Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Windows 7: PUP.Optional.OpenCandy mit Malwarebytes gefunden

Windows 7: PUP.Optional.OpenCandy mit Malwarebytes gefunden


Plagegeister aller Art und deren Bekämpfung: Windows 7: PUP.Optional.OpenCandy mit Malwarebytes gefunden

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.08.2013, 20:10   #1
XChristina
 
Windows 7: PUP.Optional.OpenCandy mit Malwarebytes gefunden - Standard

Windows 7: PUP.Optional.OpenCandy mit Malwarebytes gefunden


Hallo liebe Forumsmitglieder,

ich habe heute einen routinemäßigen Scan mit Malwarebytes durchgeführt und dabei wurde 1 infizierte Datei mit "PUP.Optional.OpenCandy" gefunden. Was ist das für ein Schädling, bzw. was macht der?

Hier das Logile aus Malwarebytes:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.09.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16635
Administrator :: *** [Administrator]

09.08.2013 16:47:14
MBAM-log-2013-08-09 (19-11-18).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 387151
Laufzeit: 2 Stunde(n), 19 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\temp\winamp563_full_emusic-7plus_all.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.

(Ende)
Anschließend bin ich hier her ins Forum und bin Schritt für Schritt Eure Anleitung durchgegangen. Nachfolgend die Logfiles dazu.

1. gefogger:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:25 on 09/08/2013 (Administrator)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
2. FRST

Addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-08-2013 02
Ran by Xenia at 2013-08-09 19:28:43
Running from C:\Users\Xenia\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 Update for Microsoft Office 2007 (KB2508958)
1&1 Surf-Stick (Version: 1.0.0.2)
Ad-Aware Antivirus (Version: 10.4.47.4163)
Ad-Aware Browsing Protection (Version: 1.0.1.80)
Adobe AIR (Version: 2.0.2.12610)
Adobe Digital Editions 2.0 (Version: 2.0)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03)
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
Avira Free Antivirus (Version: 13.0.0.3885)
Bing Bar (Version: 7.0.619.0)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 4.04)
CD Bremse 1.49 (Version: 1.49)
CDBurnerXP (Version: 4.4.2.3442)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
D3DX10 (Version: 15.4.2368.0902)
dm-Fotowelt
Druckerdeinstallation für EPSON SX210 Series
EPSON Scan
Feedback Tool (Version: 1.1.0)
Feedback Tool (Version: 1.2.0)
Fraps
Free CD to MP3 Converter
Google Chrome (Version: 28.0.1500.95)
Google Earth (Version: 7.1.1.1888)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Update Helper (Version: 1.3.21.153)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.1883)
Intel® Matrix Storage Manager
iTunes (Version: 11.0.1.12)
Junk Mail filter update (Version: 15.4.3502.0922)
machsmit saver
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (Version: 14.0.5120.5000)
Microsoft Reader
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Mobile Partner (Version: 21.005.15.00.705)
Mozilla Firefox 23.0 (x86 de) (Version: 23.0)
Mozilla Maintenance Service (Version: 17.0.8)
Mozilla Thunderbird 17.0.8 (x86 de) (Version: 17.0.8)
MSVCRT (Version: 15.4.2862.0708)
OpenOffice.org 3.4.1 (Version: 3.41.9593)
Paint.NET v3.5.10 (Version: 3.60.0)
PDFCreator (Version: 1.1.0)
PlayReady PC Runtime x86 (Version: 1.3.0)
Realtek 8136 8168 8169 Ethernet Driver (Version: 1.00.0005)
Realtek High Definition Audio Driver (Version: 6.0.1.5904)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30101)
Realtek WLAN Driver (Version: 2.00.0006)
SkillsTraining für Borderline-Patienten (Version: 1.1.34)
Skype Toolbars (Version: 1.0.4051)
Skype(TM) Launcher
Skype™ 5.10 (Version: 5.10.116)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Streamripper (Remove only)
Synaptics Pointing Device Driver (Version: 13.2.6.1)
TOSHIBA Assist (Version: 2.01.11)
TOSHIBA Bulletin Board (Version: 1.0.04.32)
TOSHIBA ConfigFree (Version: 8.0.21)
TOSHIBA Disc Creator (Version: 2.1.0.1)
TOSHIBA DVD PLAYER (Version: 3.01.0.07-A)
TOSHIBA eco Utility (Version: 1.1.10.0)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Face Recognition (Version: 3.1.1.32)
TOSHIBA Flash Cards Support Utility (Version: 1.63.0.4C)
TOSHIBA Hardware Setup (Version: 1.63.0.11C)
TOSHIBA HDD/SSD Alert (Version: 3.1.0.0)
Toshiba Manuals (Version: 10.00)
Toshiba Online Product Information (Version: 2.08.0001)
TOSHIBA PC Health Monitor (Version: 1.4.1.0)
Toshiba Photo Service - powered by myphotobook (Version: 1.0.0)
Toshiba Photo Service - powered by myphotobook (Version: 1.0.0-663)
TOSHIBA Recovery Media Creator (Version: 2.1.0.2)
TOSHIBA ReelTime (Version: 1.0.04.32)
TOSHIBA SD Memory Utilities (Version: 1.8.1.8)
TOSHIBA Service Station (Version: 2.1.33)
TOSHIBA Supervisor Password (Version: 1.63.0.7C)
TOSHIBA Supervisorkennwort (Version: 1.63.0.7C)
Toshiba TEMPRO (Version: 3.05)
TOSHIBA Value Added Package (Version: 1.2.25)
TOSHIBA Web Camera Application (Version: 1.1.1.4)
TRORMCLauncher (Version: 1.0.0.7)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Utility Common Driver (Version: 1.0.50.27C)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
WildTangent-Spiele (Version: 1.0.0.71)
Winamp (Version: 5.63 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live Fotogalerie (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
 

