Hallo liebes trojaner-board-Team!
Nach den Nachrichten, dass via Yahoo Malware verbreitet wurde, hab ich Clamwin und Avira laufen lassen und beide haben was gefunden: div. Trojaner und "EXP/CVE-2013-2465.G.Gen". Probleme an und für sich tauchen nicht auf, aber die logfiles die beiden Programme auswerfen, beunruhigen mich massiv, da ich auf diesem Computer auch sensible Daten handhabe.

Nach einem nochmaligen Scan mit Avira taucht der CXP/CVE Virus nicht mehr auf. Leider hab ich keine Ahnung, ob er mit der Quarantäne wirklich unschädlich ist

Nachdem meine Kenntnisse in diesem Gebiet beschränkt sind, bitte ich um Hilfe meinen Laptop wieder zu bereinigen.

Zur Info: der Laptop ist ein refurbished Dell aus den USA, falls das in den logfiles auftaucht.

Vielen Dank im Voraus!
lg Anita

PS: Ich finde es klasse, das es dieses Forum gibt, und dass ihr in Eurer Freizeit anderen helft! Danke!!

defogger_disable

Code: Alles auswählenAufklappen

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:44 on 06/01/2014 (anita *****)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         

FRST

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-01-2014
Ran by anita ***** (administrator) on ANITA on 06-01-2014 15:50:24
Running from C:\Documents and Settings\anita *****\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\WINDOWS\system32\cisvc.exe
(Teruten) C:\WINDOWS\system32\FsUsbExService.Exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\WINDOWS\system32\cidaemon.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(SigmaTel, Inc.) C:\WINDOWS\stsystra.exe
(alch) C:\Program Files\ClamWin\bin\ClamTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\hidfind.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Documents and Settings\anita *****\Desktop\Defogger.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [176128 2005-10-08] (Alps Electric Co., Ltd.)
HKLM\...\Run: [igfxhkcmd] - C:\WINDOWS\system32\hkcmd.exe [77824 2005-12-14] (Intel Corporation)
HKLM\...\Run: [igfxpers] - C:\WINDOWS\system32\igfxpers.exe [118784 2005-12-14] (Intel Corporation)
HKLM\...\Run: [SigmatelSysTrayApp] - C:\WINDOWS\stsystra.exe [282624 2006-03-25] (SigmaTel, Inc.)
HKLM\...\Run: [ClamWin] - C:\Program Files\ClamWin\bin\ClamTray.exe [86016 2013-10-18] (alch)
HKLM\...\Run: [NPSStartup] - [x]
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
MountPoints2: {2ff6b887-f0df-11dc-b947-0015c5a50a82} - wscript.exe VirusRemoval.vbs
HKU\Administrator\...\Run: [ModemOnHold] - C:\Program Files\NetWaiting\netwaiting.exe [ 2003-09-10] ()
HKU\Default User\...\Run: [ModemOnHold] - C:\Program Files\NetWaiting\netwaiting.exe [ 2003-09-10] ()
Lsa: [Notification Packages] scecli scecli scecli scecli scecli scecli

==================== Internet (Whitelisted) ====================

ProxyServer: isasrv.fh.ac.at:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://services.ama.at/servlet/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKCU - Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
SearchScopes: HKCU - DefaultScope {5E6EDBF3-0B0B-4D97-B65B-3995FFC74381} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {5E6EDBF3-0B0B-4D97-B65B-3995FFC74381} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {75D6ADAA-79BE-40EB-997A-B14F5AE37C19} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} -  No File
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Documents and Settings\anita *****\Application Data\Mozilla\Firefox\Profiles\6eh1x7p5.default-1382897487578
FF Homepage: hxxp://foodporndaily.com/|hxxp://www.netvibes.com/signin?from=home|hxxp://www.wetteronline.de/wettertrend/st-poelten|hxxp://wetter.orf.at/niederoesterreich/prognose|hxxp://www.zamg.ac.at/cms/de/wetter/wetter-oesterreich/niederoesterreich/heute_nacht
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @viewpoint.com/VMP - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll No File
FF SearchPlugin: C:\Documents and Settings\anita *****\Application Data\Mozilla\Firefox\Profiles\6eh1x7p5.default-1382897487578\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: WOT - C:\Documents and Settings\anita *****\Application Data\Mozilla\Firefox\Profiles\6eh1x7p5.default-1382897487578\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: Ghostery - C:\Documents and Settings\anita *****\Application Data\Mozilla\Firefox\Profiles\6eh1x7p5.default-1382897487578\Extensions\firefox@ghostery.com.xpi
FF Extension: Mind the Time - C:\Documents and Settings\anita *****\Application Data\Mozilla\Firefox\Profiles\6eh1x7p5.default-1382897487578\Extensions\jid0-HYNmqxA9zQGfJADREri4n2AHKSI@jetpack.xpi
FF Extension: DuckDuckGo Plus - C:\Documents and Settings\anita *****\Application Data\Mozilla\Firefox\Profiles\6eh1x7p5.default-1382897487578\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi
FF Extension: All-in-One Sidebar - C:\Documents and Settings\anita *****\Application Data\Mozilla\Firefox\Profiles\6eh1x7p5.default-1382897487578\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
FF Extension: LeechBlock - C:\Documents and Settings\anita *****\Application Data\Mozilla\Firefox\Profiles\6eh1x7p5.default-1382897487578\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi
FF Extension: Leo Search - C:\Documents and Settings\anita *****\Application Data\Mozilla\Firefox\Profiles\6eh1x7p5.default-1382897487578\Extensions\{c666c018-6409-4479-afa3-68e4129e7eff}.xpi
FF Extension: Adblock Plus - C:\Documents and Settings\anita *****\Application Data\Mozilla\Firefox\Profiles\6eh1x7p5.default-1382897487578\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}-trash
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
S4 Bluetooth Hid Switch Service; C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe [188416 2005-08-30] (Cambridge Silicon Radio)
R2 MSSQL$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe [9150464 2005-05-04] (Microsoft Corporation)
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [73728 2005-05-04] (Microsoft Corporation)
R2 NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [376832 2006-06-29] (Dell Inc.)
S3 SQLAgent$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE [323584 2005-05-04] (Microsoft Corporation)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe [180224 2006-06-12] ()
S2 WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [262217 2005-12-28] (Intel(R) Corporation)
S2 DataSvr2; "C:\Program Files\Wave Systems Corp\Common\DataServer.exe" [x]
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
S2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [x]
S2 Symantec Core LC; "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" [x]

