USB-Stick mit Fehlermeldung "Fehlt recycler datei e621ca05.exe etc." - Log-File von ESET

schrauber · 20.08.2013, 17:06

Screenshot vom geöffneten Stick bitte.

benemey · 20.08.2013, 17:12

gern.

schrauber · 21.08.2013, 07:12

War der Stick bei den Scans die ganze Zeit angeschlossen? Stick bitte dran lassen.

ANTIMALWARE: Panda USB Vaccine - Download FREE - PANDA SECURITY
Laden und laufen lassen.

Combofix löschen und neu laden, laufen lassen und das Log posten

benemey · 21.08.2013, 11:38

Hallo, neuer Tag - neues Glück, hoffentlich.

danke dir jedenfalls !!!

USB-Stick war immer angeschlossen, ja.

Panda ausgeführt.

Combo ausgeführt. hier die log:

Code:

ATTFilter

Combofix Logfile:

	Code: 

 ATTFilter

  
	ComboFix 13-08-20.01 - User 21.08.2013  12:30:21.2.4 - x64
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.49.1031.18.3055.1842 [GMT 2:00]
ausgeführt von:: c:\users\User\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-07-21 bis 2013-08-21  ))))))))))))))))))))))))))))))
.
.
2013-08-21 10:34 . 2013-08-21 10:34	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-08-21 10:26 . 2013-08-21 10:26	--------	d-----w-	c:\programdata\Panda Security
2013-08-21 10:26 . 2013-08-21 10:26	--------	d-----w-	c:\program files (x86)\Panda USB Vaccine
2013-08-20 14:04 . 2013-08-20 14:04	--------	d-----w-	c:\windows\ERUNT
2013-08-20 13:57 . 2013-08-20 13:59	--------	d-----w-	C:\AdwCleaner
2013-08-20 13:42 . 2013-08-20 13:42	--------	d-----w-	c:\users\User\AppData\Roaming\Malwarebytes
2013-08-20 13:41 . 2013-08-20 13:41	--------	d-----w-	c:\programdata\Malwarebytes
2013-08-20 13:41 . 2013-08-20 13:41	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-20 13:41 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-08-20 13:39 . 2013-08-20 13:50	--------	d-----w-	c:\users\User\AppData\Roaming\Skype
2013-08-20 13:39 . 2013-08-20 13:39	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2013-08-20 13:39 . 2013-08-20 13:39	--------	d-----r-	c:\program files (x86)\Skype
2013-08-20 13:39 . 2013-08-20 13:39	--------	d-----w-	c:\programdata\Skype
2013-08-20 12:49 . 2013-08-20 12:49	--------	d-----w-	C:\FRST
2013-08-19 20:00 . 2013-08-19 20:00	--------	d-----w-	c:\program files (x86)\ESET
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-20 07:34 . 2013-04-23 15:45	78161360	----a-w-	c:\windows\system32\MRT.exe
2013-07-16 20:55 . 2013-05-07 21:14	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-16 20:55 . 2013-05-07 21:14	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-27 15:17 . 2013-05-07 14:55	83672	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-06-24 19:38 . 2013-06-24 19:38	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-24 19:38 . 2013-05-26 20:39	867240	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-06-24 19:38 . 2013-05-26 20:39	789416	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-06-05 03:34 . 2013-07-11 05:35	3153920	----a-w-	c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-11 05:35	624128	----a-w-	c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-11 05:35	509440	----a-w-	c:\windows\SysWow64\qedit.dll
2013-06-03 09:50 . 2007-01-02 19:38	499712	----a-w-	c:\windows\SysWow64\msvcp71.dll
2013-06-03 09:50 . 2006-12-10 19:39	348160	----a-w-	c:\windows\SysWow64\msvcr71.dll
2013-06-03 09:44 . 2013-06-03 09:44	715038	----a-w-	c:\windows\unins000.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-06-27 345144]
"ToolBoxFX"="c:\program files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2007-05-17 53248]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"HPUsageTracking"="c:\program files (x86)\HP\HP UT\bin\hppusg.exe" [2006-06-14 36864]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-05-20 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2013-06-03 295512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys;c:\windows\SYSNATIVE\DRIVERS\ASPI32.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys;c:\windows\SYSNATIVE\DRIVERS\S3XXx64.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 QDLService2kHP;Qualcomm Gobi 2000 Download Service (HP);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe;c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 qcfilterhp2k;HP un2420 Mobile Broadband Module USB Device Filter;c:\windows\system32\DRIVERS\qcfilterhp2k.sys;c:\windows\SYSNATIVE\DRIVERS\qcfilterhp2k.sys [x]
S3 qcombushp;Gobi 2000 USB Composite Device Driver(03F0-251D);c:\windows\system32\DRIVERS\qcombushp.sys;c:\windows\SYSNATIVE\DRIVERS\qcombushp.sys [x]
S3 qcusbnethp2k;Gobi 2000 USB-NDIS miniport(03F0-251D);c:\windows\system32\DRIVERS\qcusbnethp2k.sys;c:\windows\SYSNATIVE\DRIVERS\qcusbnethp2k.sys [x]
S3 qcusbserhp2k;Gobi 2000 USB Device for Legacy Serial Communication(03F0-251D);c:\windows\system32\DRIVERS\qcusbserhp2k.sys;c:\windows\SYSNATIVE\DRIVERS\qcusbserhp2k.sys [x]
S3 RICOH SmartCard Reader;RICOH SmartCard Reader;c:\windows\system32\DRIVERS\rismcx64.sys;c:\windows\SYSNATIVE\DRIVERS\rismcx64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-07 20:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-10-02 2041192]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-09-07 489472]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\dmkjop9h.default\
FF - prefs.js: browser.search.selectedEngine - Ecosia
FF - prefs.js: browser.startup.homepage - hxxp://de-mg42.mail.yahoo.com/neo/launch#mail
FF - prefs.js: network.proxy.http - proxy.bottop.de
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 2
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-08-21  12:37:06
ComboFix-quarantined-files.txt  2013-08-21 10:37
ComboFix2.txt  2013-08-20 13:23
.
Vor Suchlauf: 15 Verzeichnis(se), 109.329.256.448 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 109.151.391.744 Bytes frei
.
- - End Of File - - 15D9FD593104A7FC94B4743C7544F29E
         
