-4C83-99BD-71EF948D98E4} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{F0DA7CC1-AF51-40F1-8C1C-08C41A01A7A2} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{F0FFDFDD-ABD1-4E48-A73B-3B45204F7047} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{F3808D4E-B84D-4840-909D-F9433A2DDB02} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{F62CCF0A-C2C0-43F6-A5B0-B3AB83675DFC} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{F7DBCD65-6B40-4310-94D8-B9231BB513BE} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{F8E7DB06-4263-4C98-94A1-0F4CF32C72BB} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{FA12AF24-610A-4A2B-A5D4-746ECA3EB238} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{FB20CD6E-56F3-4811-9D35-60D5AA2083FE} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{FB703D6D-24F3-49C2-A4B1-3BF18C0C54C1} Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{FEA9BAF6-380F-4DBE-9295-1E02E36A0CCA} ~~~ FireFox Successfully deleted: [File] C:\Users\Simone\AppData\Roaming\mozilla\firefox\profiles\6teoa4cw.default\invalidprefs.js Emptied folder: C:\Users\Simone\AppData\Roaming\mozilla\firefox\profiles\6teoa4cw.default\minidumps [40 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 25.07.2013 at 11:21:43,06 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-07-2013 Ran by Simone (administrator) on 25-07-2013 11:28:13 Running from C:\Users\Simone\Desktop Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe () C:\Windows\System32\AsusService.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe (Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE () C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe () C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe (ASUSTeK Computer Inc.) C:\Program Files\EeePC\SHE\SuperHybridEngine.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (AsusTek Computer Inc.) C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ASUS) C:\Program Files\EeePC\CapsHook\CapsHook.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotkeyService.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\windows\system32\igfxsrvc.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (Dropbox, Inc.) C:\Users\Simone\AppData\Roaming\Dropbox\bin\Dropbox.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin () C:\Program Files\Asus\Eee Docking\Eee Docking.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Intel Corporation) C:\windows\system32\igfxsrvc.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation) HKLM\...\Run: [HotkeyMon] - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [95744 2010-09-02] (ASUSTeK Computer Inc.) HKLM\...\Run: [HotkeyService] - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [1245104 2010-09-03] (ASUSTeK Computer Inc.) HKLM\...\Run: [SuperHybridEngine] - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe [412600 2010-06-09] (ASUSTeK Computer Inc.) HKLM\...\Run: [LiveUpdate] - C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [1090984 2010-09-08] (AsusTek Computer Inc.) HKLM\...\Run: [CapsHook] - C:\Program Files\EeePC\CapsHook\CapsHook.exe [445344 2010-05-29] (ASUS) HKLM\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [414384 2010-06-10] () HKLM\...\Run: [VizorHtmlDialog.exe] - "C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\UI\pre_install_eula.html" "DEF" "DEF" "DEF" [x] HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [116008 2010-03-19] (Trend Micro Inc.) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9177632 2010-04-27] (Realtek Semiconductor) HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [548744 2010-06-10] (ELAN Microelectronic Corp.) HKLM\...