|
Plagegeister aller Art und deren Bekämpfung: Notebook spielt verrückt - Kein Internetverbindung mehr möglich - lässt sich kaum noch bedienenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
29.07.2013, 09:09 | #1 |
| Notebook spielt verrückt - Kein Internetverbindung mehr möglich - lässt sich kaum noch bedienen Moin Moin Habe am Notebook ( mit Windows Vista ) arge Probleme. Angefangen hat es so: Es öffneten sich zig Pornoseiten, so schnell konnte ich garnet klicken um die zu schliessen als sich immer wieder neue öffneten. Seitdem habe ich keine Internetverbindung mehr, weder per WLAN noch per LAN Programme lassen sich kaum noch welche öffnen, beim booten dauert es urlange bis der hochgefahren ist. Mit der Desinfect CD von Heise wurden keine Funde angezeigt. Wenn ich vom Betriebssystem aus mit Antivir einen Scan mache, schaltet sich das Book einfach aus, so nach ca 1-2 min. Danke für Eure Hilfe Gruß Hape PS: Werde jetzt mal einen scan mit FRST machen Update: Schaltet sich auch hier nach einiger Zeit einfach aus :-( Geändert von hape3 (29.07.2013 um 09:27 Uhr) |
29.07.2013, 09:56 | #2 |
/// the machine /// TB-Ausbilder | Notebook spielt verrückt - Kein Internetverbindung mehr möglich - lässt sich kaum noch bedienen hi,
__________________Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8) Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
__________________ |
29.07.2013, 10:26 | #3 |
| Notebook spielt verrückt - Kein Internetverbindung mehr möglich - lässt sich kaum noch bedienen Danke für die Hilfe :-)
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-07-2013 Ran by SYSTEM on 29-07-2013 11:05:48 Running from G:\ Windows Vista (TM) Home Premium (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation) HKLM\...\Run: [ALaunch] - C:\Acer\ALaunch\AlaunchClient.exe [x] HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [865840 2007-05-08] (Synaptics, Inc.) HKLM\...\Run: [eDataSecurity Loader] - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [457216 2007-04-25] (HiTRUST) HKLM\...\Run: [eAudio] - C:\Acer\Empowering Technology\eAudio\eAudio.exe [1286144 2007-06-11] (CyberLink) HKLM\...\Run: [Acer Tour] - [x] HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4702208 2007-09-04] (Realtek Semiconductor) HKLM\...\Run: [PLFSet] - rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting [x] HKLM\...\Run: [LManager] - C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [707080 2007-07-30] (Dritek System Inc.) HKLM\...\Run: [eRecoveryService] - [x] HKLM\...\Run: [Acer Tour Reminder] - C:\Acer\AcerTour\Reminder.exe [151552 2007-08-01] (Acer Inc.) HKLM\...\Run: [WarReg_PopUp] - C:\Acer\WR_PopUp\WarReg_PopUp.exe [57344 2006-11-05] (Acer Inc.) HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [174872 2007-02-12] (Intel Corporation) HKLM\...\Run: [SetPanel] - C:\Acer\APanel\APanel.cmd [x] HKLM\...\Run: [NBKeyScan] - "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [x] HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [623992 2008-01-11] (Adobe Systems Inc.) HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [TrueImageMonitor.exe] - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2622104 2007-12-03] (Acronis) HKLM\...\Run: [AcronisTimounterMonitor] - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [911184 2007-12-03] (Acronis) HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [140568 2007-12-03] (Acronis) HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdSync.exe [215552 2006-11-02] (Microsoft Corporation) HKLM\...\Run: [TkBellExe] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe [198160 2009-03-20] (RealNetworks, Inc.) HKLM\...\Run: [lxctmon.exe] - C:\Program Files\Lexmark 5400 Series\lxctmon.exe [291760 2006-11-22] () HKLM\...\Run: [Lexmark 5400 Series Fax Server] - C:\Program Files\Lexmark 5400 Series\fm3032.exe [304048 2006-11-22] () HKLM\...\Run: [EzPrint] - C:\Program Files\Lexmark 5400 Series\ezprint.exe [82864 2006-11-22] (Lexmark International Inc.) HKLM\...\Run: [LXCTCATS] - rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16 [x] HKLM\...\Run: [NvSvc] - RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart [x] HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [x] HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [x] HKLM\...\Run: [nwiz] - nwiz.exe /install [x] HKLM\...\Run: [Google Updater] - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [161336 2011-09-21] (Google) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [348664 2012-08-08] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [MyFunCards Search Scope Monitor] - C:\PROGRA~1\MYFUNC~2\bar\1.bin\5msrchmn.exe [42552 2012-09-03] (MindSpark) HKLM\...\Run: [MyFunCards_5m Browser Plugin Loader] - C:\PROGRA~1\MYFUNC~2\bar\1.bin\5mbrmon.exe [30096 2012-09-03] (VER_COMPANY_NAME) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-11] (Oracle Corporation) HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-10] (Microsoft Corporation) HKU\Default\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [ 2007-04-26] () HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-10] (Microsoft Corporation) HKU\Default User\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [ 2007-04-26] () HKU\Hape\...\Run: [Acer Tour Reminder] - [x] HKU\Hape\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\daemon.exe [ 2007-12-19] (DT Soft Ltd) HKU\Hape\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [x] HKU\Hape\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2008-06-19] (Google Inc.) HKU\Hape\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-18] (Microsoft Corporation) HKU\Hape\...\Run: [EADM] - C:\Program Files\Origin\Origin.exe [ 2013-07-12] (Electronic Arts) Lsa: [Authentication Packages] msv1_0 relog_ap Startup: C:\Users\Hape\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Hape\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telefon- und Branchenbuch Herbst 2008 - Schnellstarter.lnk ShortcutTarget: Telefon- und Branchenbuch Herbst 2008 - Schnellstarter.lnk -> D:\Program Files\klickTel\Telefon- und Branchenbuch Herbst 2008\KSTART32.EXE (No File) ========================== Services (Whitelisted) ================= S2 AcronisOSSReinstallSvc; C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2232296 2007-03-09] () S2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [427288 2007-12-03] (Acronis) S2 ALaunchService; C:\Acer\ALaunch\ALaunchSvc.exe [50688 2007-01-26] () S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-05-09] (Avira Operations GmbH & Co. KG) S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-09] (Avira Operations GmbH & Co. KG) S2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [457512 2007-04-25] (HiTRSUT) S2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-04-22] (Acer Inc.) S2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [135168 2007-06-13] (Acer Inc.) S2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [53248 2007-07-03] (Acer Inc.) S2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-06-28] () S2 lxct_device; C:\Windows\system32\lxctcoms.exe [537520 2006-11-22] ( ) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) S2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [107008 2006-11-24] () S2 MyFunCards_5mService; C:\PROGRA~1\MYFUNC~2\bar\1.bin\5mbarsvc.exe [42528 2012-09-03] (COMPANYVERS_NAME) S2 TryAndDecideService; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [498792 2007-12-03] () S2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-06-13] (acer) S2 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x] ==================== Drivers (Whitelisted) ==================== S3 A310; C:\Windows\System32\DRIVERS\AVerA310USB.sys [26368 2007-07-09] (AVerMedia TECHNOLOGIES, Inc.) S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-05-09] (Avira GmbH) S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-05-09] (Avira GmbH) S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2011-09-16] (Avira GmbH) S3 BDASwCap; C:\Windows\System32\drivers\AVerA310Cap.sys [42240 2007-07-09] (AVerMedia TECHNOLOGIES, Inc.) S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [53184 2007-06-27] (FTDI Ltd.) S2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [76584 2006-12-07] () S0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [20776 2007-04-25] (HiTRUST) S0 PSDNServ; C:\Windows\System32\drivers\PSDNServ.sys [16680 2007-04-25] (HiTRUST) S0 psdvdisk; C:\Windows\System32\drivers\psdvdisk.sys [60712 2007-04-25] (HiTRUST) S3 s3017bus; C:\Windows\System32\DRIVERS\s3017bus.sys [83880 2007-12-10] (MCCI Corporation) S3 s3017mdfl; C:\Windows\System32\DRIVERS\s3017mdfl.sys [15016 2007-12-10] (MCCI Corporation) S3 s3017mdm; C:\Windows\System32\DRIVERS\s3017mdm.sys [110632 2007-12-10] (MCCI Corporation) S3 s3017mgmt; C:\Windows\System32\DRIVERS\s3017mgmt.sys [104616 2007-12-10] (MCCI Corporation) S3 s3017nd5; C:\Windows\System32\DRIVERS\s3017nd5.sys [25512 2007-12-10] (MCCI Corporation) S3 s3017obex; C:\Windows\System32\DRIVERS\s3017obex.sys [100648 2007-12-10] (MCCI Corporation) S3 s3017unic; C:\Windows\System32\DRIVERS\s3017unic.sys [110120 2007-12-10] (MCCI Corporation) S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1729152 2007-06-12] () S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2009-10-08] (Avira GmbH) S1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2008-04-16] () S0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [368480 2008-08-20] (Acronis) S2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44384 2008-08-20] (Acronis) S3 TTCinergyT2; C:\Windows\System32\DRIVERS\TTCinergyT2BDA.sys [29216 2007-07-12] (TerraTec Electronic GmbH) S3 usbsermptxp; C:\Windows\System32\DRIVERS\usbsermptxp.sys [25600 2008-02-06] (Microsoft Corporation) S3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-04-18] (Winbond Electronics Corporation) S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [521216 2008-01-18] (Microsoft Corporation) S2 Aspi32; No ImagePath S2 BDVEDISK; \??