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21275 2006-09-16] (Meetinghouse Data Communications)
R1 APPDRV; C:\Windows\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R2 DLABOIOM; C:\Windows\System32\DLA\DLABOIOM.SYS [25628 2005-09-08] (Sonic Solutions)
R1 DLACDBHM; C:\Windows\System32\Drivers\DLACDBHM.SYS [5628 2005-08-25] (Sonic Solutions)
R2 DLADResN; C:\Windows\System32\DLA\DLADResN.SYS [2496 2005-09-08] (Sonic Solutions)
R2 DLAIFS_M; C:\Windows\System32\DLA\DLAIFS_M.SYS [86524 2005-09-08] (Sonic Solutions)
R2 DLAOPIOM; C:\Windows\System32\DLA\DLAOPIOM.SYS [14684 2005-09-08] (Sonic Solutions)
R2 DLAPoolM; C:\Windows\System32\DLA\DLAPoolM.SYS [6364 2005-09-08] (Sonic Solutions)
R1 DLARTL_N; C:\Windows\System32\Drivers\DLARTL_N.SYS [22684 2005-08-25] (Sonic Solutions)
R2 DLAUDFAM; C:\Windows\System32\DLA\DLAUDFAM.SYS [94332 2005-09-08] (Sonic Solutions)
R2 DLAUDF_M; C:\Windows\System32\DLA\DLAUDF_M.SYS [87036 2005-09-08] (Sonic Solutions)
R2 DRVNDDM; C:\Windows\System32\Drivers\DRVNDDM.SYS [40544 2005-08-12] (Sonic Solutions)
R3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2009-03-31] ()
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [47249 2007-12-03] (FTDI Ltd.)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51056 2003-08-11] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2003-08-11] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21488 2003-08-11] (HP)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 pfc; C:\Windows\System32\drivers\pfc.sys [21248 2003-09-19] (Padus, Inc.)
R2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [13568 2005-12-28] (Intel Corporation)
S3 snpstd2; C:\Windows\System32\DRIVERS\snpstd2.sys [347264 2004-12-17] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-02] (Avira GmbH)
R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1156648 2006-03-25] (SigmaTel, Inc.)
R2 symlcbrd; C:\WINDOWS\system32\drivers\symlcbrd.sys [10344 2006-09-16] (Symantec Corporation)
S3 w39n51; C:\Windows\System32\DRIVERS\w39n51.sys [1428096 2005-12-05] (Intel® Corporation)
U2 CertPropSvc; 
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S3 wanatw; system32\DRIVERS\wanatw4.sys [x]
U1 WS2IFSL; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-06 15:50 - 2014-01-06 15:50 - 00014321 _____ C:\Documents and Settings\anita *****\Desktop\FRST.txt
2014-01-06 15:50 - 2014-01-06 15:50 - 00000000 ____D C:\FRST
2014-01-06 15:48 - 2014-01-06 15:49 - 01064805 _____ (Farbar) C:\Documents and Settings\anita *****\Desktop\FRST.exe
2014-01-06 15:44 - 2014-01-06 15:45 - 00000488 _____ C:\Documents and Settings\anita *****\Desktop\defogger_disable.log
2014-01-06 15:44 - 2014-01-06 15:44 - 00000000 _____ C:\Documents and Settings\anita *****\defogger_reenable
2014-01-06 15:43 - 2014-01-06 15:43 - 00050477 _____ C:\Documents and Settings\anita *****\Desktop\Defogger.exe
2014-01-06 14:59 - 2006-05-16 18:34 - 00286720 _____ C:\Documents and Settings\anita *****\My Documents\wxvault1.dll
2014-01-06 14:42 - 2014-01-06 15:01 - 00000000 ____D C:\Documents and Settings\anita *****\Application Data\Wave Systems Corp
2014-01-04 15:21 - 2014-01-05 10:02 - 00000000 ____D C:\Documents and Settings\anita *****\My Documents\zeug
2014-01-04 15:21 - 2014-01-04 15:21 - 00000645 _____ C:\Documents and Settings\anita *****\My Documents\DIEMeisterarbeit.lnk
2014-01-04 13:07 - 2014-01-04 13:07 - 00000000 _____ C:\WINDOWS\setuperr.log
2014-01-04 13:07 - 2014-01-04 13:07 - 00000000 _____ C:\WINDOWS\setupact.log
2014-01-04 12:38 - 2014-01-04 12:39 - 00000403 _____ C:\WINDOWS\wmsetup.log
2014-01-04 11:41 - 2014-01-04 15:30 - 00000000 ___RD C:\Documents and Settings\anita *****\Desktop\icons
2014-01-04 08:55 - 2014-01-04 13:07 - 00014460 _____ C:\WINDOWS\setupapi.log
2013-12-31 15:07 - 2013-12-31 15:07 - 00026950 _____ C:\Documents and Settings\anita *****\hs_err_pid1052.log
2013-12-24 18:43 - 2013-12-24 18:43 - 00028776 _____ C:\Documents and Settings\anita *****\hs_err_pid3856.log
2013-12-22 19:54 - 2013-12-23 10:36 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-18 08:17 - 2013-12-18 08:17 - 00026953 _____ C:\Documents and Settings\anita *****\hs_err_pid2708.log
2013-12-14 10:29 - 2013-12-14 10:29 - 00026709 _____ C:\Documents and Settings\anita *****\hs_err_pid2904.log
2013-12-10 14:48 - 2013-12-10 14:48 - 00026870 _____ C:\Documents and Settings\anita *****\hs_err_pid736.log

==================== One Month Modified Files and Folders =======

2014-01-06 15:50 - 2014-01-06 15:50 - 00014321 _____ C:\Documents and Settings\anita *****\Desktop\FRST.txt
2014-01-06 15:50 - 2014-01-06 15:50 - 00000000 ____D C:\FRST
2014-01-06 15:49 - 2014-01-06 15:48 - 01064805 _____ (Farbar) C:\Documents and Settings\anita *****\Desktop\FRST.exe
2014-01-06 15:45 - 2014-01-06 15:44 - 00000488 _____ C:\Documents and Settings\anita *****\Desktop\defogger_disable.log
2014-01-06 15:44 - 2014-01-06 15:44 - 00000000 _____ C:\Documents and Settings\anita *****\defogger_reenable
2014-01-06 15:44 - 2006-10-12 19:33 - 00000000 ____D C:\Documents and Settings\anita *****
2014-01-06 15:43 - 2014-01-06 15:43 - 00050477 _____ C:\Documents and Settings\anita *****\Desktop\Defogger.exe
2014-01-06 15:26 - 2004-08-10 19:02 - 01066904 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-06 15:25 - 2012-12-13 19:30 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-06 15:03 - 2004-08-10 19:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-06 15:03 - 2004-08-10 18:59 - 00000159 _____ C:\WINDOWS\wiadebug.log
2014-01-06 15:03 - 2004-08-10 18:59 - 00000050 _____ C:\WINDOWS\wiaservc.log
2014-01-06 15:02 - 2006-10-12 19:33 - 00000278 ___SH C:\Documents and Settings\anita *****\ntuser.ini
2014-01-06 15:02 - 2004-08-10 19:08 - 00032568 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-06 15:01 - 2014-01-06 14:42 - 00000000 ____D C:\Documents and Settings\anita *****\Application Data\Wave Systems Corp
2014-01-06 14:54 - 2006-09-16 05:45 - 00000000 ____D C:\Program Files\Broadcom
2014-01-06 14:52 - 2006-09-16 05:46 - 00000000 ____D C:\Program Files\Wave Systems Corp
2014-01-06 14:52 - 2006-09-16 05:41 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2014-01-06 14:49 - 2006-09-16 05:47 - 00000000 ____D C:\WINDOWS\system32\BioAPIFFDB
2014-01-05 20:48 - 2007-06-08 16:43 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2014-01-05 19:31 - 2004-08-10 19:02 - 00000000 ____D C:\WINDOWS\Registration
2014-01-05 14:35 - 2011-01-03 10:50 - 00000000 ___RD C:\Documents and Settings\anita *****\My Documents\Kaisergrub
2014-01-05 10:02 - 2014-01-04 15:21 - 00000000 ____D C:\Documents and Settings\anita *****\My Documents\zeug
2014-01-04 17:09 - 2010-12-27 09:56 - 00000000 ____D C:\Program Files\MoneyMaker
2014-01-04 15:30 - 2014-01-04 11:41 - 00000000 ___RD C:\Documents and Settings\anita *****\Desktop\icons
2014-01-04 15:29 - 2006-12-04 02:55 - 00000000 ____D C:\Program Files\KeyNote
2014-01-04 15:21 - 2014-01-04 15:21 - 00000645 _____ C:\Documents and Settings\anita *****\My Documents\DIEMeisterarbeit.lnk
2014-01-04 13:07 - 2014-01-04 13:07 - 00000000 _____ C:\WINDOWS\setuperr.log
2014-01-04 13:07 - 2014-01-04 13:07 - 00000000 _____ C:\WINDOWS\setupact.log
2014-01-04 13:07 - 2014-01-04 08:55 - 00014460 _____ C:\WINDOWS\setupapi.log
2014-01-04 12:40 - 2004-08-10 18:51 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2014-01-04 12:39 - 2014-01-04 12:38 - 00000403 _____ C:\WINDOWS\wmsetup.log
2014-01-04 10:50 - 2011-05-29 08:08 - 00000000 ___RD C:\Documents and Settings\anita *****\My Documents\Meine Musik
2014-01-04 10:50 - 2008-01-24 04:02 - 00124928 ___SH C:\Documents and Settings\anita *****\My Documents\Thumbs.db
2014-01-01 11:07 - 2007-02-03 19:48 - 00000000 ____D C:\Program Files\CCleaner
2014-01-01 11:03 - 2012-07-25 14:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2013-12-31 15:07 - 2013-12-31 15:07 - 00026950 _____ C:\Documents and Settings\anita *****\hs_err_pid1052.log
2013-12-24 18:43 - 2013-12-24 18:43 - 00028776 _____ C:\Documents and Settings\anita *****\hs_err_pid3856.log
2013-12-23 10:36 - 2013-12-22 19:54 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-18 08:22 - 2013-03-02 08:38 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2013-12-18 08:22 - 2013-03-02 08:38 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2013-12-18 08:17 - 2013-12-18 08:17 - 00026953 _____ C:\Documents and Settings\anita *****\hs_err_pid2708.log
2013-12-14 13:14 - 2004-08-10 18:57 - 00379240 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-14 10:29 - 2013-12-14 10:29 - 00026709 _____ C:\Documents and Settings\anita *****\hs_err_pid2904.log
2013-12-14 09:30 - 2009-09-19 11:03 - 00000000 ____D C:\WINDOWS\ie8updates
2013-12-14 09:29 - 2007-02-14 12:09 - 00893882 _____ C:\WINDOWS\system32\TZLog.log
2013-12-14 09:23 - 2013-07-29 19:04 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-14 09:16 - 2006-10-14 03:26 - 88123800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-12-13 08:25 - 2012-03-31 15:18 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-12-13 08:25 - 2012-03-31 15:18 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-12-10 14:48 - 2013-12-10 14:48 - 00026870 _____ C:\Documents and Settings\anita *****\hs_err_pid736.log

Some content of TEMP:
====================
C:\Documents and Settings\anita *****\Local Settings\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
         