 --- --- ---
A36C5E4F47E84449FF07ED3517B43A31

erwarte anweisungen. :P

schrauber · 21.08.2013, 12:54

Systemsteuerung > Ordneroptionen:

Versteckte Dateien anzeigen lassen
Haken raus bei geschützte Systemdateien ausblenden

Stick öffnen > Screenshot.

benemey · 21.08.2013, 13:01

dann sieht man so ne autorun datei.... ja...

schrauber · 21.08.2013, 13:51

diee bitte löschen.

benemey · 21.08.2013, 14:02

hm. problem bleibt. auch nach aus- und wieder reinstecken des sticks.

schrauber · 21.08.2013, 16:18

frisches FRST log bitte.

benemey · 22.08.2013, 07:33

Morgen !

frst:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-08-2013 02
Ran by User (administrator) on 22-08-2013 08:32:08
Running from C:\Users\User\Downloads
Windows 7 Enterprise Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(Validity Sensors, Inc.) C:\Windows\system32\vcsFPService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(QUALCOMM, Inc.) C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(HP) C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
( ) C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2041192 2012-10-02] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [489472 2010-09-08] (IDT, Inc.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKCU\...\Run: [Xvid] - C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ToolBoxFX] - C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe [53248 2007-05-17] (HP)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM-x32\...\Run: [HPUsageTracking] - C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe [36864 2006-06-14] ( )
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2013-06-03] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\dmkjop9h.default
FF SelectedSearchEngine: Ecosia
FF Homepage: hxxp://de-mg42.mail.yahoo.com/neo/launch#mail
FF NetworkProxy: "autoconfig_url", "hxxp://proxy.bottrop.de/proxy.pac"
FF NetworkProxy: "http", "proxy.bottop.de"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\dmkjop9h.default\searchplugins\ecosia.xml
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 QDLService2kHP; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe [1687360 2011-04-29] (QUALCOMM, Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]