\C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys [x] S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x] S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] S3 Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys [x] S0 sptd; System32\Drivers\sptd.sys [x] S3 Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-29 00:38 - 2013-07-29 00:38 - 00039389 _____ C:\Users\Hape\Desktop\FRST.txt 2013-07-29 00:37 - 2013-07-29 00:38 - 00016198 _____ C:\Users\Hape\Desktop\Addition.txt 2013-07-29 00:03 - 2013-07-29 00:03 - 00000000 ___DC C:\FRST 2013-07-29 00:02 - 2013-07-29 00:03 - 01221130 _____ (Farbar) C:\Users\Hape\Desktop\FRST.exe 2013-07-28 03:32 - 2013-07-28 03:32 - 00000000 ____D C:\Users\Hape\AppData\Roaming\Malwarebytes 2013-07-28 03:29 - 2013-07-28 03:29 - 00000910 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-07-28 03:29 - 2013-07-28 03:29 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-07-28 03:29 - 2013-07-28 03:29 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-07-28 03:29 - 2013-04-04 04:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-07-24 12:46 - 2013-07-24 12:46 - 00000000 __SHD C:\found.004 2013-07-12 13:15 - 2013-07-12 13:17 - 00000000 ____D C:\Windows\System32\MRT 2013-07-11 11:17 - 2013-07-11 11:16 - 00263592 _____ (Oracle Corporation) C:\Windows\System32\javaws.exe 2013-07-11 11:17 - 2013-07-11 11:16 - 00175016 _____ (Oracle Corporation) C:\Windows\System32\javaw.exe 2013-07-11 11:17 - 2013-07-11 11:16 - 00175016 _____ (Oracle Corporation) C:\Windows\System32\java.exe 2013-07-11 11:17 - 2013-07-11 11:16 - 00094632 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll 2013-07-11 06:52 - 2013-06-03 17:50 - 02049024 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-07-11 06:51 - 2013-05-31 20:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll 2013-07-11 06:51 - 2013-05-29 03:30 - 01212928 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-07-11 06:51 - 2013-05-29 03:30 - 00916480 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-07-11 06:51 - 2013-05-29 03:30 - 00105984 _____ (Microsoft Corporation) C:\Windows\System32\url.dll 2013-07-11 06:51 - 2013-05-29 03:28 - 00206848 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll 2013-07-11 06:51 - 2013-05-29 03:26 - 06016000 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-07-11 06:51 - 2013-05-29 03:26 - 00611840 _____ (Microsoft Corporation) C:\Windows\System32\mstime.dll 2013-07-11 06:51 - 2013-05-29 03:26 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-07-11 06:51 - 2013-05-29 03:25 - 00630272 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-07-11 06:51 - 2013-05-29 03:25 - 00055296 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll 2013-07-11 06:51 - 2013-05-29 03:25 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll 2013-07-11 06:51 - 2013-05-29 03:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-07-11 06:51 - 2013-05-29 03:24 - 11111424 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-07-11 06:51 - 2013-05-29 03:24 - 02004992 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-07-11 06:51 - 2013-05-29 03:24 - 01469440 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-07-11 06:51 - 2013-05-29 03:24 - 00387584 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll 2013-07-11 06:51 - 2013-05-29 03:24 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll 2013-07-11 06:51 - 2013-05-29 03:24 - 00164352 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-07-11 06:51 - 2013-05-29 03:24 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-07-11 06:51 - 2013-05-29 03:24 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-07-11 06:51 - 2013-05-29 03:24 - 00055808 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-07-11 06:51 - 2013-05-29 01:47 - 00385024 _____ (Microsoft Corporation) C:\Windows\System32\html.iec 2013-07-11 06:51 - 2013-05-29 00:07 - 00133632 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-07-11 06:51 - 2013-05-29 00:06 - 00174080 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-07-11 06:51 - 2013-05-29 00:05 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe 2013-07-11 06:51 - 2013-05-29 00:04 - 01638912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-07-11 06:51 - 2013-05-07 20:04 - 01548288 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL 2013-07-11 06:51 - 2013-04-17 03:28 - 01029120 _____ (Microsoft Corporation) C:\Windows\System32\d3d10.dll 2013-07-11 06:51 - 2013-04-17 03:28 - 00219648 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll 2013-07-11 06:51 - 2013-04-17 03:28 - 00189952 _____ (Microsoft Corporation) C:\Windows\System32\d3d10core.dll 2013-07-11 06:51 - 2013-04-17 03:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll 2013-07-11 06:51 - 2013-04-17 02:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll 2013-07-11 06:51 - 2013-04-17 02:33 - 00486400 _____ (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll 2013-07-11 06:51 - 2013-04-17 02:14 - 00683008 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll 2013-07-11 06:51 - 2013-04-17 02:10 - 01069056 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll 2013-07-11 06:51 - 2013-04-17 02:10 - 00798208 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll 2013-07-02 12:33 - 2013-07-02 12:33 - 00000000 ____D C:\Program Files\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2013-07-29 00:41 - 2009-02-01 10:24 - 00739806 _____ C:\Windows\System32\PerfStringBackup.INI 2013-07-29 00:38 - 2013-07-29 00:38 - 00039389 _____ C:\Users\Hape\Desktop\FRST.txt 2013-07-29 00:38 - 2013-07-29 00:37 - 00016198 _____ C:\Users\Hape\Desktop\Addition.txt 2013-07-29 00:17 - 2007-11-09 00:51 - 01279385 _____ C:\Windows\WindowsUpdate.log 2013-07-29 00:15 - 2007-12-23 06:00 - 00027744 _____ C:\Users\Hape\AppData\Roaming\nvModes.001 2013-07-29 00:13 - 2010-11-04 13:49 - 00131072 _____ C:\Windows\System32\Ikeext.etl 2013-07-29 00:10 - 2006-11-02 04:47 - 00003696 _____ C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-29 00:10 - 2006-11-02 04:47 - 00003696 _____ C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-29 00:03 - 2013-07-29 00:03 - 00000000 ___DC C:\FRST 2013-07-29 00:03 - 2013-07-29 00:02 - 01221130 _____ (Farbar) C:\Users\Hape\Desktop\FRST.exe 2013-07-29 00:02 - 2006-11-02 04:52 - 00098619 _____ C:\Windows\setupact.log 2013-07-28 03:56 - 2008-02-07 04:28 - 00000012 _____ C:\Windows\bthservsdp.dat 2013-07-28 03:48 - 2006-11-02 07:31 - 00000000 ____D C:\Windows\WindowsMobile 2013-07-28 03:32 - 2013-07-28 03:32 - 00000000 ____D C:\Users\Hape\AppData\Roaming\Malwarebytes 2013-07-28 03:29 - 2013-07-28 03:29 - 00000910 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-07-28 03:29 - 2013-07-28 03:29 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-07-28 03:29 - 2013-07-28 03:29 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-07-28 03:22 - 2008-02-01 01:17 - 00008268 _____ C:\Users\Hape\AppData\Local\d3d9caps.dat 2013-07-28 02:54 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\tracing 2013-07-24 14:06 - 2007-12-22 03:21 - 00027744 _____ C:\Users\Hape\AppData\Roaming\nvModes.dat 2013-07-24 13:35 - 2010-02-23 06:25 - 00000000 ____D C:\Program Files\Lx_cats 2013-07-24 12:46 - 2013-07-24 12:46 - 00000000 __SHD C:\found.004 2013-07-24 12:41 - 2013-02-02 07:04 - 00000000 ____D C:\Program Files\Origin 2013-07-18 13:16 - 2010-02-23 06:21 - 00000000 ___RD C:\Users\Hape\Documents\Eigene Musik1 2013-07-12 23:01 - 2011-04-02 14:06 - 00001975 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-07-12 13:17 - 2013-07-12 13:15 - 00000000 ____D C:\Windows\System32\MRT 2013-07-12 06:12 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET 2013-07-12 04:57 - 2013-02-02 