==================== Restore Points  =========================

Could not list Restore Points.


==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/09/2013 02:03:38 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (08/08/2013 10:18:57 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (08/07/2013 01:58:10 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 90080108

Error: (08/07/2013 00:20:02 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (08/06/2013 06:50:09 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (08/05/2013 11:18:11 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 90080108

Error: (08/05/2013 10:20:31 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 90080108

Error: (08/05/2013 11:10:50 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (08/05/2013 00:11:59 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 22.0.0.4917, Zeitstempel: 0x51c06b1b
Name des fehlerhaften Moduls: xul.dll, Version: 22.0.0.4917, Zeitstempel: 0x51c06a5b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00173668
ID des fehlerhaften Prozesses: 0x122c
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (08/04/2013 09:36:01 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005


System errors:
=============
Error: (08/09/2013 01:07:58 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
Lbd

Error: (08/09/2013 01:07:53 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Notebook Performance Tuning Service (TEMPRO) erreicht.

Error: (08/09/2013 01:07:23 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (08/09/2013 01:07:23 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.

Error: (08/08/2013 04:11:06 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
Lbd

Error: (08/08/2013 04:11:04 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Notebook Performance Tuning Service (TEMPRO) erreicht.

Error: (08/08/2013 04:10:34 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (08/08/2013 04:10:34 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.

Error: (08/08/2013 09:18:12 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
Lbd

Error: (08/08/2013 09:18:10 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Notebook Performance Tuning Service (TEMPRO) erreicht.


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 50%
Total physical RAM: 2908.88 MB
Available physical RAM: 1435.69 MB
Total Pagefile: 5816.04 MB
Available Pagefile: 4065.36 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.41 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:232.42 GB) (Free:196.05 GB) NTFS
Drive d: (Data) (Fixed) (Total:232.95 GB) (Free:223.66 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================
Frst.txt