==================== Drivers (Whitelisted) ====================

S3 ASPI; C:\Windows\SysWow64\DRIVERS\ASPI32.sys [84832 2002-07-17] (Adaptec)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-02-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-02-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-06] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 qcfilterhp2k; C:\Windows\System32\DRIVERS\qcfilterhp2k.sys [6400 2011-04-29] (QUALCOMM Incorporated)
R3 qcombushp; C:\Windows\System32\DRIVERS\qcombushp.sys [160328 2011-04-29] (MCCI)
R3 qcusbnethp2k; C:\Windows\System32\DRIVERS\qcusbnethp2k.sys [444416 2011-04-29] (QUALCOMM Incorporated)
R3 qcusbserhp2k; C:\Windows\System32\DRIVERS\qcusbserhp2k.sys [230784 2011-04-29] (QUALCOMM Incorporated)
R3 RICOH SmartCard Reader; C:\Windows\System32\DRIVERS\rismcx64.sys [79488 2006-10-03] (RICOH Company, Ltd.)
S3 ASPI; \??\C:\Windows\System32\DRIVERS\ASPI32.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-21 12:37 - 2013-08-21 12:37 - 00018797 _____ C:\ComboFix.txt
2013-08-21 12:26 - 2013-08-21 12:26 - 00823346 _____ C:\Users\User\Downloads\USBVaccine.zip
2013-08-21 12:26 - 2013-08-21 12:26 - 00000000 ____D C:\ProgramData\Panda Security
2013-08-21 12:26 - 2013-08-21 12:26 - 00000000 ____D C:\Program Files (x86)\Panda USB Vaccine
2013-08-21 12:26 - 2009-10-23 13:02 - 00848856 _____ (Panda Security                                              ) C:\Users\User\Downloads\USBVaccineSetup.exe
2013-08-20 18:09 - 2013-08-20 18:09 - 00000000 _____ C:\Users\User\Desktop\Neue Bitmap.bmp
2013-08-20 16:57 - 2013-08-20 16:57 - 00891115 _____ C:\Users\User\Downloads\SecurityCheck.exe
2013-08-20 16:09 - 2013-08-20 16:09 - 00001496 _____ C:\Users\User\Desktop\JRT.txt
2013-08-20 16:04 - 2013-08-20 16:04 - 01018949 _____ (Thisisu) C:\Users\User\Downloads\JRT.exe
2013-08-20 16:04 - 2013-08-20 16:04 - 00000000 ____D C:\Windows\ERUNT
2013-08-20 16:03 - 2013-08-20 16:03 - 00011702 _____ C:\Users\User\Desktop\AdwCleaner[S0].txt
2013-08-20 15:57 - 2013-08-20 15:59 - 00000000 ____D C:\AdwCleaner
2013-08-20 15:57 - 2013-08-20 15:57 - 00975862 _____ C:\Users\User\Downloads\adwcleaner.exe
2013-08-20 15:42 - 2013-08-20 15:42 - 00000000 ____D C:\Users\User\AppData\Roaming\Malwarebytes
2013-08-20 15:41 - 2013-08-20 15:41 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-20 15:41 - 2013-08-20 15:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-20 15:41 - 2013-08-20 15:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-20 15:41 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-20 15:40 - 2013-08-20 15:40 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\User\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-20 15:39 - 2013-08-20 15:50 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2013-08-20 15:39 - 2013-08-20 15:39 - 00002517 _____ C:\Users\Public\Desktop\Skype.lnk
2013-08-20 15:39 - 2013-08-20 15:39 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-08-20 15:39 - 2013-08-20 15:39 - 00000000 ____D C:\ProgramData\Skype
2013-08-20 15:38 - 2013-08-20 15:38 - 01492848 _____ (Skype Technologies S.A.) C:\Users\User\Downloads\SkypeSetup.exe
2013-08-20 15:15 - 2013-08-21 12:37 - 00000000 ____D C:\Qoobox
2013-08-20 15:15 - 2013-08-20 15:22 - 00000000 ____D C:\Windows\erdnt
2013-08-20 15:15 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-20 15:15 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-20 15:15 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-20 15:15 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-20 15:15 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-20 15:15 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-20 15:15 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-20 15:15 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-20 15:13 - 2013-08-21 12:29 - 05109244 ____R (Swearware) C:\Users\User\Downloads\ComboFix.exe
2013-08-20 14:51 - 2013-08-20 14:51 - 00021985 _____ C:\Users\User\Downloads\Addition.txt
2013-08-20 14:49 - 2013-08-20 14:49 - 00000000 ____D C:\FRST