07:06 - 00000000 ____D C:\Users\Hape\AppData\Roaming\Origin 2013-07-12 04:57 - 2013-02-02 07:06 - 00000000 ____D C:\Users\Hape\AppData\Local\Origin 2013-07-12 04:48 - 2008-04-17 07:17 - 01722128 _____ C:\Windows\System32\FNTCACHE.DAT 2013-07-12 04:45 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\System32\XPSViewer 2013-07-11 14:21 - 2007-08-13 21:22 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-07-11 14:09 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Journal 2013-07-11 11:17 - 2008-06-18 09:42 - 00000000 ____D C:\Program Files\Common Files\Java 2013-07-11 11:16 - 2013-07-11 11:17 - 00263592 _____ (Oracle Corporation) C:\Windows\System32\javaws.exe 2013-07-11 11:16 - 2013-07-11 11:17 - 00175016 _____ (Oracle Corporation) C:\Windows\System32\javaw.exe 2013-07-11 11:16 - 2013-07-11 11:17 - 00175016 _____ (Oracle Corporation) C:\Windows\System32\java.exe 2013-07-11 11:16 - 2013-07-11 11:17 - 00094632 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll 2013-07-11 11:16 - 2012-05-10 09:33 - 00867240 _____ (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll 2013-07-11 11:16 - 2010-04-18 10:54 - 00789416 _____ (Oracle Corporation) C:\Windows\System32\deployJava1.dll 2013-07-03 10:48 - 2012-05-13 09:12 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-07-02 12:33 - 2013-07-02 12:33 - 00000000 ____D C:\Program Files\Mozilla Firefox ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-07-16 07:47:18 Restore point made on: 2013-07-16 12:20:59 Restore point made on: 2013-07-18 12:01:39 Restore point made on: 2013-07-19 11:39:58 Restore point made on: 2013-07-20 11:50:34 Restore point made on: 2013-07-21 09:28:59 Restore point made on: 2013-07-24 11:00:43 ==================== Memory info =========================== Percentage of memory in use: 14% Total physical RAM: 2045.81 MB Available physical RAM: 1744.88 MB Total Pagefile: 1979.45 MB Available Pagefile: 1836.76 MB Total Virtual: 2047.88 MB Available Virtual: 1963.33 MB ==================== Drives ================================ Drive c: (ACER) (Fixed) (Total:111.69 GB) (Free:31.52 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (DATA) (Fixed) (Total:108.19 GB) (Free:107.99 GB) NTFS Drive f: (SecureDrive) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS Drive g: (SARDU) (Removable) (Total:14.94 GB) (Free:4.26 GB) FAT32 Drive x: (PQSERVICE) (Fixed) (Total:9.76 GB) (Free:0.62 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 233 GB) (Disk ID: F229A80C) Partition 1: (Not Active) - (Size=10 GB) - (Type=12) Partition 2: (Active) - (Size=112 GB) - (Type=06) Partition 3: (Not Active) - (Size=108 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=3 GB) - (Type=12) ======================================================== Disk: 1 (Size: 15 GB) (Disk ID: F0ACF0AC) Partition 1: (Active) - (Size=15 GB) - (Type=0B) LastRegBack: 2013-07-29 00:45 ==================== End Of Log ============================ --- --- --- --- --- --- [/CODE] |
29.07.2013, 14:52 | #4 |
/// the machine /// TB-Ausbilder | Notebook spielt verrückt - Kein Internetverbindung mehr möglich - lässt sich kaum noch bedienen Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM\...\Run: [MyFunCards Search Scope Monitor] - C:\PROGRA~1\MYFUNC~2\bar\1.bin\5msrchmn.exe [42552 2012-09-03] (MindSpark) HKLM\...\Run: [MyFunCards_5m Browser Plugin Loader] - C:\PROGRA~1\MYFUNC~2\bar\1.bin\5mbrmon.exe [30096 2012-09-03] (VER_COMPANY_NAME) C:\PROGRA~1\MYFUNC~2
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier. Jetzt bitte normal booten, dann alles vom Desktop aus: Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
29.07.2013, 18:25 | #5 |
| Notebook spielt verrückt - Kein Internetverbindung mehr möglich - lässt sich kaum noch bedienen So, habe mal alles nacheinander abgearbeitet was da stand: Folgende Fehler sind noch da bzw Fehlermeldungen: Google Updater kann nicht vorgesetzt werden. Keine Verbindung zu Microsoft Diensten Keine Verbindung ins Internet per LAN oder WLAN. Bei LAN zeigt der folgendes an: Der Abhängigkeitsdienst kann nicht gestartet werden Danke für die Hilfe :-) Erst einmal das Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-07-2013 Ran by SYSTEM at 2013-07-29 18:19:25 Run:1 Running from G:\ Boot Mode: Recovery ============================================== HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MyFunCards Search Scope Monitor => Value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MyFunCards_5m Browser Plugin Loader => Value deleted successfully. "C:\PROGRA~1\MYFUNC~2" => Could not move. ==== End of Fixlog ==== AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.306 - Datei am 29/07/2013 um 18:36:20 erstellt # Aktualisiert am 19/07/2013 von Xplode # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # Benutzer : Hape - HAPE-NB # Bootmodus : Normal # Ausgeführt unter : G:\adwcleaner.exe # Option [Löschen] **** [Dienste] **** Gestoppt & Gelöscht : MyFunCards_5mService ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Users\Hape\AppData\Roaming\Mozilla\Firefox\Profiles\d6t61t16.default\searchplugins\Askcom.xml Datei Gelöscht : C:\Users\Hape\AppData\Roaming\Mozilla\Firefox\Profiles\d6t61t16.default\searchplugins\askcomsearch.xml Datei Gelöscht : C:\Users\Hape\AppData\Roaming\Mozilla\Firefox\Profiles\d6t61t16.default\searchplugins\Conduit.xml Datei Gelöscht : C:\Users\Hape\AppData\Roaming\Mozilla\Firefox\Profiles\d6t61t16.default\searchplugins\icqplugin.xml Datei Gelöscht : C:\Users\Hape\AppData\Roaming\Mozilla\Firefox\Profiles\d6t61t16.default\searchplugins\my-web-search.xml Datei Gelöscht : C:\Windows\system32\conduitEngine.tmp Ordner Gelöscht : C:\Program Files\Conduit Ordner Gelöscht : C:\Program Files\ConduitEngine Ordner Gelöscht : C:\Program Files\ICQ6Toolbar Ordner Gelöscht : C:\Program Files\MyFunCards_5m Ordner Gelöscht : C:\Program Files\Softonic-Eng7 Ordner Gelöscht : C:\ProgramData\Ask Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar Ordner Gelöscht : C:\Users\Hape\AppData\Local\APN Ordner Gelöscht : C:\Users\Hape\AppData\Local\Conduit Ordner Gelöscht : C:\Users\Hape\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj Ordner Gelöscht : C:\Users\Hape\AppData\Local\MyFunCards_5m Ordner Gelöscht : C:\Users\Hape\AppData\Local\Temp\AskSearch Ordner Gelöscht : C:\Users\Hape\AppData\LocalLow\Conduit Ordner Gelöscht : C:\Users\Hape\AppData\LocalLow\ConduitEngine Ordner Gelöscht : C:\Users\Hape\AppData\LocalLow\MyFunCards_5m Ordner Gelöscht : C:\Users\Hape\AppData\LocalLow\PriceGong Ordner Gelöscht : C:\Users\Hape\AppData\LocalLow\Softonic-Eng7 Ordner Gelöscht : C:\Users\Hape\AppData\Roaming\Mozilla\Firefox\Profiles\d6t61t16.default\Conduit Ordner Gelöscht : C:\Users\Hape\AppData\Roaming\Mozilla\Firefox\Profiles\d6t61t16.default\extensions\5mffxtbr@MyFunCards_5m.com ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\conduitEngine Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\MyFunCards_5m Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Softonic-Eng7 Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyFunCards_5mbar Uninstall Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Softonic-Eng7 Toolbar Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C4B22C87-45EF-4F43-89F2-40DB2078864E} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DA71FD14-5F7B-46AE-B8B1-44074A38F331} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5715B05F-3402-4E01-81ED-A9FDD794570D} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C4B22C87-45EF-4F43-89F2-40DB2078864E} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DA71FD14-5F7B-46AE-B8B1-44074A38F331} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5715B05F-3402-4E01-81ED-A9FDD794570D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C4B22C87-45EF-4F43-89F2-40DB2078864E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DA71FD14-5F7B-46AE-B8B1-44074A38F331} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2405280 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991} Schlüssel Gelöscht : HKLM\Software\Conduit Schlüssel Gelöscht : HKLM\Software\conduitEngine Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DB6F829-0F16-4FE0-B9FE-026EC427923F} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CC9E9F17-6813-432E-B431-1345D627EA85} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEC3064C-1895-43DE-84F8-13D23F554964} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4B22C87-45EF-4F43-89F2-40DB2078864E} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA71FD14-5F7B-46AE-B8B1-44074A38F331} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5715B05F-3402-4E01-81ED-A9FDD794570D} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyFunCards_5mbar Uninstall Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softonic-Eng7 Toolbar Schlüssel Gelöscht : HKLM\Software\Softonic-Eng7 Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}] ***** [Internet Browser] ***** -\\ Internet Explorer v8.0.6001.19443 Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=ZUxpt195YYde&ptb=A639C204-CA2D-41EF-87D1-005F93170D5B&si=COuhrL-SmrICFYe-zAod9XUAAQ --> hxxp://www.google.com Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com -\\ Mozilla Firefox v22.0 (de) Datei : C:\Users\Hape\AppData\Roaming\Mozilla\Firefox\Profiles\d6t61t16.default\prefs.js C:\Users\Hape\AppData\Roaming\Mozilla\Firefox\Profiles\d6t61t16.default\user.js ... Gelöscht ! Gelöscht : user_pref("browser.search.defaultengine", "Ask.com Search"); Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com Search"); Gelöscht : user_pref("browser.search.order.1", "Ask.com Search"); Gelöscht : user_pref("browser.search.selectedEngine", "Ask.com Search"); Gelöscht : user_pref("browser.startup.