|
Log-Analyse und Auswertung: ihavenet TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
26.08.2013, 11:13 | #1 |
| ihavenet Trojaner Hallo, seit eine Woche habe ich den ihavenet-Trojaner auf meinem Rechner.Ich habe mir die von euch empfohlenen Diagnose-Tool gezogen und eine Log.txt datei erstellt. Nun sende ich diese Datei per kopieren und einfügen. Ich hoffe, jemand kann mir helfen. Ich brauche mein Laptop täglich für die Prüfungsvorbreitung. Ohne Internet bin ich raus. Bitte um Hilfe! Danke im Voraus. xyarar Mein Log-Text: # AdwCleaner v3.001 - Report created 25/08/2013 at 18:24:46 # Updated 24/08/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Yarar-Bolle - MY-PC # Running from : C:\Users\Yarar-Bolle\Downloads\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** [#] Service Deleted : BrowserDefendert ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\ProgramData\BrowserDefender Folder Deleted : C:\ProgramData\Partner Folder Deleted : C:\Program Files (x86)\delta Folder Deleted : C:\Program Files (x86)\Video downloader Folder Deleted : C:\Users\Yarar-Bolle\AppData\Roaming\dvdvideosoftiehelpers Folder Deleted : C:\Users\Yarar-Bolle\AppData\Roaming\Mozilla\Firefox\Profiles\2jesth27.default\Extensions\ffxtlbr@delta.com File Deleted : C:\Users\Yarar-Bolle\AppData\Roaming\Mozilla\Firefox\Profiles\2jesth27.default\searchplugins\Babylon.xml File Deleted : C:\Users\Yarar-Bolle\AppData\Roaming\Mozilla\Firefox\Profiles\2jesth27.default\searchplugins\delta.xml File Deleted : C:\Users\Yarar-Bolle\AppData\Roaming\Mozilla\Firefox\Profiles\2jesth27.default\bprotector_extensions.sqlite File Deleted : C:\Users\Yarar-Bolle\AppData\Roaming\Mozilla\Firefox\Profiles\2jesth27.default\bprotector_prefs.js File Deleted : C:\Users\Yarar-Bolle\AppData\Roaming\Mozilla\Firefox\Profiles\2jesth27.default\user.js File Deleted : C:\Users\Yarar-Bolle\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data File Deleted : C:\Users\Yarar-Bolle\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences File Deleted : C:\Windows\System32\Tasks\EPUpdater ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Key Deleted : HKCU\Software\522ded0b035ef12 Key Deleted : HKLM\SOFTWARE\522ded0b035ef12 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Key Deleted : HKCU\Software\BabSolution Key Deleted : HKCU\Software\Delta Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\Software\Delta ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16635 -\\ Mozilla Firefox v23.0.1 (de) [ File : C:\Users\Yarar-Bolle\AppData\Roaming\Mozilla\Firefox\Profiles\2jesth27.default\prefs.js ] Line Deleted : user_pref("browser.newtab.url", "hxxp://www1.delta-search.com/?babsrc=NT_ss&mntrId=9409446D57B772CF&affID=121563&tsp=4942"); Line Deleted : user_pref("browser.search.order.1", "Delta Search"); Line Deleted : user_pref("extensions.delta.admin", false); Line Deleted : user_pref("extensions.delta.aflt", "babsst"); Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); Line Deleted : user_pref("extensions.delta.autoRvrt", "false"); Line Deleted : user_pref("extensions.delta.dfltLng", "de"); Line Deleted : user_pref("extensions.delta.excTlbr", false); Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true); Line Deleted : user_pref("extensions.delta.id", "9409493c000000000000446d57b772cf"); Line Deleted : user_pref("extensions.delta.instlDay", "15899"); Line Deleted : user_pref("extensions.delta.instlRef", "sst"); Line Deleted : user_pref("extensions.delta.newTab", false); Line Deleted : user_pref("extensions.delta.prdct", "delta"); Line Deleted : user_pref("extensions.delta.prtnrId", "delta"); Line Deleted : user_pref("extensions.delta.rvrt", "false"); Line Deleted : user_pref("extensions.delta.smplGrp", "none"); Line Deleted : user_pref("extensions.delta.tlbrId", "base"); Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", ""); Line Deleted : user_pref("extensions.delta.vrsn", "1.8.21.5"); Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.21.50:52:40"); Line Deleted : user_pref("extensions.delta.vrsni", "1.8.21.5"); Line Deleted : user_pref("extensions.delta_i.babExt", ""); Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=121563&tsp=4942"); Line Deleted : user_pref("extensions.delta_i.srcExt", "ss"); Line Deleted : user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Common Files\\\\DVDVideoSof[...] -\\ Google Chrome v29.0.1547.57 [ File : C:\Users\Yarar-Bolle\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [7411 octets] - [25/08/2013 18:24:13] AdwCleaner[S0].txt - [7309 octets] - [25/08/2013 18:24:46] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7369 octets] ########## |
26.08.2013, 11:19 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | ihavenet Trojaner Hallo und
__________________Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Zudem bitte auch ein Log mit Farbars Tool machen: Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
26.08.2013, 11:29 | #3 |
| ihavenet Trojaner Nein, ich habe nur eine Log-Datei.hxxp://www.trojaner-board.de/images/smilies/wtf.gif
__________________ |
26.08.2013, 11:32 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | ihavenet Trojaner Ja und weiter? Was ist mit FRST?
__________________ Logfiles bitte immer in CODE-Tags posten |
26.08.2013, 11:42 | #5 |
| ihavenet Trojaner Zuerst FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-08-2013 Ran by Yarar-Bolle (administrator) on 26-08-2013 12:36:35 Running from C:\Users\Yarar-Bolle\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe () C:\Program Files (x86)\XSManager\WTGService.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe ( ) C:\Program Files (x86)\LockKey\LockKey.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [564352 2011-12-15] (Conexant Systems, Inc.) HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2809856 2012-01-16] (ELAN Microelectronics Corp.) HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\btvstack.exe [1022592 2012-04-28] (Atheros Communications) HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\athbttray.exe [801920 2012-04-28] (Atheros Commnucations) HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-07-16] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6202416 2012-07-16] (Lenovo(beijing) Limited) HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-07-16] (Lenovo) HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-07-16] (Google Inc.) HKCU\...\Run: [Facebook Update] - C:\Users\Yarar-Bolle\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-12-16] (Facebook Inc.) HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.) HKCU\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1093464 2013-07-09] (Garmin Ltd or its subsidiaries) MountPoints2: {5c09e8c3-2446-11e2-bb27-446d57b772cf} - E:\XSManagerinstallation.exe HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation) HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-20] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [332BigDog] - C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [548864 2011-12-09] (Vimicro) HKLM-x32\...\Run: [Lenovo Registration] - C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2012-01-26] (Lenovo, Inc.) HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-28] (CyberLink) HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-28] (CyberLink Corp.) HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.) HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-07-16] (Lenovo) HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.) HKLM-x32\...\Run: [LockKey] - C:\Program Files (x86)\LockKey\LockKey.exe [337776 2011-08-25] ( ) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-24] (Avira Operations GmbH & Co. KG) HKU\Default\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52136 2012-11-14] (Lenovo) HKU\Default User\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52136 2012-11-14] (Lenovo) AppInit_DLLs: C:\Windows\system32\nvinitx.dll [260928 2012-05-01] (NVIDIA Corporation) AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll [215360 2012-05-01] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe (McAfee, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN URLSearchHook: (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Yarar-Bolle\AppData\Roaming\Mozilla\Firefox\Profiles\2jesth27.default FF Homepage: hxxp://www.gmx.net/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.313\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\progra~2\mcafee\msc\npmcsn~1.dll No File FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\Video\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Yarar-Bolle\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] C:\Program Files (x86)\McAfee\SiteAdvisor FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] C:\Program Files (x86)\Common Files\McAfee\SystemCore Chrome: ======= CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN CHR RestoreOnStartup: "hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN" CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll No File CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Yarar-Bolle\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx ==================== Services (Whitelisted) ================= R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [371768 2013-06-24] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-24] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-24] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-06-24] (Avira Operations GmbH & Co. KG) S4 DamageGuardSvc; C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe [572976 2012-03-26] (Lenovo (Beijing) Limited) R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [219480 2013-07-09] (Garmin Ltd or its subsidiaries) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe [234776 2012-10-26] (McAfee, Inc.) R2 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [327392 2012-04-25] () R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [163456 2012-04-28] (Atheros) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-25] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-25] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-25] (Avira Operations GmbH & Co. KG) S3 cmntnet; C:\Windows\System32\DRIVERS\cmntnet.sys [141824 2013-01-17] (Wireless Data Device) S3 cmnuusbser; C:\Windows\System32\DRIVERS\cmnuusbser.sys [123904 2013-01-17] (Wireless Device) S4 DamageGuard; C:\Windows\System32\DRIVERS\DamageGuardX64.sys [217392 2012-02-10] (Lenovo) S4 dgFltr; C:\Windows\System32\drivers\dgFltrX64.sys [23648 2011-12-13] (Lenovo) R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104048 2012-03-02] (Qualcomm Atheros Co., Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) U3 BcmSqlStartupSvc; U2 CLKMSVC10_3A60B698; U2 CLKMSVC10_C3B3B687; U2 DriverService; U2 iATAgentService; U2 idealife Update Service; U3 IGRS; U2 IviRegMgr; S0 mfewfpk; system32\drivers\mfewfpk.sys [x] U2 Oasis2Service; U2 PCCarerService; U2 ReadyComm.DirectRouter; U2 RichVideo; U2 RtLedService; U2 SeaPort; U2 SoftwareService; U3 SQLWriter; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-26 12:36 - 2013-08-26 12:36 - 00000000 ____D C:\FRST 2013-08-26 12:35 - 2013-08-26 12:35 - 01070979 _____ (Farbar) C:\Users\Yarar-Bolle\Downloads\FRST.exe 2013-08-26 12:18 - 2013-08-26 12:18 - 00003136 _____ C:\Windows\System32\Tasks\{2ED797D4-0750-46B5-8A0A-350C563DD575} 2013-08-26 10:20 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-08-26 10:20 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-08-26 10:20 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-08-26 10:20 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-08-26 10:20 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-08-26 10:20 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-08-26 10:20 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-08-26 10:20 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-08-26 10:20 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-08-26 10:20 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-08-26 10:20 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-08-26 10:20 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-08-26 10:20 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-08-26 10:20 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-08-26 10:20 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-08-26 10:20 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-08-26 10:20 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-08-26 10:20 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-08-26 10:20 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-08-26 10:20 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-08-26 10:20 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-08-26 10:20 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-08-26 10:20 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-08-26 10:20 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-08-26 10:20 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-08-26 10:20 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-08-26 10:20 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-08-26 10:20 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-08-26 10:20 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-08-26 10:20 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-08-26 10:20 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-08-26 10:15 - 2013-08-26 10:15 - 00000000 ____D C:\Windows\system32\MRT 2013-08-25 18:28 - 2013-08-25 18:28 - 00007457 _____ C:\Users\Yarar-Bolle\Desktop\AdwCleaner[S0].txt 2013-08-25 18:24 - 2013-08-25 18:32 - 00000000 ____D C:\AdwCleaner 2013-08-25 18:23 - 2013-08-25 18:23 - 00994642 _____ C:\Users\Yarar-Bolle\Downloads\AdwCleaner.exe 2013-08-25 13:33 - 2013-08-25 13:33 - 00000000 ____D C:\Users\Yarar-Bolle\AppData\Roaming\Malwarebytes 2013-08-25 13:32 - 2013-08-25 13:32 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-08-25 13:32 - 2013-08-25 13:32 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-08-25 13:32 - 2013-08-25 13:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-25 13:32 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-08-25 13:25 - 2013-08-25 13:25 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Yarar-Bolle\Downloads\mbam-setup-1.75.0.1300.exe 2013-08-25 13:02 - 2013-08-25 13:02 - 01021434 _____ (Thisisu) C:\Users\Yarar-Bolle\Downloads\JRT.exe 2013-08-25 12:53 - 2013-08-25 12:53 - 00714352 _____ C:\Users\Yarar-Bolle\Downloads\ZipOpenerSetup.exe 2013-08-25 09:45 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-08-25 09:45 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-08-25 09:45 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-08-25 09:45 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-08-25 09:45 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2013-08-25 09:45 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2013-08-25 09:45 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-08-25 09:45 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-08-25 09:45 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-08-25 09:45 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2013-08-25 09:45 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2013-08-25 09:45 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-08-25 09:45 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-08-25 09:45 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-08-25 09:45 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-08-25 09:45 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys ==================== One Month Modified Files and Folders ======= 2013-08-26 12:36 - 2013-08-26 12:36 - 00000000 ____D C:\FRST 2013-08-26 12:35 - 2013-08-26 12:35 - 01070979 _____ (Farbar) C:\Users\Yarar-Bolle\Downloads\FRST.exe 2013-08-26 12:18 - 2013-08-26 12:18 - 00003136 _____ C:\Windows\System32\Tasks\{2ED797D4-0750-46B5-8A0A-350C563DD575} 2013-08-26 12:17 - 2012-12-16 19:12 - 00000952 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1404134543-573447042-494467149-1001UA.job 2013-08-26 12:13 - 2012-10-21 01:51 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-26 12:04 - 2012-10-21 10:05 - 00000000 ____D C:\Users\Yarar-Bolle\AppData\Roaming\Skype 2013-08-26 11:39 - 2012-07-16 14:03 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-08-26 10:53 - 2012-07-16 14:05 - 01017186 _____ C:\Windows\system32\fastboot.set 2013-08-26 10:53 - 2012-07-16 13:17 - 02030166 _____ C:\Windows\WindowsUpdate.log 2013-08-26 10:52 - 2012-10-20 21:10 - 01239206 _____ C:\FaceProv.log 2013-08-26 10:52 - 2012-07-16 14:03 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-08-26 10:52 - 2012-07-16 14:03 - 00000000 ____D C:\ProgramData\VeriFace 2013-08-26 10:46 - 2009-07-14 06:45 - 00031840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-26 10:46 - 2009-07-14 06:45 - 00031840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-26 10:38 - 2013-07-05 23:15 - 00000312 _____ C:\Windows\Tasks\Uskobdwni.job 2013-08-26 10:38 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-26 10:38 - 2009-07-14 06:51 - 00061227 _____ C:\Windows\setupact.log 2013-08-26 10:22 - 2012-07-16 23:03 - 12105282 _____ C:\Windows\system32\perfh007.dat 2013-08-26 10:22 - 2012-07-16 23:03 - 03827946 _____ C:\Windows\system32\perfc007.dat 2013-08-26 10:22 - 2009-07-14 07:13 - 00005198 _____ C:\Windows\system32\PerfStringBackup.INI 2013-08-26 10:15 - 2013-08-26 10:15 - 00000000 ____D C:\Windows\system32\MRT 2013-08-26 10:15 - 2012-10-21 10:32 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-08-25 18:32 - 2013-08-25 18:24 - 00000000 ____D C:\AdwCleaner 2013-08-25 18:28 - 2013-08-25 18:28 - 00007457 _____ C:\Users\Yarar-Bolle\Desktop\AdwCleaner[S0].txt 2013-08-25 18:23 - 2013-08-25 18:23 - 00994642 _____ C:\Users\Yarar-Bolle\Downloads\AdwCleaner.exe 2013-08-25 18:17 - 2012-12-16 19:12 - 00000930 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1404134543-573447042-494467149-1001Core.job 2013-08-25 13:45 - 2012-10-21 14:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-08-25 13:45 - 2010-11-21 05:47 - 00169078 _____ C:\Windows\PFRO.log 2013-08-25 13:33 - 2013-08-25 13:33 - 00000000 ____D