Addition

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-01-2014
Ran by anita ****** at 2014-01-06 15:51:30
Running from C:\Documents and Settings\anita ******\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection (Disabled) {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

==================== Installed Programs ======================

µTorrent (Version: 1.8.1 - )
7-Zip 4.57 (Version:  - )
Abacast Client (Version:  - )
Adobe Acrobat - Reader 6.0.2 Update (Version: 6.0.2 - Adobe Systems)
Adobe Acrobat 6.0.1 Standard (Version: 006.000.001 - Adobe Systems)
Adobe Acrobat and Reader 6.0.3 Update (Version: 6.0.3 - Adobe Systems)
Adobe Acrobat and Reader 6.0.4 Update (Version: 6.0.4 - Adobe Systems)
Adobe Acrobat and Reader 6.0.5 Update (Version: 6.0.5 - Adobe Systems)
Adobe Acrobat and Reader 6.0.6 Update (Version: 6.0.6 - Adobe Systems)
Adobe Atmosphere Player for Acrobat and Adobe Reader (Version:  - )
Adobe Flash Player 10 ActiveX (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader 6.0.1 (Version: 006.000.001 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (Version:  - )
Audacity 1.2.6 (Version:  - )
Avira Free Antivirus (Version: 14.0.2.286 - Avira)
Bluetooth Stack for Windows by Toshiba (Version: v4.00.22(D) - )
Broadcom Advanced Control Suite (Version: 8.68.05 - Broadcom Corporation)
Canon Easy-PhotoPrint EX (Version:  - )
Canon Kurzwahlprogramm (Version:  - )
Canon MP Navigator EX 5.1 (Version:  - )
Canon MX890 series MP Drivers (Version:  - )
Canon MX890 series On-screen Manual (Version:  - )
Canon My Printer (Version:  - )
Canon Solution Menu EX (Version:  - )
CCleaner (Version: 4.09 - Piriform)
ClamWin Free Antivirus 0.98 (Version:  - alch)
Conexant HDA D110 MDC V.92 Modem (Version:  - )
Corel Uninstaller (Version:  - )
Digital Line Detect (Version: 1.15 - BVRP Software, Inc)
eQ-3 USB Serial Converter Drivers (Version: 2.00.00.2 - eQ-3 Entwicklung GmbH)
Foxit Reader (Version:  - )
GE 98067 MiniCam Pro (Version: 4.11.0.3 - )
Google SketchUp 8 (Version: 3.0.11762 - Google, Inc.)
Intel(R) Graphics Media Accelerator Driver (Version: 6.14.10.4446 - )
Intel(R) PROSet/Wireless Software (Version: 10.1.0.3 - Intel Corporation)
Java 7 Update 45 (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
KeyNote 1.6.5 (Version:  - )
LADSPA_plugins-win-0.4.15 (Version:  - Audacity Team)
mCore (Version: 5.45.0000 - Intel Corporation) Hidden
mDrWiFi (Version: 5.45.0000 - Intel Corporation) Hidden
mHlpDell (Version: 5.45.0000 - Intel) Hidden
Microsoft .NET Framework 1.1 (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Office Outlook 2003 with Business Contact Manager Update (Version: 2.0.4013.0 - Microsoft Corporation)
Microsoft Office Small Business Edition 2003 (Version: 11.0.7969.0 - Microsoft Corporation)
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ) (Version: 8.00.2039 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
mIWA (Version: 5.45.0000 - Intel Corporation) Hidden
mLogView (Version: 5.45.0000 - Intel Corporation) Hidden
mMHouse (Version: 5.45.0000 - Intel Corporation) Hidden
Modem Helper (Version: 3.02 - BVRP Software)
MoneyMaker (Version: 20.05.2010 - Moneysoft Softwarevertriebs - GesmbH)
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0 - Mozilla)
mPfMgr (Version: 5.45.0000 - Intel Corporation) Hidden
mPfWiz (Version: 5.45.0000 - Intel Corporation) Hidden
mProSafe (Version: 9.00.0000 - Intel) Hidden
mSSO (Version: 5.45.0000 - Intel Corporation) Hidden
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB954459) (Version: 6.20.1099.0 - Microsoft Corporation)
mWlsSafe (Version: 9.00.0000 - Intel) Hidden
mWMI (Version: 5.45.0000 - Intel Corporation) Hidden
mXML (Version: 5.45.0000 - Intel Corporation) Hidden
mZConfig (Version: 5.45.0000 - Intel Corporation) Hidden
NetWaiting (Version: 2.5.23 - BVRP Software, Inc)
NTRU Hybrid TSS v2.0.25 (Version: 2.0.25 - NTRU Cryptosystems) Hidden
QuickSet (Version: 7.1.10 - )
Roxio DLA (Version: 5.2.0 - Roxio)
Roxio RecordNow Audio (Version: 2.0.4 - Roxio)
Roxio RecordNow Copy (Version: 2.0.4 - Roxio)
Roxio RecordNow Data (Version: 2.0.4 - Roxio)
Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
Skype™ 5.5 (Version: 5.5.124 - Skype Technologies S.A.)
Symantec KB-DocID:2003093015493306 (Version: 1.0.0.1 - Symantec Corporation) Hidden
Tweak UI (Version:  - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1 - Microsoft Corporation)
VideoLAN VLC media player 0.8.5 (Version: 0.8.5 - VideoLAN Team)
WeatherProfessional (Version:  - ELV Elektronik AG)
WeatherProfessional (Version: 1.83 - ELV Elektronik AG) Hidden
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Driver Package - MobileTop (sshpmdm) Modem  (02/23/2007 2.5.0.0) (Version: 02/23/2007 2.5.0.0 - MobileTop)
Windows Driver Package - MobileTop (sshpusb) USB  (02/23/2007 2.5.0.0) (Version: 02/23/2007 2.5.0.0 - MobileTop)
Windows Genuine Advantage Validation Tool (KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Imaging Component (Version: 3.0.0.0 - Microsoft Corporation)
Windows Installer 3.1 (KB893803) (Version:  - Microsoft Corporation)
Windows Internet Explorer 8 (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows Resource Kit Tools - SubInAcl.exe (Version: 5.2.3790.1164 - Microsoft Corporation)
Windows XP Service Pack 3 (Version: 20080414.031525 - Microsoft Corporation)

==================== Restore Points  =========================

09-12-2013 18:32:57 System Checkpoint
09-12-2013 21:01:49 System Checkpoint
13-12-2013 08:03:52 System Checkpoint
14-12-2013 08:15:11 Software Distribution Service 3.0
14-12-2013 11:33:42 Software Distribution Service 3.0
16-12-2013 08:31:37 System Checkpoint
17-12-2013 10:55:54 System Checkpoint
18-12-2013 13:05:12 System Checkpoint
19-12-2013 13:32:57 System Checkpoint
21-12-2013 10:24:46 System Checkpoint
22-12-2013 19:35:15 System Checkpoint
24-12-2013 09:09:17 System Checkpoint
25-12-2013 11:04:09 System Checkpoint
27-12-2013 11:53:58 System Checkpoint
28-12-2013 12:38:37 System Checkpoint
29-12-2013 16:49:19 System Checkpoint
30-12-2013 18:11:12 System Checkpoint
01-01-2014 10:34:51 System Checkpoint
02-01-2014 11:57:09 System Checkpoint
03-01-2014 20:26:19 System Checkpoint
05-01-2014 11:56:50 System Checkpoint
06-01-2014 12:02:40 System Checkpoint
06-01-2014 13:47:11 Configured EMBASSY Trust Suite by Wave Systems
06-01-2014 13:47:44 Configured ETS Upgrade
06-01-2014 13:48:03 Configured Wave Support Software
06-01-2014 13:49:42 Configured Document Manager Lite
06-01-2014 13:50:10 Configured Private Information Manager
06-01-2014 13:50:35 Configured EMBASSY Security Center
06-01-2014 13:52:11 Configured Security Wizards
06-01-2014 13:52:28 Configured Secure Update
06-01-2014 13:52:44 Configured ETS Launch Pad
06-01-2014 13:53:58 Removed Broadcom TPM Driver Installer
06-01-2014 13:54:15 Removed EMBASSY Trust Suite by Wave Systems

