Mach einfach mal obiges

Code: Alles auswählenAufklappen

ATTFilter

ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=57b81423c1f2d64291be3acbb507ee6f
# engine=13635
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-18 05:40:57
# local_time=2013-04-18 07:40:57 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 166061 117893508 0 0
# compatibility_mode=8450 16777213 85 98 71227 98701609 0 0
# scanned=243147
# found=2
# cleaned=0
# scan_time=69374
sh=95A74475FCFA2A1F53BBFAB36CC308D6E0982783 ft=1 fh=803bad4cf561fb9b vn="a variant of Win32/Foxferi.A trojan" ac=I fn="C:\ProgramData\Sophos\Sophos Anti-Virus\INFECTED\route_anzeigen.exe.000"
sh=95A74475FCFA2A1F53BBFAB36CC308D6E0982783 ft=1 fh=803bad4cf561fb9b vn="a variant of Win32/Foxferi.A trojan" ac=I fn="C:\Users\All Users\Sophos\Sophos Anti-Virus\INFECTED\route_anzeigen.exe.000"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=57b81423c1f2d64291be3acbb507ee6f
# engine=13663
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-22 06:21:46
# local_time=2013-04-22 08:21:46 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 239672 118241556 0 0
# compatibility_mode=8450 16777213 85 98 419275 99049657 0 0
# scanned=378627
# found=5
# cleaned=0
# scan_time=42939
sh=95A74475FCFA2A1F53BBFAB36CC308D6E0982783 ft=1 fh=803bad4cf561fb9b vn="a variant of Win32/Foxferi.A trojan" ac=I fn="C:\ProgramData\Sophos\Sophos Anti-Virus\INFECTED\route_anzeigen.exe.000"
sh=95A74475FCFA2A1F53BBFAB36CC308D6E0982783 ft=1 fh=803bad4cf561fb9b vn="a variant of Win32/Foxferi.A trojan" ac=I fn="C:\Users\All Users\Sophos\Sophos Anti-Virus\INFECTED\route_anzeigen.exe.000"
sh=95A74475FCFA2A1F53BBFAB36CC308D6E0982783 ft=1 fh=803bad4cf561fb9b vn="a variant of Win32/Foxferi.A trojan" ac=I fn="G:\Dateien von Lenovo 19.10.11\Schabnam\Downloads\route_anzeigen.exe"
sh=CF60C260DAC8F20CC14C0BD117D7B22963152EFC ft=1 fh=faa4c6a14ef9be3f vn="Win32/Riern.L trojan" ac=I fn="G:\Schabnam\Schabnam11.2.2011\AppData\Local\Temp\e.exe"
sh=95A74475FCFA2A1F53BBFAB36CC308D6E0982783 ft=1 fh=803bad4cf561fb9b vn="a variant of Win32/Foxferi.A trojan" ac=I fn="G:\Schabnam 29.1.12\Downloads\route_anzeigen.exe"
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=57b81423c1f2d64291be3acbb507ee6f
# engine=17997
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-24 04:05:22
# local_time=2014-04-24 06:05:22 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 159658 149942172 0 0
# compatibility_mode=8449 16775165 50 96 60042 130750273 39147 0
# scanned=423071
# found=3
# cleaned=0
# scan_time=46091
sh=95A74475FCFA2A1F53BBFAB36CC308D6E0982783 ft=1 fh=803bad4cf561fb9b vn="a variant of Win32/Foxferi.A trojan" ac=I fn="G:\$RECYCLE.BIN\S-1-5-21-1401024420-3012778472-1205996065-1001\$R8V5CGW.exe"
sh=95A74475FCFA2A1F53BBFAB36CC308D6E0982783 ft=1 fh=803bad4cf561fb9b vn="a variant of Win32/Foxferi.A trojan" ac=I fn="G:\$RECYCLE.BIN\S-1-5-21-1401024420-3012778472-1205996065-1001\$RRAD6EK.exe"
sh=CF60C260DAC8F20CC14C0BD117D7B22963152EFC ft=1 fh=faa4c6a14ef9be3f vn="Win32/Riern.L trojan" ac=I fn="G:\$RECYCLE.BIN\S-1-5-21-1401024420-3012778472-1205996065-1001\$RC09TTQ\e.exe"
         