C:\Users\Yarar-Bolle\AppData\Roaming\Malwarebytes 2013-08-25 13:32 - 2013-08-25 13:32 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-08-25 13:32 - 2013-08-25 13:32 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-08-25 13:32 - 2013-08-25 13:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-25 13:25 - 2013-08-25 13:25 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Yarar-Bolle\Downloads\mbam-setup-1.75.0.1300.exe 2013-08-25 13:02 - 2013-08-25 13:02 - 01021434 _____ (Thisisu) C:\Users\Yarar-Bolle\Downloads\JRT.exe 2013-08-25 12:53 - 2013-08-25 12:53 - 00714352 _____ C:\Users\Yarar-Bolle\Downloads\ZipOpenerSetup.exe 2013-08-25 11:14 - 2013-07-03 16:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-08-25 11:13 - 2012-10-21 01:51 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-08-25 11:13 - 2012-10-21 01:51 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-08-25 11:13 - 2012-10-21 01:51 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-08-25 11:13 - 2012-10-20 21:24 - 00000000 ____D C:\Users\Yarar-Bolle\Documents\Bluetooth Folder 2013-08-25 09:34 - 2012-07-16 14:04 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-08-25 09:31 - 2012-07-16 14:03 - 00000000 ____D C:\Program Files (x86)\Google Files to move or delete: ==================== C:\Users\YARAR-~1\AppData\Local\Temp\Quarantine.exe C:\Users\YARAR-~1\AppData\Local\Temp\MSS\3.0.313.1\mcbrwsr2.dll C:\Users\YARAR-~1\AppData\Local\Temp\MSS\3.0.313.1\McInstallerRes.dll C:\Users\YARAR-~1\AppData\Local\Temp\MSS\3.0.313.1\McInstallerRes_LD.dll C:\Users\YARAR-~1\AppData\Local\Temp\MSS\3.0.313.1\McInstallerStartup.dll C:\Users\YARAR-~1\AppData\Local\Temp\MSS\3.0.313.1\McUICnt.exe C:\Users\YARAR-~1\AppData\Local\Temp\MSS\3.0.313.1\SecurityScanner.dll C:\Users\YARAR-~1\AppData\Local\Temp\jrt\erunt\ERUNT.EXE ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-08-25 10:05 ==================== End Of Log ============================ UND NUN NOCH ADDITION-TEXT:FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-08-2013 Ran by Yarar-Bolle at 2013-08-26 12:37:05 Running from C:\Users\Yarar-Bolle\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 7-Zip 9.20 (x32) Adobe AIR (x32 Version: 3.7.0.1860) Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94) Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7) Apple Application Support (x32 Version: 2.3.4) Apple Mobile Device Support (Version: 6.0.0.59) Apple Software Update (x32 Version: 2.1.3.127) Atheros Bluetooth Suite (64) (Version: 7.4.0.135) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.0.14.15) Atheros WLAN Client Installation Program (x32 Version: 9.0) Audible Download Manager (x32 Version: 6.6.0.15) Avira Antivirus Premium (x32 Version: 13.0.0.3885) Benutzerhandbuch (x32 Version: 1.0.0.6) Bonjour (Version: 3.0.0.10) Conexant HD Audio (Version: 8.54.32.50) D3DX10 (x32 Version: 15.4.2368.0902) DeepBurner v1.9.0.228 (x32) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32) Dialang V1 Beta (x32) Dolby Advanced Audio v2 (x32 Version: 7.2.7000.11) dows-Treiberpaket - Lenovo (ACPIVPC) System (12/15/2011 7.1.0.1) (Version: 12/15/2011 7.1.0.1) Druckerdeinstallation für EPSON SX420W Series Elevated Installer (x32 Version: 2.2.16) Energy Management (x32 Version: 7.0.4.1) English Coach 3D 2 (x32 Version: 1.00.000) EpsonNet Print (x32 Version: 2.5.00) EpsonNet Setup 3.3 (x32 Version: 3.3b) Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287) Free YouTube Download version 3.2.5.628 (x32 Version: 3.2.5.628) Garmin Express (x32 Version: 2.2.16) Garmin Express Tray (x32 Version: 2.2.16) Garmin Update Service (x32 Version: 2.2.16) Google Chrome (x32 Version: 29.0.1547.57) Google Earth Plug-in (x32 Version: 7.1.1.1888) Google Toolbar for Internet Explorer (x32 Version: 1.0.0) Google Toolbar for Internet Explorer (x32 Version: 7.5.4413.1752) Google Update Helper (x32 Version: 1.3.21.153) Intel(R) Control Center (x32 Version: 1.2.1.1007) Intel(R) Management Engine Components (x32 Version: 8.0.3.1427) Intel(R) OpenCL CPU Runtime (x32) Intel(R) Processor Graphics (x32 Version: 8.15.10.2656) Intel(R) Rapid Storage Technology (x32 Version: 11.0.0.1032) Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.4.220) Intel® Trusted Connect Service Client (Version: 1.23.605.1) iTunes (Version: 10.7.0.21) Janosch Vorschule (x32 Version: 1.00.0000) Java 7 Update 25 (x32 Version: 7.0.250) Java Auto Updater (x32 Version: 2.1.9.5) Junk Mail filter update (x32 Version: 15.4.3502.0922) Klett Lehrersoftware Orange Line (x32) Konz 2013 (x32 Version: 1.00.0000) Lenovo EasyCamera (x32 Version: 1.12.204.1) Lenovo EE Boot Optimizer (Version: 0.0.1.9) Lenovo OneKey Recovery (Version: 7.0.0.3712) Lenovo OneKey Recovery (x32 Version: 7.0.0.3712) Lenovo pointing device (Version: 10.4.2.8) Lenovo Registration (x32 Version: 1.0.4) Lenovo Solution Center (Version: 2.0.013.00) Lenovo Welcome (x32 Version: 3.1.0011.00) Lenovo YouCam (x32 Version: 3.1.3728) LibreOffice 4.0 Help Pack (German) (x32 Version: 4.0.3.3) LibreOffice 4.0.3.3 (x32 Version: 4.0.3.3) LockKey (x32 Version: 1.38.1.2) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) MatchWare Mediator 8.0 Pro (x32 Version: 8.0.101) McAfee Security Scan Plus (x32 Version: 3.0.313.1) Mesh Runtime (x32 Version: 15.4.5722.2) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office 2010 Service Pack 1 (SP1) (x32) Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft Speech Recognition Engine 4.0 (English) (x32) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1) Mozilla Maintenance Service (x32 Version: 23.0.1) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) NVIDIA Grafiktreiber 296.73 (Version: 296.73) NVIDIA Install Application (Version: 2.1002.62.312) NVIDIA Optimus 1.7.13 (Version: 1.7.13) NVIDIA PhysX (x32 Version: 9.12.0213) NVIDIA PhysX-Systemsoftware 9.12.0213 (Version: 9.12.0213) NVIDIA Systemsteuerung 296.73 (Version: 296.73) NVIDIA Update 1.7.13 (Version: 1.7.13) NVIDIA Update Components (Version: 1.7.13) Power2Go (x32 Version: 5.6.0.7303) QuickTime (x32 Version: 7.74.80.86) Realtek USB 2.0 Reader Driver (x32 Version: 6.1.7601.39016) Scratch (x32 Version: 1.4.0.0) Skype™ 6.6 (x32 Version: 6.6.106) Steuer 2012 (x32 Version: 20.00.8137) SugarSync Manager (x32 Version: 1.9.49.86082) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft Office 2010 (KB2553065) (x32) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2566458) (x32) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32) Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32) UserGuide (x32 Version: 1.0.0.6) VeriFace (x32 Version: 4.0.1.1230) VLC media player 2.0.7 (x32 Version: 2.0.7) Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3508.1109) Windows Live Family Safety (Version: 15.4.3502.0922) Windows Live Fotogalerie (x32 Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4225.0) Windows Live Installer (x32 Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3508.1109) Windows Live Mail (x32 Version: 15.4.3502.0922) Windows Live Mesh (x32 Version: 15.4.3502.0922) Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2) Windows Live Messenger (x32 Version: 15.4.3502.0922) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) Windows Live PIMT Platform (x32 Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (x32 Version: 15.4.3502.0922) Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Windows Live UX Platform (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109) Windows Live Writer (x32 Version: 15.4.3502.0922) Windows Live Writer Resources (x32 Version: 15.4.3502.0922) WinZip 17.0 (x32 Version: 17.0.10381) XSManager (x32 Version: 3.2) ==================== Restore Points ========================= 25-08-2013 12:17:54 Geplanter Prüfpunkt 26-08-2013 08:14:31 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {21E7D913-EE1C-43A1-8E97-CB23CBC2C85B} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {28E9DF42-64C7-4474-9656-4C27A086964B} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2012-11-14] (Lenovo) Task: {290199AF-6F0A-4BE0-817C-48C661A1F9D5} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1404134543-573447042-494467149-1001UA => C:\Users\Yarar-Bolle\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-16] (Facebook Inc.) Task: {2D30DCD9-52F3-4906-890C-F1BA539369F7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-25] (Adobe Systems Incorporated) Task: {4742EA67-52B5-4492-9CEB-44FDB903086A} - \EPUpdater No Task File Task: {60C77A7D-ABEA-4498-9CFF-46FDC4FDBA50} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-28] (CyberLink) Task: {62BE0D35-9130-4A2B-A2E9-B5929CC8EB5F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1404134543-573447042-494467149-1001Core => C:\Users\Yarar-Bolle\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-16] (Facebook Inc.) Task: {66AE9FD6-FCAB-4F95-8F3B-9B27F56C8638} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-16] (Google Inc.) Task: {852783E6-95CD-42FE-A111-D47A373B4613} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation) Task: {8825082A-CBFB-4B7D-8374-4D474BA1A920} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation) Task: {9E154C0C-8C5E-4F4C-AE85-263B7A8750F3} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\lsc.exe [2012-11-14] () Task: {A1D60D55-A6B8-401B-BC05-2938E02DF2F2} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe No File Task: {B0965431-1B44-4C70-BD80-765616B8E231} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation) Task: {B5A39511-BAF2-46A2-B3DD-1DA1867C8DF7} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-21] (Microsoft Corporation) Task: {CB97AA37-A96A-4376-BA5B-80C587A42E33} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated) Task: {CF13785D-B977-4040-8868-91EF11E1E78F} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2012-11-14] () Task: {D465CFD6-7069-4287-8822-E3BC1BA3658E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {DB94E709-5931-477D-97FE-F37DB86D6A65} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-16] (Google Inc.) Task: {DEBE8B83-808B-4AFF-812E-2CF485BEA3BF} - System32\Tasks\{DFB7A203-80D9-47D1-938E-A013BD6A02A3} => c:\program files (x86)\internet explorer\iexplore.exe [2013-07-26] (Microsoft Corporation) Task: {E7CEC1FF-2BBA-48A8-AC49-293B5DC83EFA} - System32\Tasks\Uskobdwni => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1404134543-573447042-494467149-1001Core.job => C:\Users\Yarar-Bolle\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1404134543-573447042-494467149-1001UA.job => C:\Users\Yarar-Bolle\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Uskobdwni.job => C:\Windows\SysWOW64\C_1148T.dll ==================== Faulty Device Manager Devices ============= Name: Microsoft-6zu4-Adapter Description: Microsoft-6zu4-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver ==================== Event log errors: ========================= Application errors: ================== Error: (08/26/2013 10:39:38 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/26/2013 10:22:24 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (08/26/2013 10:22:24 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (08/26/2013 10:22:24 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (08/26/2013 10:17:22 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (08/26/2013 10:17:22 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (08/26/2013 10:17:22 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (08/26/2013 10:16:47 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "MSDTC Bridge 4.0.0.0" (MSDTC Bridge 4.0.0.0). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (08/26/2013 10:16:47 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (08/26/2013 10:16:47 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. System errors: ============= Error: (08/26/2013 10:39:02 AM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: mfewfpk Error: (08/25/2013 06:34:50 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: mfewfpk Error: (08/25/2013 06:27:09 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: mfewfpk Error: (08/25/2013 01:45:58 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: mfewfpk Error: (08/25/2013 01:45:32 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "BrowserDefendert" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (07/20/2013 05:02:47 PM) (Source: DCOM) (User: ) Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69} Error: (07/20/2013 05:02:17 PM) (Source: Service Control Manager) (User: ) Description: Dienst "Google Update-Dienst (gupdate)" wurde unerwartet beendet. Dies ist bereits 2 Mal passiert. Error: (07/19/2013 01:00:29 PM) (Source: DCOM) (User: ) Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69} Error: (07/19/2013 00:59:59 PM) (Source: Service Control Manager) (User: ) Description: Dienst "Google Update-Dienst (gupdate)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (07/17/2013 07:16:41 PM) (Source: DCOM) (User: ) Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69} Microsoft Office Sessions: ========================= Error: (08/26/2013 10:39:38 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/26/2013 10:22:24 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (08/26/2013 10:22:24 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (08/26/2013 10:22:24 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (08/26/2013 10:17:22 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (08/26/2013 10:17:22 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (08/26/2013 10:17:22 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (08/26/2013 10:16:47 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: MSDTC Bridge 4.0.0.0MSDTC Bridge 4.0.0.08F20300004D070000 Error: (08/26/2013 10:16:47 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (08/26/2013 10:16:47 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 ==================== Memory info =========================== Percentage of memory in use: 39% Total physical RAM: 6046.36 MB Available physical RAM: 3658.87 MB Total Pagefile: 12090.89 MB Available Pagefile: 9287.48 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: (Windows7_OS) (Fixed) (Total:420.56 GB) (Free:337.66 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (LENOVO) (Fixed) (Total:25.47 GB) (Free:21.91 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: CE165B77) Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=421 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=25 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=20 GB) - (Type=12) ==================== End Of Log ============================ |
26.08.2013, 12:29 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | ihavenet Trojaner Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ --> ihavenet Trojaner |
26.08.2013, 17:26 | #7 |
| ihavenet Trojaner ComboFix läuft seit 1 Std. und passiert nix. Kann es sein, dass das Programm hängen geblieben ist? Yow! Jetzt habe ich die Combofix-Log-Datei: Combofix Logfile: Code:
ATTFilter ComboFix 13-08-25.01 - Yarar-Bolle 26.08.2013 16:45:13.1.4 - x64 ausgeführt von:: c:\users\Yarar-Bolle\Downloads\ComboFix.exe . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Yarar-Bolle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage c:\users\Yarar-Bolle\Documents\~WRL2669.tmp . . ((((((((((((((((((((((( Dateien erstellt von 2013-07-26 bis 2013-08-26 )))))))))))))))))))))))))))))) . . 2013-08-26 14:48 . 2013-08-26 14:48 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-08-26 14:48 . 2013-08-26 14:48 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-08-26 10:36 . 2013-08-26 10:36 -------- d-----w- C:\FRST 2013-08-26 08:15 . 2013-08-26 08:15 -------- d-----w- c:\windows\system32\MRT 2013-08-25 16:24 . 2013-08-25 16:32 -------- d-----w- C:\AdwCleaner 2013-08-25 11:33 . 2013-08-25 11:33 -------- d-----w- c:\users\Yarar-Bolle\AppData\Roaming\Malwarebytes 2013-08-25 11:32 . 2013-08-25 11:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-08-25 11:32 . 2013-08-25 11:32 -------- d-----w- c:\programdata\Malwarebytes 2013-08-25 11:32 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-08-25 11:32 . 2013-08-25 11:32 -------- d-----w- c:\users\Yarar-Bolle\AppData\Local\Programs . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-26 08:15 . 2012-10-21 08:32 78161360 ----a-w- c:\windows\system32\MRT.exe 2013-08-25 09:13 . 2012-10-20 23:51 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-08-25 09:13 . 2012-10-20 23:51 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-06-25 05:15 . 2013-06-25 05:15 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-06-25 05:15 . 2013-05-04 10:23 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-06-25 05:15 . 2013-05-04 10:23 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-06-24 08:24 . 2013-05-02 10:03 83672 ----a-w- c:\windows\system32\drivers\avnetflt.sys 2013-06-05 03:34 . 2013-07-11 17:03 3153920 ----a-w- c:\windows\system32\win32k.sys 2013-06-04 06:00 . 2013-07-11 17:03 624128 ----a-w- c:\windows\system32\qedit.dll 2013-06-04 04:53 . 2013-07-11 17:03 509440 ----a-w- c:\windows\SysWow64\qedit.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-07-16 39408] "Facebook Update"="c:\users\Yarar-Bolle\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-12-16 138096] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432] "GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2013-07-09 1093464] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440] "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608] "Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2011-12-20 507744] "332BigDog"="c:\program files (x86)\USB Camera2\VM332_STI.EXE" [2011-12-09 548864] "Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2012-01-26 4351712] "YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488] "YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-28 228448] "UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504] "VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2012-07-16 329056] "UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504] "LockKey"="c:\program files (x86)\LockKey\LockKey.exe" [2011-08-25 337776] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-06-24 345144] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="userinit.exe" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "midi2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" . R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 cmntnet;Wireless Data Device USB Ethernet Driver;c:\windows\system32\DRIVERS\cmntnet.sys;c:\windows\SYSNATIVE\DRIVERS\cmntnet.sys [x] R3 cmnuusbser;Mobile Connector USB Device for Serial Communication Device;c:\windows\system32\DRIVERS\cmnuusbser.sys;c:\windows\SYSNATIVE\DRIVERS\cmnuusbser.