\Run: [ASUSWebStorage] - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKU\Default\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-09-21] (AsusTek Computer Inc.) HKU\Default User\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-09-21] (AsusTek Computer Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Simone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Simone\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Simone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com StartMenuInternet: IEXPLORE.EXE - "C:\Program Files\Internet Explorer\iexplore.exe" SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\6teoa4cw.default FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========================== Services (Whitelisted) ================= R2 AsusService; C:\Windows\System32\AsusService.exe [224680 2010-09-08] () S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) R2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [202048 2010-09-07] () R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=nb [x] ==================== Drivers (Whitelisted) ==================== R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11520 2010-03-31] () R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [102912 2010-07-21] (ELAN Microelectronic Corp.) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( ) S3 btwavdt; \SystemRoot\system32\DRIVERS\btwavdt.sys [x] S3 btwrchid; \SystemRoot\system32\DRIVERS\btwrchid.sys [x] S3 catchme; \??\C:\Users\Simone\AppData\Local\Temp\catchme.sys [x] S3 cmnsusbser; system32\DRIVERS\cmnsusbser.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2030-01-01 13:33 - 2010-11-20 14:40 - 00383786 __RSH C:\bootmgr 2013-07-25 11:21 - 2013-07-25 11:23 - 00018959 _____ C:\Users\Simone\Desktop\JRT.txt 2013-07-25 11:16 - 2013-07-25 11:16 - 00000000 ____D C:\windows\ERUNT 2013-07-25 11:13 - 2013-07-25 11:13 - 00004283 _____ C:\Users\Simone\Desktop\AdwCleaner[S1].txt 2013-07-25 11:11 - 2013-07-25 11:12 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\Simone\Desktop\JRT.exe 2013-07-25 11:04 - 2013-07-25 11:05 - 00004283 _____ C:\AdwCleaner[S1].txt 2013-07-25 11:02 - 2013-07-25 11:02 - 00666633 _____ C:\Users\Simone\Desktop\adwcleaner.exe 2013-07-24 17:55 - 2013-07-24 17:55 - 00015132 _____ C:\Users\Simone\Desktop\combofix.txt 2013-07-24 17:53 - 2013-07-24 17:53 - 00015132 _____ C:\ComboFix.txt 2013-07-24 17:22 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe 2013-07-24 17:22 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe 2013-07-24 17:22 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe 2013-07-24 17:22 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe 2013-07-24 17:22 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe 2013-07-24 17:22 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe 2013-07-24 17:22 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe 2013-07-24 17:22 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe 2013-07-24 17:21 - 2013-07-24 17:53 - 00000000 ____D C:\Qoobox 2013-07-24 17:20 - 2013-07-24 17:50 - 00000000 ____D C:\windows\erdnt 2013-07-24 17:17 - 2013-07-24 17:17 - 05092950 ____R (Swearware) C:\Users\Simone\Desktop\ComboFix.exe 2013-07-24 16:38 - 2013-07-24 16:38 - 00000000 ____D C:\FRST 2013-07-24 16:36 - 2013-07-24 16:37 - 01220240 _____ (Farbar) C:\Users\Simone\Desktop\FRST.exe 2013-07-21 23:53 - 2013-07-21 23:56 - 00052898 _____ C:\Users\Simone\Desktop\OTL.Txt 2013-07-21 23:39 - 2013-07-21 23:39 - 00023892 _____ C:\Users\Simone\Desktop\gmer.txt 2013-07-21 23:02 - 2013-07-21 23:02 - 00377856 _____ C:\Users\Simone\Desktop\gmer_2.1.19163.exe 2013-07-21 22:58 - 2013-07-21 22:58 - 00602112 _____ (OldTimer Tools) C:\Users\Simone\Desktop\OTL.exe 2013-07-21 22:39 - 2013-07-21 22:47 - 00000474 _____ C:\Users\Simone\Desktop\defogger_disable.log 2013-07-21 22:39 - 2013-07-21 22:39 - 00000000 _____ C:\Users\Simone\defogger_reenable 2013-07-21 22:38 - 2013-07-21 22:39 - 00050477 _____ C:\Users\Simone\Desktop\Defogger.exe 2013-07-21 22:23 - 2013-07-21 22:23 - 00793536 _____ C:\ZipOpenerSetup.exe 2013-07-12 18:48 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2013-07-12 18:48 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2013-07-12 