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-08-2013 02
Ran by Xenia (ATTENTION: The logged in user is not administrator) on 09-08-2013 19:28:16
Running from C:\Users\Xenia\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TEco.exe
() C:\Program Files\1&1 Surf-Stick\UIExec.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Lavasoft Limited) C:\PROGRA~1\AD-AWA~1\AdAware.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IELowutil.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SVPWUTIL] - C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2009-08-12] (TOSHIBA)
HKLM\...\Run: [HWSetup] - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [425984 2009-06-02] (TOSHIBA Electronics, Inc.)
HKLM\...\Run: [KeNotify] - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2009-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [466792 2009-08-06] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [29528 2009-08-06] (TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [476512 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [521528 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [738616 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [163840 2009-07-29] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1324384 2009-08-26] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [611672 2009-08-06] (TOSHIBA Corporation)
HKLM\...\Run: [TWebCamera] - C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2446648 2009-08-11] (TOSHIBA CORPORATION.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [UIExec] - C:\Program Files\1&1 Surf-Stick\UIExec.exe [153424 2011-08-25] ()
HKLM\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [542104 2012-11-16] (Lavasoft)
HKLM\...\Run: [Ad-Aware Antivirus] - "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-01] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM\...\RunOnce: [InnoSetupRegFile.0000000001] - "C:\Windows\is-31HU7.exe" /REG /REGSVRMODE [711240 2012-05-19] ()
HKLM\...\RunOnce: [InnoSetupRegFile.0000000002] - "C:\Windows\is-VSNNF.exe" /REG /REGSVRMODE [712264 2013-06-04] ()
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe
HKCU\...\Run: [EPSON SX210 Series] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE /FU "C:\Windows\TEMP\E_SDBFD.tmp" /EF "HKCU" [x]

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
URLSearchHook: (No Name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} -  No File
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {28248EBC-CDBF-48C0-9288-9A118F76425C} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
SearchScopes: HKCU - {68DD1AE1-D9E3-4A4E-8532-D2BE05EF301F} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {858ED059-FC1B-46CB-9EAF-1C3392CF74DD} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value - 
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{B0EB1269-41B4-4D2F-AED1-FA32ABBAD3F7}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{CA2251A6-FD33-4CB1-B0B1-D6BDD92208E8}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{EF04765F-3394-4843-A01C-3CD9052CA7B6}: [NameServer]193.189.244.206 193.189.244.225

FireFox:
========
FF ProfilePath: C:\Users\Xenia\AppData\Roaming\Mozilla\Firefox\Profiles\bws2gv2g.default
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Xenia\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Lavasoft Search Plugin - C:\Users\Xenia\AppData\Roaming\Mozilla\Firefox\Profiles\bws2gv2g.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack
FF Extension: NewTabURL - C:\Users\Xenia\AppData\Roaming\Mozilla\Firefox\Profiles\bws2gv2g.default\Extensions\newtaburl@sogame.cat
FF Extension: No Name - C:\Users\Xenia\AppData\Roaming\Mozilla\Firefox\Profiles\bws2gv2g.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [widgetruntime@surfsecret.com] C:\Program Files\Panda Security\Panda ID Protect\Firefox
FF Extension: Panda Identity Protect - C:\Program Files\Panda Security\Panda ID Protect\Firefox

