Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows 7: Sicherheitswarnung vom Telekom-Abuse-Team und Malwarebyte-Funde

Windows 7: Sicherheitswarnung vom Telekom-Abuse-Team und Malwarebyte-Funde


Log-Analyse und Auswertung: Windows 7: Sicherheitswarnung vom Telekom-Abuse-Team und Malwarebyte-Funde

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 29.08.2013, 13:15   #5
mummb
 
Windows 7: Sicherheitswarnung vom Telekom-Abuse-Team und Malwarebyte-Funde - Standard

Windows 7: Sicherheitswarnung vom Telekom-Abuse-Team und Malwarebyte-Funde


Hallo Schrauber,

hier der Reihe nach die Logfiles
Malwarebytes
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.29.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Admin :: MEYER-PC [Administrator]

29.08.2013 09:22:19
mbam-log-2013-08-29 (09-22-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 536561
Laufzeit: 1 Stunde(n), 27 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
AdwCleaner

Code:
ATTFilter
# AdwCleaner v3.001 - Report created 29/08/2013 at 13:22:53
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Admin - MEYER-PC
# Running from : C:\Users\Admin\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AlawarEntertainment
Folder Deleted : C:\ProgramData\AlawarWrapper
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Meyer\AppData\Local\AlawarWrapper
Folder Deleted : C:\Users\Meyer\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\Meyer\AppData\Roaming\AlawarEntertainment
Folder Deleted : C:\Users\Admin\AppData\Local\AlawarWrapper
Folder Deleted : C:\Users\Admin\AppData\Roaming\AlawarEntertainment
File Deleted : C:\END
File Deleted : C:\Users\Meyer\AppData\Roaming\Mozilla\Firefox\Profiles\hovy39sj.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_librecad_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_librecad_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v23.0.1 (de)

[ File : C:\Users\Meyer\AppData\Roaming\Mozilla\Firefox\Profiles\hovy39sj.default\prefs.js ]


[ File : C:\Users\MGC\AppData\Roaming\Mozilla\Firefox\Profiles\3skir939.default\prefs.js ]


[ File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol5rs76.default\prefs.js ]


[ File : C:\Users\Benni\AppData\Roaming\Mozilla\Firefox\Profiles\5uidnmtr.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2653 octets] - [29/08/2013 13:21:45]
AdwCleaner[S0].txt - [2438 octets] - [29/08/2013 13:22:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2498 octets] ##########
JRT
JRT Logfile:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.5 (08.28.2013:1)
OS: Windows 7 Professional x64
Ran by Admin on 29.08.2013 at 14:03:19,41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.08.2013 at 14:08:43,72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- --- ---


und FRST


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-08-2013
Ran by Admin (administrator) on 29-08-2013 13:51:08
Running from C:\Users\Admin\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(iAnywhere Solutions, Inc.) C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] - C:\Program Files\Classic Shell\ClassicStartMenu.exe [160256 2012-10-28] (IvoSoft)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403888 2012-08-23] (Acronis)
HKLM-x32\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [524288 2008-08-11] ()
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6049096 2012-08-23] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] - C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [943856 2012-07-24] (Acronis)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LexwareInfoService] - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [UpdatePDRShortCut] - C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Taskmgr.lnk
ShortcutTarget: Taskmgr.lnk -> C:\Windows\System32\taskmgr.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.alawarspiele.de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol5rs76.default
FF Homepage: https://bay150.mail.live.com/default.aspx?id=64855
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==================== Services (Whitelisted) =================