18:47 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2013-07-12 18:47 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2013-07-12 18:47 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2013-07-12 18:47 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2013-07-12 18:47 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2013-07-12 18:47 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2013-07-12 18:47 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2013-07-12 18:47 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2013-07-12 18:47 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2013-07-12 18:47 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2013-07-12 18:47 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll 2013-07-12 18:47 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2013-07-12 18:47 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2013-07-12 18:47 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe 2013-07-10 19:48 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2013-07-10 19:48 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll 2013-07-10 19:48 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL 2013-07-10 19:48 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll 2013-07-02 14:56 - 2013-07-02 15:25 - 00000000 ____D C:\Users\Simone\Desktop\ABIBALL2013 2013-07-02 14:41 - 2013-07-25 11:17 - 00000314 _____ C:\windows\Tasks\HPYWNZYVY.job 2013-07-02 14:41 - 2013-07-02 14:41 - 00475136 __RSH C:\windows\system32\bitsprx6R.dll 2013-06-26 18:11 - 2013-07-21 22:26 - 00000000 ____D C:\Program Files\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2030-01-01 13:33 - 2009-07-14 06:57 - 00029696 ___SH C:\windows\system32\config\BCD-Template.LOG 2030-01-01 13:33 - 2009-07-14 06:52 - 00032768 _____ C:\windows\system32\config\BCD-Template 2013-07-25 11:27 - 2011-06-16 20:49 - 00000000 ___RD C:\Users\Simone\Desktop 2013-07-25 11:27 - 2011-06-16 18:17 - 00000000 ____D C:\Users\Simone\AppData\Roaming\Dropbox 2013-07-25 11:23 - 2013-07-25 11:21 - 00018959 _____ C:\Users\Simone\Desktop\JRT.txt 2013-07-25 11:17 - 2013-07-02 14:41 - 00000314 _____ C:\windows\Tasks\HPYWNZYVY.job 2013-07-25 11:16 - 2013-07-25 11:16 - 00000000 ____D C:\windows\ERUNT 2013-07-25 11:15 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-25 11:15 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-25 11:13 - 2013-07-25 11:13 - 00004283 _____ C:\Users\Simone\Desktop\AdwCleaner[S1].txt 2013-07-25 11:12 - 2013-07-25 11:11 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\Simone\Desktop\JRT.exe 2013-07-25 11:09 - 2011-06-16 18:20 - 00000000 ___RD C:\Users\Simone\Dropbox 2013-07-25 11:07 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-07-25 11:06 - 2012-05-11 17:14 - 00087258 _____ C:\windows\PFRO.log 2013-07-25 11:06 - 2009-07-14 06:39 - 00080284 _____ C:\windows\setupact.log 2013-07-25 11:05 - 2013-07-25 11:04 - 00004283 _____ C:\AdwCleaner[S1].txt 2013-07-25 11:05 - 2011-06-17 05:43 - 02064669 _____ C:\windows\WindowsUpdate.log 2013-07-25 11:02 - 2013-07-25 11:02 - 00666633 _____ C:\Users\Simone\Desktop\adwcleaner.exe 2013-07-25 10:49 - 2012-12-04 17:24 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2013-07-24 17:55 - 2013-07-24 17:55 - 00015132 _____ C:\Users\Simone\Desktop\combofix.txt 2013-07-24 17:53 - 2013-07-24 17:53 - 00015132 _____ C:\ComboFix.txt 2013-07-24 17:53 - 2013-07-24 17:21 - 00000000 ____D C:\Qoobox 2013-07-24 17:53 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default 2013-07-24 17:53 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public 2013-07-24 17:50 - 2013-07-24 17:20 - 00000000 ____D C:\windows\erdnt 2013-07-24 17:48 - 2009-07-14 04:04 - 00000215 _____ C:\windows\system.ini 2013-07-24 17:35 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Public\Desktop 2013-07-24 17:34 - 2012-10-30 22:11 - 00000000 ____D