Code: Alles auswählenAufklappen

ATTFilter

 Results of screen317's Security Check version 0.99.82  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
Sophos Anti-Virus   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Secunia PSI (3.0.0.6005)   
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java 7 Update 25  
 Java version out of Date! 
  Adobe Flash Player 12.0.0.77 Flash Player out of Date!  
 Adobe Reader XI  
 Google Chrome 33.0.1750.154  
 Google Chrome 34.0.1847.116  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-04-2014
Ran by Schabnam (administrator) on SCHABNAM-THINK on 24-04-2014 08:17:11
Running from C:\Users\Schabnam\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Dropbox, Inc.) C:\Users\Schabnam\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\Secure Banking\sbservice.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Lenovo Group Limited) c:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TPHOTKEY] => C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [69568 2009-12-21] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2010-07-01] (Lenovo.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [62312 2010-04-20] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [31592 2010-08-06] (Lenovo)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [929272 2013-02-23] (Sophos Limited)
HKLM-x32\...\Run: [EXT_InstallerReboot_9C09BACFA01147D181EB8103D9BF4735] => "C:\Users\Schabnam\AppData\Local\Temp\SetupTemp0\Starter.exe" /reboot
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-04] (Geek Software GmbH)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1401024420-3012778472-1205996065-1001\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-1401024420-3012778472-1205996065-1001\...\Run: [SecureBanking] => C:\Program Files (x86)\Secure Banking\SecureBanking.exe [507904 2013-06-30] (Secure Banking)
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [217160 2014-03-24] (Sophos Limited)
AppInit_DLLs: ,C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [217160 2014-03-24] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2014-03-24] (Sophos Limited)
AppInit_DLLs-x32: , C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2014-03-24] (Sophos Limited)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Schabnam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Schabnam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Schabnam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {7CC6A5B1-01A3-4659-A1F8-81D8CD2F45EA} URL = 
SearchScopes: HKCU - {7CC6A5B1-01A3-4659-A1F8-81D8CD2F45EA} URL = 
SearchScopes: HKCU - {B6C24954-AB3C-4FEF-BB6C-33C1245611FE} URL = 
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} -  No File
DPF: HKLM-x32 {55963676-2F5E-4BAF-AC28-CF26AA587566} https://asa05.lrz.de/CACHE/stc/1/binaries/vpnweb.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{559BA50C-1DA2-4B52-B7EB-E526932589B4}: [NameServer]10.156.33.53,129.187.5.1

FireFox:
========
FF ProfilePath: C:\Users\Schabnam\AppData\Roaming\Mozilla\Firefox\Profiles\rdzoxdod.default
FF user.js: detected! => C:\Users\Schabnam\AppData\Roaming\Mozilla\Firefox\Profiles\rdzoxdod.default\user.js
FF NewTab: hxxp://www2.delta-search.com/?babsrc=NT_ss&mntrId=468CC0CB38099075&affID=124247&tt=080913_nch&tsp=4999
FF Homepage: hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=468CC0CB38099075&affID=124247&tt=080913_nch&tsp=4999
FF NetworkProxy: "autoconfig_url", "hxxp://pac.lrz.de/"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: Pricora 6.1 - C:\Users\Schabnam\AppData\Roaming\Mozilla\Firefox\Profiles\rdzoxdod.default\Extensions\54818767-c1e0-4c84-b033-72ea65a4edba@ee56dd5d-3d74-4339-aeed-d52f03c7f36f.com [2013-09-08]
FF Extension: Delta Toolbar - C:\Users\Schabnam\AppData\Roaming\Mozilla\Firefox\Profiles\rdzoxdod.default\Extensions\ffxtlbr@delta.com [2013-09-08]
FF Extension: Yahoo! Toolbar - C:\Users\Schabnam\AppData\Roaming\Mozilla\Firefox\Profiles\rdzoxdod.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013-04-12]
FF Extension: WOT - C:\Users\Schabnam\AppData\Roaming\Mozilla\Firefox\Profiles\rdzoxdod.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-05-17]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-08-17]