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [371768 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 Lexware_Professional_Datenbank; C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe [83248 2011-06-29] (iAnywhere Solutions, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-04-17] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1227800 2013-04-18] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659992 2013-04-18] (Secunia)
R2 StarMoney 7.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 StarMoney 8.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143072 2012-05-29] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-28] (Avira Operations GmbH & Co. KG)
R3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [79872 2009-06-10] (AVM GmbH)
R2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [54072 2007-10-22] (Samsung Electronics)
R2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [54072 2007-10-22] (Samsung Electronics)
R3 FUS2BASE; C:\Windows\System32\DRIVERS\fus2base.sys [696832 2009-06-10] (AVM Berlin)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-04-18] (Secunia)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [1093256 2013-01-09] (Acronis)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2011-11-08] (TuneUp Software)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [166024 2013-01-09] (Acronis)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-29 13:34 - 2013-08-29 13:34 - 00000000 ____D C:\Windows\ERUNT
2013-08-29 13:31 - 2013-08-29 13:31 - 01023533 _____ (Thisisu) C:\Users\Admin\Downloads\JRT.exe
2013-08-29 13:21 - 2013-08-29 13:23 - 00000000 ____D C:\AdwCleaner
2013-08-29 09:54 - 2013-08-29 09:55 - 00994642 _____ C:\Users\Admin\Downloads\adwcleaner.exe
2013-08-29 09:18 - 2013-08-29 09:18 - 00026416 _____ C:\Users\Meyer\Documents\AVSCAN-20130828-203650-9E2DD70F.LOG
2013-08-28 18:26 - 2013-08-28 18:26 - 00000552 _____ C:\Windows\PFRO.log
2013-08-28 18:06 - 2013-08-28 18:06 - 00025343 _____ C:\Users\Admin\Downloads\ComboFix.txt
2013-08-28 17:43 - 2013-08-28 18:06 - 00000000 ____D C:\Qoobox
2013-08-28 17:43 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-28 17:43 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-28 17:43 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-28 17:43 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-28 17:43 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-28 17:43 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-28 17:43 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-28 17:43 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-28 17:42 - 2013-08-28 18:04 - 00000000 ____D C:\Windows\erdnt
2013-08-28 17:41 - 2013-08-28 17:41 - 05114728 ____R (Swearware) C:\Users\Admin\Downloads\ComboFix.exe
2013-08-28 17:14 - 2013-08-28 17:14 - 00003619 _____ C:\Users\Admin\Downloads\gmer.txt
2013-08-28 16:48 - 2013-08-28 16:48 - 00377856 _____ C:\Users\Admin\Downloads\gmer_2.1.19163.exe
2013-08-28 15:47 - 2013-08-29 13:27 - 00000728 _____ C:\Windows\setupact.log
2013-08-28 15:47 - 2013-08-28 15:47 - 00000000 _____ C:\Windows\setuperr.log
2013-08-28 14:45 - 2013-08-28 14:45 - 00020321 _____ C:\Users\Admin\Downloads\Addition.txt
2013-08-28 14:43 - 2013-08-28 14:43 - 00000000 ____D C:\FRST
2013-08-28 14:41 - 2013-08-28 14:41 - 00000472 _____ C:\Users\Admin\Downloads\defogger_disable.log
2013-08-28 14:41 - 2013-08-28 14:41 - 00000000 _____ C:\Users\Admin\defogger_reenable
2013-08-28 14:22 - 2013-08-28 14:23 - 01579080 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2013-08-28 14:16 - 2013-08-28 14:16 - 00050477 _____ C:\Users\Admin\Downloads\Defogger.exe
2013-08-28 13:26 - 2013-08-28 13:26 - 00000000 ____D C:\Users\Admin\AppData\Roaming\TeamViewer
2013-08-28 11:42 - 2013-08-28 11:42 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-28 11:42 - 2013-08-28 11:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-28 11:42 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-28 11:41 - 2013-08-28 11:41 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Admin\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-26 14:40 - 2013-08-26 14:43 - 00000000 ____D C:\Users\Benni\AppData\Roaming\Mozilla
2013-08-26 14:40 - 2013-08-26 14:40 - 00000000 ____D C:\Users\Benni\AppData\Roaming\Apple Computer
2013-08-26 14:40 - 2013-08-26 14:40 - 00000000 ____D C:\Users\Benni\AppData\Local\Mozilla
2013-08-22 15:31 - 2013-08-22 15:31 - 00027648 _____ C:\Users\Meyer\Documents\Kopie von Zimmereinteilung.xls
2013-08-21 22:14 - 2013-08-21 22:14 - 00000000 ____D C:\Users\Meyer\AppData\Roaming\WeatherLord
2013-08-21 19:09 - 2013-08-21 19:09 - 00000000 ____D C:\Users\Admin\AppData\Roaming\WeatherLord
2013-08-21 19:09 - 2013-08-21 19:09 - 00000000 ____D C:\ProgramData\WeatherLord