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe [x] R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x] R4 DamageGuard;DamageGuard;c:\windows\system32\DRIVERS\DamageGuardX64.sys;c:\windows\SYSNATIVE\DRIVERS\DamageGuardX64.sys [x] R4 DamageGuardSvc;Lenovo Instant Reset Service;c:\program files\Lenovo\Instant Reset\DamageGuardSvc.exe;c:\program files\Lenovo\Instant Reset\DamageGuardSvc.exe [x] R4 dgFltr;dgFltr;c:\windows\system32\drivers\dgFltrX64.sys;c:\windows\SYSNATIVE\drivers\dgFltrX64.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x] S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x] S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x] S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [x] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x] S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x] S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x] S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S2 WTGService;WTGService;c:\program files (x86)\XSManager\WTGService.exe;c:\program files (x86)\XSManager\WTGService.exe [x] S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x] S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x] S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x] S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x] S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x] S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x] S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x] S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x] S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] S3 vm332avs;Lenovo Camera2;c:\windows\system32\Drivers\vm332avs.sys;c:\windows\SYSNATIVE\Drivers\vm332avs.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-08-25 07:34 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2013-08-26 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-20 09:13] . 2013-08-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1404134543-573447042-494467149-1001Core.job - c:\users\Yarar-Bolle\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-16 17:12] . 2013-08-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1404134543-573447042-494467149-1001UA.job - c:\users\Yarar-Bolle\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-16 17:12] . 2013-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-16 12:03] . 2013-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-16 12:03] . 2013-08-26 c:\windows\Tasks\Uskobdwni.job - c:\windows\system32\rundll32.exe [2009-07-13 01:14] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp] @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}" [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}] 2012-02-14 22:52 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending] @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}" [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}] 2012-02-14 22:52 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot] @="{A759AFF6-5851-457D-A540-F4ECED148351}" [HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}] 2012-02-14 22:52 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared] @="{1574C9EF-7D58-488F-B358-8B78C1538F51}" [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}] 2012-02-14 22:52 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc] @="{771C7324-DA80-49D3-8017-753B0AF60951}" [HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}] 2012-07-16 12:03 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-02 170264] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-02 398616] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-02 440600] "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-12-15 564352] "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\btvstack.exe" [2012-04-28 1022592] "AthBtTray"="c:\program files (x86)\Bluetooth Suite\athbttray.exe" [2012-04-28 801920] "Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-07-16 8079408] "EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-07-16 6202416] "Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2012-07-16 206176] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.com uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000 LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Yarar-Bolle\AppData\Roaming\Mozilla\Firefox\Profiles\2jesth27.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.gmx.net/ . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-08-26 16:50:07 ComboFix-quarantined-files.txt 2013-08-26 14:50 . Vor Suchlauf: 11 Verzeichnis(se), 373.303.914.496 Bytes frei Nach Suchlauf: 20 Verzeichnis(se), 373.076.819.968 Bytes frei . - - End Of File - - 8F5C25E24069660C994F457411AFF3D9 Hallo Cosinus, ich glaube es hat geklappt! Ich kann nun ohne ihavenet-Weiterleitung surfen. Ich hoffe es bleibt so.... Vielen herzlichen Dank... |
27.08.2013, 09:02 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | ihavenet Trojaner Adware/Junkware/Toolbars entfernen 1. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
2. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
27.08.2013, 19:39 | #9 |
| ihavenet Trojaner ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.5.4 (08.22.2013:1) OS: Windows 7 Home Premium x64 Ran by Yarar-Bolle on 27.08.2013 at 20:11:45,00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\Yarar-Bolle\appdata\local\{27A23ACB-0798-4202-835E-30D0FA4770AD} Successfully deleted: [Empty Folder] C:\Users\Yarar-Bolle\appdata\local\{7CE190C0-EA31-467E-97B2-40ED278B1B3C} Successfully deleted: [Empty Folder] C:\Users\Yarar-Bolle\appdata\local\{9AABA5BE-B55D-4510-B013-B85EF2F94524} Successfully deleted: [Empty Folder] C:\Users\Yarar-Bolle\appdata\local\{B282F2D7-DFA1-4C5D-BBE3-B4B9C9C89EFE} Successfully deleted: [Empty Folder] C:\Users\Yarar-Bolle\appdata\local\{B4E49E2E-067E-4A9F-AC65-F5F0A794548E} Successfully deleted: [Empty Folder] C:\Users\Yarar-Bolle\appdata\local\{C663C540-5416-4B91-BF85-92C4B6834B10} Successfully deleted: [Empty Folder] C:\Users\Yarar-Bolle\appdata\local\{D0BDE2FB-80AE-4725-9A82-C3C4824B9A88} Successfully deleted: [Empty Folder] C:\Users\Yarar-Bolle\appdata\local\{FAB7FE17-65BC-42A4-B2C3-3675E11D6344} ~~~ FireFox Emptied folder: C:\Users\Yarar-Bolle\AppData\Roaming\mozilla\firefox\profiles\2jesth27.default\minidumps [86 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 27.08.2013 at 20:15:30,88 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-08-2013 03 Ran by Yarar-Bolle (administrator) on 27-08-2013 20:17:49 Running from C:\Users\Yarar-Bolle\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe () C:\Program Files (x86)\XSManager\WTGService.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE ( ) C:\Program Files (x86)\LockKey\LockKey.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe () C:\Program Files\lenovo\lenovo solution center\lsc.exe (Facebook Inc.) C:\Users\Yarar-Bolle\AppData\Local\Facebook\Update\FacebookUpdate.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe (Farbar) C:\Users\Yarar-Bolle\Downloads\FRST64(1).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [564352 2011-12-15] (Conexant Systems, Inc.) HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2809856 2012-01-16] (ELAN Microelectronics Corp.) HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\btvstack.exe [1022592 2012-04-28] (Atheros Communications) HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\athbttray.exe [801920 2012-04-28] (Atheros Commnucations) HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-07-16] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6202416 2012-07-16] (Lenovo(beijing) Limited) HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-07-16] (Lenovo) HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-07-16] (Google Inc.) HKCU\...\Run: [Facebook Update] - C:\Users\Yarar-Bolle\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-12-16] (Facebook Inc.) HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.) HKCU\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1093464 2013-07-09] (Garmin Ltd or its subsidiaries) HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation) HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-20] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [332BigDog] - C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [548864 2011-12-09] (Vimicro) HKLM-x32\...\Run: [Lenovo Registration] - C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2012-01-26] (Lenovo, Inc.) HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-28] (CyberLink) HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-28] (CyberLink Corp.) HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.) HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-07-16] (Lenovo) HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.) HKLM-x32\...