|
Log-Analyse und Auswertung: TR/Fakeadb.A' in 'C:\Windows\System32\FlashPlayerUpdateService.exeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
17.09.2013, 13:05 | #16 |
| TR/Fakeadb.A' in 'C:\Windows\System32\FlashPlayerUpdateService.exe OK, ich warte dann Abends auf dich :P Hier meine LanmanInfo.txt Code:
ATTFilter HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation DisplayName REG_SZ @%systemroot%\system32\wkssvc.dll,-100 Group REG_SZ NetworkProvider ImagePath REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k LocalService Description REG_SZ @%systemroot%\system32\wkssvc.dll,-101 ObjectName REG_SZ NT AUTHORITY\LocalService ErrorControl REG_DWORD 0x1 Start REG_DWORD 0x2 Type REG_DWORD 0x20 DependOnService REG_MULTI_SZ Bowser\0MRxSmb10\0MRxSmb20\0NSI ServiceSidType REG_DWORD 0x1 FailureActions REG_BINARY 80510100000000000000000003000000140000000100000060EA000001000000C0D401000000000000000000 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage Bind REG_MULTI_SZ \Device\Smb_Tcpip_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\Smb_Tcpip_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}\0\Device\Smb_Tcpip6_{47345DA8-95C5-4F6B-89FB-27FC83481616}\0\Device\Smb_Tcpip6_{18D8B588-4669-478C-A21A-15EE77AD67D1}\0\Device\Smb_Tcpip6_{B205ABFF-2EE2-45D7-867A-D5CE9A9E9938}\0\Device\Smb_Tcpip6_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\Smb_Tcpip6_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}\0\Device\NetbiosSmb\0\Device\NetBT_Tcpip_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\NetBT_Tcpip_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}\0\Device\NetBT_Tcpip6_{47345DA8-95C5-4F6B-89FB-27FC83481616}\0\Device\NetBT_Tcpip6_{18D8B588-4669-478C-A21A-15EE77AD67D1}\0\Device\NetBT_Tcpip6_{B205ABFF-2EE2-45D7-867A-D5CE9A9E9938}\0\Device\NetBT_Tcpip6_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\NetBT_Tcpip6_{1EC98896-78ED-4597-BA74-794DF4FD3DD7} Route REG_MULTI_SZ "Smb" "Tcpip" "{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}"\0"Smb" "Tcpip" "{1EC98896-78ED-4597-BA74-794DF4FD3DD7}"\0"Smb" "Tcpip6" "{47345DA8-95C5-4F6B-89FB-27FC83481616}"\0"Smb" "Tcpip6" "{18D8B588-4669-478C-A21A-15EE77AD67D1}"\0"Smb" "Tcpip6" "{B205ABFF-2EE2-45D7-867A-D5CE9A9E9938}"\0"Smb" "Tcpip6" "{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}"\0"Smb" "Tcpip6" "{1EC98896-78ED-4597-BA74-794DF4FD3DD7}"\0"NetbiosSmb"\0"NetBT" "Tcpip" "{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}"\0"NetBT" "Tcpip" "{1EC98896-78ED-4597-BA74-794DF4FD3DD7}"\0"NetBT" "Tcpip6" "{47345DA8-95C5-4F6B-89FB-27FC83481616}"\0"NetBT" "Tcpip6" "{18D8B588-4669-478C-A21A-15EE77AD67D1}"\0"NetBT" "Tcpip6" "{B205ABFF-2EE2-45D7-867A-D5CE9A9E9938}"\0"NetBT" "Tcpip6" "{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}"\0"NetBT" "Tcpip6" "{1EC98896-78ED-4597-BA74-794DF4FD3DD7}" Export REG_MULTI_SZ \Device\LanmanWorkstation_Smb_Tcpip_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\LanmanWorkstation_Smb_Tcpip_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}\0\Device\LanmanWorkstation_Smb_Tcpip6_{47345DA8-95C5-4F6B-89FB-27FC83481616}\0\Device\LanmanWorkstation_Smb_Tcpip6_{18D8B588-4669-478C-A21A-15EE77AD67D1}\0\Device\LanmanWorkstation_Smb_Tcpip6_{B205ABFF-2EE2-45D7-867A-D5CE9A9E9938}\0\Device\LanmanWorkstation_Smb_Tcpip6_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\LanmanWorkstation_Smb_Tcpip6_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}\0\Device\LanmanWorkstation_NetbiosSmb\0\Device\LanmanWorkstation_NetBT_Tcpip_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\LanmanWorkstation_NetBT_Tcpip_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}\0\Device\LanmanWorkstation_NetBT_Tcpip6_{47345DA8-95C5-4F6B-89FB-27FC83481616}\0\Device\LanmanWorkstation_NetBT_Tcpip6_{18D8B588-4669-478C-A21A-15EE77AD67D1}\0\Device\LanmanWorkstation_NetBT_Tcpip6_{B205ABFF-2EE2-45D7-867A-D5CE9A9E9938}\0\Device\LanmanWorkstation_NetBT_Tcpip6_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\LanmanWorkstation_NetBT_Tcpip6_{1EC98896-78ED-4597-BA74-794DF4FD3DD7} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\NetworkProvider DeviceName REG_SZ \Device\LanmanRedirector Name REG_SZ Microsoft Windows Network DisplayName REG_EXPAND_SZ @%systemroot%\system32\wkssvc.dll,-102 ProviderPath REG_EXPAND_SZ %SystemRoot%\System32\ntlanman.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\aptw5nvi7.dll ServiceDllUnloadOnStop REG_DWORD 0x1 EnablePlainTextPassword REG_DWORD 0x0 EnableSecuritySignature REG_DWORD 0x1 RequireSecuritySignature REG_DWORD 0x0 OtherDomains REG_MULTI_SZ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation DisplayName REG_SZ @%systemroot%\system32\wkssvc.dll,-100 Group REG_SZ NetworkProvider ImagePath REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k LocalService Description REG_SZ @%systemroot%\system32\wkssvc.dll,-101 ObjectName REG_SZ NT AUTHORITY\LocalService ErrorControl REG_DWORD 0x1 Start REG_DWORD 0x2 Type REG_DWORD 0x20 DependOnService REG_MULTI_SZ Bowser\0MRxSmb10\0MRxSmb20\0NSI ServiceSidType REG_DWORD 0x1 FailureActions REG_BINARY 80510100000000000000000003000000140000000100000060EA000001000000C0D401000000000000000000 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage Bind REG_MULTI_SZ \Device\Smb_Tcpip_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\Smb_Tcpip_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}\0\Device\Smb_Tcpip6_{47345DA8-95C5-4F6B-89FB-27FC83481616}\0\Device\Smb_Tcpip6_{18D8B588-4669-478C-A21A-15EE77AD67D1}\0\Device\Smb_Tcpip6_{B205ABFF-2EE2-45D7-867A-D5CE9A9E9938}\0\Device\Smb_Tcpip6_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\Smb_Tcpip6_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}\0\Device\NetbiosSmb\0\Device\NetBT_Tcpip_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\NetBT_Tcpip_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}\0\Device\NetBT_Tcpip6_{47345DA8-95C5-4F6B-89FB-27FC83481616}\0\Device\NetBT_Tcpip6_{18D8B588-4669-478C-A21A-15EE77AD67D1}\0\Device\NetBT_Tcpip6_{B205ABFF-2EE2-45D7-867A-D5CE9A9E9938}\0\Device\NetBT_Tcpip6_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\NetBT_Tcpip6_{1EC98896-78ED-4597-BA74-794DF4FD3DD7} Route REG_MULTI_SZ "Smb" "Tcpip" "{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}"\0"Smb" "Tcpip" "{1EC98896-78ED-4597-BA74-794DF4FD3DD7}"\0"Smb" "Tcpip6" "{47345DA8-95C5-4F6B-89FB-27FC83481616}"\0"Smb" "Tcpip6" "{18D8B588-4669-478C-A21A-15EE77AD67D1}"\0"Smb" "Tcpip6" "{B205ABFF-2EE2-45D7-867A-D5CE9A9E9938}"\0"Smb" "Tcpip6" "{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}"\0"Smb" "Tcpip6" "{1EC98896-78ED-4597-BA74-794DF4FD3DD7}"\0"NetbiosSmb"\0"NetBT" "Tcpip" "{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}"\0"NetBT" "Tcpip" "{1EC98896-78ED-4597-BA74-794DF4FD3DD7}"\0"NetBT" "Tcpip6" "{47345DA8-95C5-4F6B-89FB-27FC83481616}"\0"NetBT" "Tcpip6" "{18D8B588-4669-478C-A21A-15EE77AD67D1}"\0"NetBT" "Tcpip6" "{B205ABFF-2EE2-45D7-867A-D5CE9A9E9938}"\0"NetBT" "Tcpip6" "{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}"\0"NetBT" "Tcpip6" "{1EC98896-78ED-4597-BA74-794DF4FD3DD7}" Export