2013-08-19 16:58 - 2013-08-19 16:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-18 16:10 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-18 16:10 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-18 16:10 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-18 16:10 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-18 16:10 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-18 16:10 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-18 16:10 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-18 16:10 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-18 16:10 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-18 16:10 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-18 16:10 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-18 16:10 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-18 16:10 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-18 16:10 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-18 16:10 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-18 16:10 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-18 16:10 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-18 16:10 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-18 16:10 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-18 16:10 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-18 16:10 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-18 16:10 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-18 16:10 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-18 16:10 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-18 16:10 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-18 16:10 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-18 16:10 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-18 16:10 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-18 16:10 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-18 16:10 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-18 16:10 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-18 16:01 - 2013-08-18 16:05 - 00000000 ____D C:\Windows\system32\MRT
2013-08-18 15:51 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-18 15:51 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-18 15:48 - 2013-08-18 15:48 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Apple Computer
2013-08-18 15:30 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-18 15:30 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-18 15:30 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-18 15:30 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-18 15:30 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-18 15:30 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-18 15:30 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-18 15:30 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-18 15:30 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-18 15:30 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-18 15:30 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-18 00:09 - 2013-08-18 00:09 - 00000000 ____D C:\Users\Meyer\AppData\Local\Apple
2013-08-17 23:54 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-17 23:54 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-17 23:54 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-17 23:54 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-17 23:54 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-17 23:54 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-17 23:54 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-17 23:54 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-17 22:12 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-17 22:12 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-17 22:11 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-17 22:11 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-17 22:11 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-17 22:06 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-17 21:47 - 2013-08-17 21:50 - 00903449 _____ C:\Users\Meyer\Downloads\jxpiinstall.exe
2013-07-31 21:45 - 2013-07-31 21:45 - 00000000 ____D C:\Users\MGC\AppData\Roaming\Apple Computer
2013-07-31 11:31 - 2013-07-31 11:32 - 00000000 ____D C:\Users\Meyer\AppData\Roaming\Apple Computer
2013-07-31 11:31 - 2013-07-31 11:31 - 00001791 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-07-31 11:31 - 2013-07-31 11:31 - 00000000 ____D C:\Users\Meyer\AppData\Local\Apple Computer
2013-07-31 11:31 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2013-07-31 11:30 - 2013-07-31 11:30 - 00000000 ____D C:\ProgramData\Apple Computer
2013-07-31 11:30 - 2013-07-31 11:30 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-31 11:30 - 2013-07-31 11:30 - 00000000 ____D C:\Program Files\iTunes
2013-07-31 11:30 - 2013-07-31 11:30 - 00000000 ____D C:\Program Files\iPod
2013-07-31 11:30 - 2013-07-31 11:30 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-07-31 11:27 - 2013-07-31 11:27 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2013-07-31 11:27 - 2013-07-31 11:27 - 00000000 ____D C:\Users\Admin\AppData\Local\Apple
2013-07-31 11:27 - 2013-07-31 11:27 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-07-31 11:26 - 2013-07-31 11:26 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-07-31 11:26 - 2013-07-31 11:26 - 00000000 ____D C:\Program Files\Bonjour
2013-07-31 11:26 - 2013-07-31 11:26 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-07-31 11:25 - 2013-07-31 11:27 - 00000000 ____D C:\ProgramData\Apple
2013-07-31 10:00 - 2013-07-31 11:20 - 00000000 ____D C:\Users\Meyer\Downloads\Apple
2013-07-31 09:56 - 2013-07-31 11:32 - 00000000 ____D C:\Users\Meyer\AppData\Roaming\DiskAid
2013-07-31 09:56 - 2013-07-31 09:56 - 00001043 _____ C:\Users\Public\Desktop\DiskAid.lnk
2013-07-31 09:56 - 2013-07-31 09:56 - 00000000 ____D C:\Program Files (x86)\DigiDNA