\Run: [LockKey] - C:\Program Files (x86)\LockKey\LockKey.exe [337776 2011-08-25] ( ) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-24] (Avira Operations GmbH & Co. KG) HKU\Default\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52136 2012-11-14] (Lenovo) HKU\Default User\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52136 2012-11-14] (Lenovo) AppInit_DLLs: C:\Windows\System32\nvinitx.dll [260928 2012-05-01] (NVIDIA Corporation) AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll [215360 2012-05-01] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe (McAfee, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Yarar-Bolle\AppData\Roaming\Mozilla\Firefox\Profiles\2jesth27.default FF Homepage: hxxp://www.gmx.net/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.313\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\progra~2\mcafee\msc\npmcsn~1.dll No File FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\Video\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Yarar-Bolle\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] C:\Program Files (x86)\McAfee\SiteAdvisor FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] C:\Program Files (x86)\Common Files\McAfee\SystemCore Chrome: ======= CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN CHR RestoreOnStartup: "hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN" CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll No File CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Yarar-Bolle\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx ==================== Services (Whitelisted) ================= R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [371768 2013-06-24] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-24] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-24] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-06-24] (Avira Operations GmbH & Co. KG) S4 DamageGuardSvc; C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe [572976 2012-03-26] (Lenovo (Beijing) Limited) R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [219480 2013-07-09] (Garmin Ltd or its subsidiaries) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation) S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe [234776 2012-10-26] (McAfee, Inc.) R2 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [327392 2012-04-25] () R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [163456 2012-04-28] (Atheros) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-25] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-25] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-25] (Avira Operations GmbH & Co. KG) S3 cmntnet; C:\Windows\System32\DRIVERS\cmntnet.sys [141824 2013-01-17] (Wireless Data Device) S3 cmnuusbser; C:\Windows\System32\DRIVERS\cmnuusbser.sys [123904 2013-01-17] (Wireless Device) S4 DamageGuard; C:\Windows\System32\DRIVERS\DamageGuardX64.sys [217392 2012-02-10] (Lenovo) S4 dgFltr; C:\Windows\System32\drivers\dgFltrX64.sys [23648 2011-12-13] (Lenovo) R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104048 2012-03-02] (Qualcomm Atheros Co., Ltd.) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) U3 BcmSqlStartupSvc; U3 catchme; \??\C:\ComboFix\catchme.sys [x] U2 CLKMSVC10_3A60B698; U2 CLKMSVC10_C3B3B687; U2 DriverService; U2 iATAgentService; U2 idealife Update Service; U3 IGRS; U2 IviRegMgr; S0 mfewfpk; system32\drivers\mfewfpk.sys [x] U2 Oasis2Service; U2 PCCarerService; U2 ReadyComm.DirectRouter; U2 RichVideo; U2 RtLedService; U2 SeaPort; U2 SoftwareService; U3 SQLWriter; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-27 20:15 - 2013-08-27 20:15 - 00001667 _____ C:\Users\Yarar-Bolle\Desktop\JRT.txt 2013-08-27 20:11 - 2013-08-27 20:11 - 01021434 _____ (Thisisu) C:\Users\Yarar-Bolle\Downloads\JRT(1).exe 2013-08-27 20:11 - 2013-08-27 20:11 - 00000000 ____D C:\Windows\ERUNT 2013-08-26 16:50 - 2013-08-27 20:15 - 00000000 ____D C:\Users\Yarar-Bolle\Desktop\IHAVENET 2013-08-26 16:50 - 2013-08-26 16:50 - 00024036 _____ C:\ComboFix.txt 2013-08-26 16:44 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2013-08-26 16:44 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2013-08-26 16:44 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-08-26 16:44 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-08-26 16:44 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-08-26 16:44 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2013-08-26 16:44 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2013-08-26 16:44 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2013-08-26 14:10 - 2013-08-26 16:50 - 00000000 ____D C:\Qoobox 2013-08-26 14:10 - 2013-08-26 16:49 - 00000000 ____D C:\Windows\erdnt 2013-08-26 14:09 - 2013-08-26 14:10 - 05113393 ____R (Swearware) C:\Users\Yarar-Bolle\Downloads\ComboFix.exe 2013-08-26 12:37 - 2013-08-26 12:37 - 00023620 _____ C:\Users\Yarar-Bolle\Downloads\Addition.txt 2013-08-26 12:36 - 2013-08-26 12:36 - 01577068 _____ (Farbar) C:\Users\Yarar-Bolle\Downloads\FRST64.exe 2013-08-26 12:36 - 2013-08-26 12:36 - 00000000 ____D C:\FRST 2013-08-26 12:35 - 2013-08-26 12:35 - 01070979 _____ (Farbar) C:\Users\Yarar-Bolle\Downloads\FRST.exe 2013-08-26 12:18 - 2013-08-26 12:18 - 00003136 _____ C:\Windows\System32\Tasks\{2ED797D4-0750-46B5-8A0A-350C563DD575} 2013-08-26 10:20 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-08-26 10:20 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-08-26 10:20 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-08-26 10:20 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-08-26 10:20 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-08-26 10:20 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-08-26 10:20 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-08-26 10:20 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-08-26 10:20 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-08-26 10:20 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-08-26 10:20 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-08-26 10:20 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-08-26 10:20 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-08-26 10:20 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-08-26 10:20 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-08-26 10:20 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-08-26 10:20 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-08-26 10:20 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-08-26 10:20 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-08-26 10:20 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-08-26 10:20 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-08-26 10:20 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-08-26 10:20 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-08-26 10:20 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-08-26 10:20 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-08-26 10:20 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-08-26 10:20 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-08-26 10:20 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-08-26 10:20 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-08-26 10:20 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-08-26 10:20 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-08-26 10:15 - 2013-08-26 10:15 - 00000000 ____D C:\Windows\system32\MRT 2013-08-25 18:24 - 2013-08-25 18:32 - 00000000 ____D C:\AdwCleaner 2013-08-25 18:23 - 2013-08-25 18:23 - 00994642 _____ C:\Users\Yarar-Bolle\Downloads\AdwCleaner.exe 2013-08-25 13:33 - 2013-08-25 13:33 - 00000000 ____D C:\Users\Yarar-Bolle\AppData\Roaming\Malwarebytes 2013-08-25 13:32 - 2013-08-25 13:32 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-08-25 13:32 - 2013-08-25 13:32 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-08-25 13:32 - 2013-08-25 13:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-25 13:32 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-08-25 13:25 - 2013-08-25 13:25 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Yarar-Bolle\Downloads\mbam-setup-1.75.0.1300.exe 2013-08-25 13:02 - 2013-08-25 13:02 - 01021434 _____ (Thisisu) C:\Users\Yarar-Bolle\Downloads\JRT.exe 2013-08-25 12:53 - 2013-08-25 12:53 - 00714352 _____ C:\Users\Yarar-Bolle\Downloads\ZipOpenerSetup.exe 2013-08-25 09:45 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-08-25 09:45 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-08-25 09:45 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-08-25 09:45 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-08-25 09:45 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2013-08-25 09:45 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2013-08-25 09:45 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-08-25 09:45 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-08-25 09:45 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-08-25 