REG_MULTI_SZ \Device\LanmanWorkstation_Smb_Tcpip_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\LanmanWorkstation_Smb_Tcpip_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}\0\Device\LanmanWorkstation_Smb_Tcpip6_{47345DA8-95C5-4F6B-89FB-27FC83481616}\0\Device\LanmanWorkstation_Smb_Tcpip6_{18D8B588-4669-478C-A21A-15EE77AD67D1}\0\Device\LanmanWorkstation_Smb_Tcpip6_{B205ABFF-2EE2-45D7-867A-D5CE9A9E9938}\0\Device\LanmanWorkstation_Smb_Tcpip6_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\LanmanWorkstation_Smb_Tcpip6_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}\0\Device\LanmanWorkstation_NetbiosSmb\0\Device\LanmanWorkstation_NetBT_Tcpip_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\LanmanWorkstation_NetBT_Tcpip_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}\0\Device\LanmanWorkstation_NetBT_Tcpip6_{47345DA8-95C5-4F6B-89FB-27FC83481616}\0\Device\LanmanWorkstation_NetBT_Tcpip6_{18D8B588-4669-478C-A21A-15EE77AD67D1}\0\Device\LanmanWorkstation_NetBT_Tcpip6_{B205ABFF-2EE2-45D7-867A-D5CE9A9E9938}\0\Device\LanmanWorkstation_NetBT_Tcpip6_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\LanmanWorkstation_NetBT_Tcpip6_{1EC98896-78ED-4597-BA74-794DF4FD3DD7} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\NetworkProvider DeviceName REG_SZ \Device\LanmanRedirector Name REG_SZ Microsoft Windows Network DisplayName REG_EXPAND_SZ @%systemroot%\system32\wkssvc.dll,-102 ProviderPath REG_EXPAND_SZ %SystemRoot%\System32\ntlanman.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\aptw5nvi7.dll ServiceDllUnloadOnStop REG_DWORD 0x1 EnablePlainTextPassword REG_DWORD 0x0 EnableSecuritySignature REG_DWORD 0x1 RequireSecuritySignature REG_DWORD 0x0 OtherDomains REG_MULTI_SZ |
17.09.2013, 20:37 | #17 |
/// Malwareteam | TR/Fakeadb.A' in 'C:\Windows\System32\FlashPlayerUpdateService.exe Mmmh, hat auch nicht geklappt - dann eben nochmal anders:
__________________Bitte folgendes Tool downloaden: http://www.trojaner-board.de/redirec....com%2FOTL.exe Fixen mit OTL
Code:
ATTFilter :reg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters] "ServiceDll"="%SystemRoot%\System32\wkssvc.dll" :Commands [emptytemp]
Und dann nochmal die Bat ausführen wie oben, bitte.
__________________ |
17.09.2013, 21:08 | #18 |
| TR/Fakeadb.A' in 'C:\Windows\System32\FlashPlayerUpdateService.exe OTL Txt Doku
__________________Code:
ATTFilter All processes killed ========== REGISTRY ========== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters\\"ServiceDll"|"%SystemRoot%\System32\wkssvc.dll" /E : value set successfully! ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 41620 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Jenny ->Temp folder emptied: 33054 bytes ->Temporary Internet Files folder emptied: 2253313 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 14994233 bytes ->Google Chrome cache emptied: 273709741 bytes ->Flash cache emptied: 1030 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 6576 bytes RecycleBin emptied: 156 bytes Total Files Cleaned = 278,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 09172013_215533 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... Code:
ATTFilter HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation DisplayName REG_SZ @%systemroot%\system32\wkssvc.dll,-100 Group REG_SZ NetworkProvider ImagePath REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k LocalService Description REG_SZ @%systemroot%\system32\wkssvc.dll,-101 ObjectName REG_SZ NT AUTHORITY\LocalService ErrorControl REG_DWORD 0x1 Start REG_DWORD 0x2 Type REG_DWORD 0x20 DependOnService REG_MULTI_SZ Bowser\0MRxSmb10\0MRxSmb20\0NSI ServiceSidType REG_DWORD 0x1 FailureActions REG_BINARY 80510100000000000000000003000000140000000100000060EA000001000000C0D401000000000000000000 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage Bind REG_MULTI_SZ \Device\Smb_Tcpip_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\Smb_Tcpip_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}\0\Device\Smb_Tcpip6_{47345DA8-95C5-4F6B-89FB-27FC83481616}\0\Device\Smb_Tcpip6_{18D8B588-4669-478C-A21A-15EE77AD67D1}\0\Device\Smb_Tcpip6_{B205ABFF-2EE2-45D7-867A-D5CE9A9E9938}\0\Device\Smb_Tcpip6_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\Smb_Tcpip6_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}\0\Device\NetbiosSmb\0\Device\NetBT_Tcpip_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\NetBT_Tcpip_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}\0\Device\NetBT_Tcpip6_{47345DA8-95C5-4F6B-89FB-27FC83481616}\0\Device\NetBT_Tcpip6_{18D8B588-4669-478C-A21A-15EE77AD67D1}\0\Device\NetBT_Tcpip6_{B205ABFF-2EE2-45D7-867A-D5CE9A9E9938}\0\Device\NetBT_Tcpip6_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\NetBT_Tcpip6_{1EC98896-78ED-4597-BA74-794DF4FD3DD7} Route REG_MULTI_SZ "Smb" "Tcpip" "{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}"\0"Smb" "Tcpip" "{1EC98896-78ED-4597-BA74-794DF4FD3DD7}"\0"Smb" "Tcpip6" "{47345DA8-95C5-4F6B-89FB-27FC83481616}"\0"Smb" "Tcpip6" "{18D8B588-4669-478C-A21A-15EE77AD67D1}"\0"Smb" "Tcpip6" "{B205ABFF-2EE2-45D7-867A-D5CE9A9E9938}"\0"Smb" "Tcpip6" "{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}"\0"Smb" "Tcpip6" "{1EC98896-78ED-4597-BA74-794DF4FD3DD7}"\0"NetbiosSmb"\0"NetBT" "Tcpip" "{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}"\0"NetBT" "Tcpip" "{1EC98896-78ED-4597-BA74-794DF4FD3DD7}"\0"NetBT" "Tcpip6" "{47345DA8-95C5-4F6B-89FB-27FC83481616}"\0"NetBT" "Tcpip6" "{18D8B588-4669-478C-A21A-15EE77AD67D1}"\0"NetBT" "Tcpip6" "{B205ABFF-2EE2-45D7-867A-D5CE9A9E9938}"\0"NetBT" "Tcpip6" "{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}"\0"NetBT" "Tcpip6" "{1EC98896-78ED-4597-BA74-794DF4FD3DD7}" Export REG_MULTI_SZ \Device\LanmanWorkstation_Smb_Tcpip_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\LanmanWorkstation_Smb_Tcpip_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}\0\Device\LanmanWorkstation_Smb_Tcpip6_{47345DA8-95C5-4F6B-89FB-27FC83481616}\0\Device\LanmanWorkstation_Smb_Tcpip6_{18D8B588-4669-478C-A21A-15EE77AD67D1}\0\Device\LanmanWorkstation_Smb_Tcpip6_{B205ABFF-2EE2-45D7-867A-D5CE9A9E9938}\0\Device\LanmanWorkstation_Smb_Tcpip6_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\LanmanWorkstation_Smb_Tcpip6_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}\0\Device\LanmanWorkstation_NetbiosSmb\0\Device\LanmanWorkstation_NetBT_Tcpip_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\LanmanWorkstation_NetBT_Tcpip_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}\0\Device\LanmanWorkstation_NetBT_Tcpip6_{47345DA8-95C5-4F6B-89FB-27FC83481616}\0\Device\LanmanWorkstation_NetBT_Tcpip6_{18D8B588-4669-478C-A21A-15EE77AD67D1}\0\Device\LanmanWorkstation_NetBT_Tcpip6_{B205ABFF-2EE2-45D7-867A-D5CE9A9E9938}\0\Device\LanmanWorkstation_NetBT_Tcpip6_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\LanmanWorkstation_NetBT_Tcpip6_{1EC98896-78ED-4597-BA74-794DF4FD3DD7} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\NetworkProvider DeviceName REG_SZ \Device\LanmanRedirector Name REG_SZ Microsoft Windows Network DisplayName REG_EXPAND_SZ @%systemroot%\system32\wkssvc.dll,-102 ProviderPath REG_EXPAND_SZ %SystemRoot%\System32\ntlanman.