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=A639C204-CA2D-41E[...] Gelöscht : user_pref("extensions.mywebsearch.prevDefaultEngine", "Google"); Gelöscht : user_pref("extensions.mywebsearch.prevSelectedEngine", "Google"); Gelöscht : user_pref("extensions.toolbar.mindspark._5mMembers_.homepage", "hxxp://home.mywebsearch.com/index.jh[...] Gelöscht : user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=A639C204[...] -\\ Google Chrome v28.0.1500.72 Datei : C:\Users\Hape\AppData\Local\Google\Chrome\User Data\Default\Preferences Gelöscht [l.12] : homepage = "hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE", Gelöscht [l.39] : icon_url = "hxxp://www.ask.com/favicon.ico", Gelöscht [l.42] : keyword = "ask.com", Gelöscht [l.45] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-3&o=APN10395&locale=d[...] Gelöscht [l.46] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms[...] Gelöscht [l.1652] : homepage = "hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE", ************************* AdwCleaner[S1].txt - [11652 octets] - [29/07/2013 18:36:20] ########## EOF - C:\AdwCleaner[S1].txt - [11713 octets] ########## [/CODE] Weiter gings mit JRT, dazu diese Log-Datei: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.2.7 (07.29.2013:1) OS: Windows Vista (TM) Home Premium x86 Ran by Hape on 29.07.2013 at 18:52:36,03 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7E458C0A-0131-43DF-9656-CD34EAB227C1} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{acbd5593-e5ee-4c15-b48f-1823ce819dec} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{acbd5593-e5ee-4c15-b48f-1823ce819dec} ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted: [File] C:\Users\Hape\AppData\Roaming\mozilla\firefox\profiles\d6t61t16.default\invalidprefs.js Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\5mffxtbr@myfuncards_5m.com Successfully deleted the following from C:\Users\Hape\AppData\Roaming\mozilla\firefox\profiles\d6t61t16.default\prefs.js user_pref("extensions.toolbar.mindspark._5mMembers_.hp.enabled", true); user_pref("extensions.toolbar.mindspark._5mMembers_.hp.user.defined", false); user_pref("extensions.toolbar.mindspark._5mMembers_.initialized", true); user_pref("extensions.toolbar.mindspark._5mMembers_.installation.contextKey", ""); user_pref("extensions.toolbar.mindspark._5mMembers_.installation.installDate", "2013020520"); user_pref("extensions.toolbar.mindspark._5mMembers_.installation.partnerId", "ZUxpt195YYde"); user_pref("extensions.toolbar.mindspark._5mMembers_.installation.partnerSubId", "COuhrL-SmrICFYe-zAod9XUAAQ"); user_pref("extensions.toolbar.mindspark._5mMembers_.installation.success", true); user_pref("extensions.toolbar.mindspark._5mMembers_.installation.toolbarId", "A639C204-CA2D-41EF-87D1-005F93170D5B"); user_pref("extensions.toolbar.mindspark._5mMembers_.lastActivePing", "1374828898211"); user_pref("extensions.toolbar.mindspark._5mMembers_.searchHistory", "213011"); user_pref("extensions.toolbar.mindspark._5mMembers_.tab.date", "1360094270177"); user_pref("extensions.toolbar.mindspark._5mMembers_.weather.location", "10001"); user_pref("extensions.toolbar.mindspark.hp.enabled", true); user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "myfuncards@mindspark.com"); user_pref("extensions.toolbar.mindspark.lastInstalled", "myfuncards@mindspark.com"); user_pref("extensions.toolbar.mindspark.sa.enabled", true); user_pref("extensions.toolbar.mindspark.sa.owner", "myfuncards@mindspark.com"); user_pref("extensions.toolbar.mindspark.tab.enabled", true); Emptied folder: C:\Users\Hape\AppData\Roaming\mozilla\firefox\profiles\d6t61t16.default\minidumps [134 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 29.07.2013 at 18:55:20,60 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-07-2013 Ran by Hape (administrator) on 29-07-2013 19:01:38 Running from G:\ Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe () C:\Acer\ALaunch\ALaunchSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (HiTRSUT) C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (Acer Inc.) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet Service.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe ( ) C:\Windows\system32\lxctcoms.exe () C:\Acer\Mobility Center\MobilityService.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe () C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe (Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe (Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (acer) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (HiTRUST) C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (CyberLink) C:\Acer\Empowering Technology\eAudio\eAudio.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Dritek System Inc.) C:\Program Files\Launch Manager\QtZgAcer.EXE (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe () C:\Program Files\Lexmark 5400 Series\lxctmon.exe (Lexmark International Inc.) C:\Program Files\Lexmark 5400 Series\ezprint.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (Acer Inc.) C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Acer Inc.) C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE (Acer Inc.) C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE (Realtek Semiconductor Corp.) C:\Users\Hape\AppData\Local\Temp\RtkBtMnt.exe (Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation) HKLM\...\Run: [ALaunch] - C:\Acer\ALaunch\AlaunchClient.exe [x] HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [865840 2007-05-09] (Synaptics, Inc.) HKLM\...\Run: [eDataSecurity Loader] - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [457216 2007-04-25] (HiTRUST) HKLM\...\Run: [eAudio] - C:\Acer\Empowering Technology\eAudio\eAudio.exe [1286144 2007-06-11] (CyberLink) HKLM\...\Run: [Acer Tour] - [x] HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4702208 2007-09-04] (Realtek Semiconductor) HKLM\...\Run: [PLFSet] - rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting [x] HKLM\...\Run: [LManager] - C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [707080 2007-07-31] (Dritek System Inc.) HKLM\...\Run: [eRecoveryService] - [x] HKLM\...\Run: [Acer Tour Reminder] - C:\Acer\AcerTour\Reminder.exe [151552 2007-08-01] (Acer Inc.) HKLM\...\Run: [WarReg_PopUp] - C:\Acer\WR_PopUp\WarReg_PopUp.exe [57344 2006-11-05] (Acer Inc.) HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [174872 2007-02-12] (Intel Corporation) HKLM\...\Run: [SetPanel] - C:\Acer\APanel\APanel.cmd [x] HKLM\...\Run: [NBKeyScan] - "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [x] HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [623992 2008-01-11] (Adobe Systems Inc.) HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [TrueImageMonitor.exe] - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2622104 2007-12-03] (Acronis) HKLM\...\Run: [AcronisTimounterMonitor] - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [911184 2007-12-03] (Acronis) HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [140568 2007-12-03] (Acronis) HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdSync.exe [215552 2006-11-02] (Microsoft Corporation) HKLM\...\Run: [TkBellExe] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe [198160 2009-03-20] (RealNetworks, Inc.) HKLM\...\Run: [lxctmon.exe] - C:\Program Files\Lexmark 5400 Series\lxctmon.exe [291760 2006-11-22] () HKLM\...\Run: [Lexmark 5400 Series Fax Server] - C:\Program Files\Lexmark 5400 Series\fm3032.exe [304048 2006-11-22] () HKLM\...\Run: [EzPrint] - C:\Program Files\Lexmark 5400 Series\ezprint.exe [82864 2006-11-22] (Lexmark International Inc.) HKLM\...\Run: [LXCTCATS] - rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16 [x] HKLM\...\Run: [NvSvc] - RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart [x] HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [x] HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [x] HKLM\...\Run: [nwiz] - nwiz.exe /install [x] HKLM\...