2013-08-20 09:42 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-20 09:42 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-20 09:42 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-20 09:42 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-20 09:42 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-20 09:42 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-20 09:42 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-20 09:42 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-20 09:42 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-20 09:42 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-20 09:42 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-20 09:42 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-20 09:42 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-20 09:42 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-20 09:42 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-20 09:42 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-20 09:42 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-20 09:42 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-20 09:42 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-20 09:42 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-20 09:42 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-20 09:42 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-20 09:42 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-20 09:42 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-20 09:42 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-20 09:42 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-20 09:42 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-20 09:42 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-20 09:42 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-20 09:42 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-20 09:42 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-19 22:00 - 2013-08-19 22:00 - 00000000 ____D C:\Program Files (x86)\ESET
2013-08-19 21:58 - 2013-08-19 21:58 - 02347384 _____ (ESET) C:\Users\User\Downloads\esetsmartinstaller_enu.exe
2013-08-19 17:33 - 2013-08-20 09:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-19 16:44 - 2013-08-19 16:44 - 00000057 _____ C:\Users\User\AppData\Roaming\WB.CFG
2013-08-19 16:36 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-19 16:36 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-19 16:36 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-19 16:36 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-19 16:36 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-19 16:36 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-19 16:36 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-19 16:36 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-19 16:36 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-19 16:36 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-19 16:36 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-19 16:36 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-19 16:36 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-19 16:36 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-19 16:36 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-19 16:36 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-08-22 08:31 - 2013-08-22 08:31 - 01576476 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2013-08-22 08:24 - 2009-07-14 06:45 - 00015136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-22 08:24 - 2009-07-14 06:45 - 00015136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-22 08:21 - 2013-05-09 20:43 - 00703528 _____ C:\Windows\system32\perfh00A.dat
2013-08-22 08:21 - 2013-05-09 20:43 - 00142870 _____ C:\Windows\system32\perfc00A.dat
2013-08-22 08:21 - 2009-07-14 12:49 - 00664868 _____ C:\Windows\system32\perfh007.dat
2013-08-22 08:21 - 2009-07-14 12:49 - 00135004 _____ C:\Windows\system32\perfc007.dat
2013-08-22 08:21 - 2009-07-14 07:13 - 02372884 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-22 08:17 - 2013-06-03 12:51 - 00000000 ___RD C:\Users\User\Dropbox