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters ServiceDll REG_SZ %SystemRoot%\System32\wkssvc.dll ServiceDllUnloadOnStop REG_DWORD 0x1 EnablePlainTextPassword REG_DWORD 0x0 EnableSecuritySignature REG_DWORD 0x1 RequireSecuritySignature REG_DWORD 0x0 OtherDomains REG_MULTI_SZ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation DisplayName REG_SZ @%systemroot%\system32\wkssvc.dll,-100 Group REG_SZ NetworkProvider ImagePath REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k LocalService Description REG_SZ @%systemroot%\system32\wkssvc.dll,-101 ObjectName REG_SZ NT AUTHORITY\LocalService ErrorControl REG_DWORD 0x1 Start REG_DWORD 0x2 Type REG_DWORD 0x20 DependOnService REG_MULTI_SZ Bowser\0MRxSmb10\0MRxSmb20\0NSI ServiceSidType REG_DWORD 0x1 FailureActions REG_BINARY 80510100000000000000000003000000140000000100000060EA000001000000C0D401000000000000000000 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage Bind REG_MULTI_SZ \Device\Smb_Tcpip_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\Smb_Tcpip_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}\0\Device\Smb_Tcpip6_{47345DA8-95C5-4F6B-89FB-27FC83481616}\0\Device\Smb_Tcpip6_{18D8B588-4669-478C-A21A-15EE77AD67D1}\0\Device\Smb_Tcpip6_{B205ABFF-2EE2-45D7-867A-D5CE9A9E9938}\0\Device\Smb_Tcpip6_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\Smb_Tcpip6_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}\0\Device\NetbiosSmb\0\Device\NetBT_Tcpip_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\NetBT_Tcpip_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}\0\Device\NetBT_Tcpip6_{47345DA8-95C5-4F6B-89FB-27FC83481616}\0\Device\NetBT_Tcpip6_{18D8B588-4669-478C-A21A-15EE77AD67D1}\0\Device\NetBT_Tcpip6_{B205ABFF-2EE2-45D7-867A-D5CE9A9E9938}\0\Device\NetBT_Tcpip6_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\NetBT_Tcpip6_{1EC98896-78ED-4597-BA74-794DF4FD3DD7} Route REG_MULTI_SZ "Smb" "Tcpip" "{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}"\0"Smb" "Tcpip" "{1EC98896-78ED-4597-BA74-794DF4FD3DD7}"\0"Smb" "Tcpip6" "{47345DA8-95C5-4F6B-89FB-27FC83481616}"\0"Smb" "Tcpip6" "{18D8B588-4669-478C-A21A-15EE77AD67D1}"\0"Smb" "Tcpip6" "{B205ABFF-2EE2-45D7-867A-D5CE9A9E9938}"\0"Smb" "Tcpip6" "{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}"\0"Smb" "Tcpip6" "{1EC98896-78ED-4597-BA74-794DF4FD3DD7}"\0"NetbiosSmb"\0"NetBT" "Tcpip" "{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}"\0"NetBT" "Tcpip" "{1EC98896-78ED-4597-BA74-794DF4FD3DD7}"\0"NetBT" "Tcpip6" "{47345DA8-95C5-4F6B-89FB-27FC83481616}"\0"NetBT" "Tcpip6" "{18D8B588-4669-478C-A21A-15EE77AD67D1}"\0"NetBT" "Tcpip6" "{B205ABFF-2EE2-45D7-867A-D5CE9A9E9938}"\0"NetBT" "Tcpip6" "{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}"\0"NetBT" "Tcpip6" "{1EC98896-78ED-4597-BA74-794DF4FD3DD7}" Export REG_MULTI_SZ \Device\LanmanWorkstation_Smb_Tcpip_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\LanmanWorkstation_Smb_Tcpip_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}\0\Device\LanmanWorkstation_Smb_Tcpip6_{47345DA8-95C5-4F6B-89FB-27FC83481616}\0\Device\LanmanWorkstation_Smb_Tcpip6_{18D8B588-4669-478C-A21A-15EE77AD67D1}\0\Device\LanmanWorkstation_Smb_Tcpip6_{B205ABFF-2EE2-45D7-867A-D5CE9A9E9938}\0\Device\LanmanWorkstation_Smb_Tcpip6_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\LanmanWorkstation_Smb_Tcpip6_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}\0\Device\LanmanWorkstation_NetbiosSmb\0\Device\LanmanWorkstation_NetBT_Tcpip_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\LanmanWorkstation_NetBT_Tcpip_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}\0\Device\LanmanWorkstation_NetBT_Tcpip6_{47345DA8-95C5-4F6B-89FB-27FC83481616}\0\Device\LanmanWorkstation_NetBT_Tcpip6_{18D8B588-4669-478C-A21A-15EE77AD67D1}\0\Device\LanmanWorkstation_NetBT_Tcpip6_{B205ABFF-2EE2-45D7-867A-D5CE9A9E9938}\0\Device\LanmanWorkstation_NetBT_Tcpip6_{BC59D94D-20AA-48CA-99DE-9A30CB01F59A}\0\Device\LanmanWorkstation_NetBT_Tcpip6_{1EC98896-78ED-4597-BA74-794DF4FD3DD7} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\NetworkProvider DeviceName REG_SZ \Device\LanmanRedirector Name REG_SZ Microsoft Windows Network DisplayName REG_EXPAND_SZ @%systemroot%\system32\wkssvc.dll,-102 ProviderPath REG_EXPAND_SZ %SystemRoot%\System32\ntlanman.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters ServiceDll REG_SZ %SystemRoot%\System32\wkssvc.dll ServiceDllUnloadOnStop REG_DWORD 0x1 EnablePlainTextPassword REG_DWORD 0x0 EnableSecuritySignature REG_DWORD 0x1 RequireSecuritySignature REG_DWORD 0x0 OtherDomains REG_MULTI_SZ |
19.09.2013, 20:30 | #19 |
/// Malwareteam | TR/Fakeadb.A' in 'C:\Windows\System32\FlashPlayerUpdateService.exe So, scheint endlich geklappt zu haben. Gibt es noch Probleme / Fehlermeldungen etc? Ok, dann kontrollieren wir nochmal: Schritt 1 Downloade Dir bitte Malwarebytes Anti-Malware
Schritt 2 ESET Online Scanner
Schritt 3 Downloade Dir bitte SecurityCheck und:
Schritt 4 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Bitte poste in deiner nächsten Antwort
__________________ Keep Jazzing! DerJazzer Imperare sibi maximum imperium est. ©Seneca Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/ |
20.09.2013, 21:31 | #20 |
| TR/Fakeadb.A' in 'C:\Windows\System32\FlashPlayerUpdateService.exe Guten Abend, ich habe alles Schritte erledigt. Probleme und Fehlermeldungen hatte ich keine bis ich nach deinem letzten Post den Scan mit Malware gesartet habe, da kam nämlich folgende Meldung von Avira unten am Bildschirm "Der Zugriff auf die Datei C:\Users\Jenny\Downloads\ZipOpenerSetup.exe, die ein Virus oder unerwünschtes Programm ADWARE\InstallCore.Gen7 enthält wurde verweigert. Außerdem habe ich es nicht hinbekommen die Addition.txt zu finden nach dem Scan, sollte sie dann nicht auf dem Desktop erscheinen? Ich weiss ich habe diesen schritt schonmal am anfang gemacht aber ich weiss nicht was ich falsch mache...... Schritt 1 Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.09.19.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Jenny :: JENNY-PC [Administrator] Schutz: Deaktiviert 19.09.2013 22:44:07 mbam-log-2013-09-19 (22-44-07).