\Run: [Google Updater] - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [161336 2011-09-21] (Google) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [348664 2012-08-09] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKCU\...\Run: [Acer Tour Reminder] - [x] HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\daemon.exe [486856 2007-12-19] (DT Soft Ltd) HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [x] HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-06-19] (Google Inc.) HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation) HKCU\...\Run: [EADM] - C:\Program Files\Origin\Origin.exe [3456080 2013-07-12] (Electronic Arts) MountPoints2: {08a95b78-2807-11de-b97d-f16ed9cf029e} - E:\EmDesk.exe MountPoints2: {1d0ab367-bdce-11dc-baa2-a497e26bf74f} - G:\Autorun.exe MountPoints2: {7aebc77a-8ea0-11dc-9ce9-806e6f6e6963} - F:\Autorun.exe MountPoints2: {a5d4b1d9-1a1f-11df-af66-d6d374baabeb} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\RavMon.exe HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation) HKU\Default\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [ 2007-04-26] () HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation) HKU\Default User\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [ 2007-04-26] () Lsa: [Authentication Packages] msv1_0 relog_ap Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk ShortcutTarget: Acer VCM.lnk -> C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk ShortcutTarget: BTTray.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Hape\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Hape\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telefon- und Branchenbuch Herbst 2008 - Schnellstarter.lnk ShortcutTarget: Telefon- und Branchenbuch Herbst 2008 - Schnellstarter.lnk -> D:\Program Files\klickTel\Telefon- und Branchenbuch Herbst 2008\KSTART32.EXE (No File) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com URLSearchHook: (No Name) - {f4c28532-b9d0-4950-a2df-e83f9929242b} - C:\Program Files\MyFunCards_5m\bar\1.bin\5mSrcAs.dll No File SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search SearchScopes: HKCU - {6E8E65C8-6F23-494F-9638-2D8E70CB4F30} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (Adobe Systems Incorporated.) BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll No File BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll No File Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (Adobe Systems Incorporated.) Toolbar: HKLM - MyFunCards - {210f1b36-3b7f-41a4-b5da-3eb87f5a56c2} - C:\Program Files\MyFunCards_5m\bar\1.bin\5mbar.dll No File Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU -MyFunCards - {210F1B36-3B7F-41A4-B5DA-3EB87F5A56C2} - C:\Program Files\MyFunCards_5m\bar\1.bin\5mbar.dll No File DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.) Tcpip\..\Interfaces\{2B92099C-A056-4167-B550-5C9C8CCAA518}: [NameServer]62.220.18.8 89.246.64.8 FireFox: ======== FF ProfilePath: C:\Users\Hape\AppData\Roaming\Mozilla\Firefox\Profiles\d6t61t16.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @MyFunCards_5m.com/Plugin - C:\Program Files\MyFunCards_5m\bar\1.bin\NP5mStub.dll No File FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF Plugin: @real.com/nppl3260;version=6.0.12.69 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=1.0.3.69 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.69 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File FF Extension: No Name - C:\Users\Hape\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} FF Extension: No Name - C:\Users\Hape\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: Move Media Player - C:\Users\Hape\AppData\Roaming\Mozilla\Firefox\Profiles\d6t61t16.default\Extensions\moveplayer@movenetworks.com FF Extension: Google Toolbar for Firefox - C:\Users\Hape\AppData\Roaming\Mozilla\Firefox\Profiles\d6t61t16.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM\...\Firefox\Extensions: [{3112ca9c-de6d-4884-a869-9855de68056c}] C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF Extension: Google Toolbar for Firefox - C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\Program Files\Real\RealPlayer\browserrecord FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR RestoreOnStartup: "hxxp://www.google.com/" CHR DefaultSearchURL: (Ask) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll No File CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\24.0.1312.57\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Users\Hape\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (king.com - Game controller for firefox) - C:\Program Files\Mozilla Firefox\plugins\npmidas.dll (Midasplayer Ltd) CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 6 U32) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.320.5) - C:\Windows\system32\npdeployJava1.dll (Oracle Corporation) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) CHR Extension: (YouTube) - C:\Users\Hape\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1 CHR Extension: (Google Search) - C:\Users\Hape\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1 CHR Extension: (Gmail) - C:\Users\Hape\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 ========================== Services (Whitelisted) ================= S2 AcronisOSSReinstallSvc; C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2232296 2007-03-09] () R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [427288 2007-12-03] (Acronis) R2 ALaunchService; C:\Acer\ALaunch\ALaunchSvc.exe [50688 2007-01-26] () R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-05-09] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-09] (Avira Operations GmbH & Co. KG) R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [457512 2007-04-25] (HiTRSUT) R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-04-23] (Acer Inc.) R2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [135168 2007-06-13] (Acer Inc.) R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [53248 2007-07-03] (Acer Inc.) R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-06-28] () R2 lxct_device; C:\Windows\system32\lxctcoms.exe [537520 2006-11-22] ( ) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [107008 2006-11-24] () R2 TryAndDecideService; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [498792 2007-12-03] () R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-06-13] (acer) S2 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x] ==================== Drivers (Whitelisted) ==================== R3 A310; C:\Windows\System32\DRIVERS\AVerA310USB.sys [26368 2007-07-10] (AVerMedia TECHNOLOGIES, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-05-09] (Avira GmbH) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-05-09] (Avira GmbH) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2011-09-16] (Avira GmbH) R3 BDASwCap; C:\Windows\System32\drivers\AVerA310Cap.sys [42240 2007-07-10] (AVerMedia TECHNOLOGIES, Inc.) S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [53184 2007-06-27] (FTDI Ltd.) R2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [76584 2006-12-07] () R0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [20776 2007-04-25] (HiTRUST) R0 PSDNServ; C:\Windows\System32\drivers\PSDNServ.sys [16680 2007-04-25] (HiTRUST) R0 psdvdisk; C:\Windows\System32\drivers\psdvdisk.sys [60712 2007-04-25] (HiTRUST) S3 s3017bus; C:\Windows\System32\DRIVERS\s3017bus.sys [83880 2007-12-10] (MCCI Corporation) S3 s3017mdfl; C:\Windows\System32\DRIVERS\s3017mdfl.sys [15016 2007-12-10] (MCCI Corporation) S3 s3017mdm; C:\Windows\System32\DRIVERS\s3017mdm.sys [110632 2007-12-10] (MCCI Corporation) S3 s3017mgmt; C:\Windows\System32\DRIVERS\s3017mgmt.sys [104616 2007-12-10] (MCCI Corporation) S3 s3017nd5; C:\Windows\System32\DRIVERS\s3017nd5.sys [25512 2007-12-10] (MCCI Corporation) S3 s3017obex; C:\Windows\System32\DRIVERS\s3017obex.sys [100648 2007-12-10] (MCCI Corporation) S3 s3017unic; C:\Windows\System32\DRIVERS\s3017unic.sys [110120 2007-12-10] (MCCI Corporation) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1729152 2007-06-12] () R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2009-10-08] (Avira GmbH) R1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2008-04-17] () R0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [368480 2008-08-20] (Acronis) R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44384 2008-08-20] (Acronis) S3 TTCinergyT2; C:\Windows\System32\DRIVERS\TTCinergyT2BDA.sys [29216 2007-07-12] (TerraTec Electronic GmbH) S3 usbsermptxp; C:\Windows\System32\DRIVERS\usbsermptxp.sys [25600 2008-02-07] (Microsoft Corporation) R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-04-19] (Winbond Electronics Corporation) S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [521216 2008-01-18] (Microsoft Corporation) S2 Aspi32; No ImagePath S2 BDVEDISK; \??