Chrome: 
=======
CHR Extension: (Google Wallet) - C:\Users\Schabnam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-23]

==================== Services (Whitelisted) =================

R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [290296 2013-10-29] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [206328 2013-10-29] (Sophos Limited)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1223704 2013-02-07] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660504 2013-02-07] (Secunia)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [237048 2013-02-23] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2012-12-06] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3109880 2013-10-29] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2012152 2013-10-29] (Sophos Limited)
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited)
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-29] (Lenovo Group Limited)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-02-07] (Secunia)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [154952 2012-11-08] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [36640 2012-01-29] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2010-03-02] (Sophos Plc)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-07-20] ()
R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [205952 2009-11-23] (SMI)
R3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-23 15:06 - 2014-04-23 15:07 - 00855379 _____ () C:\Users\Schabnam\Desktop\SecurityCheck.exe
2014-04-23 15:06 - 2014-04-23 15:06 - 02347384 _____ (ESET) C:\Users\Schabnam\Downloads\esetsmartinstaller_enu.exe
2014-04-09 20:55 - 2014-03-13 08:33 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-09 20:55 - 2014-03-13 08:32 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-09 20:55 - 2014-03-13 08:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-09 20:55 - 2014-03-13 08:32 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-09 20:55 - 2014-03-13 07:10 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-09 20:55 - 2014-03-13 07:10 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-09 20:55 - 2014-03-13 07:09 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-09 20:55 - 2014-03-13 07:09 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-09 20:55 - 2014-03-13 07:09 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-09 20:55 - 2014-03-13 07:09 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-09 20:55 - 2014-03-13 07:09 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-09 20:55 - 2014-03-13 07:09 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-09 20:55 - 2014-03-13 07:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-09 20:54 - 2014-03-13 08:33 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-09 20:54 - 2014-03-13 08:33 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-09 20:54 - 2014-03-13 08:32 - 19273728 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 20:54 - 2014-03-13 08:32 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-09 20:54 - 2014-03-13 08:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-09 20:54 - 2014-03-13 08:31 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-09 20:54 - 2014-03-13 08:31 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-09 20:54 - 2014-03-13 08:31 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-09 20:54 - 2014-03-13 08:31 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-09 20:54 - 2014-03-13 08:31 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-09 20:54 - 2014-03-13 08:31 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-09 20:54 - 2014-03-13 07:09 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-09 20:54 - 2014-03-13 07:09 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-09 20:54 - 2014-03-13 07:09 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-09 20:54 - 2014-03-13 07:09 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-04-09 20:54 - 2014-03-13 07:09 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-09 20:54 - 2014-03-13 06:57 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 20:54 - 2014-03-13 06:47 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-09 20:54 - 2014-03-13 05:59 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-09 20:54 - 2014-03-13 05:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-04-09 20:33 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 20:33 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 20:33 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 20:33 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 20:33 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 20:32 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 20:32 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 20:32 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 20:32 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 20:32 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 20:32 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 20:32 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 20:32 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 20:32 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 20:32 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 20:32 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 20:30 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-01 22:38 - 2014-04-01 22:38 - 00000000 ____D () C:\Users\Schabnam\AppData\Local\Skype
2014-04-01 22:37 - 2014-04-01 22:37 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-04-01 22:37 - 2014-04-01 22:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-03-30 21:15 - 2014-03-30 21:15 - 00000116 ____H () C:\Users\Schabnam\Downloads\.~lock.Ludwig1-neu.odt#
2014-03-27 07:07 - 2014-03-27 07:07 - 01238310 _____ () C:\Users\Schabnam\Downloads\Anhänge_2014327.zip
2014-03-25 18:41 - 2014-03-25 18:41 - 00000000 _____ () C:\Windows\system32\vireng.log
2014-03-25 10:41 - 2014-03-25 10:41 - 00143254 _____ () C:\Users\Schabnam\Downloads\zula.22neu.3.14.odt