==================== Hosts content: ==========================

2004-08-10 18:51 - 2010-03-28 17:10 - 00381022 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	123topsearch.com
127.0.0.1	www.123topsearch.com
127.0.0.1	132.com
127.0.0.1	www.132.com
127.0.0.1	www.136136.net
127.0.0.1	136136.net
127.0.0.1	163ns.com
127.0.0.1	www.163ns.com
127.0.0.1	171203.com
127.0.0.1	17-plus.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2004-07-20 23:04 - 2004-07-20 23:04 - 00094208 _____ () C:\WINDOWS\system32\TosBtHcrpAPI.dll
2013-03-02 08:38 - 2013-03-02 08:25 - 00397704 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2007-08-10 06:07 - 1997-11-18 17:34 - 00907264 ____N () C:\Corel\Graphics8\programs\CMFFld80.dll
2008-03-20 20:39 - 2008-04-19 15:35 - 00081920 _____ () C:\Program Files\ClamWin\bin\ExpShell.dll
2008-03-20 20:39 - 2005-02-08 17:23 - 00979005 _____ () C:\Program Files\ClamWin\bin\python23.dll
2008-03-20 20:39 - 2004-11-20 03:27 - 00069632 _____ () C:\Program Files\ClamWin\lib\win32api.pyd
2008-03-20 20:39 - 2004-10-11 20:21 - 00094208 _____ () C:\Program Files\ClamWin\lib\pywintypes23.dll
2008-03-20 20:39 - 2004-05-25 21:18 - 00057401 _____ () C:\Program Files\ClamWin\lib\_sre.pyd
2008-03-20 20:39 - 2004-11-20 03:27 - 00086016 _____ () C:\Program Files\ClamWin\lib\win32gui.pyd
2008-03-20 20:39 - 2004-11-20 03:27 - 00024576 _____ () C:\Program Files\ClamWin\lib\win32event.pyd
2008-03-20 20:39 - 2004-11-20 03:27 - 00036864 _____ () C:\Program Files\ClamWin\lib\win32process.pyd
2008-03-20 20:39 - 2004-05-25 21:18 - 00049212 _____ () C:\Program Files\ClamWin\lib\_socket.pyd
2008-03-20 20:39 - 2004-05-25 21:18 - 00495616 _____ () C:\Program Files\ClamWin\lib\_ssl.pyd
2008-03-20 20:39 - 2004-05-25 21:20 - 00036864 _____ () C:\Program Files\ClamWin\lib\_winreg.pyd
2008-03-20 20:39 - 2004-10-11 20:22 - 00315392 _____ () C:\Program Files\ClamWin\lib\pythoncom23.dll
2008-03-20 20:39 - 2004-11-20 03:27 - 00106496 _____ () C:\Program Files\ClamWin\lib\shell.pyd
2008-03-20 20:39 - 2004-11-20 03:27 - 00065536 _____ () C:\Program Files\ClamWin\lib\win32security.pyd
2008-04-20 18:08 - 2004-01-15 14:45 - 00061440 _____ () C:\Program Files\ClamWin\lib\_ctypes.pyd
2008-03-20 20:39 - 2004-11-20 03:27 - 00077824 _____ () C:\Program Files\ClamWin\lib\win32file.pyd
2008-03-20 20:39 - 2004-11-20 03:27 - 00024576 _____ () C:\Program Files\ClamWin\lib\win32pipe.pyd
2008-03-20 20:39 - 2003-10-01 13:40 - 02240512 _____ () C:\Program Files\ClamWin\lib\wxc.pyd
2008-03-20 20:39 - 2003-10-01 11:43 - 03239936 _____ () C:\Program Files\ClamWin\lib\wxmsw24h.dll
2008-03-20 20:39 - 2003-08-10 09:14 - 00061440 _____ () C:\Program Files\ClamWin\lib\mxDateTime.pyd
2008-03-20 20:39 - 2004-05-25 21:17 - 00622651 _____ () C:\Program Files\ClamWin\lib\_bsddb.pyd
2008-03-20 20:39 - 2004-05-25 21:19 - 00045117 _____ () C:\Program Files\ClamWin\lib\datetime.pyd
2013-12-22 19:54 - 2013-12-22 19:55 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Intel(R) PRO/Wireless 3945ABG Network Connection
Description: Intel(R) PRO/Wireless 3945ABG Network Connection
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel Corporation
Service: w39n51
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/06/2014 02:43:43 PM) (Source: Wave.Authentication) (User: )
Description: TPM State is invalid
   at Wave.Authentication.AMInterface.AMCredential.IsUserEnrolled(String userNameIn, String domainNameIn)

Error: (01/06/2014 02:43:43 PM) (Source: Wave.Authentication) (User: )
Description: The TPM is off
   at TrustedPlatformManager.CPlatformManagerClass.get_Enabled()
   at Wave.Authentication.AMInterface.AMCredential.IsTPMStateValid()

Error: (01/04/2014 00:14:38 PM) (Source: Application Error) (User: )
Description: Faulting application vlc.exe, version 0.8.5.0, faulting module msvcrt.dll, version 7.0.2600.5512, fault address 0x00037740.
Processing media-specific event for [vlc.exe!ws!]

Error: (01/02/2014 08:15:49 PM) (Source: MsiInstaller) (User: ANITA)
Description: Product: Adobe Acrobat 6.0.1 Standard -- Error 1706.No valid source could be found for product Adobe Acrobat 6.0.1 Standard.  The Windows Installer cannot continue.

Error: (01/01/2014 07:53:45 PM) (Source: Application Hang) (User: )
Description: Hanging application coreldrw.exe, version 8.232.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/01/2014 07:51:28 PM) (Source: Application Hang) (User: )
Description: Hanging application coreldrw.exe, version 8.232.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/01/2014 07:51:28 PM) (Source: Application Hang) (User: )
Description: Hanging application coreldrw.exe, version 8.232.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/01/2014 09:29:18 AM) (Source: Application Hang) (User: )
Description: Hanging application coreldrw.exe, version 8.232.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/31/2013 04:47:29 PM) (Source: MsiInstaller) (User: ANITA)
Description: Product: Adobe Acrobat 6.0.1 Standard -- Error 1706.No valid source could be found for product Adobe Acrobat 6.0.1 Standard.  The Windows Installer cannot continue.

Error: (12/31/2013 04:44:18 PM) (Source: Application Hang) (User: )
Description: Hanging application coreldrw.exe, version 8.232.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (01/06/2014 03:05:54 PM) (Source: Service Control Manager) (User: )
Description: The NTRU Hybrid TSS v2.0.25 TCS service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/06/2014 03:05:54 PM) (Source: Service Control Manager) (User: )
Description: The NTRU Hybrid TSS v2.0.25 TCS service hung on starting.

Error: (01/06/2014 03:03:43 PM) (Source: Service Control Manager) (User: )
Description: The Symantec Core LC service failed to start due to the following error: 
%%3

Error: (01/06/2014 03:03:43 PM) (Source: Service Control Manager) (User: )
Description: The DataSvr2 service failed to start due to the following error: 
%%2

Error: (01/06/2014 03:03:43 PM) (Source: Service Control Manager) (User: )
Description: The Intel(R) PROSet/Wireless SSO Service service depends on the Intel(R) PROSet/Wireless Service service which failed to start because of the following error: 
%%2

Error: (01/06/2014 03:03:43 PM) (Source: Service Control Manager) (User: )
Description: The Intel(R) PROSet/Wireless Service service failed to start due to the following error: 
%%2

Error: (01/05/2014 09:23:09 AM) (Source: Service Control Manager) (User: )
Description: The Symantec Core LC service failed to start due to the following error: 
%%3

Error: (01/05/2014 09:23:09 AM) (Source: Service Control Manager) (User: )
Description: The Intel(R) PROSet/Wireless SSO Service service depends on the Intel(R) PROSet/Wireless Service service which failed to start because of the following error: 
%%2

Error: (01/05/2014 09:23:09 AM) (Source: Service Control Manager) (User: )
Description: The Intel(R) PROSet/Wireless Service service failed to start due to the following error: 
%%2

Error: (01/03/2014 08:16:08 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.


Microsoft Office Sessions:
=========================
Error: (10/08/2009 07:38:05 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: 10Microsoft Office Visio12.0.4518.101412.0.4518.101427860


==================== Memory info =========================== 

Percentage of memory in use: 77%
Total physical RAM: 1014.11 MB
Available physical RAM: 231.68 MB
Total Pagefile: 2440.63 MB
Available Pagefile: 1515.79 MB
Total Virtual: 2047.88 MB
Available Virtual: 1944.22 MB

==================== Drives ================================

Drive c: (Local Disk) (Fixed) (Total:37.19 GB) (Free:13.62 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 37 GB) (Disk ID: D0F4738C)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Active) - (Size=37 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

GMER

Code: Alles auswählenAufklappen

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2014-01-06 16:53:59
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541040G9SA00 rev.MB2OC60R 37,26GB
Running: gmer_2.1.19163.exe; Driver: C:\DOCUME~1\ANITAP~1\LOCALS~1\Temp\kgtdrpoc.sys