C:\Users\Simone\Desktop\Schule 2013-07-24 17:17 - 2013-07-24 17:17 - 05092950 ____R (Swearware) C:\Users\Simone\Desktop\ComboFix.exe 2013-07-24 16:38 - 2013-07-24 16:38 - 00000000 ____D C:\FRST 2013-07-24 16:37 - 2013-07-24 16:36 - 01220240 _____ (Farbar) C:\Users\Simone\Desktop\FRST.exe 2013-07-21 23:56 - 2013-07-21 23:53 - 00052898 _____ C:\Users\Simone\Desktop\OTL.Txt 2013-07-21 23:39 - 2013-07-21 23:39 - 00023892 _____ C:\Users\Simone\Desktop\gmer.txt 2013-07-21 23:02 - 2013-07-21 23:02 - 00377856 _____ C:\Users\Simone\Desktop\gmer_2.1.19163.exe 2013-07-21 22:58 - 2013-07-21 22:58 - 00602112 _____ (OldTimer Tools) C:\Users\Simone\Desktop\OTL.exe 2013-07-21 22:47 - 2013-07-21 22:39 - 00000474 _____ C:\Users\Simone\Desktop\defogger_disable.log 2013-07-21 22:39 - 2013-07-21 22:39 - 00000000 _____ C:\Users\Simone\defogger_reenable 2013-07-21 22:39 - 2013-07-21 22:38 - 00050477 _____ C:\Users\Simone\Desktop\Defogger.exe 2013-07-21 22:39 - 2011-06-16 20:49 - 00000000 ____D C:\Users\Simone 2013-07-21 22:26 - 2013-06-26 18:11 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-07-21 22:23 - 2013-07-21 22:23 - 00793536 _____ C:\ZipOpenerSetup.exe 2013-07-17 20:31 - 2009-07-25 09:50 - 01500254 _____ C:\windows\system32\PerfStringBackup.INI 2013-07-17 16:39 - 2011-07-07 18:34 - 00000000 ____D C:\Users\Simone\Fotos 2013-07-15 21:48 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET 2013-07-12 19:31 - 2012-04-16 19:23 - 00000000 ____D C:\Users\Simone\Tracing 2013-07-12 19:21 - 2009-07-14 06:33 - 00320376 _____ C:\windows\system32\FNTCACHE.DAT 2013-07-12 19:19 - 2012-05-27 22:17 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-07-12 19:19 - 2010-11-02 02:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-07-12 19:17 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender 2013-07-12 18:46 - 2011-07-04 11:32 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-07-12 18:33 - 2013-02-26 21:05 - 75699896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2013-07-02 15:25 - 2013-07-02 14:56 - 00000000 ____D C:\Users\Simone\Desktop\ABIBALL2013 2013-07-02 14:41 - 2013-07-02 14:41 - 00475136 __RSH C:\windows\system32\bitsprx6R.dll 2013-06-28 20:49 - 2013-02-18 20:09 - 00000000 ____D C:\Program Files\Full Tilt Poker.Eu ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-22 00:18 ==================== End Of Log ============================ --- --- --- |
25.07.2013, 12:30 | #8 |
/// the machine /// TB-Ausbilder | Ihavenet Virus - wie kann ich ihn loswerdenESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
27.07.2013, 09:18 | #9 |
| Ihavenet Virus - wie kann ich ihn loswerdenCode:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=0d616c5b7514d3408b28b53a3db6f54b # engine=14527 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-07-26 08:35:55 # local_time=2013-07-26 10:35:55 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 100 94 1178311 126458946 0 0 # scanned=40890 # found=0 # cleaned=0 # scan_time=59819 ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=0d616c5b7514d3408b28b53a3db6f54b # engine=14536 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-07-26 05:40:12 # local_time=2013-07-26 07:40:12 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 100 94 1210968 126491603 0 0 # scanned=154732 # found=0 # cleaned=0 # scan_time=32497 ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=0d616c5b7514d3408b28b53a3db6f54b # engine=14542 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-07-26 06:50:49 # local_time=2013-07-26 08:50:49 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 100 94 1215205 126495840 0 0 # scanned=40914 # found=0 # cleaned=0 # scan_time=4149 ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=0d616c5b7514d3408b28b53a3db6f54b # engine=14542 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-07-27 02:46:22 # local_time=2013-07-27 04:46:22 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 100 94 