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 205643 Laufzeit: 9 Minute(n), 56 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 10 C:\Users\Jenny\Downloads\FreeYouTubeToMP3Converter(1).exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jenny\Downloads\Top_Eleven_Hack.exe (PUP.BundleInstaller.DW) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jenny\Downloads\ZipOpenerSetup.exe (PUP.Optional.Installcore) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jenny\Downloads\Setup (1).exe (PUP.Optional.Solimba) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jenny\Downloads\Setup (2).exe (PUP.Optional.Solimba) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jenny\Downloads\Setup (3).exe (PUP.Optional.Solimba) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jenny\Downloads\Setup.exe (PUP.Optional.Solimba) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jenny\Downloads\SoftonicDownloader_fuer_gimp.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jenny\Downloads\Musteranschreiben PDF Downloader (1).exe (PUP.Optional.Solimba) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jenny\Downloads\Musteranschreiben PDF Downloader.exe (PUP.Optional.Solimba) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Schritt 2 Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=d3a4dc2e02b73b47a164f7b07a31655f # engine=15192 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-09-19 09:41:26 # local_time=2013-09-19 11:41:26 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1036 16777214 0 1 535077 35938035 0 0 # compatibility_mode=1799 16775165 100 95 3778 5461273 0 0 # compatibility_mode=5892 16776574 100 100 210726 217159614 0 0 # scanned=35637 # found=5 # cleaned=0 # scan_time=1404 sh=984CDAA7C03EDAA48660D6F8231E233AA9AD6857 ft=1 fh=223ae04b43908e86 vn="a variant of Win32/Adware.Yontoo.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Yontoo\YontooIEClient.dll.vir" sh=38A526023ACE147C64DFEAC98AF7F1F087A8CF52 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Yontoo\YontooLayers.crx.vir" sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir" sh=57279257E733B05B254033CFED9DF0A9239A0680 ft=0 fh=0000000000000000 vn="JS/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_1\back.js.vir" sh=128AD5222AFA91938FE35745FEAAE60E666386C7 ft=0 fh=0000000000000000 vn="JS/Adware.Yontoo.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_1\yl.js.vir" ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=d3a4dc2e02b73b47a164f7b07a31655f # engine=15192 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-09-19 11:47:05 # local_time=2013-09-20 01:47:05 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1036 16777214 0 1 542616 35945574 0 0 # compatibility_mode=1799 16775165 100 95 11317 5468812 4090 0 # compatibility_mode=5892 16776574 100 100 218265 217167153 0 0 # scanned=227756 # found=7 # cleaned=0 # scan_time=7083 sh=984CDAA7C03EDAA48660D6F8231E233AA9AD6857 ft=1 fh=223ae04b43908e86 vn="a variant of Win32/Adware.Yontoo.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Yontoo\YontooIEClient.dll.vir" sh=38A526023ACE147C64DFEAC98AF7F1F087A8CF52 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Yontoo\YontooLayers.crx.vir" sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir" sh=57279257E733B05B254033CFED9DF0A9239A0680 ft=0 fh=0000000000000000 vn="JS/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_1\back.js.vir" sh=128AD5222AFA91938FE35745FEAAE60E666386C7 ft=0 fh=0000000000000000 vn="JS/Adware.Yontoo.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_1\yl.js.vir" sh=B77B2987BC8F53DB2B7D2BA7E696728AC5295A37 ft=0 fh=0000000000000000 vn="Win32/Adware.AddLyrics.L application" ac=I fn="C:\Users\Jenny\Desktop\Alte Firefox-Daten\2sx7i702.default\extensions\125\chrome\content\main.js" sh=D697D0396B6AD1245FA79335D8AAA1B8D3815375 ft=0 fh=0000000000000000 vn="Win32/Adware.Yontoo application" ac=I fn="C:\Users\Jenny\Desktop\Alte Firefox-Daten\2sx7i702.default\extensions\plugin@yontoo.com\content\overlay.js" Code:
ATTFilter Results of screen317's Security Check version 0.99.73 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update. Avira successfully updated! `````````Anti-malware/Other Utilities Check:````````` Out of date HijackThis installed! Malwarebytes Anti-Malware Version 1.75.0.1300 HijackThis 2.0.2 TuneUp Utilities Language Pack (de-DE) CCleaner Java(TM) 6 Update 22 Java 7 Update 25 Adobe Flash Player 11.7.700.224 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (23.0.1) Google Chrome 29.0.1547.62 Google Chrome 29.0.1547.66 ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Schritt 4 FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-09-2013 01 Ran by Jenny (administrator) on JENNY-PC on 20-09-2013 21:49:44 Running from C:\Users\Jenny\Desktop Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE (UASSOFT.COM) C:\Program Files\Keyboard & Mouse Driver\KMWDSrv.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Prolific Technology Inc.) C:\Windows\system32\IoctlSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe () C:\Program Files\Tor\tor.exe (Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (UASSOFT.COM) C:\Program Files\Keyboard & Mouse Driver\StartAutorun.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (BitTorrent, Inc.) C:\Users\Jenny\Program Files\DNA\btdna.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Facebook Inc.) C:\Users\Jenny\AppData\Local\Facebook\Update\FacebookUpdate.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Dropbox, Inc.) C:\Users\Jenny\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (UASSOFT.COM) C:\Program Files\Keyboard & Mouse Driver\KMConfig.exe (UASSOFT.COM) C:\Program Files\Keyboard & Mouse Driver\KMProcess.exe (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7420448 2009-04-21] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-08-28] (Synaptics, Inc.) HKLM\...\Run: [UCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.) HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-04-21] (Realtek Semiconductor Corp.) HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-11] (CANON INC.) HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1848648 2008-03-18] (CANON INC.) HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated) HKLM\...\Run: [SwitchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM\...\Run: [AdobeCS5ServiceManager] - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated) HKLM\...\Run: [KMCONFIG] - C:\Program Files\Keyboard & Mouse Driver\StartAutorun.exe [212992 2008-05-30] (UASSOFT.COM) HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [570664 2008-05-28] (Nero AG) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.) HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.) HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-05] (Avira Operations GmbH & Co. KG) HKLM\...\Policies\Explorer: [NoDrives] 0 HKCU\...\Run: [BitTorrent DNA] - C:\Users\Jenny\Program Files\DNA\btdna.exe [323392 2010-02-21] (BitTorrent, Inc.) HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKCU\...