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.de/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 Ad-Aware Service; C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe [1236368 2012-12-07] (Lavasoft Limited)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-08-10] (TOSHIBA CORPORATION)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
S3 GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [250616 2009-05-22] (WildTangent, Inc.)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
R2 lmhosts; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S2 Mobile Partner. RunOuc; C:\Program Files\Mobile Partner\UpdateDog\ouc.exe [246112 2011-12-28] ()
R2 NlaSvc; C:\Windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 SBAMSvc; C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
S2 TemproMonitoringService; C:\Program Files\Toshiba TEMPRO\TemproSvc.exe [116104 2009-08-06] (Toshiba Europe GmbH)
S3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-08-17] (TOSHIBA Corporation)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [185712 2009-08-27] (TOSHIBA Corporation)
R3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-08-03] (TOSHIBA Corporation)
R3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [685424 2009-08-06] (TOSHIBA Corporation)
R2 UI Assistant Service; C:\Program Files\1&1 Surf-Stick\AssistantServices.exe [270672 2011-08-25] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-03-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-03-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-28] (Avira Operations GmbH & Co. KG)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2012-12-08] (GFI Software)
R3 LPCFilter; C:\Windows\system32\DRIVERS\LPCFilter.sys [36208 2009-07-30] (COMPAL ELECTRONIC INC.)
S3 massfilter; C:\Windows\System32\drivers\massfilter.sys [9216 2011-03-26] (MBB Incorporated)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-08-09] (Malwarebytes Corporation)
R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-22] (TOSHIBA Corporation)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [379904 2010-03-31] (Realtek Semiconductor Corporation                           )
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-19] (TOSHIBA Corporation)
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
S0 Lbd; system32\DRIVERS\Lbd.sys [x]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-09 19:26 - 2013-08-09 19:26 - 01230104 _____ (Farbar) C:\Users\Xenia\Desktop\FRST.exe
2013-08-09 19:24 - 2013-08-09 19:25 - 00000488 _____ C:\Users\Xenia\Desktop\defogger_disable.log
2013-08-09 19:24 - 2013-08-09 19:24 - 00000000 _____ C:\Users\Administrator\defogger_reenable
2013-08-09 19:23 - 2013-08-09 19:23 - 00050477 _____ C:\Users\Xenia\Desktop\Defogger.exe
2013-08-09 16:46 - 2013-08-09 16:47 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-08-09 13:07 - 2013-08-09 13:07 - 00000056 _____ C:\Windows\setupact.log
2013-08-09 13:07 - 2013-08-09 13:07 - 00000000 _____ C:\Windows\setuperr.log
2013-08-08 20:28 - 2013-08-09 13:07 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-08 20:28 - 2013-08-08 20:28 - 00000000 ____D C:\ProgramData\Mozilla
2013-08-08 20:24 - 2013-08-08 20:24 - 04429440 _____ (Piriform Ltd) C:\Users\Administrator\Downloads\ccsetup404(1).exe
2013-08-08 20:22 - 2013-08-08 20:22 - 04429440 _____ (Piriform Ltd) C:\Users\Administrator\Downloads\ccsetup404.exe
2013-08-08 20:22 - 2013-08-08 20:22 - 00000000 ____D C:\Users\Administrator\AppData\Local\Macromedia
2013-07-29 16:48 - 2013-07-29 16:48 - 00002177 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-07-11 13:06 - 2013-07-11 13:08 - 00000000 ____D C:\Windows\system32\MRT
2013-07-10 09:23 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 09:23 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-10 09:23 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 09:23 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 09:23 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-10 09:23 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 09:23 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-10 09:23 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 09:23 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 09:23 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 09:23 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 09:23 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-10 09:23 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-10 09:23 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-10 09:23 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-10 09:23 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 09:15 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 09:15 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 09:15 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 09:15 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

==================== One Month Modified Files and Folders =======

2013-08-09 19:26 - 2013-08-09 19:26 - 01230104 _____ (Farbar) C:\Users\Xenia\Desktop\FRST.exe
2013-08-09 19:25 - 2013-08-09 19:24 - 00000488 _____ C:\Users\Xenia\Desktop\defogger_disable.log
2013-08-09 19:24 - 2013-08-09 19:24 - 00000000 _____ C:\Users\Administrator\defogger_reenable
2013-08-09 19:24 - 2010-06-25 14:05 - 00000000 ____D C:\Users\Administrator
2013-08-09 19:23 - 2013-08-09 19:23 - 00050477 _____ C:\Users\Xenia\Desktop\Defogger.exe
2013-08-09 18:53 - 2013-03-23 14:48 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-09 18:46 - 2010-08-04 15:35 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-09 16:47 - 2013-08-09 16:46 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-08-09 13:16 - 2009-07-14 06:34 - 00016080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-09 13:16 - 2009-07-14 06:34 - 00016080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-09 13:07 - 2013-08-09 13:07 - 00000056 _____ C:\Windows\setupact.log
2013-08-09 13:07 - 2013-08-09 13:07 - 00000000 _____ C:\Windows\setuperr.log
2013-08-09 13:07 - 2013-08-08 20:28 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-09 13:07 - 2010-08-04 15:35 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-09 13:07 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-09 00:10 - 2010-06-25 02:10 - 01606249 _____ C:\Windows\WindowsUpdate.log
2013-08-08 20:42 - 2010-07-02 19:06 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2013-08-08 20:35 - 2011-10-30 22:54 - 00002039 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2013-08-08 20:35 - 2011-10-30 22:54 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-08-08 20:28 - 2013-08-08 20:28 - 00000000 ____D C:\ProgramData\Mozilla
2013-08-08 20:28 - 2010-12-15 19:03 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-08 20:25 - 2009-09-07 09:36 - 00000000 ____D C:\Windows\Panther
2013-08-08 20:24 - 2013-08-08 20:24 - 04429440 _____ (Piriform Ltd) C:\Users\Administrator\Downloads\ccsetup404(1).exe
2013-08-08 20:24 - 2010-12-12 18:54 - 00000972 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-08 20:24 - 2010-06-25 18:09 - 00000000 ____D C:\Program Files\CCleaner
2013-08-08 20:22 - 2013-08-08 20:22 - 04429440 _____ (Piriform Ltd) C:\Users\Administrator\Downloads\ccsetup404.exe
2013-08-08 20:22 - 2013-08-08 20:22 - 00000000 ____D C:\Users\Administrator\AppData\Local\Macromedia
2013-07-29 16:48 - 2013-07-29 16:48 - 00002177 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-07-29 16:48 - 2009-09-07 10:08 - 00000000 ____D C:\Program Files\Google
2013-07-14 09:50 - 2012-05-06 09:55 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-07-14 09:50 - 2011-05-22 10:00 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-07-11 13:08 - 2013-07-11 13:06 - 00000000 ____D C:\Windows\system32\MRT
2013-07-10 11:12 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-10 09:41 - 2009-09-07 09:50 - 01507340 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-10 09:34 - 2009-07-14 06:33 - 00426520 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-10 09:33 - 2009-09-07 10:24 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 09:32 - 2009-07-14 10:56 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 09:32 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 09:20 - 2009-09-07 10:18 - 00000000 ____D C:\ProgramData\Microsoft Help