---- System - GMER 2.1 ----

SSDT            F7D0417C                  ZwClose
SSDT            F7D04136                  ZwCreateKey
SSDT            F7D04186                  ZwCreateSection
SSDT            F7D0412C                  ZwCreateThread
SSDT            F7D0413B                  ZwDeleteKey
SSDT            F7D04145                  ZwDeleteValueKey
SSDT            F7D04177                  ZwDuplicateObject
SSDT            F7D0414A                  ZwLoadKey
SSDT            F7D04118                  ZwOpenProcess
SSDT            F7D0411D                  ZwOpenThread
SSDT            F7D0419F                  ZwQueryValueKey
SSDT            F7D04154                  ZwReplaceKey
SSDT            F7D04190                  ZwRequestWaitReplyPort
SSDT            F7D0414F                  ZwRestoreKey
SSDT            F7D0418B                  ZwSetContextThread
SSDT            F7D04195                  ZwSetSecurityObject
SSDT            F7D04140                  ZwSetValueKey
SSDT            F7D0419A                  ZwSystemDebugControl
SSDT            F7D04127                  ZwTerminateProcess

---- Devices - GMER 2.1 ----

Device          \FileSystem\Fastfat \Fat  A906BD20

AttachedDevice  \FileSystem\Fastfat \Fat  fltmgr.sys

Device          \FileSystem\Cdfs \Cdfs    DLAIFS_M.SYS

---- EOF - GMER 2.1 ----
         

Clamwin

Code: Alles auswählenAufklappen

ATTFilter

---------- SCAN SUMMARY -----------
Known viruses: 3052839
Engine version: 0.98
Scanned directories: 7902
Scanned files: 74971
Infected files: 25
Not copied: 25
Data scanned: 20479.84 MB
Data read: 22419.65 MB (ratio 0.91:1)
Time: 11679.109 sec (194 m 39 s)

Scan Started Sat Jan 04 09:13:41 2014
-------------------------------------------------------------------------------

C:\Documents and Settings\All Users\.clamwin\quarantine\2c79c7c8.msi.infected: Win.Trojan.Delf-12083 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\2c79c7c8.msi.infected not moved/copied since already in quarantine
C:\Documents and Settings\All Users\.clamwin\quarantine\AmRes_de.dll.infected: Win.Trojan.Agent-326844 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\AmRes_de.dll.infected not moved/copied since already in quarantine
C:\Documents and Settings\All Users\.clamwin\quarantine\AmRes_de.dll.infected.000.infected: Win.Trojan.Agent-326844 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\AmRes_de.dll.infected.000.infected not moved/copied since already in quarantine
C:\Documents and Settings\All Users\.clamwin\quarantine\AmRes_en.dll.infected: Win.Trojan.Fakesmoke-59 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\AmRes_en.dll.infected not moved/copied since already in quarantine
C:\Documents and Settings\All Users\.clamwin\quarantine\AmRes_en.dll.infected.000.infected: Win.Trojan.Fakesmoke-59 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\AmRes_en.dll.infected.000.infected not moved/copied since already in quarantine
C:\Documents and Settings\All Users\.clamwin\quarantine\AmRes_es.dll.infected: Win.Trojan.Fakesmoke-90 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\AmRes_es.dll.infected not moved/copied since already in quarantine
C:\Documents and Settings\All Users\.clamwin\quarantine\AmRes_es.dll.infected.000.infected: Win.Trojan.Fakesmoke-90 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\AmRes_es.dll.infected.000.infected not moved/copied since already in quarantine
C:\Documents and Settings\All Users\.clamwin\quarantine\AmRes_fr.dll.infected: Win.Trojan.Fakesmoke-36 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\AmRes_fr.dll.infected not moved/copied since already in quarantine
C:\Documents and Settings\All Users\.clamwin\quarantine\AmRes_fr.dll.infected.000.infected: Win.Trojan.Fakesmoke-36 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\AmRes_fr.dll.infected.000.infected not moved/copied since already in quarantine
C:\Documents and Settings\All Users\.clamwin\quarantine\AmRes_it.dll.infected: Win.Trojan.Agent-169581 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\AmRes_it.dll.infected not moved/copied since already in quarantine
C:\Documents and Settings\All Users\.clamwin\quarantine\AmRes_it.dll.infected.000.infected: Win.Trojan.Agent-169581 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\AmRes_it.dll.infected.000.infected not moved/copied since already in quarantine
C:\Documents and Settings\All Users\.clamwin\quarantine\AmRes_ja.dll.infected: Win.Trojan.Fakesmoke-172 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\AmRes_ja.dll.infected not moved/copied since already in quarantine
C:\Documents and Settings\All Users\.clamwin\quarantine\AmRes_ja.dll.infected.000.infected: Win.Trojan.Fakesmoke-172 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\AmRes_ja.dll.infected.000.infected not moved/copied since already in quarantine
C:\Documents and Settings\All Users\.clamwin\quarantine\browseui.dll.infected: Win.Trojan.Agent-570553 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\browseui.dll.infected not moved/copied since already in quarantine
C:\Documents and Settings\All Users\.clamwin\quarantine\ISSetup.dll.infected: Win.Trojan.Agent-516645 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\ISSetup.dll.infected not moved/copied since already in quarantine
C:\Documents and Settings\All Users\.clamwin\quarantine\Samsung New PC Studio.msi.infected: Win.Trojan.Delf-12083 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\Samsung New PC Studio.msi.infected not moved/copied since already in quarantine
C:\Documents and Settings\All Users\.clamwin\quarantine\setup.exe.infected: Win.Trojan.Agent-516645 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\setup.exe.infected not moved/copied since already in quarantine
C:\Documents and Settings\All Users\.clamwin\quarantine\setup.exe.infected.000.infected: Win.Trojan.Agent-516645 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\setup.exe.infected.000.infected not moved/copied since already in quarantine
C:\Documents and Settings\All Users\.clamwin\quarantine\setup.exe.infected.001.infected: Win.Trojan.Agent-516645 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\setup.exe.infected.001.infected not moved/copied since already in quarantine
C:\Documents and Settings\All Users\.clamwin\quarantine\setup.exe.infected.002.infected: Win.Trojan.Agent-516645 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\setup.exe.infected.002.infected not moved/copied since already in quarantine
C:\Documents and Settings\All Users\.clamwin\quarantine\setup.exe.infected.003.infected: Win.Trojan.Agent-516645 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\setup.exe.infected.003.infected not moved/copied since already in quarantine
C:\Documents and Settings\All Users\.clamwin\quarantine\setup.exe.infected.004.infected: Win.Trojan.Agent-516645 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\setup.exe.infected.004.infected not moved/copied since already in quarantine
C:\Documents and Settings\All Users\.clamwin\quarantine\setup.exe.infected.005.infected: Win.Trojan.Agent-516645 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\setup.exe.infected.005.infected not moved/copied since already in quarantine
C:\Documents and Settings\All Users\.clamwin\quarantine\setup.exe.infected.006.infected: Win.Trojan.Agent-516645 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\setup.exe.infected.006.infected not moved/copied since already in quarantine
C:\Documents and Settings\All Users\.clamwin\quarantine\Wave Infrastructure.msi.infected: Win.Trojan.Fakesmoke-36 FOUND
C:\Documents and Settings\All Users\.clamwin\quarantine\Wave Infrastructure.msi.infected not moved/copied since already in quarantine
WARNING: Can't open file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\scaninfo(1808).tmp: Permission denied
WARNING: Can't open file C:\hiberfil.sys: Permission denied
WARNING: Can't open file C:\pagefile.sys: Permission denied
WARNING: Can't open file C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\master.mdf: Permission denied
WARNING: Can't open file C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\mastlog.ldf: Permission denied
WARNING: Can't open file C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\model.mdf: Permission denied
WARNING: Can't open file C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\modellog.ldf: Permission denied
WARNING: Can't open file C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\tempdb.mdf: Permission denied
WARNING: Can't open file C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\templog.ldf: Permission denied
         

Avira

Code: Alles auswählenAufklappen

ATTFilter

Exportierte Ereignisse:

04.01.2014 15:00 [System-Scanner] Malware gefunden
      Die Datei 'C:\Documents and Settings\anita *****\Local Settings\Application 
      Data\Sun\Java\Deployment\cache\6.0\61\141fda7d-63538d58'
      enthielt einen Virus oder unerwünschtes Programm 'EXP/CVE-2013-2465.G.Gen' 
      [exploit].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '562cb040.qua' 
      verschoben!
         

Hallo und

ClamAV kannst du bei Malwareerkennung fast schon vergessen, es erkennt vieles nicht und meldet auch oft Fehlalarme...nimm besser sowas wie Malwarebytes

Zitat:

Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)

Wie willst du mit dem Thema WinXP umgehen?

Lesestoff:
Windows XP

Auf deinem Rechner läuft noch Windows XP. Microsoft hat dieses Betriebssystem bereits 2001 veröffentlicht und stellt den Support endgültig ab April 2014 ein, d.h. ab Mai 2014 gibt es keine weiteren Updates mehr und danach gefundene Lücken werden nicht mehr durch Updates/Hotfixes geschlossen werden können.

Mit Windows XP nach April 2014 zu surfen wird damit ein großes Sicherheitsrisiko. Du solltest dir jetzt unbedingt Gedanken machen, möglichst schnell auf ein aktuelleres Betriebssystem umzusteigen.