\Run: [Facebook Update] - C:\Users\Jenny\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.) HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2008-01-22] (Nero AG) HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-07-24] (Google Inc.) HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKCU\...\Policies\Explorer: [NoDrives] 0 HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Jenny\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Bewerbung-Reminder.lnk ShortcutTarget: WISO Bewerbung-Reminder.lnk -> C:\Program Files\Buhl\Bewerbung 2008\KCReminder.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {D5F1E952-386A-4407-B179-8DC034744CD9} URL = hxxp://www.flickr.com/search/?q={searchTerms} SearchScopes: HKCU - {DFEF6E39-45CE-4D40-8057-126A3A81C462} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9 BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - No File BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) Toolbar: HKLM - DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU -DVDVideoSoft Toolbar - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://www.fujidirekt.de/ips-opdata/objects/jordan.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\6rfrif3m.default-1379167572116 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.12.775 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=1.0.3.775 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprphtml5videoshim;version=1.0.0.0 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.775 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.18 - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF Plugin HKCU: @bittorrent.com/BitTorrentDNA - C:\Users\Jenny\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Jenny\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Jenny\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Yahoo! Toolbar - C:\Program Files\Mozilla Firefox\extensions\{52c732b8-d108-4aae-b327-4b16b66dda26} FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF HKCU\...\Firefox\Extensions: [{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}] - C:\Users\Jenny\Program Files\DNA FF Extension: No Name - C:\Users\Jenny\Program Files\DNA Chrome: ======= CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc) CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (Veetle TV Player) - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) CHR Plugin: (Veetle TV Core) - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) CHR Plugin: (Unity Player) - C:\Users\Jenny\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Jenny\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) CHR Plugin: (DNA Plug-in) - C:\Users\Jenny\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.) CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) CHR Extension: (Google Docs) - C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.2_1 CHR Extension: (Chrome In-App Payments service) - C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1 CHR Extension: (Gmail) - C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx ========================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-05] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-05] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-05] (Avira Operations GmbH & Co. KG) R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.) R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] () R2 KMWDSERVICE; C:\Program Files\Keyboard & Mouse Driver\KMWDSrv.exe [1823744 2009-08-31] (UASSOFT.COM) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation) R2 tor; C:\Program Files\Tor\tor.exe [3233806 2013-09-04] () S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [x] S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [x] ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-05] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-09-05] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-07-18] (Avira Operations GmbH & Co. KG) R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation) S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] () R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2006-11-14] (SAMSUNG ELECTRONICS CO., LTD.) S3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-30] (Windows (R) Codename Longhorn DDK provider) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-07-18] (Avira GmbH) S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [90112 2009-03-20] (MCCI) S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14976 2009-03-20] (MCCI Corporation) S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [121856 2009-03-20] (MCCI Corporation) S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25216 2010-02-25] (The OpenVPN Project) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [x] S3 EagleNT; \??\C:\Users\Jenny\AppData\Local\Temp\EagleNT.sys [x] S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [x] S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [x] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x] S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-20 21:49 - 2013-09-20 21:49 - 01083549 _____ (Farbar) C:\Users\Jenny\Desktop\FRST.exe 2013-09-20 21:06 - 2013-09-20 21:06 - 00001284 _____ C:\Users\Jenny\Desktop\checkup.txt 2013-09-20 20:59 - 2013-09-20 20:59 - 00891144 _____ C:\Users\Jenny\Desktop\SecurityCheck.exe 2013-09-20 20:54 - 2013-09-20 20:54 - 00016257 _____ C:\Users\Jenny\Desktop\Download.htm 2013-09-20 20:48 - 2013-09-20 20:48 - 98487876 _____ C:\Windows\system32\倗⹍᭄² 2013-09-19 23:45 - 2013-09-19 23:45 - 02347384 _____ (ESET) C:\Users\Jenny\Downloads\esetsmartinstaller_enu (1).exe 2013-09-19 23:15 - 2013-09-19 23:15 - 02347384 _____ (ESET) C:\Users\Jenny\Downloads\esetsmartinstaller_enu.exe 2013-09-19 23:15 - 2013-09-19 23:15 - 00000000 ____D C:\Program Files\ESET 2013-09-19 22:39 - 2013-09-19 22:40 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jenny\Downloads\mbam-setup-1.75.0.1300 (1).exe 2013-09-17 22:05 - 2013-09-17 22:05 - 00008856 _____ C:\Users\Jenny\Desktop\LanmanInfo.txt 2013-09-17 21:55 - 2013-09-17 21:55 - 00000000 ____D C:\_OTL 2013-09-17 21:51 - 2013-09-17 21:52 - 00602112 _____ (OldTimer Tools) C:\Users\Jenny\Downloads\OTL.exe 2013-09-17 13:13 - 2013-09-17 22:05 - 00000156 _____ C:\Users\Jenny\Desktop\Look.bat 2013-09-17 13:04 - 2013-09-17 13:04 - 00000183 _____ C:\Users\Jenny\Desktop\regfix.reg 2013-09-16 20:17 - 2013-09-16 20:17 - 00100562 _____ C:\Users\Jenny\Downloads\Nicht bestätigt 673617.crdownload 2013-09-16 09:27 - 2013-09-16 09:27 - 00508578 _____ C:\Users\Jenny\Downloads\Nicht bestätigt 888162.crdownload 2013-09-16 09:27 - 2013-09-16 09:27 - 00157574 _____ C:\Users\Jenny\Downloads\Nicht bestätigt 684994.crdownload 2013-09-16 09:27 - 2013-09-16 09:27 - 00157574 _____ C:\Users\Jenny\Downloads\Nicht bestätigt 138409.crdownload 