2013-08-22 08:17 - 2013-06-03 12:43 - 00000000 ____D C:\Users\User\AppData\Roaming\Dropbox
2013-08-22 08:17 - 2013-06-03 11:51 - 00003336 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2560263542-3135896541-1018709301-1000
2013-08-22 08:17 - 2013-06-03 11:51 - 00003200 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2560263542-3135896541-1018709301-1000
2013-08-22 08:17 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-22 08:17 - 2009-07-14 06:51 - 00052505 _____ C:\Windows\setupact.log
2013-08-22 08:16 - 2013-04-24 16:46 - 00101972 _____ C:\Windows\PFRO.log
2013-08-22 00:06 - 2013-04-23 14:35 - 01605279 _____ C:\Windows\WindowsUpdate.log
2013-08-21 23:55 - 2013-07-16 22:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-21 18:34 - 2013-07-16 22:33 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-21 18:33 - 2013-05-07 23:14 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-21 18:33 - 2013-05-07 23:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-21 12:41 - 2013-05-07 15:24 - 00000000 ____D C:\Users\User\Documents\Studium Ma.Ed
2013-08-21 12:37 - 2013-08-21 12:37 - 00018797 _____ C:\ComboFix.txt
2013-08-21 12:37 - 2013-08-20 15:15 - 00000000 ____D C:\Qoobox
2013-08-21 12:35 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-08-21 12:29 - 2013-08-20 15:13 - 05109244 ____R (Swearware) C:\Users\User\Downloads\ComboFix.exe
2013-08-21 12:26 - 2013-08-21 12:26 - 00823346 _____ C:\Users\User\Downloads\USBVaccine.zip
2013-08-21 12:26 - 2013-08-21 12:26 - 00000000 ____D C:\ProgramData\Panda Security
2013-08-21 12:26 - 2013-08-21 12:26 - 00000000 ____D C:\Program Files (x86)\Panda USB Vaccine
2013-08-20 22:55 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-08-20 18:09 - 2013-08-20 18:09 - 00000000 _____ C:\Users\User\Desktop\Neue Bitmap.bmp
2013-08-20 16:59 - 2013-05-07 15:24 - 00000000 ____D C:\Users\User\Documents\UWR
2013-08-20 16:57 - 2013-08-20 16:57 - 00891115 _____ C:\Users\User\Downloads\SecurityCheck.exe
2013-08-20 16:09 - 2013-08-20 16:09 - 00001496 _____ C:\Users\User\Desktop\JRT.txt
2013-08-20 16:04 - 2013-08-20 16:04 - 01018949 _____ (Thisisu) C:\Users\User\Downloads\JRT.exe
2013-08-20 16:04 - 2013-08-20 16:04 - 00000000 ____D C:\Windows\ERUNT
2013-08-20 16:03 - 2013-08-20 16:03 - 00011702 _____ C:\Users\User\Desktop\AdwCleaner[S0].txt
2013-08-20 16:01 - 2013-06-10 19:31 - 00003358 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2560263542-3135896541-1018709301-1000
2013-08-20 16:01 - 2013-06-10 19:31 - 00003222 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2560263542-3135896541-1018709301-1000
2013-08-20 15:59 - 2013-08-20 15:57 - 00000000 ____D C:\AdwCleaner
2013-08-20 15:57 - 2013-08-20 15:57 - 00975862 _____ C:\Users\User\Downloads\adwcleaner.exe
2013-08-20 15:50 - 2013-08-20 15:39 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2013-08-20 15:42 - 2013-08-20 15:42 - 00000000 ____D C:\Users\User\AppData\Roaming\Malwarebytes
2013-08-20 15:41 - 2013-08-20 15:41 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-20 15:41 - 2013-08-20 15:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-20 15:41 - 2013-08-20 15:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-20 15:40 - 2013-08-20 15:40 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\User\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-20 15:39 - 2013-08-20 15:39 - 00002517 _____ C:\Users\Public\Desktop\Skype.lnk
2013-08-20 15:39 - 2013-08-20 15:39 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-08-20 15:39 - 2013-08-20 15:39 - 00000000 ____D C:\ProgramData\Skype
2013-08-20 15:38 - 2013-08-20 15:38 - 01492848 _____ (Skype Technologies S.A.) C:\Users\User\Downloads\SkypeSetup.exe
2013-08-20 15:23 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-08-20 15:22 - 2013-08-20 15:15 - 00000000 ____D C:\Windows\erdnt
2013-08-20 14:51 - 2013-08-20 14:51 - 00021985 _____ C:\Users\User\Downloads\Addition.txt
2013-08-20 14:49 - 2013-08-20 14:49 - 00000000 ____D C:\FRST