Hi, ich hab einen vollständigen Scan von Malwarebytes gemacht: "Exploit.Drop.GSA".
Reicht es, innerhalb von Malwarebytes die Datei zu entfernen?

Win XP:
Da der Laptop allen Anschein nach nicht genug Kapazität hat um Win7 oder Win8 zu packen, wird wohl ein neuer Computer fällig werden. Ich denke, mein IT-affiner Neffe kann mir einen Stand-PC zusammenstellen, wo man ggf. einzelne Bauteile nochmals aufrüsten kann. Das wird sich aber wegen seiner Ausbildung sicher noch bis zum Sommer hinziehen. Deshalb würd ich meinen Laptop gerne noch solang nutzen wie es geht, also zumindest bis April. (Für die Zeit zw. April und meinem neuen PC hab ich allerdings noch keinen Plan)
Aber weil mein Laptop trotz seines Alters und abgesehen von der Malware ganz ordentlich funktioniert, werd ich mir überlegen was ich danach offline mit ihm machen kann (Filme schauen beim Bügeln oder so was).

lieben Gruß,
Anita

Malwarebytes

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.01.07.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
anita ***** :: ANITA [Administrator]

07.01.2014 10:02:39
MBAM-log-2014-01-07 (13-48-41).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 297019
Laufzeit: 3 Stunde(n), 38 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Keine Aktion durchgeführt.

(Ende)
         

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

• WICHTIG: Speichere Combofix auf deinem Desktop
• Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
• Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
• Combofix wird überprüfen, ob die Microsoft Windows Wiederherstellungskonsole installiert ist.
  Ist diese nicht installiert, erlaube Combofix diese herunter zu laden und zu installieren. Folge dazu einfach den Anweisungen und aktzeptiere die Endbenutzer-Lizenz.
  Bei heutiger Malware ist dies sehr empfehlenswert, da diese uns eine Möglichkeit bietet, dein System zu reparieren, falls etwas schief geht.
  Bestätige die Information, dass die Wiederherstellungskonsole installiert wurde mit Ja.
  Hinweis: Ist diese bereits installiert, wird Combofix mit der Malwareentfernung fortfahren.
• Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
• Wenn Combofix fertig ist, wird es eine Logfile erstellen.
• Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Hi,
Ich hab Combofix ausgeführt, es hat sich die Wiederherstellungskonsole heruntergeladen und danach mit dem Scan begonnen. Ich bin vom Laptop weg gegangen (kann ja eh nix machen, ausser zuschauen). Nach ca 45min komm ich wieder zurück und finde den Bildschirm schwarz und kein Zeichen, dass sich noch etwas tut (Strom war noch da). Nachdem Cursor bewegen, etc. nichts gebracht hat, hab ich neu eingeschaltet. Es hat ein Weilchen gedauert, aber jetzt is er wieder da. Jedenfalls wurde kein Logfile erstellt, sondern jediglich ein Ordner mit dem Namen Combofix, der mich wieder zu C: bringt.

Kann ich Combofix nochmal ausführen?

Danke,
Anita

Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal.

Hallo,
Hab gemacht, was du geschrieben hast: Neustart, alte combofix.exe löschen, neue runterladen, nochmal laufen lassen. Es hat leider wieder nicht bis zum logfile gereicht:
Ich hab dem Programm zugesehen wie es seine 50 Abschnitte abarbeitet. Dann stand kurz "Lösche Dateien" oder so ähnlich und sofort danach gabs einen Bluescreen (Bad Pool Header). Nach dem Neustart kann ich leider wieder keine logfile finden.

Was hab ich falsch gemacht bzw. was kann ich tun?

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

• Starte bitte die mbar.exe.
• Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
• Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
• Klicke auf den CleanUp Button und erlaube den Neustart.
• Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
• Nach dem Neustart starte die mbar.exe erneut.
• Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Hallo,
ich habe MBAR nach Anweisung ausgeführt. 1 Malware wurde gefunden. Nach dem Neustart, hat MBAR dann nichts mehr entdeckt. Das 2. logfile spar ich hier mal aus, weil sauber.

MBAR

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2014.01.09.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
 :: ANITA [administrator]

09.01.2014 10:57:03
mbar-log-2014-01-09 (10-57-03).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 235332
Time elapsed: 1 hour(s), 20 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         

Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

• Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
• Drücke eine beliebige Taste, um das Tool zu starten.
• Je nach System kann der Scan eine Weile dauern.
• Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
• Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

• Starte jetzt FRST.
• Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
• Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
• Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Hallo,
Alles erledigt. Unten sind die entprechenden logs.
Lieben Gruss

Adwcleaner

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v3.016 - Report created 10/01/2014 at 08:57:01
# Updated 23/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : anita ****** - ANITA
# Running from : C:\Documents and Settings\anita ******\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\Documents and Settings\anita ******\Application Data\Mozilla\Firefox\Profiles\3h0odino.default\StumbleUpon

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A8E5842E-102B-4289-9D57-3B3F5B5E15D3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe]
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Documents and Settings\anita ******\Application Data\Mozilla\Firefox\Profiles\3h0odino.default\prefs.js ]

Line Deleted : user_pref("plugin.blocklisted.npviewpoint", true);

[ File : C:\Documents and Settings\anita ******\Application Data\Mozilla\Firefox\Profiles\4tf8vdpa.FH\prefs.js ]

Line Deleted : user_pref("browser.startup.homepage", "hxxp://de.f254.mail.yahoo.com/ym/ShowFolder?rb=Inbox&reset=1&YY=93640&y5beta=yes&y5beta=yes&order=down&sort=date&pos=0&view=a&head=b|hxxp://www.netvibes.com/|htt[...]

[ File : C:\Documents and Settings\anita ******\Application Data\Mozilla\Firefox\Profiles\6eh1x7p5.default-1382897487578\prefs.js ]


*************************

AdwCleaner[R0].txt - [4261 octets] - [09/01/2014 21:14:56]
AdwCleaner[S0].txt - [4254 octets] - [10/01/2014 08:57:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4314 octets] ##########
         

JRT

Code: Alles auswählenAufklappen

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Microsoft Windows XP x86
Ran by anita ***** on 10.01.2014 at  9:18:35,93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5E6EDBF3-0B0B-4D97-B65B-3995FFC74381}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\anita *****\Application Data\getrighttogo"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.01.2014 at  9:25:25,01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-01-2014
Ran by anita ***** (administrator) on ANITA on 10-01-2014 10:20:05
Running from C:\Documents and Settings\anita *****\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Teruten) C:\WINDOWS\system32\FsUsbExService.Exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(SigmaTel, Inc.) C:\WINDOWS\stsystra.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [176128 2005-10-08] (Alps Electric Co., Ltd.)
HKLM\...\Run: [igfxhkcmd] - C:\WINDOWS\system32\hkcmd.exe [77824 2005-12-14] (Intel Corporation)
HKLM\...\Run: [igfxpers] - C:\WINDOWS\system32\igfxpers.exe [118784 2005-12-14] (Intel Corporation)
HKLM\...\Run: [SigmatelSysTrayApp] - C:\WINDOWS\stsystra.exe [282624 2006-03-25] (SigmaTel, Inc.)
HKLM\...\Run: [NPSStartup] - [x]
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\Administrator\...\Run: [ModemOnHold] - C:\Program Files\NetWaiting\netwaiting.exe [ 2003-09-10] ()
HKU\Default User\...\Run: [ModemOnHold] - C:\Program Files\NetWaiting\netwaiting.exe [ 2003-09-10] ()