2013-09-15 23:11 - 2013-09-15 23:11 - 00017915 _____ C:\Users\Jenny\Desktop\combo.txt 2013-09-15 23:10 - 2013-09-15 23:10 - 00017915 _____ C:\ComboFix.txt 2013-09-15 22:46 - 2013-09-15 22:46 - 05126233 ____R (Swearware) C:\Users\Jenny\Desktop\ComboFix.exe 2013-09-15 22:14 - 2013-09-15 22:15 - 05126233 _____ (Swearware) C:\Users\Jenny\Downloads\ComboFix (1).exe 2013-09-14 17:04 - 2013-09-14 17:04 - 01083285 _____ (Farbar) C:\Users\Jenny\Downloads\FRST (1).exe 2013-09-14 16:43 - 2013-09-14 16:43 - 00000000 ____D C:\Windows\ERUNT 2013-09-14 16:42 - 2013-09-14 16:42 - 01029509 _____ (Thisisu) C:\Users\Jenny\Desktop\JRT.exe 2013-09-14 16:39 - 2013-09-14 16:39 - 00014383 _____ C:\Users\Jenny\Desktop\AdwCleaner[S0].txt 2013-09-14 16:30 - 2013-09-14 16:31 - 00000000 ____D C:\AdwCleaner 2013-09-14 16:30 - 2013-09-14 16:30 - 01037278 _____ C:\Users\Jenny\Downloads\adwcleaner.exe 2013-09-14 16:30 - 2013-09-14 16:30 - 01037278 _____ C:\Users\Jenny\Desktop\adwcleaner.exe 2013-09-14 13:37 - 2013-07-31 12:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-09-14 13:37 - 2013-07-31 12:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-09-14 13:37 - 2013-07-31 12:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-09-14 13:37 - 2013-07-31 11:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-09-14 13:37 - 2013-07-31 11:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-09-14 13:37 - 2013-07-31 11:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-09-14 13:37 - 2013-07-31 11:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-09-14 13:37 - 2013-07-31 11:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-09-14 13:37 - 2013-07-31 11:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-09-14 13:37 - 2013-07-31 11:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-09-14 13:37 - 2013-07-31 11:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-09-14 13:37 - 2013-07-31 11:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-09-14 13:37 - 2013-07-31 11:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-09-14 13:37 - 2013-07-31 11:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-09-14 13:37 - 2013-07-31 11:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-09-14 13:37 - 2013-07-31 11:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-09-13 17:38 - 2013-09-15 23:10 - 00000000 ____D C:\Qoobox 2013-09-13 17:38 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2013-09-13 17:38 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2013-09-13 17:38 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-09-13 17:38 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-09-13 17:38 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-09-13 17:38 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2013-09-13 17:38 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2013-09-13 17:38 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2013-09-13 17:37 - 2013-09-15 23:00 - 00000000 ____D C:\Windows\erdnt 2013-09-13 17:36 - 2013-09-13 17:37 - 05125578 _____ (Swearware) C:\Users\Jenny\Downloads\ComboFix.exe 2013-09-13 16:52 - 2013-08-08 03:45 - 02049536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-09-13 16:52 - 2013-07-16 06:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll 2013-09-13 16:41 - 2013-09-13 16:41 - 97492159 _____ C:\Windows\system32\嶾�᭄¢ 2013-09-12 21:07 - 2013-09-12 21:07 - 00623003 _____ (No company) C:\Users\Jenny\Downloads\LanmanCheck (3).exe 2013-09-12 21:07 - 2013-09-12 21:07 - 00623003 _____ (No company) C:\Users\Jenny\Downloads\LanmanCheck (2).exe 2013-09-12 20:38 - 2013-09-12 20:38 - 00623003 _____ (No company) C:\Users\Jenny\Downloads\LanmanCheck (1).exe 2013-09-12 20:37 - 2013-09-12 20:37 - 00623003 _____ (No company) C:\Users\Jenny\Downloads\LanmanCheck.exe 2013-09-12 15:03 - 2013-09-12 15:03 - 00285646 _____ C:\Users\Jenny\Desktop\Reiseunterlagen 2.htm 2013-09-12 15:03 - 2013-09-12 15:03 - 00000000 ____D C:\Users\Jenny\Desktop\Reiseunterlagen 2_files 2013-09-12 15:02 - 2013-09-12 15:02 - 00283481 _____ C:\Users\Jenny\Desktop\Reiseunterlagen 1.htm 2013-09-12 15:02 - 2013-09-12 15:02 - 00000000 ____D C:\Users\Jenny\Desktop\Reiseunterlagen 1_files 2013-09-12 12:17 - 2013-09-12 12:17 - 00048347 _____ C:\Users\Jenny\Downloads\FRST.txt 2013-09-12 12:17 - 2013-09-12 12:17 - 00030706 _____ C:\Users\Jenny\Downloads\Addition.txt 2013-09-12 12:14 - 2013-09-12 12:14 - 01082587 _____ (Farbar) C:\Users\Jenny\Downloads\FRST.exe 2013-09-12 12:14 - 2013-09-12 12:14 - 00000000 ____D C:\FRST 2013-09-12 12:11 - 2013-09-12 12:11 - 00050477 _____ C:\Users\Jenny\Downloads\Defogger.exe 2013-09-12 11:59 - 2013-09-12 11:59 - 00000000 ____D C:\Users\Jenny\AppData\Local\avgchrome 2013-09-11 17:54 - 2013-09-11 17:54 - 05212254 _____ C:\Users\Jenny\Downloads\EVEG_GNTM.flv 2013-09-11 15:14 - 2013-09-11 15:14 - 09059029 _____ C:\Users\Jenny\Downloads\Anhänge_2013911 (1).zip 2013-09-11 14:32 - 2013-09-11 14:32 - 00000000 ____D C:\Users\Jenny\Downloads\Anhänge_2013911 2013-09-11 14:29 - 2013-09-11 14:30 - 13403826 _____ C:\Users\Jenny\Downloads\Anhänge_2013911.zip 2013-09-10 18:50 - 2013-09-10 18:58 - 00000000 ____D C:\ProgramData\POIbase 2013-09-10 18:50 - 2013-09-10 18:52 - 00000000 ____D C:\Program Files\POIbase 2013-09-10 18:50 - 2013-09-10 18:50 - 00001610 _____ C:\Users\Public\Desktop\POIbase.lnk 2013-09-10 18:49 - 2013-09-10 18:49 - 21719272 _____ ( ) C:\Users\Jenny\Downloads\poibase_setup1066_poibase.exe 2013-09-09 19:32 - 2013-09-09 19:32 - 12915584 _____ (Igor Pavlov) C:\Users\Jenny\Downloads\POILoaderforWindows_272 (2).exe 2013-09-09 19:32 - 2013-09-09 19:32 - 12915584 _____ (Igor Pavlov) C:\Users\Jenny\Downloads\POILoaderforWindows_272 (1).exe 2013-09-09 18:57 - 2013-09-09 19:00 - 00000000 ____D C:\Users\Jenny\AppData\Roaming\Garmin 2013-09-09 18:57 - 2013-09-09 18:59 - 00000000 ____D C:\Program Files\Garmin 2013-09-09 18:56 - 2013-09-09 18:57 - 12915584 _____ (Igor Pavlov) C:\Users\Jenny\Downloads\POILoaderforWindows_272.exe 2013-09-08 12:25 - 2013-09-19 22:40 - 00000866 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-09-08 12:25 - 2013-09-19 22:40 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-09-08 12:25 - 2013-09-08 12:25 - 00000000 ____D C:\Users\Jenny\AppData\Roaming\Malwarebytes 2013-09-08 12:25 - 2013-09-08 12:25 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-09-08 12:25 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-09-08 12:04 - 2013-09-08 12:05 - 10284808 _____ (Malwarebytes Corporation ) C:\Users\Jenny\Downloads\mbam-setup-1.75.0.1300.exe 2013-09-07 18:40 - 2013-09-07 18:40 - 96533415 _____ C:\Windows\system32\᭥讻᭄… 2013-09-04 16:50 - 2013-09-04 16:50 - 00000000 ____D C:\Program Files\Tor 2013-08-28 17:43 - 2013-08-02 06:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL ==================== One Month Modified Files and Folders ======= 2013-09-20 21:49 - 