==================== One Month Modified Files and Folders =======

2013-08-29 13:39 - 2013-08-29 13:39 - 00000756 _____ C:\Users\Admin\Desktop\JRT.txt
2013-08-29 13:36 - 2009-07-14 06:45 - 00015136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-29 13:36 - 2009-07-14 06:45 - 00015136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-29 13:34 - 2013-08-29 13:34 - 00000000 ____D C:\Windows\ERUNT
2013-08-29 13:31 - 2013-08-29 13:31 - 01023533 _____ (Thisisu) C:\Users\Admin\Downloads\JRT.exe
2013-08-29 13:27 - 2013-08-28 15:47 - 00000728 _____ C:\Windows\setupact.log
2013-08-29 13:27 - 2012-11-27 11:48 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2013-08-29 13:27 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-29 13:25 - 2012-11-21 13:38 - 01098662 _____ C:\Windows\WindowsUpdate.log
2013-08-29 13:23 - 2013-08-29 13:21 - 00000000 ____D C:\AdwCleaner
2013-08-29 13:00 - 2012-11-21 20:48 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-29 10:37 - 2013-01-10 14:50 - 00000000 ____D C:\Users\Admin\AppData\Local\VirtualStore
2013-08-29 09:55 - 2013-08-29 09:54 - 00994642 _____ C:\Users\Admin\Downloads\adwcleaner.exe
2013-08-29 09:18 - 2013-08-29 09:18 - 00026416 _____ C:\Users\Meyer\Documents\AVSCAN-20130828-203650-9E2DD70F.LOG
2013-08-29 09:16 - 2013-06-21 12:35 - 00012610 _____ C:\Users\Meyer\Documents\Gewicht.xlsx
2013-08-28 19:33 - 2012-11-28 11:55 - 00011181 _____ C:\Users\Meyer\AppData\Roaming\SmarThruOptions.xml
2013-08-28 19:12 - 2012-11-27 15:03 - 00000000 ____D C:\Program Files (x86)\StarMoney 8.0 S-Edition
2013-08-28 18:26 - 2013-08-28 18:26 - 00000552 _____ C:\Windows\PFRO.log
2013-08-28 18:25 - 2013-01-09 09:45 - 00000000 ____D C:\Users\Admin
2013-08-28 18:06 - 2013-08-28 18:06 - 00025343 _____ C:\Users\Admin\Downloads\ComboFix.txt
2013-08-28 18:06 - 2013-08-28 17:43 - 00000000 ____D C:\Qoobox
2013-08-28 18:04 - 2013-08-28 17:42 - 00000000 ____D C:\Windows\erdnt
2013-08-28 18:03 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-08-28 17:41 - 2013-08-28 17:41 - 05114728 ____R (Swearware) C:\Users\Admin\Downloads\ComboFix.exe
2013-08-28 17:39 - 2012-11-27 19:37 - 00000000 ____D C:\Users\Meyer\AppData\Roaming\Skype
2013-08-28 17:15 - 2012-11-21 13:43 - 00000000 ____D C:\Users\Meyer
2013-08-28 17:14 - 2013-08-28 17:14 - 00003619 _____ C:\Users\Admin\Downloads\gmer.txt
2013-08-28 16:48 - 2013-08-28 16:48 - 00377856 _____ C:\Users\Admin\Downloads\gmer_2.1.19163.exe
2013-08-28 15:47 - 2013-08-28 15:47 - 00000000 _____ C:\Windows\setuperr.log
2013-08-28 15:19 - 2012-11-22 01:00 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{DEFEEBAB-E89C-4DFD-9611-91D4E5A9AABC}
2013-08-28 14:58 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-28 14:45 - 2013-08-28 14:45 - 00020321 _____ C:\Users\Admin\Downloads\Addition.txt
2013-08-28 14:43 - 2013-08-28 14:43 - 00000000 ____D C:\FRST