1243738 126524373 0 0 # scanned=158145 # found=2 # cleaned=0 # scan_time=28463 sh=E5D061DCE077318314B73B2B18329B893A4A63AF ft=1 fh=d2f9a47e07a14475 vn="Win32/Conficker.X worm" ac=I fn="E:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx" sh=3B0F6568801F9FBC65754890ADFAE7F350A42E56 ft=0 fh=0000000000000000 vn="Win32/Adware.1ClickDownload.AM application" ac=I fn="E:\THORSTEN-PC\Backup Set 2013-05-26 124032\Backup Files 2013-05-26 124032\Backup files 41.zip" UNSUPPORTED OPERATING SYSTEM! ABORTED! FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-07-2013 Ran by Simone (administrator) on 27-07-2013 10:12:31 Running from C:\Users\Simone\Desktop Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe () C:\Windows\System32\AsusService.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe (Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE () C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe () C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe (ASUSTeK Computer Inc.) C:\Program Files\EeePC\SHE\SuperHybridEngine.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (AsusTek Computer Inc.) C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ASUS) C:\Program Files\EeePC\CapsHook\CapsHook.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotkeyService.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\windows\system32\igfxsrvc.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (Dropbox, Inc.) C:\Users\Simone\AppData\Roaming\Dropbox\bin\Dropbox.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin () C:\Program Files\Asus\Eee Docking\Eee Docking.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Intel Corporation) C:\windows\system32\igfxsrvc.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe () C:\Users\Simone\Desktop\SecurityCheck.exe (Microsoft Corporation) C:\windows\system32\cmd.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation) HKLM\...\Run: [HotkeyMon] - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [95744 2010-09-02] (ASUSTeK Computer Inc.) HKLM\...\Run: [HotkeyService] - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [1245104 2010-09-03] (ASUSTeK Computer Inc.) HKLM\...\Run: [SuperHybridEngine] - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe [412600 2010-06-09] (ASUSTeK Computer Inc.) HKLM\...\Run: [LiveUpdate] - C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [1090984 2010-09-08] (AsusTek Computer Inc.) HKLM\...\Run: [CapsHook] - C:\Program Files\EeePC\CapsHook\CapsHook.exe [445344 2010-05-29] (ASUS) HKLM\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [414384 2010-06-10] () HKLM\...\Run: [VizorHtmlDialog.exe] - "C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\UI\pre_install_eula.html" "DEF" "DEF" "DEF" [x] HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [116008 2010-03-19] (Trend Micro Inc.) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9177632 2010-04-27] (Realtek Semiconductor) HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [548744 2010-06-10] (ELAN Microelectronic Corp.) HKLM\...\Run: [ASUSWebStorage] - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKU\Default\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-09-21] (AsusTek Computer Inc.) HKU\Default User\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-09-21] (AsusTek Computer Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Simone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Simone\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Simone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com StartMenuInternet: IEXPLORE.EXE - "C:\Program Files\Internet Explorer\iexplore.exe" SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\6teoa4cw.default FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========================== Services (Whitelisted) ================= R2 AsusService; C:\Windows\System32\AsusService.exe [224680 2010-09-08] () S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) R2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [202048 2010-09-07] () R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=nb [x] ==================== Drivers (Whitelisted) ==================== R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11520 2010-03-31] () R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [102912 2010-07-21] (ELAN Microelectronic Corp.) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( ) S3 btwavdt; \SystemRoot\system32\DRIVERS\btwavdt.sys [x] S3 btwrchid; \SystemRoot\system32\DRIVERS\btwrchid.sys [x] S3 catchme; \??\C:\Users\Simone\AppData\Local\Temp\catchme.sys [x] S3 cmnsusbser; system32\DRIVERS\cmnsusbser.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2030-01-01 13:33 - 2010-11-20 14:40 - 00383786 __RSH C:\bootmgr 2013-07-27 10:08 - 2013-07-27 10:08 - 00891062 _____ C:\Users\Simone\Desktop\SecurityCheck.exe 2013-07-25 17:54 - 2013-07-25 17:54 - 00000000 ____D C:\Program Files\ESET 2013-07-25 17:53 - 2013-07-25 17:53 - 02347384 _____ (ESET) C:\Users\Simone\Desktop\esetsmartinstaller_enu.exe 2013-07-25 11:21 - 2013-07-25 11:23 - 00018959 _____ C:\Users\Simone\Desktop\JRT.txt 2013-07-25 11:16 - 2013-07-25 11:16 - 00000000 ____D C:\windows\ERUNT 2013-07-25 11:13 - 2013-07-25 11:13 - 00004283 _____ C:\Users\Simone\Desktop\AdwCleaner[S1].txt 2013-07-25 11:11 - 2013-07-25 11:12 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\Simone\Desktop\JRT.exe 2013-07-25 11:04 - 2013-07-25 11:05 - 00004283 _____ C:\AdwCleaner[S1].txt 2013-07-25 11:02 - 2013-07-25 11:02 - 00666633 _____ C:\Users\Simone\Desktop\adwcleaner.exe 2013-07-24 17:55 - 2013-07-24 17:55 - 00015132 _____ C:\Users\Simone\Desktop\combofix.txt 2013-07-24 17:53 - 2013-07-24 17:53 - 00015132 _____ C:\ComboFix.txt 2013-07-24 17:22 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe 2013-07-24 17:22 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe 2013-07-24 17:22 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe 2013-07-24 17:22 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe 2013-07-24 17:22 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe 2013-07-24 17:22 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe 2013-07-24 17:22 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe 2013-07-24 17:22 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe 2013-07-24 17:21 - 2013-07-24 17:53 - 00000000 ____D C:\Qoobox 2013-07-24 17:20 - 2013-07-24 17:50 - 00000000 ____D C:\windows\erdnt 2013-07-24 17:17 - 2013-07-24 17:17 - 05092950 ____R (Swearware) C:\Users\Simone\Desktop\ComboFix.exe 2013-07-24 16:38 - 2013-07-24 16:38 - 00000000 ____D C:\FRST 2013-07-24 16:36 - 2013-07-24 16:37 - 01220240 _____ (Farbar) C:\Users\Simone\Desktop\FRST.exe 2013-07-21 23:53 - 2013-07-21 23:56 - 00052898 _____ C:\Users\Simone\Desktop\OTL.Txt 2013-07-21 23:39 - 2013-07-21 23:39 - 00023892 _____ C:\Users\Simone\Desktop\gmer.txt 2013-07-21 23:02 - 2013-07-21 23:02 - 00377856 _____ C:\Users\Simone\Desktop\gmer_2.1.19163.exe 2013-07-21 22:58 - 2013-07-21 22:58 - 00602112 _____ (OldTimer Tools) C:\Users\Simone\Desktop\OTL.exe 2013-07-21 22:39 - 2013-07-21 22:47 - 00000474 _____ C:\Users\Simone\Desktop\defogger_disable.log 2013-07-21 22:39 - 2013-07-21 22:39 - 00000000 _____ C:\Users\Simone\defogger_reenable 2013-07-21 22:38 - 2013-07-21 22:39 - 00050477 _____ C:\Users\Simone\Desktop\Defogger.exe 2013-07-21 22:23 - 2013-07-21 22:23 - 00793536 _____ C:\ZipOpenerSetup.exe 2013-07-12 18:48 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2013-07-12 18:48 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2013-07-12 18:47 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2013-07-12 18:47 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2013-07-12 18:47 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2013-07-12 18:47 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2013-07-12 18:47 