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
3. GMER

Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-08-09 20:31:02
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.FG00 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\pxddrpob.sys


---- System - GMER 2.1 ----

SSDT            90D0535E                                   ZwCreateSection
SSDT            90D05368                                   ZwRequestWaitReplyPort
SSDT            90D05363                                   ZwSetContextThread
SSDT            90D0536D                                   ZwSetSecurityObject
SSDT            90D05372                                   ZwSystemDebugControl
SSDT            90D052FF                                   ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D   82C859F5 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2     82CBF1F2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7        82CC653C 4 Bytes  [5E, 53, D0, 90]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1553        82CC6898 4 Bytes  [68, 53, D0, 90]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1597        82CC68DC 4 Bytes  [63, 53, D0, 90] {ARPL [EBX-0x30], DX; NOP }
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1613        82CC6958 4 Bytes  [6D, 53, D0, 90]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1667        82CC69AC 4 Bytes  [72, 53, D0, 90]
.text           ...                                        
.text           C:\Windows\system32\DRIVERS\tos_sps32.sys  section is writeable [0x8B14D000, 0x3C849, 0xE8000020]
.dsrt           C:\Windows\system32\DRIVERS\tos_sps32.sys  unknown last section [0x8B192000, 0x3DC, 0x48000040]

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1    Wdf01000.sys

---- EOF - GMER 2.1 ----

Ich wäre sehr dankbar, wenn sich jemand das durchschaut und mir einen Ratschlag geben könnte, wie ich jetzt vorgehen muss, um den Schädling wieder loszukriegen.

Vielen Dank im Voraus.

Viele Grüße

Alt 09.08.2013, 21:42   #2
ryder
/// TB-Ausbilder
 
Windows 7: PUP.Optional.OpenCandy mit Malwarebytes gefunden - Standard

Windows 7: PUP.Optional.OpenCandy mit Malwarebytes gefunden


Da ist kein Schädling zu sehen. Lösche die gefundene Datei (die Werbung enthält) und gut ist.
__________________

__________________
Alt 11.08.2013, 10:30   #3
ryder
/// TB-Ausbilder
 
Windows 7: PUP.Optional.OpenCandy mit Malwarebytes gefunden - Standard

Windows 7: PUP.Optional.OpenCandy mit Malwarebytes gefunden


Schön, dass wir helfen konnten

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen

Falls du noch Lob oder Kritik loswerden möchtest, dann gibt es diesen Bereich hier: Lob, Kritik und Wünsche - Trojaner-Board
__________________
__________________
Antwort