2013-08-28 14:41 - 2013-08-28 14:41 - 00000472 _____ C:\Users\Admin\Downloads\defogger_disable.log
2013-08-28 14:41 - 2013-08-28 14:41 - 00000000 _____ C:\Users\Admin\defogger_reenable
2013-08-28 14:39 - 2012-11-21 13:35 - 00000000 ____D C:\Windows\Panther
2013-08-28 14:23 - 2013-08-28 14:22 - 01579080 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2013-08-28 14:16 - 2013-08-28 14:16 - 00050477 _____ C:\Users\Admin\Downloads\Defogger.exe
2013-08-28 13:26 - 2013-08-28 13:26 - 00000000 ____D C:\Users\Admin\AppData\Roaming\TeamViewer
2013-08-28 13:23 - 2013-01-16 16:30 - 00000000 ____D C:\Users\Meyer\Documents\Spiele
2013-08-28 11:42 - 2013-08-28 11:42 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-28 11:42 - 2013-08-28 11:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-28 11:41 - 2013-08-28 11:41 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Admin\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-28 11:29 - 2013-01-16 16:36 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jetztspielen.de
2013-08-28 11:27 - 2012-11-22 13:31 - 00000000 ____D C:\ProgramData\Lexware
2013-08-27 16:06 - 2005-04-01 09:38 - 00000000 ____D C:\Users\Meyer\Documents\Stunden
2013-08-26 14:58 - 2009-07-14 19:58 - 00709156 _____ C:\Windows\system32\perfh007.dat
2013-08-26 14:58 - 2009-07-14 19:58 - 00153592 _____ C:\Windows\system32\perfc007.dat
2013-08-26 14:58 - 2009-07-14 07:13 - 01647128 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-26 14:51 - 2012-11-27 10:11 - 00000000 ____D C:\Users\Meyer\AppData\Local\CrashDumps
2013-08-26 14:43 - 2013-08-26 14:40 - 00000000 ____D C:\Users\Benni\AppData\Roaming\Mozilla
2013-08-26 14:40 - 2013-08-26 14:40 - 00000000 ____D C:\Users\Benni\AppData\Roaming\Apple Computer
2013-08-26 14:40 - 2013-08-26 14:40 - 00000000 ____D C:\Users\Benni\AppData\Local\Mozilla
2013-08-26 14:40 - 2013-07-05 23:01 - 00002851 _____ C:\Users\Benni\Desktop\CyberLink PowerDirector.lnk
2013-08-25 17:16 - 2013-01-07 11:12 - 00000000 ____D C:\Users\Meyer\Documents\Appener Weg
2013-08-24 17:32 - 2012-11-23 00:20 - 00045056 _____ C:\Users\Meyer\Documents\Geschenke.xls
2013-08-24 13:25 - 2012-11-21 19:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-22 15:31 - 2013-08-22 15:31 - 00027648 _____ C:\Users\Meyer\Documents\Kopie von Zimmereinteilung.xls
2013-08-21 22:14 - 2013-08-21 22:14 - 00000000 ____D C:\Users\Meyer\AppData\Roaming\WeatherLord
2013-08-21 19:09 - 2013-08-21 19:09 - 00000000 ____D C:\Users\Admin\AppData\Roaming\WeatherLord
2013-08-21 19:09 - 2013-08-21 19:09 - 00000000 ____D C:\ProgramData\WeatherLord
2013-08-19 16:58 - 2013-08-19 16:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-19 08:56 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Help