==================== Internet (Whitelisted) ====================

ProxyServer: isasrv.fh.ac.at:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://services.ama.at/servlet/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {75D6ADAA-79BE-40EB-997A-B14F5AE37C19} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} -  No File
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Documents and Settings\anita *****\Application Data\Mozilla\Firefox\Profiles\6eh1x7p5.default-1382897487578
FF Homepage: hxxp://foodporndaily.com/|hxxp://www.netvibes.com/signin?from=home|hxxp://www.wetteronline.de/wettertrend/st-poelten|hxxp://wetter.orf.at/niederoesterreich/prognose|hxxp://www.zamg.ac.at/cms/de/wetter/wetter-oesterreich/niederoesterreich/heute_nacht
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll No File
FF SearchPlugin: C:\Documents and Settings\anita *****\Application Data\Mozilla\Firefox\Profiles\6eh1x7p5.default-1382897487578\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: WOT - C:\Documents and Settings\anita *****\Application Data\Mozilla\Firefox\Profiles\6eh1x7p5.default-1382897487578\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: Ghostery - C:\Documents and Settings\anita *****\Application Data\Mozilla\Firefox\Profiles\6eh1x7p5.default-1382897487578\Extensions\firefox@ghostery.com.xpi
FF Extension: Mind the Time - C:\Documents and Settings\anita *****\Application Data\Mozilla\Firefox\Profiles\6eh1x7p5.default-1382897487578\Extensions\jid0-HYNmqxA9zQGfJADREri4n2AHKSI@jetpack.xpi
FF Extension: DuckDuckGo Plus - C:\Documents and Settings\anita *****\Application Data\Mozilla\Firefox\Profiles\6eh1x7p5.default-1382897487578\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi
FF Extension: All-in-One Sidebar - C:\Documents and Settings\anita *****\Application Data\Mozilla\Firefox\Profiles\6eh1x7p5.default-1382897487578\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
FF Extension: LeechBlock - C:\Documents and Settings\anita *****\Application Data\Mozilla\Firefox\Profiles\6eh1x7p5.default-1382897487578\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi
FF Extension: Leo Search - C:\Documents and Settings\anita *****\Application Data\Mozilla\Firefox\Profiles\6eh1x7p5.default-1382897487578\Extensions\{c666c018-6409-4479-afa3-68e4129e7eff}.xpi
FF Extension: Adblock Plus - C:\Documents and Settings\anita *****\Application Data\Mozilla\Firefox\Profiles\6eh1x7p5.default-1382897487578\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}-trash
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
S4 Bluetooth Hid Switch Service; C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe [188416 2005-08-30] (Cambridge Silicon Radio)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MSSQL$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe [9150464 2005-05-04] (Microsoft Corporation)
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [73728 2005-05-04] (Microsoft Corporation)
R2 NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [376832 2006-06-29] (Dell Inc.)
S3 SQLAgent$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE [323584 2005-05-04] (Microsoft Corporation)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe [180224 2006-06-12] ()
S2 WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [262217 2005-12-28] (Intel(R) Corporation)
S2 DataSvr2; "C:\Program Files\Wave Systems Corp\Common\DataServer.exe" [x]
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
S2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [x]
S2 Symantec Core LC; "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" [x]

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21275 2006-09-16] (Meetinghouse Data Communications)
R1 APPDRV; C:\Windows\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R2 DLABOIOM; C:\Windows\System32\DLA\DLABOIOM.SYS [25628 2005-09-08] (Sonic Solutions)
R1 DLACDBHM; C:\Windows\System32\Drivers\DLACDBHM.SYS [5628 2005-08-25] (Sonic Solutions)
R2 DLADResN; C:\Windows\System32\DLA\DLADResN.SYS [2496 2005-09-08] (Sonic Solutions)
R2 DLAIFS_M; C:\Windows\System32\DLA\DLAIFS_M.SYS [86524 2005-09-08] (Sonic Solutions)
R2 DLAOPIOM; C:\Windows\System32\DLA\DLAOPIOM.SYS [14684 2005-09-08] (Sonic Solutions)
R2 DLAPoolM; C:\Windows\System32\DLA\DLAPoolM.SYS [6364 2005-09-08] (Sonic Solutions)
R1 DLARTL_N; C:\Windows\System32\Drivers\DLARTL_N.SYS [22684 2005-08-25] (Sonic Solutions)
R2 DLAUDFAM; C:\Windows\System32\DLA\DLAUDFAM.SYS [94332 2005-09-08] (Sonic Solutions)
R2 DLAUDF_M; C:\Windows\System32\DLA\DLAUDF_M.SYS [87036 2005-09-08] (Sonic Solutions)
R2 DRVNDDM; C:\Windows\System32\Drivers\DRVNDDM.SYS [40544 2005-08-12] (Sonic Solutions)
R3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2009-03-31] ()
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [47249 2007-12-03] (FTDI Ltd.)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51056 2003-08-11] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2003-08-11] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21488 2003-08-11] (HP)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 pfc; C:\Windows\System32\drivers\pfc.sys [21248 2003-09-19] (Padus, Inc.)
R2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [13568 2005-12-28] (Intel Corporation)
S3 snpstd2; C:\Windows\System32\DRIVERS\snpstd2.sys [347264 2004-12-17] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-02] (Avira GmbH)
R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1156648 2006-03-25] (SigmaTel, Inc.)
R2 symlcbrd; C:\WINDOWS\system32\drivers\symlcbrd.sys [10344 2006-09-16] (Symantec Corporation)
S3 w39n51; C:\Windows\System32\DRIVERS\w39n51.sys [1428096 2005-12-05] (Intel® Corporation)
S3 catchme; \??\C:\DOCUME~1\ANITAP~1\LOCALS~1\Temp\catchme.sys [x]
U2 CertPropSvc; 
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U3 TlntSvr; 
S3 wanatw; system32\DRIVERS\wanatw4.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-10 09:59 - 2014-01-10 09:59 - 00000000 ____D C:\Documents and Settings\anita *****\Desktop\FRST-OlderVersion
2014-01-10 09:25 - 2014-01-10 09:51 - 00000838 _____ C:\Documents and Settings\anita *****\Desktop\JRT.txt
2014-01-10 09:17 - 2014-01-10 09:17 - 00000000 ____D C:\WINDOWS\ERUNT
2014-01-10 09:07 - 2014-01-10 09:07 - 00004388 _____ C:\Documents and Settings\anita *****\Desktop\AdwCleaner[S0].txt
2014-01-09 21:14 - 2014-01-10 08:58 - 00000000 ____D C:\AdwCleaner
2014-01-09 20:10 - 2014-01-09 20:10 - 01037068 _____ (Thisisu) C:\Documents and Settings\anita *****\Desktop\JRT.exe
2014-01-09 20:08 - 2014-01-09 20:09 - 01233962 _____ C:\Documents and Settings\anita *****\Desktop\adwcleaner.exe
2014-01-09 10:56 - 2014-01-09 13:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-01-09 10:56 - 2014-01-09 12:37 - 00104664 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-01-09 10:55 - 2014-01-09 12:37 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-01-09 10:53 - 2014-01-09 10:53 - 00000000 ____D C:\Documents and Settings\anita *****\Desktop\mbar-1.07.0.1008
2014-01-09 10:48 - 2014-01-09 10:48 - 12582688 _____ (Malwarebytes Corp.) C:\Documents and Settings\anita *****\Desktop\mbar-1.07.0.1008.exe
2014-01-07 16:33 - 2014-01-07 16:59 - 00000000 ___SD C:\ComboFix
2014-01-07 16:29 - 2014-01-07 16:30 - 05160001 ____R (Swearware) C:\Documents and Settings\anita *****\Desktop\ComboFix.exe
2014-01-07 15:01 - 2014-01-07 15:01 - 00000000 _RSHD C:\cmdcons
2014-01-07 15:01 - 2006-12-28 02:36 - 00000211 _____ C:\Boot.bak
2014-01-07 15:01 - 2004-08-03 23:00 - 00262448 __RSH C:\cmldr
2014-01-07 14:55 - 2014-01-07 14:55 - 00000000 ____D C:\Qoobox
2014-01-07 14:55 - 2011-06-26 07:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2014-01-07 14:55 - 2010-11-07 18:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2014-01-07 14:55 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-01-07 14:55 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-01-07 14:55 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-01-07 14:55 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-01-07 14:55 - 2000-08-31 01:00 - 00098816 _____ C:\WINDOWS\sed.exe
2014-01-07 14:55 - 2000-08-31 01:00 - 00080412 _____ C:\WINDOWS\grep.exe
2014-01-07 14:55 - 2000-08-31 01:00 - 00068096 _____ C:\WINDOWS\zip.exe
2014-01-07 14:54 - 2014-01-07 14:54 - 00000000 ____D C:\WINDOWS\erdnt
2014-01-07 10:00 - 2014-01-07 10:00 - 00000794 _____ C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-07 10:00 - 2014-01-07 10:00 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-01-07 09:59 - 2014-01-07 10:00 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-07 09:59 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-01-06 17:03 - 2014-01-06 17:09 - 00000928 _____ C:\Documents and Settings\anita *****\Desktop\avira.txt
2014-01-06 16:59 - 2014-01-06 16:59 - 00007571 _____ C:\Documents and Settings\anita *****\Desktop\clamwin.txt
2014-01-06 16:53 - 2014-01-06 16:53 - 00001664 _____ C:\Documents and Settings\anita *****\Desktop\gmer.txt
2014-01-06 16:03 - 2014-01-06 16:03 - 00090112 _____ C:\WINDOWS\Minidump\Mini010614-02.dmp
2014-01-06 15:58 - 2014-01-06 15:58 - 00090112 _____ C:\WINDOWS\Minidump\Mini010614-01.dmp
2014-01-06 15:53 - 2014-01-06 15:53 - 00377856 _____ C:\Documents and Settings\anita *****\Desktop\gmer_2.1.19163.exe
2014-01-06 15:50 - 2014-01-10 10:20 - 00014161 _____ C:\Documents and Settings\anita *****\Desktop\FRST.txt
2014-01-06 15:50 - 2014-01-10 09:59 - 00000000 ____D C:\FRST
2014-01-06 15:48 - 2014-01-10 09:59 - 01066141 _____ (Farbar) C:\Documents and Settings\anita *****\Desktop\FRST.exe
2014-01-06 15:44 - 2014-01-06 17:08 - 00000486 _____ C:\Documents and Settings\anita *****\Desktop\defogger_disable.log
2014-01-06 15:44 - 2014-01-06 15:44 - 00000000 _____ C:\Documents and Settings\anita *****\defogger_reenable
2014-01-06 15:43 - 2014-01-06 15:43 - 00050477 _____ C:\Documents and Settings\anita *****\Desktop\Defogger.exe
2014-01-06 14:59 - 2006-05-16 18:34 - 00286720 _____ C:\Documents and Settings\anita *****\My Documents\wxvault1.dll
2014-01-06 14:42 - 2014-01-06 15:01 - 00000000 ____D C:\Documents and Settings\anita *****\Application Data\Wave Systems Corp
2014-01-04 15:21 - 2014-01-05 10:02 - 00000000 ____D C:\Documents and Settings\anita *****\My Documents\zeug
2014-01-04 15:21 - 2014-01-04 15:21 - 00000645 _____ C:\Documents and Settings\anita *****\My Documents\DIEMeisterarbeit.lnk
2014-01-04 13:07 - 2014-01-04 13:07 - 00000000 _____ C:\WINDOWS\setuperr.log
2014-01-04 13:07 - 2014-01-04 13:07 - 00000000 _____ C:\WINDOWS\setupact.log
2014-01-04 12:38 - 2014-01-09 15:38 - 00000806 _____ C:\WINDOWS\wmsetup.log
2014-01-04 11:41 - 2014-01-04 15:30 - 00000000 ___RD C:\Documents and Settings\anita *****\Desktop\icons
2014-01-04 08:55 - 2014-01-04 13:07 - 00014460 _____ C:\WINDOWS\setupapi.log
2013-12-31 15:07 - 2013-12-31 15:07 - 00026950 _____ C:\Documents and Settings\anita *****\hs_err_pid1052.log
2013-12-24 18:43 - 2013-12-24 18:43 - 00028776 _____ C:\Documents and Settings\anita *****\hs_err_pid3856.log
2013-12-22 19:54 - 2013-12-23 10:36 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-18 08:17 - 2013-12-18 08:17 - 00026953 _____ C:\Documents and Settings\anita *****\hs_err_pid2708.log
2013-12-14 10:29 - 2013-12-14 10:29 - 00026709 _____ C:\Documents and Settings\anita *****\hs_err_pid2904.log