==================== One Month Modified Files and Folders =======

2014-04-24 08:19 - 2011-02-26 14:17 - 00000000 ____D () C:\Users\Schabnam\AppData\Roaming\Skype
2014-04-24 08:17 - 2013-12-13 15:23 - 00020815 _____ () C:\Users\Schabnam\Downloads\FRST.txt
2014-04-24 08:17 - 2013-12-13 15:15 - 00000000 ____D () C:\FRST
2014-04-24 08:16 - 2013-12-18 14:02 - 00000000 ____D () C:\Users\Schabnam\Downloads\FRST-OlderVersion
2014-04-24 08:16 - 2013-12-13 15:11 - 02061824 _____ (Farbar) C:\Users\Schabnam\Downloads\FRST64.exe
2014-04-24 08:11 - 2013-09-08 20:06 - 00001908 _____ () C:\Windows\Tasks\Pricora 6.1-chromeinstaller.job
2014-04-24 08:07 - 2013-09-08 20:07 - 00001296 _____ () C:\Windows\Tasks\Pricora 6.1-updater.job
2014-04-24 08:07 - 2013-09-08 20:06 - 00001100 _____ () C:\Windows\Tasks\Pricora 6.1-enabler.job
2014-04-24 08:06 - 2013-09-08 20:06 - 00001834 _____ () C:\Windows\Tasks\Pricora 6.1-firefoxinstaller.job
2014-04-24 08:06 - 2013-09-08 20:06 - 00001202 _____ () C:\Windows\Tasks\Pricora 6.1-codedownloader.job
2014-04-24 07:27 - 2012-08-19 17:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-24 07:25 - 2013-03-05 23:01 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-24 06:59 - 2010-09-09 18:34 - 01952756 _____ () C:\Windows\WindowsUpdate.log
2014-04-24 06:45 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-23 17:17 - 2012-01-26 18:24 - 01654844 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-23 17:17 - 2010-09-10 04:15 - 00711622 _____ () C:\Windows\system32\perfh007.dat
2014-04-23 17:17 - 2010-09-10 04:15 - 00156106 _____ () C:\Windows\system32\perfc007.dat
2014-04-23 17:16 - 2009-07-14 06:45 - 00015904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-23 17:16 - 2009-07-14 06:45 - 00015904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-23 17:06 - 2013-03-09 11:55 - 00000000 ___RD () C:\Users\Schabnam\Dropbox
2014-04-23 17:06 - 2013-03-09 11:33 - 00000000 ____D () C:\Users\Schabnam\AppData\Roaming\Dropbox
2014-04-23 17:04 - 2013-03-05 23:01 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-23 17:03 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-23 17:02 - 2009-07-14 06:51 - 00086518 _____ () C:\Windows\setupact.log
2014-04-23 16:06 - 2011-06-13 13:09 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-04-23 16:06 - 2011-06-13 13:08 - 00003510 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-04-23 16:06 - 2011-06-13 13:08 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-04-23 15:07 - 2014-04-23 15:06 - 00855379 _____ () C:\Users\Schabnam\Desktop\SecurityCheck.exe
2014-04-23 15:06 - 2014-04-23 15:06 - 02347384 _____ (ESET) C:\Users\Schabnam\Downloads\esetsmartinstaller_enu.exe
2014-04-23 15:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-23 12:52 - 2013-11-27 14:29 - 00144706 _____ () C:\Windows\IE11_main.log
2014-04-11 21:18 - 2012-09-28 15:45 - 00000000 ____D () C:\Users\Schabnam\Bewerbungen
2014-04-11 21:18 - 2011-12-08 19:38 - 00000000 ____D () C:\Users\Schabnam\Uni
2014-04-11 21:07 - 2013-03-05 23:07 - 00002105 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-09 20:32 - 2013-07-19 15:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 20:24 - 2011-02-26 22:19 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-01 22:38 - 2014-04-01 22:38 - 00000000 ____D () C:\Users\Schabnam\AppData\Local\Skype
2014-04-01 22:37 - 2014-04-01 22:37 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-04-01 22:37 - 2014-04-01 22:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-04-01 22:37 - 2011-02-26 14:17 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-01 22:37 - 2011-02-26 14:17 - 00000000 ____D () C:\ProgramData\Skype
2014-03-31 09:35 - 2011-02-26 13:41 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-31 03:41 - 2011-06-13 13:08 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-03-30 21:15 - 2014-03-30 21:15 - 00000116 ____H () C:\Users\Schabnam\Downloads\.~lock.Ludwig1-neu.odt#
2014-03-29 10:20 - 2013-03-05 23:01 - 00004110 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-29 10:20 - 2013-03-05 23:01 - 00003858 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-28 22:00 - 2011-06-13 13:08 - 00004250 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-03-27 07:07 - 2014-03-27 07:07 - 01238310 _____ () C:\Users\Schabnam\Downloads\Anhänge_2014327.zip
2014-03-25 18:41 - 2014-03-25 18:41 - 00000000 _____ () C:\Windows\system32\vireng.log
2014-03-25 10:41 - 2014-03-25 10:41 - 00143254 _____ () C:\Users\Schabnam\Downloads\zula.22neu.3.14.odt