2013-08-19 08:26 - 2013-02-22 00:49 - 00001083 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-18 16:06 - 2012-11-22 09:56 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-18 16:05 - 2013-08-18 16:01 - 00000000 ____D C:\Windows\system32\MRT
2013-08-18 16:01 - 2012-11-21 18:01 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-18 15:48 - 2013-08-18 15:48 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Apple Computer
2013-08-18 04:10 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-18 00:09 - 2013-08-18 00:09 - 00000000 ____D C:\Users\Meyer\AppData\Local\Apple
2013-08-17 21:50 - 2013-08-17 21:47 - 00903449 _____ C:\Users\Meyer\Downloads\jxpiinstall.exe
2013-08-01 16:27 - 2013-03-26 20:27 - 00011316 _____ C:\Users\Meyer\Documents\Kleidung.xlsx
2013-07-31 21:47 - 2012-12-31 00:27 - 00010900 _____ C:\Users\MGC\AppData\Roaming\SmarThruOptions.xml
2013-07-31 21:45 - 2013-07-31 21:45 - 00000000 ____D C:\Users\MGC\AppData\Roaming\Apple Computer
2013-07-31 21:45 - 2013-07-05 23:01 - 00002851 _____ C:\Users\MGC\Desktop\CyberLink PowerDirector.lnk
2013-07-31 21:45 - 2013-01-14 11:00 - 00118992 _____ C:\Users\MGC\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-31 11:32 - 2013-07-31 11:31 - 00000000 ____D C:\Users\Meyer\AppData\Roaming\Apple Computer
2013-07-31 11:32 - 2013-07-31 09:56 - 00000000 ____D C:\Users\Meyer\AppData\Roaming\DiskAid
2013-07-31 11:31 - 2013-07-31 11:31 - 00001791 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-07-31 11:31 - 2013-07-31 11:31 - 00000000 ____D C:\Users\Meyer\AppData\Local\Apple Computer
2013-07-31 11:30 - 2013-07-31 11:30 - 00000000 ____D C:\ProgramData\Apple Computer
2013-07-31 11:30 - 2013-07-31 11:30 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-31 11:30 - 2013-07-31 11:30 - 00000000 ____D C:\Program Files\iTunes
2013-07-31 11:30 - 2013-07-31 11:30 - 00000000 ____D C:\Program Files\iPod
2013-07-31 11:30 - 2013-07-31 11:30 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-07-31 11:27 - 2013-07-31 11:27 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2013-07-31 11:27 - 2013-07-31 11:27 - 00000000 ____D C:\Users\Admin\AppData\Local\Apple
2013-07-31 11:27 - 2013-07-31 11:27 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-07-31 11:27 - 2013-07-31 11:25 - 00000000 ____D C:\ProgramData\Apple
2013-07-31 11:26 - 2013-07-31 11:26 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-07-31 11:26 - 2013-07-31 11:26 - 00000000 ____D C:\Program Files\Bonjour
2013-07-31 11:26 - 2013-07-31 11:26 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-07-31 11:20 - 2013-07-31 10:00 - 00000000 ____D C:\Users\Meyer\Downloads\Apple
2013-07-31 09:56 - 2013-07-31 09:56 - 00001043 _____ C:\Users\Public\Desktop\DiskAid.lnk
2013-07-31 09:56 - 2013-07-31 09:56 - 00000000 ____D C:\Program Files (x86)\DigiDNA
2013-07-30 22:26 - 2013-01-24 14:33 - 00018432 ___SH C:\Users\Meyer\Documents\Thumbs.db