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2013-07-12 18:47 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2013-07-12 18:47 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2013-07-12 18:47 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2013-07-12 18:47 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2013-07-12 18:47 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2013-07-12 18:47 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll 2013-07-12 18:47 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2013-07-12 18:47 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2013-07-12 18:47 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe 2013-07-10 19:48 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2013-07-10 19:48 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll 2013-07-10 19:48 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL 2013-07-10 19:48 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll 2013-07-02 14:56 - 2013-07-02 15:25 - 00000000 ____D C:\Users\Simone\Desktop\ABIBALL2013 2013-07-02 14:41 - 2013-07-25 11:17 - 00000314 _____ C:\windows\Tasks\HPYWNZYVY.job 2013-07-02 14:41 - 2013-07-02 14:41 - 00475136 __RSH C:\windows\system32\bitsprx6R.dll ==================== One Month Modified Files and Folders ======= 2030-01-01 13:33 - 2009-07-14 06:57 - 00029696 ___SH C:\windows\system32\config\BCD-Template.LOG 2030-01-01 13:33 - 2009-07-14 06:52 - 00032768 _____ C:\windows\system32\config\BCD-Template 2013-07-27 10:12 - 2011-06-16 20:49 - 00000000 ___RD C:\Users\Simone\Desktop 2013-07-27 10:10 - 2011-06-16 18:17 - 00000000 ____D C:\Users\Simone\AppData\Roaming\Dropbox 2013-07-27 10:08 - 2013-07-27 10:08 - 00891062 _____ C:\Users\Simone\Desktop\SecurityCheck.exe 2013-07-27 10:02 - 2012-12-04 17:24 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2013-07-27 04:42 - 2011-06-17 05:43 - 01091416 _____ C:\windows\WindowsUpdate.log 2013-07-27 02:20 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-27 02:20 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-25 17:56 - 2009-07-25 09:50 - 01500254 _____ C:\windows\system32\PerfStringBackup.INI 2013-07-25 17:54 - 2013-07-25 17:54 - 00000000 ____D C:\Program Files\ESET 2013-07-25 17:53 - 2013-07-25 17:53 - 02347384 _____ (ESET) C:\Users\Simone\Desktop\esetsmartinstaller_enu.exe 2013-07-25 11:23 - 2013-07-25 11:21 - 00018959 _____ C:\Users\Simone\Desktop\JRT.txt 2013-07-25 11:17 - 2013-07-02 14:41 - 00000314 _____ C:\windows\Tasks\HPYWNZYVY.job 2013-07-25 11:16 - 2013-07-25 11:16 - 00000000 ____D C:\windows\ERUNT 2013-07-25 11:13 - 2013-07-25 11:13 - 00004283 _____ C:\Users\Simone\Desktop\AdwCleaner[S1].txt 2013-07-25 11:12 - 2013-07-25 11:11 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\Simone\Desktop\JRT.exe 2013-07-25 11:09 - 2011-06-16 18:20 - 00000000 ___RD C:\Users\Simone\Dropbox 2013-07-25 11:07 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-07-25 11:06 - 2012-05-11 17:14 - 00087258 _____ C:\windows\PFRO.log 2013-07-25 11:06 - 2009-07-14 06:39 - 00080284 _____ C:\windows\setupact.log 2013-07-25 11:05 - 2013-07-25 11:04 - 00004283 _____ C:\AdwCleaner[S1].txt 2013-07-25 11:02 - 2013-07-25 11:02 - 00666633 _____ C:\Users\Simone\Desktop\adwcleaner.exe 2013-07-24 17:55 - 2013-07-24 17:55 - 00015132 _____ C:\Users\Simone\Desktop\combofix.txt 2013-07-24 17:53 - 2013-07-24 17:53 - 00015132 _____ C:\ComboFix.txt 2013-07-24 17:53 - 2013-07-24 17:21 - 00000000 ____D C:\Qoobox 2013-07-24 17:53 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default 2013-07-24 17:53 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public 2013-07-24 17:50 - 2013-07-24 17:20 - 00000000 ____D C:\windows\erdnt 2013-07-24 17:48 - 2009-07-14 04:04 - 00000215 _____ C:\windows\system.ini 2013-07-24 17:35 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Public\Desktop 2013-07-24 17:34 - 2012-10-30 22:11 - 00000000 ____D