\C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys [x] S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x] S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] S3 Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys [x] S0 sptd; System32\Drivers\sptd.sys [x] S3 Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-29 18:55 - 2013-07-29 18:55 - 00003471 _____ C:\Users\Hape\Desktop\JRT.txt 2013-07-29 18:52 - 2013-07-29 18:52 - 00000000 ____D C:\Windows\ERUNT 2013-07-29 18:36 - 2013-07-29 18:36 - 00011783 ____C C:\AdwCleaner[S1].txt 2013-07-29 10:38 - 2013-07-29 10:38 - 00039389 _____ C:\Users\Hape\Desktop\FRST.txt 2013-07-29 10:37 - 2013-07-29 10:38 - 00016198 _____ C:\Users\Hape\Desktop\Addition.txt 2013-07-29 10:03 - 2013-07-29 10:03 - 00000000 ___DC C:\FRST 2013-07-29 10:02 - 2013-07-29 10:03 - 01221130 _____ (Farbar) C:\Users\Hape\Desktop\FRST.exe 2013-07-28 13:32 - 2013-07-28 13:32 - 00000000 ____D C:\Users\Hape\AppData\Roaming\Malwarebytes 2013-07-28 13:29 - 2013-07-28 13:29 - 00000910 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-07-28 13:29 - 2013-07-28 13:29 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-07-28 13:29 - 2013-07-28 13:29 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-07-28 13:29 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-07-24 22:46 - 2013-07-24 22:46 - 00000000 __SHD C:\found.004 2013-07-12 23:15 - 2013-07-12 23:17 - 00000000 ____D C:\Windows\system32\MRT 2013-07-11 21:17 - 2013-07-11 21:16 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-07-11 21:17 - 2013-07-11 21:16 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-07-11 21:17 - 2013-07-11 21:16 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-07-11 21:17 - 2013-07-11 21:16 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2013-07-11 16:52 - 2013-06-04 03:50 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-07-11 16:51 - 2013-06-01 06:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2013-07-11 16:51 - 2013-05-29 13:30 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-07-11 16:51 - 2013-05-29 13:30 - 00916480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-07-11 16:51 - 2013-05-29 13:30 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-07-11 16:51 - 2013-05-29 13:28 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2013-07-11 16:51 - 2013-05-29 13:26 - 06016000 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-07-11 16:51 - 2013-05-29 13:26 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll 2013-07-11 16:51 - 2013-05-29 13:26 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-07-11 16:51 - 2013-05-29 13:25 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-07-11 16:51 - 2013-05-29 13:25 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2013-07-11 16:51 - 2013-05-29 13:25 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2013-07-11 16:51 - 2013-05-29 13:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-07-11 16:51 - 2013-05-29 13:24 - 11111424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-07-11 16:51 - 2013-05-29 13:24 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-07-11 16:51 - 2013-05-29 13:24 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-07-11 16:51 - 2013-05-29 13:24 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2013-07-11 16:51 - 2013-05-29 13:24 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2013-07-11 16:51 - 2013-05-29 13:24 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-07-11 16:51 - 2013-05-29 13:24 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-07-11 16:51 - 2013-05-29 13:24 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-07-11 16:51 - 2013-05-29 13:24 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-07-11 16:51 - 2013-05-29 11:47 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2013-07-11 16:51 - 2013-05-29 10:07 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-07-11 16:51 - 2013-05-29 10:06 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-07-11 16:51 - 2013-05-29 10:05 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2013-07-11 16:51 - 2013-05-29 10:04 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-07-11 16:51 - 2013-05-08 06:04 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-07-11 16:51 - 2013-04-17 13:28 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2013-07-11 16:51 - 2013-04-17 13:28 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2013-07-11 16:51 - 2013-04-17 13:28 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2013-07-11 16:51 - 2013-04-17 13:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2013-07-11 16:51 - 2013-04-17 12:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2013-07-11 16:51 - 2013-04-17 12:33 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2013-07-11 16:51 - 2013-04-17 12:14 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2013-07-11 16:51 - 2013-04-17 12:10 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2013-07-11 16:51 - 2013-04-17 12:10 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2013-07-02 22:33 - 2013-07-02 22:33 - 00000000 ____D C:\Program Files\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2013-07-29 18:55 - 2013-07-29 18:55 - 00003471 _____ C:\Users\Hape\Desktop\JRT.txt 2013-07-29 18:52 - 2013-07-29 18:52 - 00000000 ____D C:\Windows\ERUNT 2013-07-29 18:45 - 2009-02-01 20:24 - 00739806 _____ C:\Windows\system32\PerfStringBackup.INI 2013-07-29 18:45 - 2007-11-09 10:51 - 01281528 _____ C:\Windows\WindowsUpdate.log 2013-07-29 18:43 - 2007-12-23 16:00 - 00027744 _____ C:\Users\Hape\AppData\Roaming\nvModes.001 2013-07-29 18:41 - 2010-11-04 23:49 - 00196608 _____ C:\Windows\system32\Ikeext.etl 2013-07-29 18:38 - 2006-11-02 14:47 - 00003696 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-29 18:38 - 2006-11-02 14:47 - 00003696 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-29 18:37 - 2008-02-07 14:28 - 00000012 _____ C:\Windows\bthservsdp.dat 2013-07-29 18:36 - 2013-07-29 18:36 - 00011783 ____C C:\AdwCleaner[S1].txt 2013-07-29 18:36 - 2010-02-22 22:33 - 00000000 ____D C:\ProgramData\ICQ 2013-07-29 10:38 - 2013-07-29 10:38 - 00039389 _____ C:\Users\Hape\Desktop\FRST.txt 2013-07-29 10:38 - 2013-07-29 10:37 - 00016198 _____ C:\Users\Hape\Desktop\Addition.txt 2013-07-29 10:03 - 2013-07-29 10:03 - 00000000 ___DC C:\FRST 2013-07-29 10:03 - 2013-07-29 10:02 - 01221130 _____ (Farbar) C:\Users\Hape\Desktop\FRST.exe 2013-07-29 10:02 - 2006-11-02 14:52 - 00098619 _____ C:\Windows\setupact.log 2013-07-28 13:48 - 2006-11-02 17:31 - 00000000 ____D C:\Windows\WindowsMobile 2013-07-28 13:32 - 2013-07-28 13:32 - 00000000 ____D C:\Users\Hape\AppData\Roaming\Malwarebytes 2013-07-28 13:29 - 2013-07-28 13:29 - 00000910 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-07-28 13:29 - 2013-07-28 13:29 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-07-28 13:29 - 2013-07-28 13:29 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-07-28 13:22 - 2008-02-01 11:17 - 00008268 _____ C:\Users\Hape\AppData\Local\d3d9caps.dat 2013-07-28 12:54 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\tracing 2013-07-25 00:06 - 2007-12-22 13:21 - 00027744 _____ C:\Users\Hape\AppData\Roaming\nvModes.dat 2013-07-24 23:35 - 2010-02-23 16:25 - 00000000 ____D C:\Program Files\Lx_cats 2013-07-24 23:32 - 2010-02-16 13:27 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-24 23:32 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-07-24 22:46 - 2013-07-24 22:46 - 00000000 __SHD C:\found.004 2013-07-24 22:41 - 2013-02-02 17:04 - 00000000 ____D C:\Program Files\Origin 2013-07-24 22:14 - 2012-07-21 23:43 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-24 22:01 - 2010-02-16 13:27 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-24 14:42 - 2006-11-02 15:01 - 00032536 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-07-18 23:16 - 2010-02-23 16:21 - 00000000 ___RD C:\Users\Hape\Documents\Eigene Musik1 2013-07-13 09:01 - 2011-04-03 00:06 - 00001975 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-07-12 23:17 - 2013-07-12 23:15 - 00000000 ____D C:\Windows\system32\MRT 2013-07-12 20:48 - 2010-05-21 08:00 - 00000472 ____H C:\Windows\Tasks\Norton Security Scan for Hape.job 2013-07-12 16:12 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET 2013-07-12 14:57 - 2013-02-02 17:06 - 00000000 ____D C:\Users\Hape\AppData\Roaming\Origin 2013-07-12 14:57 - 2013-02-02 17:06 - 00000000 ____D C:\Users\Hape\AppData\Local\Origin 2013-07-12 14:48 - 2008-04-17 17:17 - 01722128 _____ C:\Windows\system32\FNTCACHE.DAT 2013-07-12 14:45 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\system32\XPSViewer 2013-07-12 00:21 - 2007-08-14 07:22 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-07-12 00:09 - 2006-11-02 14:37 - 00000000 ____D C:\Program Files\Windows Journal 2013-07-11 21:17 - 2008-06-18 19:42 - 00000000 ____D C:\Program Files\Common