Files to move or delete:
====================
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
C:\Users\Admin\AppData\Local\Temp\jrt\erunt\ERUNT.EXE

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-22 00:18

==================== End Of Log ============================
--- --- ---

--- --- ---

Allerdings habe ich jetzt ein Problem: wenn ich ein anderes Benutzerprofil öffnen will -und das muss ich - bekomme ich die Fehlermeldung "Die Anmeldung des Dienstes Benutzerprofildienst ist fehlgeschlagen. Benutzerprofil kann nicht geladen werden." Nur das Admin Profil funktioniert. Ich probier jetzt noch mal einen Neustart...

Trotzdem erstmal vielen Dank

Mummb

Geändert von mummb (29.08.2013 um 13:24 Uhr)

 

Themen zu Windows 7: Sicherheitswarnung vom Telekom-Abuse-Team und Malwarebyte-Funde
abuse-team, bonjour, browser, computer, crystaldiskinfo, desktop, device driver, excel, farbar, farbar recovery scan tool, firefox, firefox 23.0.1, flash player, homepage, internet, logfile, mozilla, netzwerk, plug-in, problem, pup.optional.conduit.a, pup.optional.installcore, pup.optional.softonic, secunia psi, security, software, starmoney, svchost.exe, taskhost.exe, windows, windows xp


« Auswertung der FRST Logdatei :) | Windows 7: Sicherheitscenter und Avira deaktiviert; TR/Mevade.A.95 gefunden »


Ähnliche Themen: Windows 7: Sicherheitswarnung vom Telekom-Abuse-Team und Malwarebyte-Funde


  1. Windows 7: Telekom Abuse-Team Mail wegen Zeus/ZBot
    Log-Analyse und Auswertung - 07.10.2015 (12)
  2. Email vom Abuse-Team der Telekom
    Plagegeister aller Art und deren Bekämpfung - 11.08.2015 (14)
  3. Bedep , Skinhole, Meldung Telekom Abuse Team
    Log-Analyse und Auswertung - 31.07.2015 (21)
  4. Brief von Telekom-Abuse-Team (Sinkhole)
    Log-Analyse und Auswertung - 01.07.2015 (7)
  5. Abuse@Telekom.de - Sicherheitswarnung zum Internetzugang 1 PC mit Trojaner generic infiziert
    Log-Analyse und Auswertung - 20.04.2015 (27)
  6. Telekom Abuse Team, Infektion: generic
    Plagegeister aller Art und deren Bekämpfung - 01.03.2015 (13)
  7. Telekom Abuse Team - generic Trojaner/Virus
    Alles rund um Mac OSX & Linux - 20.02.2015 (9)
  8. Sicherheitswarnung Telekom Abuse Team
    Log-Analyse und Auswertung - 10.02.2015 (13)
  9. Telekom Abuse Team Sicherheitswarnung: Spam-Mails
    Plagegeister aller Art und deren Bekämpfung - 09.01.2015 (23)
  10. Telekom Abuse Team warnt vor Bedrohung.
    Plagegeister aller Art und deren Bekämpfung - 31.12.2014 (13)
  11. Sicherheitswarnung zum Internetzugang Abuse Team
    Plagegeister aller Art und deren Bekämpfung - 28.10.2014 (1)
  12. Windows 7: Telekom Abuse Team meldet missbrauch von meinem Rechner aus
    Log-Analyse und Auswertung - 17.11.2013 (1)
  13. Brief von Telekom Abuse Team erhalten- Spamversand.
    Plagegeister aller Art und deren Bekämpfung - 06.07.2013 (18)
  14. Email von Telekom-Abuse-Team | Log-File anbei
    Log-Analyse und Auswertung - 14.02.2013 (11)
  15. Mail vom Telekom Abuse-Team / Wichtige Sicherheitswarnung zu ihrem Internetzugang
    Log-Analyse und Auswertung - 22.11.2012 (3)
  16. Telekom Brief von Abuse-Team
    Plagegeister aller Art und deren Bekämpfung - 05.11.2012 (9)
  17. Telekom Brief (per Post) vom Abuse Team - PC 1
    Log-Analyse und Auswertung - 26.10.2012 (8)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows 7: Sicherheitswarnung vom Telekom-Abuse-Team und Malwarebyte-Funde - Hallo Schrauber, hier der Reihe nach die Logfiles Malwarebytes Code: Alles auswählen Aufklappen ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.29.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer - Windows 7: Sicherheitswarnung vom Telekom-Abuse-Team und Malwarebyte-Funde...
Archiv
Du betrachtest: Windows 7: Sicherheitswarnung vom Telekom-Abuse-Team und Malwarebyte-Funde auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131