Some content of TEMP:
====================
C:\Users\Schabnam\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Schabnam\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Schabnam\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Schabnam\AppData\Local\Temp\pdf24-creator-update.exe
C:\Users\Schabnam\AppData\Local\Temp\Quarantine.exe
C:\Users\Schabnam\AppData\Local\Temp\SandboxieInstall.exe
C:\Users\Schabnam\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Schabnam\AppData\Local\Temp\sdapskill.exe
C:\Users\Schabnam\AppData\Local\Temp\sdaspwn.exe
C:\Users\Schabnam\AppData\Local\Temp\silent_pricora_DE.exe
C:\Users\Schabnam\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Schabnam\AppData\Local\Temp\vlc-2.0.6-win32.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-22 13:29

==================== End Of Log ============================
         

--- --- ---

--- --- ---

Java updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code: Alles auswählenAufklappen

ATTFilter

G:\$RECYCLE.BIN
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

• Starte nun FRST erneut und klicke den Entfernen Button.
• Das Tool erstellt eine Fixlog.txt.
• Poste mir deren Inhalt.

Fertig

Die Reihenfolge ist hier entscheidend.

1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
   • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
   • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
   • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
3. Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
   • Schließe alle offenen Programme.
   • Starte die delfix.exe mit einem Doppelklick.
   • Setze vor jede Funktion ein Häkchen.
   • Klicke auf Start.
   • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
   • Starte deinen Rechner abschließend neu.
4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

• Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
• Windows Updates
  • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
  • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
• Gehe sicher das die automatischen Updates aktiviert sind.
• Software Updates
  Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
  Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

• Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

• MalwareBytes Anti Malware
  Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
  Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
  Ein Tutorial zur Verwendung findest Du hier.
• WinPatrol
  Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

• SpywareBlaster
  Eine kurze Einführung findest du Hier
• MVPs hosts file
  Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
• WOT (Web of trust)
  Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

• Opera
• Mozilla Firefox.
  • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    
  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
    Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts

• Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
• verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
• Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
• Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Code: Alles auswählenAufklappen

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-04-2014
Ran by Schabnam at 2014-04-26 20:37:23 Run:1
Running from C:\Users\Schabnam\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
G:\$RECYCLE.BIN
*****************

"G:\$RECYCLE.BIN" => File/Directory not found.

==== End of Fixlog ====
         

fertig

Vielen Dank!!
Ich hab noch eine andere kurze Frage:
Mein Rechner ist ewig langsam, was könnte ich machen, um das zu ändern?
VG
Schnipschnap

Wann genau ist er langsam?

Das kann ich so genau leider nicht zuordnen. Ich benutze Chrome, weil Firefox nicht mehr funktioniert bei mir. Und Chrome bleibt auch oft ewig hängen. Manchmal ist er beim Hochfahren schon so langsam, dass es total aufhält. Oft erscheint: keine Rückmeldung, Seite reagiert nicht.
Da bleibt mir nichts übrig, außer abzuwarten...

Ja aber das alles kommt nur in den Browsern? Starte die Browser mal im eigenen Safe Mode ohne Addons, besser?

Wie mach ich das?

Im Programme Ordern von den browsern sollte ein entsprechendes icon sein, als Beispiel bei FF, Firefox Safe Mode.

sowas kann ich nicht finden :-(

schau mal hier:
https://support.mozilla.org/en-US/kb...sing-safe-mode
Google Chrome Safe Mode