09:45 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2013-08-25 09:45 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2013-08-25 09:45 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-08-25 09:45 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-08-25 09:45 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-08-25 09:45 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-08-25 09:45 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys ==================== One Month Modified Files and Folders ======= 2013-08-27 20:15 - 2013-08-27 20:15 - 00001667 _____ C:\Users\Yarar-Bolle\Desktop\JRT.txt 2013-08-27 20:15 - 2013-08-26 16:50 - 00000000 ____D C:\Users\Yarar-Bolle\Desktop\IHAVENET 2013-08-27 20:13 - 2012-10-21 01:51 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-27 20:11 - 2013-08-27 20:11 - 01021434 _____ (Thisisu) C:\Users\Yarar-Bolle\Downloads\JRT(1).exe 2013-08-27 20:11 - 2013-08-27 20:11 - 00000000 ____D C:\Windows\ERUNT 2013-08-27 20:11 - 2012-07-16 23:03 - 12180142 _____ C:\Windows\system32\perfh007.dat 2013-08-27 20:11 - 2012-07-16 23:03 - 03852526 _____ C:\Windows\system32\perfc007.dat 2013-08-27 20:11 - 2009-07-14 07:13 - 00005198 _____ C:\Windows\system32\PerfStringBackup.INI 2013-08-27 20:08 - 2012-10-20 21:10 - 01246119 _____ C:\FaceProv.log 2013-08-27 20:07 - 2012-12-16 19:12 - 00000952 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1404134543-573447042-494467149-1001UA.job 2013-08-27 20:07 - 2012-12-16 19:12 - 00000930 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1404134543-573447042-494467149-1001Core.job 2013-08-27 20:07 - 2012-07-16 14:03 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-08-27 09:44 - 2012-07-16 14:03 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-08-27 09:43 - 2012-07-16 13:17 - 01131544 _____ C:\Windows\WindowsUpdate.log 2013-08-26 16:50 - 2013-08-26 16:50 - 00024036 _____ C:\ComboFix.txt 2013-08-26 16:50 - 2013-08-26 14:10 - 00000000 ____D C:\Qoobox 2013-08-26 16:50 - 2009-07-14 05:20 - 00000000 ___HD C:\Users\Default 2013-08-26 16:49 - 2013-08-26 14:10 - 00000000 ____D C:\Windows\erdnt 2013-08-26 16:48 - 2013-07-05 23:15 - 00000312 _____ C:\Windows\Tasks\Uskobdwni.job 2013-08-26 16:48 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini 2013-08-26 16:36 - 2012-10-21 10:05 - 00000000 ____D C:\Users\Yarar-Bolle\AppData\Roaming\Skype 2013-08-26 16:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-08-26 14:10 - 2013-08-26 14:09 - 05113393 ____R (Swearware) C:\Users\Yarar-Bolle\Downloads\ComboFix.exe 2013-08-26 14:05 - 2012-07-16 14:03 - 00000000 ____D C:\ProgramData\VeriFace 2013-08-26 12:37 - 2013-08-26 12:37 - 00023620 _____ C:\Users\Yarar-Bolle\Downloads\Addition.txt 2013-08-26 12:36 - 2013-08-26 12:36 - 01577068 _____ (Farbar) C:\Users\Yarar-Bolle\Downloads\FRST64.exe 2013-08-26 12:36 - 2013-08-26 12:36 - 00000000 ____D C:\FRST 2013-08-26 12:35 - 2013-08-26 12:35 - 01070979 _____ (Farbar) C:\Users\Yarar-Bolle\Downloads\FRST.exe 2013-08-26 12:18 - 2013-08-26 12:18 - 00003136 _____ C:\Windows\System32\Tasks\{2ED797D4-0750-46B5-8A0A-350C563DD575} 2013-08-26 10:53 - 2012-07-16 14:05 - 01017186 _____ C:\Windows\system32\fastboot.set 2013-08-26 10:46 - 2009-07-14 06:45 - 00031840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-26 10:46 - 2009-07-14 06:45 - 00031840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-26 10:38 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-26 10:38 - 2009-07-14 06:51 - 00061227 _____ C:\Windows\setupact.log 2013-08-26 10:15 - 2013-08-26 10:15 - 00000000 ____D C:\Windows\system32\MRT 2013-08-26 10:15 - 2012-10-21 10:32 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-08-25 18:32 - 2013-08-25 18:24 - 00000000 ____D C:\AdwCleaner 2013-08-25 18:23 - 2013-08-25 18:23 - 00994642 _____ C:\Users\Yarar-Bolle\Downloads\AdwCleaner.exe 2013-08-25 13:45 - 2012-10-21 14:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-08-25 13:45 - 2010-11-21 05:47 - 00169078 _____ C:\Windows\PFRO.log 2013-08-25 13:33 - 2013-08-25 13:33 - 00000000 ____D C:\Users\Yarar-Bolle\AppData\Roaming\Malwarebytes 2013-08-25 13:32 - 2013-08-25 13:32 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-08-25 13:32 - 2013-08-25 13:32 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-08-25 13:32 - 2013-08-25 13:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-25 13:25 - 2013-08-25 13:25 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Yarar-Bolle\Downloads\mbam-setup-1.75.0.1300.exe 2013-08-25 13:02 - 2013-08-25 13:02 - 01021434 _____ (Thisisu) C:\Users\Yarar-Bolle\Downloads\JRT.exe 2013-08-25 12:53 - 2013-08-25 12:53 - 00714352 _____ C:\Users\Yarar-Bolle\Downloads\ZipOpenerSetup.exe 2013-08-25 11:14 - 2013-07-03 16:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-08-25 11:13 - 2012-10-21 01:51 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-08-25 11:13 - 2012-10-21 01:51 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-08-25 11:13 - 2012-10-21 01:51 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-08-25 11:13 - 2012-10-20 21:24 - 00000000 ____D C:\Users\Yarar-Bolle\Documents\Bluetooth Folder 2013-08-25 09:34 - 2012-07-16 14:04 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-08-25 09:31 - 2012-07-16 14:03 - 00000000 ____D C:\Program Files (x86)\Google Files to move or delete: ==================== C:\Users\YARAR-~1\AppData\Local\Temp\jrt\erunt\ERUNT.EXE ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-08-25 10:05 ==================== End Of Log ============================ --- --- --- Addition. txt kann ich nicht finden. Soll ich weiter suchen? Vielen Dank nochmal.... xyarar Addition.txt habe ich nach dem 2. Scnannen erzeugt. Bitte siehe unten... Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-08-2013 03 Ran by Yarar-Bolle at 2013-08-27 20:32:43 Running from C:\Users\Yarar-Bolle\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 7-Zip 9.20 (x32) Adobe AIR (x32 Version: 3.7.0.1860) Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94) Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7) Apple Application Support (x32 Version: 2.3.4) Apple Mobile Device Support (Version: 6.0.0.59) Apple Software Update (x32 Version: 2.1.3.127) Atheros Bluetooth Suite (64) (Version: 7.4.0.135) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.0.14.15) Atheros WLAN Client Installation Program (x32 Version: 9.0) Audible Download Manager (x32 Version: 6.6.0.15) Avira Antivirus Premium (x32 Version: 13.0.0.3885) Benutzerhandbuch (x32 Version: 1.0.0.6) Bonjour (Version: 3.0.0.10) Conexant HD Audio (Version: 8.54.32.50) D3DX10 (x32 Version: 15.4.2368.0902) DeepBurner v1.9.0.228 (x32) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32) Dialang V1 Beta (x32) Dolby Advanced Audio v2 (x32 Version: 7.2.7000.11) dows-Treiberpaket - Lenovo (ACPIVPC) System (12/15/2011 7.1.0.1) (Version: 12/15/2011 7.1.0.1) Druckerdeinstallation für EPSON SX420W Series Elevated Installer (x32 Version: 2.2.16) Energy Management (x32 Version: 7.0.4.1) English Coach 3D 2 (x32 Version: 1.00.000) EpsonNet Print (x32 Version: 2.5.00) EpsonNet Setup 3.3 (x32 Version: 3.3b) Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287) Free YouTube Download version 3.2.5.628 (x32 Version: 3.2.5.628) Garmin Express (x32 Version: 2.2.16) Garmin Express Tray (x32 Version: 2.2.16) Garmin Update Service (x32 Version: 2.2.16) Google Chrome (x32 Version: 29.0.1547.57) Google Earth Plug-in (x32 Version: 7.1.1.1888) Google Toolbar for Internet Explorer (x32 Version: 1.0.0) Google Toolbar for Internet Explorer (x32 Version: 7.5.4413.1752) Google Update Helper (x32 Version: 1.3.21.153) Intel(R) Control Center (x32 Version: 1.2.1.1007) Intel(R) Management Engine Components (x32 Version: 8.0.3.1427) Intel(R) OpenCL CPU Runtime (x32) Intel(R) Processor Graphics (x32 Version: 8.15.10.2656) Intel(R) Rapid Storage Technology (x32 Version: 11.0.0.1032) Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.4.220) Intel® Trusted Connect Service Client (Version: 1.23.605.1) iTunes (Version: 10.7.0.21) Janosch Vorschule (x32 Version: 1.00.0000) Java 7 Update 25 (x32 Version: 7.0.250) Java Auto Updater (x32 Version: 2.1.9.5) Junk Mail filter update (x32 Version: 15.4.3502.0922) Klett Lehrersoftware Orange Line (x32) Konz 2013 (x32 Version: 1.00.0000) Lenovo EasyCamera (x32 Version: 1.12.204.1) Lenovo EE Boot Optimizer (Version: 0.0.1.9) Lenovo OneKey Recovery (Version: 7.0.0.3712) Lenovo OneKey Recovery (x32 Version: 7.0.0.3712) Lenovo pointing device (Version: 10.4.2.8) Lenovo Registration (x32 Version: 1.0.4) Lenovo Solution Center (Version: 2.0.013.00) Lenovo Welcome (x32 Version: 3.1.0011.00) Lenovo YouCam (x32 Version: 3.1.3728) LibreOffice 4.0 Help Pack (German) (x32 Version: 4.0.3.3) LibreOffice 4.0.3.3 (x32 Version: 4.0.3.3) LockKey (x32 Version: 1.38.1.2) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) MatchWare Mediator 8.0 Pro (x32 Version: 8.0.101) McAfee Security Scan Plus (x32 Version: 3.0.313.1) Mesh Runtime (x32 Version: 15.4.5722.2) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office 2010 Service Pack 1 (SP1) (x32) Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft Speech Recognition Engine 4.0 (English) (x32) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1) Mozilla Maintenance Service (x32 Version: 23.0.1) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) NVIDIA Grafiktreiber 296.73 (Version: 296.73) NVIDIA Install Application (Version: 2.1002.62.312) NVIDIA Optimus 1.7.13 (Version: 1.7.13) NVIDIA PhysX (x32 Version: 9.12.0213) NVIDIA PhysX-Systemsoftware 9.12.0213 (Version: 9.12.0213) NVIDIA Systemsteuerung 296.73 (Version: 296.73) NVIDIA Update 1.7.13 (Version: 1.7.13) NVIDIA Update Components (Version: 1.7.13) Power2Go (x32 Version: 5.6.0.7303) QuickTime (x32 Version: 7.74.80.86) Realtek USB 2.0 Reader Driver (x32 Version: 6.1.7601.39016) Scratch (x32 Version: 1.4.0.0) Skype™ 6.6 (x32 Version: 6.6.106) Steuer 2012 (x32 Version: 20.00.8137) SugarSync Manager (x32 Version: 1.9.49.86082) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft Office 2010 (KB2553065) (x32) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2566458) (x32) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32) Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32) UserGuide (x32 Version: 1.0.0.6) VeriFace (x32 Version: 4.0.1.1230) VLC media player 2.0.7 (x32 Version: 2.0.7) Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3508.1109) Windows Live Family Safety (Version: 15.4.3502.0922) Windows Live Fotogalerie (x32 Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4225.0) Windows Live Installer (x32 Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3508.1109) Windows Live Mail (x32 Version: 15.4.3502.0922) Windows Live Mesh (x32 Version: 15.4.3502.0922) Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2) Windows Live Messenger (x32 Version: 15.4.3502.0922) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) Windows Live PIMT Platform (x32 Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (x32 Version: 15.4.3502.0922) Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Windows Live UX Platform (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109) Windows Live Writer (x32 Version: 15.4.3502.0922) Windows Live Writer Resources (x32 Version: 15.4.3502.0922) WinZip 17.0 (x32 Version: 17.0.10381) XSManager (x32 Version: 3.2) ==================== Restore Points ========================= 25-08-2013 12:17:54 Geplanter Prüfpunkt 26-08-2013 08:14:31 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:34 - 2013-08-26 16:48 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {21E7D913-EE1C-43A1-8E97-CB23CBC2C85B} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {28E9DF42-64C7-4474-9656-4C27A086964B} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2012-11-14] (Lenovo) Task: {290199AF-6F0A-4BE0-817C-48C661A1F9D5} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1404134543-573447042-494467149-1001UA => C:\Users\Yarar-Bolle\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-16] (Facebook Inc.) Task: {2D30DCD9-52F3-4906-890C-F1BA539369F7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-25] (Adobe Systems Incorporated) Task: {4742EA67-52B5-4492-9CEB-44FDB903086A} - \EPUpdater No Task File Task: {60C77A7D-ABEA-4498-9CFF-46FDC4FDBA50} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-28] (CyberLink) Task: {62BE0D35-9130-4A2B-A2E9-B5929CC8EB5F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1404134543-573447042-494467149-1001Core => C:\Users\Yarar-Bolle\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-16] (Facebook Inc.) Task: {66AE9FD6-FCAB-4F95-8F3B-9B27F56C8638} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-16] (Google Inc.) Task: {852783E6-95CD-42FE-A111-D47A373B4613} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation) Task: {8825082A-CBFB-4B7D-8374-4D474BA1A920} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation) Task: {9E154C0C-8C5E-4F4C-AE85-263B7A8750F3} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\lsc.exe [2012-11-14] () Task: {A1D60D55-A6B8-401B-BC05-2938E02DF2F2} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe No File Task: {B0965431-1B44-4C70-BD80-765616B8E231} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation) Task: {B5A39511-BAF2-46A2-B3DD-1DA1867C8DF7} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-21] (Microsoft Corporation) Task: {CB97AA37-A96A-4376-BA5B-80C587A42E33} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated) Task: {CF13785D-B977-4040-8868-91EF11E1E78F} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2012-11-14] () Task: {D465CFD6-7069-4287-8822-E3BC1BA3658E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {DB94E709-5931-477D-97FE-F37DB86D6A65} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-16] (Google Inc.) Task: {DEBE8B83-808B-4AFF-812E-2CF485BEA3BF} - System32\Tasks\{DFB7A203-80D9-47D1-938E-A013BD6A02A3} => c:\program files (x86)\internet explorer\iexplore.exe [2013-07-26] (Microsoft Corporation) Task: {E7CEC1FF-2BBA-48A8-AC49-293B5DC83EFA} - System32\Tasks\Uskobdwni => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1404134543-573447042-494467149-1001Core.job => C:\Users\Yarar-Bolle\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1404134543-573447042-494467149-1001UA.job => C:\Users\Yarar-Bolle\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Uskobdwni.job => C:\Windows\SysWOW64\C_1148T.dll ==================== Alternate Data Streams (whitelisted) ========== ==================== Faulty Device Manager Devices ============= Name: Microsoft-6zu4-Adapter Description: Microsoft-6zu4-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2013-08-26 16:48:26.903 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-08-26 16:48:26.872 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. |
27.08.2013, 19:39 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | ihavenet Trojaner Ab dem 2. Scan muss bei FRST ein Haken bei addition gesetzt werden. Sonst erstellt es nur das "normale" Log
__________________ Logfiles bitte immer in CODE-Tags posten |
27.08.2013, 19:42 | #11 |
| ihavenet Trojaner und nun? |
27.08.2013, 19:46 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | ihavenet Trojaner Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Windows\Tasks\Uskobdwni.job C:\Users\YARAR-~1\AppData\Local\Temp\Quarantine.exe C:\Users\YARAR-~1\AppData\Local\Temp\MSS\3.0.313.1\mcbrwsr2.dll C:\Users\YARAR-~1\AppData\Local\Temp\MSS\3.0.313.1\McInstallerRes.dll C:\Users\YARAR-~1\AppData\Local\Temp\MSS\3.0.313.1\McInstallerRes_LD.dll C:\Users\YARAR-~1\AppData\Local\Temp\MSS\3.0.313.1\McInstallerStartup.dll C:\Users\YARAR-~1\AppData\Local\Temp\MSS\3.0.313.1\McUICnt.exe C:\Users\YARAR-~1\AppData\Local\Temp\MSS\3.0.313.1\SecurityScanner.dll C:\Users\YARAR-~1\AppData\Local\Temp\jrt\erunt\ERUNT.EXE Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
28.08.2013, 12:57 | #13 |
| ihavenet Trojaner Nun hast du auch fixlog.txt: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-08-2013 Ran by Yarar-Bolle at 2013-08-28 13:53:56 Run:1 Running from C:\Users\Yarar-Bolle\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Windows\Tasks\Uskobdwni.job C:\Users\YARAR-~1\AppData\Local\Temp\Quarantine.exe C:\Users\YARAR-~1\AppData\Local\Temp\MSS\3.0.313.1\mcbrwsr2.dll C:\Users\YARAR-~1\AppData\Local\Temp\MSS\3.0.313.1\McInstallerRes.dll C:\Users\YARAR-~1\AppData\Local\Temp\MSS\3.0.313.1\McInstallerRes_LD.dll C:\Users\YARAR-~1\AppData\Local\Temp\MSS\3.0.313.1\McInstallerStartup.dll C:\Users\YARAR-~1\AppData\Local\Temp\MSS\3.0.313.1\McUICnt.exe C:\Users\YARAR-~1\AppData\Local\Temp\MSS\3.0.313.1\SecurityScanner.dll C:\Users\YARAR-~1\AppData\Local\Temp\jrt\erunt\ERUNT.EXE ***************** C:\Windows\Tasks\Uskobdwni.job => Moved successfully. "C:\Users\YARAR-~1\AppData\Local\Temp\Quarantine.exe" => File/Directory not found. "C:\Users\YARAR-~1\AppData\Local\Temp\MSS\3.0.313.1\mcbrwsr2.dll" => File/Directory not found. "C:\Users\YARAR-~1\AppData\Local\Temp\MSS\3.0.313.1\McInstallerRes.dll" => File/Directory not found. "C:\Users\YARAR-~1\AppData\Local\Temp\MSS\3.0.313.1\McInstallerRes_LD.dll" => File/Directory not found. "C:\Users\YARAR-~1\AppData\Local\Temp\MSS\3.0.313.1\McInstallerStartup.dll" => File/Directory not found. "C:\Users\YARAR-~1\AppData\Local\Temp\MSS\3.0.313.1\McUICnt.exe" => File/Directory not found. "C:\Users\YARAR-~1\AppData\Local\Temp\MSS\3.0.313.1\SecurityScanner.dll" => File/Directory not found. C:\Users\YARAR-~1\AppData\Local\Temp\jrt\erunt\ERUNT.EXE => Moved successfully. ==== End of Fixlog ==== |
28.08.2013, 14:20 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | ihavenet Trojaner Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM) Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
28.08.2013, 21:19 | #15 |
| ihavenet Trojaner Herzlichen Dank, Cosinus...hxxp://www.trojaner-board.de/images/smilies/party.gif |
Themen zu ihavenet Trojaner |
appdata, c:\windows, datei, explorer, firefox, google, hilfe!, home, ihavenet virus trojaner windows, internet, internet explorer, kopieren, laptop, microsoft, mozilla, ohne internet, opera, registry, roaming, services, software, system, system32, trojaner, video, web, windows |