Files\Java 2013-07-11 21:16 - 2013-07-11 21:17 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-07-11 21:16 - 2013-07-11 21:17 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-07-11 21:16 - 2013-07-11 21:17 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-07-11 21:16 - 2013-07-11 21:17 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2013-07-11 21:16 - 2012-05-10 19:33 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npdeployJava1.dll 2013-07-11 21:16 - 2010-04-18 20:54 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll 2013-07-07 14:00 - 2011-08-12 22:03 - 00000974 _____ C:\Windows\Tasks\Google Software Updater.job 2013-07-03 20:48 - 2012-05-13 19:12 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-07-02 22:33 - 2013-07-02 22:33 - 00000000 ____D C:\Program Files\Mozilla Firefox ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-29 18:48 ==================== End Of Log ============================ --- --- --- [/CODE] Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-07-2013 Ran by Hape at 2013-07-29 19:08:27 Running from G:\ Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Update for Microsoft Office 2007 (KB2508958) ACDSee 10 Foto-Manager (Version: 10.0.219) Acer Crystal Eye webcam (Version: 1.0.13) Acer Crystal Eye webcam (Version: 5.7.29.500-1.0) Acer eAudio Management (Version: 2.5.4012) Acer eDataSecurity Management (Version: 2.5.4241) Acer eLock Management (Version: 2.5.4008) Acer Empowering Technology (Version: 2.5.4010) Acer eNet Management (Version: 2.6.4008) Acer ePower Management (Version: 2.5.4019) Acer ePresentation Management (Version: 2.5.4002) Acer eSettings Management (Version: 2.5.4011) Acer GridVista (Version: 2.68.622) Acer Mobility Center Plug-In (Version: 1.0.3003) Acer ScreenSaver (Version: 1.21.20070515) Acer Tour (Version: 2.0.1005) Acer VCM (Version: 2.05.3001.7175) Acronis*Disk Director Suite (Version: 10.0.2161) Acronis*True*Image*Home (Version: 11.0.8064) Adobe Acrobat 8 Professional - English, Français, Deutsch (Version: 8.1.2) Adobe Acrobat 8.1.2 Professional (Version: 8.1.2) Adobe After Effects CS3 (Version: 8) Adobe After Effects CS3 Presets (Version: 8) Adobe AIR (Version: 2.0.3.13070) Adobe Anchor Service CS3 (Version: 1.0) Adobe Asset Services CS3 (Version: 3) Adobe Bridge CS3 (Version: 2) Adobe Bridge Start Meeting (Version: 1.0) Adobe BridgeTalk Plugin CS3 (Version: 1.0) Adobe Camera Raw 4.0 (Version: 4.0) Adobe CMaps (Version: 1.0) Adobe Color - Photoshop Specific (Version: 1.0) Adobe Color Common Settings (Version: 1.0.1) Adobe Color EU Recommended Settings (Version: 1.0) Adobe Color JA Extra Settings (Version: 1.0) Adobe Color NA Extra Settings (Version: 1.0) Adobe Contribute CS3 (Version: 4.1) Adobe Creative Suite 3 Master Collection (Version: 1.0) Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen (Version: 1.0) Adobe Default Language CS3 (Version: 1.0) Adobe Device Central CS3 (Version: 1.0) Adobe Dreamweaver CS3 (Version: 9) Adobe ExtendScript Toolkit 2 (Version: 2.0.2) Adobe Extension Manager CS3 (Version: 1.8) Adobe Fireworks CS3 (Version: 9.0) Adobe Flash CS3 (Version: 9.0) Adobe Flash Player 10 ActiveX (Version: 10.0.22.87) Adobe Flash Player 11 Plugin (Version: 11.7.700.224) Adobe Flash Video Encoder (Version: 2.0) Adobe Fonts All (Version: 1.0) Adobe Help Viewer CS3 (Version: 1) Adobe Illustrator CS3 (Version: 13.0) Adobe InDesign CS3 (Version: 5.0) Adobe InDesign CS3 Icon Handler (Version: 5.0) Adobe Linguistics CS3 (Version: 3.0.0) Adobe MotionPicture Color Files (Version: 1.0) Adobe PDF Library Files (Version: 8.0) Adobe Photoshop CS3 (Version: 10) Adobe Reader X (10.1.7) - Deutsch (Version: 10.1.7) Adobe Setup (Version: 1.0) Adobe Shockwave Player 11.5 (Version: 11.5.9.620) Adobe SING CS3 (Version: 0.1) Adobe Soundbooth CS3 (Version: 1) Adobe Soundbooth CS3 Codecs (Version: 3) Adobe Stock Photos CS3 (Version: 1.5) Adobe Type Support (Version: 1.0) Adobe Update Manager CS3 (Version: 5.1.0) Adobe Version Cue CS3 Client (Version: 3) Adobe Video Profiles (Version: 1.0) Adobe WAS CS3 (Version: 1.0) Adobe WinSoft Linguistics Plugin (Version: 1.0) Adobe XMP DVA Panels CS3 (Version: 1.0) Adobe XMP Panels CS3 (Version: 1.0) Advertising Center (Version: 0.0.0.1) AHV content for Acrobat and Flash (Version: 1) Avira Free Antivirus (Version: 12.1.9.2400) Bouquet Wizard Casino at bet365 DHTML Editing Component (Version: 6.02.0001) DolbyFiles (Version: 2.0) DumpTimer EA Link (Version: 3.1.1.4) Fritz11 (Version: 11) FUSSBALL MANAGER 13 (Version: 1.0.0.0) Gamers.IRC 5.25 Google Chrome (Version: 28.0.1500.72) Google Earth (Version: 7.0.3.8542) Google Toolbar for Internet Explorer (Version: 1.0.0) Google Toolbar for Internet Explorer (Version: 7.5.4209.2358) Google Update Helper (Version: 1.3.21.153) Google Updater (Version: 2.4.2432.1652) HDAUDIO Soft Data Fax Modem with SmartCP ImagXpress (Version: 7.0.74.0) Intel Matrix Storage Manager Java 7 Update 25 (Version: 7.0.250) Java Auto Updater (Version: 2.1.9.5) Java(TM) 6 Update 37 (Version: 6.0.370) Java(TM) 6 Update 6 (Version: 1.6.0.60) Java(TM) 6 Update 7 (Version: 1.6.0.70) king.com (remove only) Launch Manager Lexmark 5400 Series LightScribe 1.4.142.1 (Version: 1.4.142.1) Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) McAfee Security Scan Plus (Version: 3.0.318.3) Menu Templates - Starter Kit (Version: 9.0.4.0) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000) Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office File Validation Add-In (Version: 14.0.5130.5003) Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1) Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000) Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Movie Templates - Starter Kit (Version: 9.0.4.0) Mozilla Firefox 22.0 (x86 de) (Version: 22.0) Mozilla Maintenance Service (Version: 22.0) Mozilla Thunderbird 17.0.7 (x86 de) (Version: 17.0.7) MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0) MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) Nero 9 Nero BurningROM (Version: 9.0.0.0) Nero ControlCenter (Version: 9.0.0.1) Nero DiscSpeed (Version: 4.99.5.105) Nero DriveSpeed (Version: 3.99.5.105) Nero InfoTool (Version: 5.99.5.105) Nero Installer (Version: 2.0.0.1) NeroBurningROM (Version: 9.0.6.100) Norton Security Scan (Version: 2.7.3.34) Nur Deinstallierung der CopyTrans Suite möglich. NVIDIA Drivers Origin (Version: 9.0.11.77) PDF Settings (Version: 1.0) PokerStars.net PowerProducer 3.72 (Version: 074324(3.7)_Vista_Acer) RealPlayer Realtek High Definition Audio Driver (Version: 6.0.1.5470) RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (Version: 3.51.01) SCHLECKER Foto Digital Service SPEEDLINK Strike 2 Gamepad (Version: 2007.08.17) Synaptics Pointing Device Driver (Version: 9.2.3.1) TeamViewer 4 Total Commander (Remove or Repair) UltraEdit 14.10 (Version: 14.1.3) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition Update für Microsoft Office Excel 2007 Help (KB963678) Update für Microsoft Office Outlook 2007 Help (KB963677) Update für Microsoft Office Powerpoint 2007 Help (KB963669) Update für Microsoft Office Word 2007 Help (KB963665) Update Service (Version: 2.9.2.12) VideoLAN VLC media player 0.8.6i (Version: 0.8.6i) WIDCOMM Bluetooth Software 6.0.1.4900 (Version: 6.0.1.4900) Winbond CIR Drivers (Version: 7.60.1002) Windows Media Player Firefox Plugin (Version: 1.0.0.8) Windows Mobile-Gerätecenter (Version: 6.1.6965.0) Windows Mobile-Gerätecenter: Treiberupdate (Version: 6.1.6965.0) WinRAR ==================== Restore Points ========================= 16-07-2013 15:45:17 Geplanter Prüfpunkt 16-07-2013 20:20:29 Windows Update 18-07-2013 20:01:20 Geplanter Prüfpunkt 19-07-2013 19:36:18 Geplanter Prüfpunkt 20-07-2013 19:50:15 Geplanter Prüfpunkt 21-07-2013 17:28:41 Geplanter Prüfpunkt 24-07-2013 18:59:56 Windows Update ==================== Hosts content: ========================== 2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {12A776A5-F9AB-4657-AA5D-A72AC7322CEB} - System32\Tasks\Norton Security Scan for Hape => C:\Program Files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-06-28] (Symantec Corporation) Task: {12B29A7A-75E2-4F7C-A3EC-24D924A52C5C} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation) Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {41E5044B-1061-409F-9786-9E237E913D87} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-16] (Google Inc.) Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation) Task: {5AB7C068-319D-4FAB-8649-6364138B4F2D} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-16] (Google) Task: {6BF2B7B9-6838-4921-A462-5DE1C6B79983} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-19] (Microsoft Corp.) Task: {8DDB4752-E7A3-452D-8051-A541DBEA0093} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated) Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-19] (Microsoft Corporation) Task: {BF9F9B5D-2205-4AA5-BC6B-840B195AE856} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-16] (Google Inc.) Task: {C5D936BA-5925-49AE-8F7D-2D2949A6FAC1} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] () Task: {EBC5774C-6526-47D9-ACA3-1322995220C3} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-19] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Norton Security Scan for Hape.job => C:\Program Files\Norton Security Scan\Engine\2.7.3.34\Nss.exe ==================== Faulty Device Manager Devices ============= Name: 6TO4 Adapter Description: Microsoft-6zu4-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: 6TO4 Adapter Description: Microsoft-6zu4-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: isatap.{2B92099C-A056-4167-B550-5C9C8CCAA518} Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: isatap.{2B92099C-A056-4167-B550-5C9C8CCAA518} Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: isatap.{2B92099C-A056-4167-B550-5C9C8CCAA518} Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: isatap.{2B92099C-A056-4167-B550-5C9C8CCAA518} Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Microsoft-ISATAP-Adapter Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: isatap.{2B92099C-A056-4167-B550-5C9C8CCAA518} Description: Microsoft-ISATAP-Adapter Class Guid: Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: isatap.{2B92099C-A056-4167-B550-5C9C8CCAA518} Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Broadcom NetLink (TM) Gigabit Ethernet Description: Broadcom NetLink (TM) Gigabit Ethernet Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Broadcom Service: b57nd60x Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Could not start eventlog service, could not read events. Windows-Ereignisprotokoll wird gestartet. Windows-Ereignisprotokoll konnte nicht gestartet werden. Ein Systemfehler ist aufgetreten. Systemfehler 1747 aufgetreten. Der Authentifizierungsdienst ist unbekannt. ==================== Memory info =========================== Percentage of memory in use: 54% Total physical RAM: 2045.68 MB Available physical RAM: 923.43 MB Total Pagefile: 4332.36 MB Available Pagefile: 3045.04 MB Total Virtual: 2047.88 MB Available Virtual: 1918.95 MB ==================== Drives ================================ Drive c: (ACER) (Fixed) (Total:111.69 GB) (Free:29.34 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (DATA) (Fixed) (Total:108.19 GB) (Free:107.99 GB) NTFS Drive e: (SecureDrive) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS Drive g: (SARDU) (Removable) (Total:14.94 GB) (Free:4.26 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 233 GB) (Disk ID: F229A80C) Partition 1: (Not Active) - (Size=10 GB) - (Type=12) Partition 2: (Active) - (Size=112 GB) - (Type=06) Partition 3: (Not Active) - (Size=108 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=3 GB) - (Type=12) ======================================================== Disk: 1 (Size: 15 GB) (Disk ID: F0ACF0AC) Partition 1: (Active) - (Size=15 GB) - (Type=0B) ==================== End Of Log ============================ |
29.07.2013, 20:01 | #6 |
/// the machine /// TB-Ausbilder | Notebook spielt verrückt - Kein Internetverbindung mehr möglich - lässt sich kaum noch bedienenESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> Notebook spielt verrückt - Kein Internetverbindung mehr möglich - lässt sich kaum noch bedienen |
30.07.2013, 14:14 | #7 |
| Notebook spielt verrückt - Kein Internetverbindung mehr möglich - lässt sich kaum noch bedienen Hi schrauber, erst einmal besten Dank für die bisherige Hilfe. Leider kann ich aber mit den nächsten Punkten nicht fortfahren, da wie weiter oben geschrieben, weiterhin keine Internetverbindung zustande kommt, weder per Lan noch per Wlan. Zudem kommt auch die Meldung kann keine Windowsdienste starten bzw kann keine Verbindung zu Diensten herstellen. Leider will aber ESET einen Online-Update machen Danke Gruß Hape |
30.07.2013, 14:19 | #8 |
/// the machine /// TB-Ausbilder | Notebook spielt verrückt - Kein Internetverbindung mehr möglich - lässt sich kaum noch bedienen Ups, hab ich dran vorbei gelesen Downloade dir bitte Farbar Service Scanner
Poste bitte den Inhalt hier.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
30.07.2013, 14:42 | #9 |
| Notebook spielt verrückt - Kein Internetverbindung mehr möglich - lässt sich kaum noch bedienen :-) Kann ja passieren, bei so viel Text :-) Hier die Logdatei von FSS: Code:
ATTFilter Farbar Service Scanner Version: 26-07-2013 Ran by Hape (administrator) on 30-07-2013 at 15:39:55 Running from "G:\" Microsoft« Windows VistaÖ Home Premium Service Pack 2 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Dnscache Service is not running. Checking service configuration: The start type of Dnscache service is OK. The ImagePath of Dnscache service is OK. The ServiceDll of Dnscache service is OK. Dhcp Service is not running. Checking service configuration: The start type of Dhcp service is OK. The ImagePath of Dhcp service is OK. The ServiceDll of Dhcp service is OK. Connection Status: ============== Attempt to access Local Host IP returned error: Localhost is blocked: Other errors LAN connected. Attempt to access Google IP returned error. Other errors Attempt to access Google.com returned error: Other errors Attempt to access Yahoo.com returned error: Other errors Windows Firewall: ============= MpsSvc Service is not running. Checking service configuration: The start type of MpsSvc service is OK. The ImagePath of MpsSvc service is OK. The ServiceDll of MpsSvc service is OK. Checking LEGACY_MpsSvc: ATTENTION!=====> Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist. Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is OK. The ImagePath of wuauserv service is OK. The ServiceDll of wuauserv service is OK. BITS Service is not running. Checking service configuration: The start type of BITS service is OK. The ImagePath of BITS service is OK. The ServiceDll of BITS service is OK. Checking LEGACY_BITS: ATTENTION!=====> Unable to open LEGACY_BITS\0000 registry key. The key does not exist. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== File Check: ======== C:\Windows\system32\nsisvc.dll => MD5 is legit C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit C:\Windows\system32\dhcpcsvc.dll => MD5 is legit C:\Windows\system32\Drivers\afd.sys => MD5 is legit C:\Windows\system32\Drivers\tdx.sys => MD5 is legit C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit C:\Windows\system32\dnsrslvr.dll => MD5 is legit C:\Windows\system32\mpssvc.dll => MD5 is legit C:\Windows\system32\bfe.dll => MD5 is legit C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit C:\Windows\system32\SDRSVC.dll => MD5 is legit C:\Windows\system32\vssvc.exe => MD5 is legit C:\Windows\system32\wscsvc.dll => MD5 is legit C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\system32\wuaueng.dll => MD5 is legit C:\Windows\system32\qmgr.dll => MD5 is legit C:\Windows\system32\es.dll => MD5 is legit C:\Windows\system32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\system32\ipnathlp.dll => MD5 is legit C:\Windows\system32\iphlpsvc.dll => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit **** End of log **** |
31.07.2013, 06:51 | #10 |
/// the machine /// TB-Ausbilder | Notebook spielt verrückt - Kein Internetverbindung mehr möglich - lässt sich kaum noch bedienen Downloade dir bitte Windows Repair (All In One) von hier.
Dann nochmal ein frisches FSS log bitte
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
31.07.2013, 19:06 | #11 |
| Notebook spielt verrückt - Kein Internetverbindung mehr möglich - lässt sich kaum noch bedienen Hi Leider kann ich bei Start Repair nicht weiter machen. Da bricht es jedesmal ab mit folgender Fehlermeldung: Execute processes remotely funktioniert nicht mehr. Wenn ich dann auf ok klicke, schliesst sich das Programm, bzw der Step und macht dann beim nächsten Step weiter. Und kommt dann wieder diese Fehlermeldung. Nach Step2 und Step3 sind aber die oben genannten Fehler immer noch vorhanden. Langsam verzweifle ich :-) Ich mache das jetzt mal im abgesicherten Modus, obwohl dann bestimmt einige Reparaturversuche im Abgesicherten Modus nicht möglich sein werden, oder ? Danke Gruß Hape |
31.07.2013, 20:02 | #12 |
/// the machine /// TB-Ausbilder | Notebook spielt verrückt - Kein Internetverbindung mehr möglich - lässt sich kaum noch bedienen Doch sollten gehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Notebook spielt verrückt - Kein Internetverbindung mehr möglich - lässt sich kaum noch bedienen |
antivir, betriebssystem, booten, einfach, gen, heise, interne, internetverbindung, klicke, klicken, neue, notebook, pornoseiten, scan, schaltet, schliessen, schnell, spiel, verbindung, verrückt, vista, windows, windows vista, wlan, öffnen |