2013-08-20 13:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-20 12:09 - 2013-05-07 15:24 - 00064279 _____ C:\Users\User\Documents\Aufstellung Zahlungen - Version 2013 02 06_1.xlsx
2013-08-20 12:05 - 2013-06-19 10:35 - 00000000 ____D C:\Users\User\Documents\WG Westring Bochum
2013-08-20 11:55 - 2013-04-23 14:35 - 00000000 ___RD C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-20 10:30 - 2013-05-07 11:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-20 09:55 - 2013-08-19 17:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-20 09:53 - 2013-05-14 22:22 - 00146471 _____ C:\Windows\hppins06.dat
2013-08-20 09:53 - 2013-05-14 22:19 - 00005754 _____ C:\ProgramData\hpzinstall.log
2013-08-20 09:42 - 2009-07-14 04:34 - 00000513 _____ C:\Windows\win.ini
2013-08-20 09:41 - 2013-05-09 19:49 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-20 09:36 - 2013-07-14 09:05 - 00000000 ____D C:\Windows\system32\MRT
2013-08-20 09:34 - 2013-04-23 17:45 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-19 22:00 - 2013-08-19 22:00 - 00000000 ____D C:\Program Files (x86)\ESET
2013-08-19 21:58 - 2013-08-19 21:58 - 02347384 _____ (ESET) C:\Users\User\Downloads\esetsmartinstaller_enu.exe
2013-08-19 16:53 - 2013-06-13 10:57 - 00000005 _____ C:\Users\User\AppData\Roaming\WBPU-TTL.DAT
2013-08-19 16:44 - 2013-08-19 16:44 - 00000057 _____ C:\Users\User\AppData\Roaming\WB.CFG
2013-08-19 16:39 - 2013-07-17 09:06 - 00000000 ____D C:\Users\User\AppData\Roaming\HpUpdate
2013-07-26 07:13 - 2013-08-20 09:42 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 07:13 - 2013-08-20 09:42 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 07:13 - 2013-08-20 09:42 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 07:12 - 2013-08-20 09:42 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 07:12 - 2013-08-20 09:42 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 07:12 - 2013-08-20 09:42 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 07:12 - 2013-08-20 09:42 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 07:12 - 2013-08-20 09:42 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 07:12 - 2013-08-20 09:42 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 07:12 - 2013-08-20 09:42 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 07:12 - 2013-08-20 09:42 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 07:12 - 2013-08-20 09:42 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 07:12 - 2013-08-20 09:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 07:12 - 2013-08-20 09:42 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 05:35 - 2013-08-20 09:42 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 05:13 - 2013-08-20 09:42 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-26 05:13 - 2013-08-20 09:42 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-26 05:12 - 2013-08-20 09:42 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-26 05:12 - 2013-08-20 09:42 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-26 05:12 - 2013-08-20 09:42 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-26 05:12 - 2013-08-20 09:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-26 05:12 - 2013-08-20 09:42 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-26 05:12 - 2013-08-20 09:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-26 05:12 - 2013-08-20 09:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-26 05:12 - 2013-08-20 09:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-26 05:12 - 2013-08-20 09:42 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-26 05:11 - 2013-08-20 09:42 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-26 05:11 - 2013-08-20 09:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-26 04:49 - 2013-08-20 09:42 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-26 04:39 - 2013-08-20 09:42 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-26 03:59 - 2013-08-20 09:42 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-25 11:25 - 2013-08-19 16:36 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 10:57 - 2013-08-19 16:36 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-19 19:41