C:\Users\Simone\Desktop\Schule 2013-07-24 17:17 - 2013-07-24 17:17 - 05092950 ____R (Swearware) C:\Users\Simone\Desktop\ComboFix.exe 2013-07-24 16:38 - 2013-07-24 16:38 - 00000000 ____D C:\FRST 2013-07-24 16:37 - 2013-07-24 16:36 - 01220240 _____ (Farbar) C:\Users\Simone\Desktop\FRST.exe 2013-07-21 23:56 - 2013-07-21 23:53 - 00052898 _____ C:\Users\Simone\Desktop\OTL.Txt 2013-07-21 23:39 - 2013-07-21 23:39 - 00023892 _____ C:\Users\Simone\Desktop\gmer.txt 2013-07-21 23:02 - 2013-07-21 23:02 - 00377856 _____ C:\Users\Simone\Desktop\gmer_2.1.19163.exe 2013-07-21 22:58 - 2013-07-21 22:58 - 00602112 _____ (OldTimer Tools) C:\Users\Simone\Desktop\OTL.exe 2013-07-21 22:47 - 2013-07-21 22:39 - 00000474 _____ C:\Users\Simone\Desktop\defogger_disable.log 2013-07-21 22:39 - 2013-07-21 22:39 - 00000000 _____ C:\Users\Simone\defogger_reenable 2013-07-21 22:39 - 2013-07-21 22:38 - 00050477 _____ C:\Users\Simone\Desktop\Defogger.exe 2013-07-21 22:39 - 2011-06-16 20:49 - 00000000 ____D C:\Users\Simone 2013-07-21 22:26 - 2013-06-26 18:11 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-07-21 22:23 - 2013-07-21 22:23 - 00793536 _____ C:\ZipOpenerSetup.exe 2013-07-17 16:39 - 2011-07-07 18:34 - 00000000 ____D C:\Users\Simone\Fotos 2013-07-15 21:48 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET 2013-07-12 19:31 - 2012-04-16 19:23 - 00000000 ____D C:\Users\Simone\Tracing 2013-07-12 19:21 - 2009-07-14 06:33 - 00320376 _____ C:\windows\system32\FNTCACHE.DAT 2013-07-12 19:19 - 2012-05-27 22:17 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-07-12 19:19 - 2010-11-02 02:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-07-12 19:17 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender 2013-07-12 18:46 - 2011-07-04 11:32 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-07-12 18:33 - 2013-02-26 21:05 - 75699896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2013-07-02 15:25 - 2013-07-02 14:56 - 00000000 ____D C:\Users\Simone\Desktop\ABIBALL2013 2013-07-02 14:41 - 2013-07-02 14:41 - 00475136 __RSH C:\windows\system32\bitsprx6R.dll 2013-06-28 20:49 - 2013-02-18 20:09 - 00000000 ____D C:\Program Files\Full Tilt Poker.Eu ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-27 05:07 ==================== End Of Log ============================ --- --- --- |
27.07.2013, 11:17 | #10 |
/// the machine /// TB-Ausbilder | Ihavenet Virus - wie kann ich ihn loswerden Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter E:\RECYCLER Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
27.07.2013, 16:56 | #11 |
| Ihavenet Virus - wie kann ich ihn loswerdenCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-07-2013 Ran by Simone at 2013-07-27 17:53:59 Run:2 Running from C:\Users\Simone\Desktop Boot Mode: Normal ============================================== "E:\RECYCLER" => File/Directory not found. ==== End of Fixlog ==== |
27.07.2013, 18:19 | #12 |
/// the machine /// TB-Ausbilder | Ihavenet Virus - wie kann ich ihn loswerden Nee alles gut. Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
27.07.2013, 21:12 | #13 |
| Ihavenet Virus - wie kann ich ihn loswerden Ja krass... ich kann das gar nicht fassen, dass das jetzt alles so geklappt hat. Ich hab auch richtig viel gelernt. Vielen, vielen Dank dafür. Das war ganz großes Kino hier :-) Top! |
28.07.2013, 07:12 | #14 |
/// the machine /// TB-Ausbilder | Ihavenet Virus - wie kann ich ihn loswerden Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
28.07.2013, 17:23 | #15 |
| Ihavenet Virus - wie kann ich ihn loswerden Hm, scheint doch noch nicht weg zu sein... Werde immernoch von newsbusters umgeleitet :-( |
Themen zu Ihavenet Virus - wie kann ich ihn loswerden |
anhang, befolgt, compu, computer, dateien, einiger, erstell, erstellt, folge, folgende, gemeinde, google, hoffe, ihavenet, ihavenet virus, liebe, logfiles, loswerden, richtig, schritte, sucht, super, tagen, umleitung, virus, weitergeleitet |