2013-09-20 21:49 - 01083549 _____ (Farbar) C:\Users\Jenny\Desktop\FRST.exe 2013-09-20 21:47 - 2010-02-21 21:20 - 00000000 ____D C:\Users\Jenny\AppData\Roaming\DNA 2013-09-20 21:40 - 2010-10-04 20:48 - 01482299 _____ C:\Windows\WindowsUpdate.log 2013-09-20 21:40 - 2006-11-02 14:47 - 00004784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-20 21:40 - 2006-11-02 14:47 - 00004784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-20 21:06 - 2013-09-20 21:06 - 00001284 _____ C:\Users\Jenny\Desktop\checkup.txt 2013-09-20 20:59 - 2013-09-20 20:59 - 00891144 _____ C:\Users\Jenny\Desktop\SecurityCheck.exe 2013-09-20 20:54 - 2013-09-20 20:54 - 00016257 _____ C:\Users\Jenny\Desktop\Download.htm 2013-09-20 20:48 - 2013-09-20 20:48 - 98487876 _____ C:\Windows\system32\倗⹍᭄² 2013-09-20 17:32 - 2013-07-29 20:44 - 00000000 ___RD C:\Users\Jenny\Dropbox 2013-09-20 17:32 - 2013-07-29 20:41 - 00000000 ____D C:\Users\Jenny\AppData\Roaming\Dropbox 2013-09-19 23:45 - 2013-09-19 23:45 - 02347384 _____ (ESET) C:\Users\Jenny\Downloads\esetsmartinstaller_enu (1).exe 2013-09-19 23:15 - 2013-09-19 23:15 - 02347384 _____ (ESET) C:\Users\Jenny\Downloads\esetsmartinstaller_enu.exe 2013-09-19 23:15 - 2013-09-19 23:15 - 00000000 ____D C:\Program Files\ESET 2013-09-19 23:03 - 2013-07-18 18:33 - 00021776 _____ C:\Windows\PFRO.log 2013-09-19 23:01 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\Performance 2013-09-19 22:40 - 2013-09-19 22:39 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jenny\Downloads\mbam-setup-1.75.0.1300 (1).exe 2013-09-19 22:40 - 2013-09-08 12:25 - 00000866 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-09-19 22:40 - 2013-09-08 12:25 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-09-19 19:59 - 2010-02-04 15:02 - 00119808 _____ C:\Users\Jenny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-09-19 19:58 - 2006-11-02 12:33 - 01592986 _____ C:\Windows\system32\PerfStringBackup.INI 2013-09-18 23:45 - 2011-11-11 18:29 - 00000000 ____D C:\Users\Jenny\AppData\Roaming\UseNeXT 2013-09-18 23:43 - 2011-11-11 18:29 - 00000000 ____D C:\Users\Jenny\Documents\UseNeXT 2013-09-17 22:05 - 2013-09-17 22:05 - 00008856 _____ C:\Users\Jenny\Desktop\LanmanInfo.txt 2013-09-17 22:05 - 2013-09-17 13:13 - 00000156 _____ C:\Users\Jenny\Desktop\Look.bat 2013-09-17 21:55 - 2013-09-17 21:55 - 00000000 ____D C:\_OTL 2013-09-17 21:52 - 2013-09-17 21:51 - 00602112 _____ (OldTimer Tools) C:\Users\Jenny\Downloads\OTL.exe 2013-09-17 15:16 - 2013-04-08 21:39 - 00000000 ____D C:\Users\Jenny\Desktop\Bilder Kopiene machne 2013-09-17 14:55 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\LogFiles 2013-09-17 13:04 - 2013-09-17 13:04 - 00000183 _____ C:\Users\Jenny\Desktop\regfix.reg 2013-09-16 20:17 - 2013-09-16 20:17 - 00100562 _____ C:\Users\Jenny\Downloads\Nicht bestätigt 673617.crdownload 2013-09-16 09:27 - 2013-09-16 09:27 - 00508578 _____ C:\Users\Jenny\Downloads\Nicht bestätigt 888162.crdownload 2013-09-16 09:27 - 2013-09-16 09:27 - 00157574 _____ C:\Users\Jenny\Downloads\Nicht bestätigt 684994.crdownload 2013-09-16 09:27 - 2013-09-16 09:27 - 00157574 _____ C:\Users\Jenny\Downloads\Nicht bestätigt 138409.crdownload 2013-09-15 23:11 - 2013-09-15 23:11 - 00017915 _____ C:\Users\Jenny\Desktop\combo.txt 2013-09-15 23:10 - 2013-09-15 23:10 - 00017915 _____ C:\ComboFix.txt 2013-09-15 23:10 - 2013-09-13 17:38 - 00000000 ____D C:\Qoobox 2013-09-15 23:02 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini 2013-09-15 23:00 - 2013-09-13 17:37 - 00000000 ____D C:\Windows\erdnt 2013-09-15 22:46 - 2013-09-15 22:46 - 05126233 ____R (Swearware) C:\Users\Jenny\Desktop\ComboFix.exe 2013-09-15 22:34 - 2013-05-01 21:44 - 00000000 ____D C:\Users\Jenny\Desktop\Bewerbung Toni 2013-09-15 22:21 - 2013-06-12 17:21 - 00000000 ____D C:\Users\Jenny\Desktop\Toooo 2013-09-15 22:21 - 2013-04-08 21:33 - 00000000 ____D C:\Users\Jenny\Desktop\j 2013-09-15 22:15 - 2013-09-15 22:14 - 05126233 _____ (Swearware) C:\Users\Jenny\Downloads\ComboFix (1).exe 2013-09-14 20:08 - 2013-06-12 17:26 - 00000000 ____D C:\Users\Jenny\Toni Musik CAR 2013-09-14 17:04 - 2013-09-14 17:04 - 01083285 _____ (Farbar) C:\Users\Jenny\Downloads\FRST (1).exe 2013-09-14 16:43 - 2013-09-14 16:43 - 00000000 ____D C:\Windows\ERUNT 2013-09-14 16:42 - 2013-09-14 16:42 - 01029509 _____ (Thisisu) C:\Users\Jenny\Desktop\JRT.exe 2013-09-14 16:39 - 2013-09-14 16:39 - 00014383 _____ C:\Users\Jenny\Desktop\AdwCleaner[S0].txt 2013-09-14 16:31 - 2013-09-14 16:30 - 00000000 ____D C:\AdwCleaner 2013-09-14 16:31 - 2010-03-31 22:31 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft 2013-09-14 16:31 - 2010-02-04 23:12 - 00000000 ____D C:\ProgramData\ICQ 2013-09-14 16:30 - 2013-09-14 16:30 - 01037278 _____ C:\Users\Jenny\Downloads\adwcleaner.exe 2013-09-14 16:30 - 2013-09-14 16:30 - 01037278 _____ C:\Users\Jenny\Desktop\adwcleaner.exe 2013-09-14 16:08 - 2010-02-04 15:22 - 00000000 ____D C:\Users\Jenny\AppData\Local\Google 2013-09-14 14:49 - 2006-11-02 14:47 - 03749016 _____ C:\Windows\system32\FNTCACHE.DAT 2013-09-14 13:36 - 2013-08-17 12:14 - 00000000 ____D C:\Windows\system32\MRT 2013-09-14 13:34 - 2006-11-02 12:24 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2013-09-13 22:02 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public 2013-09-13 17:37 - 2013-09-13 17:36 - 05125578 _____ (Swearware) C:\Users\Jenny\Downloads\ComboFix.exe 2013-09-13 17:36 - 2012-01-05 20:26 - 00000000 ____D C:\ProgramData\MFAData 2013-09-13 16:41 - 2013-09-13 16:41 - 97492159 _____ C:\Windows\system32\嶾�᭄¢ 2013-09-12 21:07 - 2013-09-12 21:07 - 00623003 _____ (No company) C:\Users\Jenny\Downloads\LanmanCheck (3).exe 2013-09-12 21:07 - 2013-09-12 21:07 - 00623003 _____ (No company) C:\Users\Jenny\Downloads\LanmanCheck (2).exe 2013-09-12 20:38 - 2013-09-12 20:38 - 00623003 _____ (No company) C:\Users\Jenny\Downloads\LanmanCheck (1).exe 2013-09-12 20:37 - 2013-09-12 20:37 - 00623003 _____ (No company) C:\Users\Jenny\Downloads\LanmanCheck.exe 2013-09-12 16:57 - 2011-11-11 18:45 - 00000000 ____D C:\Users\Jenny\AppData\Roaming\vlc 2013-09-12 15:03 - 2013-09-12 15:03 - 00285646 _____ C:\Users\Jenny\Desktop\Reiseunterlagen 2.htm 2013-09-12 15:03 - 2013-09-12 15:03 - 00000000 ____D C:\Users\Jenny\Desktop\Reiseunterlagen 2_files 2013-09-12 15:02 - 2013-09-12 15:02 - 00283481 _____ C:\Users\Jenny\Desktop\Reiseunterlagen 1.htm 2013-09-12 15:02 - 2013-09-12 15:02 - 00000000 ____D C:\Users\Jenny\Desktop\Reiseunterlagen 1_files 2013-09-12 12:17 - 2013-09-12 12:17 - 00048347 _____ C:\Users\Jenny\Downloads\FRST.txt 2013-09-12 12:17 - 2013-09-12 12:17 - 00030706 _____ C:\Users\Jenny\Downloads\Addition.txt 2013-09-12 12:14 - 2013-09-12 12:14 - 01082587 _____ (Farbar) C:\Users\Jenny\Downloads\FRST.exe 2013-09-12 12:14 - 2013-09-12 12:14 - 00000000 ____D C:\FRST 2013-09-12 12:11 - 2013-09-12 12:11 - 00050477 _____ C:\Users\Jenny\Downloads\Defogger.exe 