==================== End Of Log ============================

--- --- ---

[/code]

schrauber · 22.08.2013, 08:53

Ich möchte prüfen, ob bestimmte Dateien noch auf Deinem System sind, dazu bitte den Text aus der Codebox:

Code:

ATTFilter

@echo off
set log="%userprofile%\Desktop\files.txt"
if exist %log% del %log%

for %%d in (c d e f g h i j k l m n o p q r s t u v w x y z) do (
    if exist %%d:\ (
        %%d:
        cd \
        dir *.vbs;autorun.inf;boot.com /s
        dir *.vbs;autorun.inf;boot.com /ah /s
        attrib
    )
) >> %log%
start notepad %log%

in den Editor (Start => ausführen => notepad (reinschreiben) => OK) kopieren und als findfile.bat mit 'Speichern unter' auf dem Desktop speichern (bei Dateityp auf "All types" umstellen), Du solltest jetzt auf dem Desktop diese Datei finden => findfile.bat => die findfile.bat per Doppelklick starten. Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei files.txt präsentieren. Bitte kopiere den Inhalt hier in den Thread.

Sollte es während der Ausführung des Skriptes zu einer Fehlermeldung "Windows kein Datenträger" kommen, kannst Du beruhigt auf "Weiter" klicken. Das liegt daran, dass ein Datenträger (z. B. ein Kartenlesegerät) leer ist.

benemey · 25.08.2013, 12:55

moin, ich hoffe du bist mir nich böse, wenn ich das hier abbreche. ich war in nem fachgeschäft und der verkäufer hat wohl dieses problem so noch nich gesehen und meinte es is vermutlich kein virus sondern ein hardware-problem. und weil mir das kostentechnisch zu viel is, die daten retten zu lassen, werde ichs einfach dabei belassen. so läuft das leben leider manchmal. :/

aber in jedem falle besten dank dir !!! respekt für den aufwand !!!

schrauber · 25.08.2013, 19:26

Das einzige was dich das hier kostet ist Zeit, kein geld. Von daher würd ich weiter probieren.

20.08.2013, 17:06	#16
schrauber /// the machine /// TB-Ausbilder	USB-Stick mit Fehlermeldung "Fehlt recycler datei e621ca05.exe etc." - Log-File von ESET Screenshot vom geöffneten Stick bitte. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

21.08.2013, 07:12	#18
schrauber /// the machine /// TB-Ausbilder	USB-Stick mit Fehlermeldung "Fehlt recycler datei e621ca05.exe etc." - Log-File von ESET War der Stick bei den Scans die ganze Zeit angeschlossen? Stick bitte dran lassen. ANTIMALWARE: Panda USB Vaccine - Download FREE - PANDA SECURITY Laden und laufen lassen. Combofix löschen und neu laden, laufen lassen und das Log posten __________________ __________________

21.08.2013, 13:51	#22
schrauber /// the machine /// TB-Ausbilder	USB-Stick mit Fehlermeldung "Fehlt recycler datei e621ca05.exe etc." - Log-File von ESET diee bitte löschen. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

21.08.2013, 16:18	#24
schrauber /// the machine /// TB-Ausbilder	USB-Stick mit Fehlermeldung "Fehlt recycler datei e621ca05.exe etc." - Log-File von ESET frisches FRST log bitte. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

25.08.2013, 19:26	#28
schrauber /// the machine /// TB-Ausbilder	USB-Stick mit Fehlermeldung "Fehlt recycler datei e621ca05.exe etc." - Log-File von ESET Das einzige was dich das hier kostet ist Zeit, kein geld. Von daher würd ich weiter probieren. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

USB-Stick mit Fehlermeldung "Fehlt recycler datei e621ca05.exe etc." - Log-File von ESET

Log-Analyse und Auswertung: USB-Stick mit Fehlermeldung "Fehlt recycler datei e621ca05.exe etc." - Log-File von ESET