Themen zu Windows 7: PUP.Optional.OpenCandy mit Malwarebytes gefunden
alert, antivirus, avg, bingbar, browser, ccsetup, device driver, error, excel, farbar, farbar recovery scan tool, firefox, flash player, helper, home, homepage, monitor, mp3, performance, pup.optional.opencandy, registry, scan, schädling, security, server, services.exe, software, svchost.exe, usb, windows, wlan


« Windows 8 fb downloader entfernen | Ads not by this Site Problem »


Ähnliche Themen: Windows 7: PUP.Optional.OpenCandy mit Malwarebytes gefunden


  1. Malwarebytes findet PUP.Optional.Koyote und PUP.Optional.OpenCandy
    Log-Analyse und Auswertung - 16.10.2014 (1)
  2. Windows XP: Malwarebytes hat PUP.Optional.OpenCandy gefunden
    Log-Analyse und Auswertung - 28.07.2014 (3)
  3. Windows 7 - WIN32.Application.lincury.B (EngineB) & PUP.Optional.OpenCandy gefunden
    Log-Analyse und Auswertung - 18.07.2014 (20)
  4. Security.Hijack, PUP.Optional.OpenCandy, PUP.Optional.Somoto, PUP.Optional.MoviesToolBar etc gefunden
    Plagegeister aller Art und deren Bekämpfung - 16.04.2014 (1)
  5. Windows Vista: Malwarebytes findet PUP.Optional.OpenCandy und Exploit.Drop.GS
    Log-Analyse und Auswertung - 26.03.2014 (8)
  6. Malwarebytes findet PUP.Optional.Iminent.A und PUP.Optional.OpenCandy
    Log-Analyse und Auswertung - 25.01.2014 (7)
  7. Malwarebytes hat PUP.Optional.OpenCandy und noch mehr Malware gefunden. 9 Funde insgesamt.
    Plagegeister aller Art und deren Bekämpfung - 25.01.2014 (3)
  8. WIN 7: PUP.Optional.OpenCandy mit Malwarebytes gefunden
    Plagegeister aller Art und deren Bekämpfung - 07.01.2014 (10)
  9. PUP.Optional.OpenCandy mit Malwarebytes gefunden
    Log-Analyse und Auswertung - 09.12.2013 (9)
  10. Windows 7, Malwarebytes findet PUP.Optional.OpenCandy
    Plagegeister aller Art und deren Bekämpfung - 28.11.2013 (9)
  11. malwarebytes findet Pup.optional.Tarma.a, Pup.optional.OpenCandy und Trojan.Downloader
    Log-Analyse und Auswertung - 13.10.2013 (12)
  12. Malwarebytes und Avira finden PUP.Optional.OpenCandy, PUP.Optional.Softonic, ADWARE/InstallCo.HF
    Log-Analyse und Auswertung - 14.09.2013 (9)
  13. Windows Vista: PUP.Optional.Tarma.A PUP.Optional.OpenCandy PUP.Optional.InstallCore.A
    Plagegeister aller Art und deren Bekämpfung - 11.09.2013 (13)
  14. pup.optional.opencandy von Malwarebytes gefunden
    Log-Analyse und Auswertung - 28.08.2013 (4)
  15. pup.optional.opencandy von Malwarebytes gefunden
    Log-Analyse und Auswertung - 20.08.2013 (7)
  16. PUP.Optional.OpenCandy mit Malwarebytes auf Win7 (64bit) gefunden
    Log-Analyse und Auswertung - 19.08.2013 (8)
  17. Windows 7: PUP.Optional.OpenCandy von MBAM gefunden
    Plagegeister aller Art und deren Bekämpfung - 14.08.2013 (9)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows 7: PUP.Optional.OpenCandy mit Malwarebytes gefunden - Hallo liebe Forumsmitglieder, ich habe heute einen routinemäßigen Scan mit Malwarebytes durchgeführt und dabei wurde 1 infizierte Datei mit " PUP.Optional.OpenCandy " gefunden. Was ist das für ein Schädling, bzw. - Windows 7: PUP.Optional.OpenCandy mit Malwarebytes gefunden...
Archiv
Du betrachtest: Windows 7: PUP.Optional.OpenCandy mit Malwarebytes gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19