2013-09-12 11:59 - 2013-09-12 11:59 - 00000000 ____D C:\Users\Jenny\AppData\Local\avgchrome 2013-09-11 17:54 - 2013-09-11 17:54 - 05212254 _____ C:\Users\Jenny\Downloads\EVEG_GNTM.flv 2013-09-11 15:14 - 2013-09-11 15:14 - 09059029 _____ C:\Users\Jenny\Downloads\Anhänge_2013911 (1).zip 2013-09-11 14:32 - 2013-09-11 14:32 - 00000000 ____D C:\Users\Jenny\Downloads\Anhänge_2013911 2013-09-11 14:30 - 2013-09-11 14:29 - 13403826 _____ C:\Users\Jenny\Downloads\Anhänge_2013911.zip 2013-09-11 13:41 - 2013-04-03 18:12 - 00000648 _____ C:\Users\Jenny\muster_kuendigung_staufenbiel - Verknüpfung (5).lnk 2013-09-11 13:41 - 2013-04-03 18:12 - 00000648 _____ C:\Users\Jenny\muster_kuendigung_staufenbiel - Verknüpfung (4).lnk 2013-09-11 13:41 - 2013-04-03 18:12 - 00000578 _____ C:\Users\Jenny\DudenDemoAudio_s60V1_7 - Verknüpfung (4).lnk 2013-09-11 13:41 - 2013-04-03 18:12 - 00000553 _____ C:\Users\Jenny\Unbenannt 1 - Verknüpfung (5).lnk 2013-09-11 13:41 - 2013-04-03 18:12 - 00000553 _____ C:\Users\Jenny\Unbenannt 1 - Verknüpfung (4).lnk 2013-09-11 13:41 - 2013-04-03 18:12 - 00000524 _____ C:\Users\Jenny\Neuer Ordner (5) - Verknüpfung ().lnk 2013-09-11 13:41 - 2013-04-03 18:12 - 00000524 _____ C:\Users\Jenny\Neuer Ordner (4) - Verknüpfung ().lnk 2013-09-11 13:41 - 2013-04-03 18:10 - 00000648 _____ C:\Users\Jenny\muster_kuendigung_staufenbiel - Verknüpfung.lnk 2013-09-11 13:41 - 2013-04-03 18:10 - 00000648 _____ C:\Users\Jenny\muster_kuendigung_staufenbiel - Verknüpfung (3).lnk 2013-09-11 13:41 - 2013-04-03 18:10 - 00000648 _____ C:\Users\Jenny\muster_kuendigung_staufenbiel - Verknüpfung (2).lnk 2013-09-11 13:41 - 2013-04-03 18:10 - 00000608 _____ C:\Users\Jenny\Die Europäische Union - Verknüpfung.lnk 2013-09-11 13:41 - 2013-04-03 18:10 - 00000608 _____ C:\Users\Jenny\Die Europäische Union - Verknüpfung (2).lnk 2013-09-11 13:41 - 2013-04-03 18:10 - 00000599 _____ C:\Users\Jenny\hijackthis333333333333333 - Verknüpfung.lnk 2013-09-11 13:41 - 2013-04-03 18:10 - 00000599 _____ C:\Users\Jenny\hijackthis333333333333333 - Verknüpfung (3).lnk 2013-09-11 13:41 - 2013-04-03 18:10 - 00000599 _____ C:\Users\Jenny\hijackthis333333333333333 - Verknüpfung (2).lnk 2013-09-11 13:41 - 2013-04-03 18:10 - 00000578 _____ C:\Users\Jenny\DudenDemoAudio_s60V1_7 - Verknüpfung.lnk 2013-09-11 13:41 - 2013-04-03 18:10 - 00000578 _____ C:\Users\Jenny\DudenDemoAudio_s60V1_7 - Verknüpfung (3).lnk 2013-09-11 13:41 - 2013-04-03 18:10 - 00000578 _____ C:\Users\Jenny\DudenDemoAudio_s60V1_7 - Verknüpfung (2).lnk 2013-09-11 13:41 - 2013-04-03 18:10 - 00000569 _____ C:\Users\Jenny\FreeYouTubeToMP3Converter - Verknüpfung.lnk 2013-09-11 13:41 - 2013-04-03 18:10 - 00000569 _____ C:\Users\Jenny\FreeYouTubeToMP3Converter - Verknüpfung (3).lnk 2013-09-11 13:41 - 2013-04-03 18:10 - 00000569 _____ C:\Users\Jenny\FreeYouTubeToMP3Converter - Verknüpfung (2).lnk 2013-09-11 13:41 - 2013-04-03 18:10 - 00000553 _____ C:\Users\Jenny\Unbenannt 1 - Verknüpfung.lnk 2013-09-11 13:41 - 2013-04-03 18:10 - 00000553 _____ C:\Users\Jenny\Unbenannt 1 - Verknüpfung (3).lnk 2013-09-11 13:41 - 2013-04-03 18:10 - 00000553 _____ C:\Users\Jenny\Unbenannt 1 - Verknüpfung (2).lnk 2013-09-11 13:41 - 2013-04-03 18:10 - 00000524 _____ C:\Users\Jenny\Neuer Ordner (3) - Verknüpfung ().lnk 2013-09-11 13:41 - 2013-04-03 18:10 - 00000524 _____ C:\Users\Jenny\Neuer Ordner (2) - Verknüpfung.lnk 2013-09-11 13:41 - 2013-04-03 18:10 - 00000524 _____ C:\Users\Jenny\Neuer Ordner (2) - Verknüpfung ().lnk 2013-09-11 13:41 - 2013-04-03 18:10 - 00000460 _____ C:\Users\Jenny\DivX - Verknüpfung.lnk 2013-09-11 13:41 - 2013-04-03 18:10 - 00000460 _____ C:\Users\Jenny\DivX - Verknüpfung (2).lnk 2013-09-10 18:58 - 2013-09-10 18:50 - 00000000 ____D C:\ProgramData\POIbase 2013-09-10 18:52 - 2013-09-10 18:50 - 00000000 ____D C:\Program Files\POIbase 2013-09-10 18:50 - 2013-09-10 18:50 - 00001610 _____ C:\Users\Public\Desktop\POIbase.lnk 2013-09-10 18:49 - 2013-09-10 18:49 - 21719272 _____ ( ) C:\Users\Jenny\Downloads\poibase_setup1066_poibase.exe 2013-09-10 18:46 - 2013-07-28 19:52 - 00006410 _____ C:\Windows\setupact.log 2013-09-09 19:32 - 2013-09-09 19:32 - 12915584 _____ (Igor Pavlov) C:\Users\Jenny\Downloads\POILoaderforWindows_272 (2).exe 2013-09-09 19:32 - 2013-09-09 19:32 - 12915584 _____ (Igor Pavlov) C:\Users\Jenny\Downloads\POILoaderforWindows_272 (1).exe 2013-09-09 19:00 - 2013-09-09 18:57 - 00000000 ____D C:\Users\Jenny\AppData\Roaming\Garmin 2013-09-09 18:59 - 2013-09-09 18:57 - 00000000 ____D C:\Program Files\Garmin 2013-09-09 18:59 - 2011-11-08 23:43 - 00000000 ____D C:\Program Files\DIFX 2013-09-09 18:59 - 2010-02-04 14:19 - 00000000 ____D C:\Users\Jenny 2013-09-09 18:57 - 2013-09-09 18:56 - 12915584 _____ (Igor Pavlov) C:\Users\Jenny\Downloads\POILoaderforWindows_272.exe 2013-09-08 12:25 - 2013-09-08 12:25 - 00000000 ____D C:\Users\Jenny\AppData\Roaming\Malwarebytes 2013-09-08 12:25 - 2013-09-08 12:25 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-09-08 12:05 - 2013-09-08 12:04 - 10284808 _____ (Malwarebytes Corporation ) C:\Users\Jenny\Downloads\mbam-setup-1.75.0.1300.exe 2013-09-07 18:40 - 2013-09-07 18:40 - 96533415 _____ C:\Windows\system32\᭥讻᭄… 2013-09-05 17:47 - 2013-04-30 19:04 - 00000000 ____D C:\Users\Jenny\Documents\Bewerbung2008 2013-09-05 17:42 - 2011-09-09 19:51 - 00000000 ____D C:\ProgramData\CanonIJPLM 2013-09-05 14:13 - 2013-07-18 18:42 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2013-09-05 14:13 - 2013-04-10 15:22 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2013-09-04 16:50 - 2013-09-04 16:50 - 00000000 ____D C:\Program Files\Tor 2013-08-23 18:52 - 2013-04-07 12:56 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-08-23 10:55 - 2013-04-15 11:25 - 00000000 ____D C:\Program Files\Mozilla Firefox Files to move or delete: ==================== C:\Users\Jenny\ApnToolbarInstaller.exe C:\Users\Jenny\gimp-2.6.11-i686-setup-1.exe C:\Users\Jenny\jagex_runescape_preferences.dat ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-20 17:36 ==================== End Of Log ============================ |
21.09.2013, 16:52 | #21 |
/// Malwareteam | TR/Fakeadb.A' in 'C:\Windows\System32\FlashPlayerUpdateService.exe EDIT:
Code:
ATTFilter ^HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\Windows\CurrentVersion\Telephony\Providers HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com %SystemRoot%\system32\*.tsp %SystemRoot%\system32\*.tsp /64 C:\Windows\system32\*.dll /700 C:\Windows\SysNative\*.dll /700 C:\Windows\SysWOW64\*.dll /700 CREATERESTOREPOINT
__________________ --> TR/Fakeadb.A' in 'C:\Windows\System32\FlashPlayerUpdateService.exe |
Themen zu TR/Fakeadb.A' in 'C:\Windows\System32\FlashPlayerUpdateService.exe |
adware/adware.gen7, adware/bprotect.d, adware/ibryte.n, adware/installcore.gen, tr/fakeadb.a, tr/mevade.a.107, tr/spy.injector.ah, unerwünschtes programm |