==================== One Month Modified Files and Folders =======

2014-01-10 10:20 - 2014-01-06 15:50 - 00014161 _____ C:\Documents and Settings\anita *****\Desktop\FRST.txt
2014-01-10 09:59 - 2014-01-10 09:59 - 00000000 ____D C:\Documents and Settings\anita *****\Desktop\FRST-OlderVersion
2014-01-10 09:59 - 2014-01-06 15:50 - 00000000 ____D C:\FRST
2014-01-10 09:59 - 2014-01-06 15:48 - 01066141 _____ (Farbar) C:\Documents and Settings\anita *****\Desktop\FRST.exe
2014-01-10 09:51 - 2014-01-10 09:25 - 00000838 _____ C:\Documents and Settings\anita *****\Desktop\JRT.txt
2014-01-10 09:25 - 2012-12-13 19:30 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-10 09:17 - 2014-01-10 09:17 - 00000000 ____D C:\WINDOWS\ERUNT
2014-01-10 09:12 - 2004-08-10 19:02 - 01143788 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-10 09:07 - 2014-01-10 09:07 - 00004388 _____ C:\Documents and Settings\anita *****\Desktop\AdwCleaner[S0].txt
2014-01-10 09:07 - 2004-08-10 18:59 - 00000211 _____ C:\WINDOWS\wiadebug.log
2014-01-10 09:03 - 2004-08-10 18:59 - 00000050 _____ C:\WINDOWS\wiaservc.log
2014-01-10 09:02 - 2004-08-10 19:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-10 09:00 - 2006-10-12 19:33 - 00000278 ___SH C:\Documents and Settings\anita *****\ntuser.ini
2014-01-10 09:00 - 2004-08-10 19:08 - 00032568 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-10 08:59 - 2006-10-12 19:33 - 00000000 ____D C:\Documents and Settings\anita *****
2014-01-10 08:58 - 2014-01-09 21:14 - 00000000 ____D C:\AdwCleaner
2014-01-09 20:10 - 2014-01-09 20:10 - 01037068 _____ (Thisisu) C:\Documents and Settings\anita *****\Desktop\JRT.exe
2014-01-09 20:09 - 2014-01-09 20:08 - 01233962 _____ C:\Documents and Settings\anita *****\Desktop\adwcleaner.exe
2014-01-09 15:38 - 2014-01-04 12:38 - 00000806 _____ C:\WINDOWS\wmsetup.log
2014-01-09 13:57 - 2014-01-09 10:56 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-01-09 12:37 - 2014-01-09 10:56 - 00104664 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-01-09 12:37 - 2014-01-09 10:55 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-01-09 10:53 - 2014-01-09 10:53 - 00000000 ____D C:\Documents and Settings\anita *****\Desktop\mbar-1.07.0.1008
2014-01-09 10:48 - 2014-01-09 10:48 - 12582688 _____ (Malwarebytes Corp.) C:\Documents and Settings\anita *****\Desktop\mbar-1.07.0.1008.exe
2014-01-07 20:14 - 2011-05-29 08:08 - 00000000 ___RD C:\Documents and Settings\anita *****\My Documents\Meine Musik
2014-01-07 16:59 - 2014-01-07 16:33 - 00000000 ___SD C:\ComboFix
2014-01-07 16:30 - 2014-01-07 16:29 - 05160001 ____R (Swearware) C:\Documents and Settings\anita *****\Desktop\ComboFix.exe
2014-01-07 15:01 - 2014-01-07 15:01 - 00000000 _RSHD C:\cmdcons
2014-01-07 15:01 - 2006-09-16 05:23 - 00000327 __RSH C:\boot.ini
2014-01-07 14:55 - 2014-01-07 14:55 - 00000000 ____D C:\Qoobox
2014-01-07 14:54 - 2014-01-07 14:54 - 00000000 ____D C:\WINDOWS\erdnt
2014-01-07 10:00 - 2014-01-07 10:00 - 00000794 _____ C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-07 10:00 - 2014-01-07 10:00 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-01-07 10:00 - 2014-01-07 09:59 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-06 17:09 - 2014-01-06 17:03 - 00000928 _____ C:\Documents and Settings\anita *****\Desktop\avira.txt
2014-01-06 17:08 - 2014-01-06 15:44 - 00000486 _____ C:\Documents and Settings\anita *****\Desktop\defogger_disable.log
2014-01-06 16:59 - 2014-01-06 16:59 - 00007571 _____ C:\Documents and Settings\anita *****\Desktop\clamwin.txt
2014-01-06 16:53 - 2014-01-06 16:53 - 00001664 _____ C:\Documents and Settings\anita *****\Desktop\gmer.txt
2014-01-06 16:03 - 2014-01-06 16:03 - 00090112 _____ C:\WINDOWS\Minidump\Mini010614-02.dmp
2014-01-06 16:03 - 2007-08-21 13:00 - 00000000 ____D C:\WINDOWS\Minidump
2014-01-06 15:58 - 2014-01-06 15:58 - 00090112 _____ C:\WINDOWS\Minidump\Mini010614-01.dmp
2014-01-06 15:53 - 2014-01-06 15:53 - 00377856 _____ C:\Documents and Settings\anita *****\Desktop\gmer_2.1.19163.exe
2014-01-06 15:44 - 2014-01-06 15:44 - 00000000 _____ C:\Documents and Settings\anita *****\defogger_reenable
2014-01-06 15:43 - 2014-01-06 15:43 - 00050477 _____ C:\Documents and Settings\anita *****\Desktop\Defogger.exe
2014-01-06 15:01 - 2014-01-06 14:42 - 00000000 ____D C:\Documents and Settings\anita *****\Application Data\Wave Systems Corp
2014-01-06 14:54 - 2006-09-16 05:45 - 00000000 ____D C:\Program Files\Broadcom
2014-01-06 14:52 - 2006-09-16 05:46 - 00000000 ____D C:\Program Files\Wave Systems Corp
2014-01-06 14:52 - 2006-09-16 05:41 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2014-01-06 14:49 - 2006-09-16 05:47 - 00000000 ____D C:\WINDOWS\system32\BioAPIFFDB
2014-01-05 20:48 - 2007-06-08 16:43 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2014-01-05 19:31 - 2004-08-10 19:02 - 00000000 ____D C:\WINDOWS\Registration
2014-01-05 14:35 - 2011-01-03 10:50 - 00000000 ___RD C:\Documents and Settings\anita *****\My Documents\Kaisergrub
2014-01-05 10:02 - 2014-01-04 15:21 - 00000000 ____D C:\Documents and Settings\anita *****\My Documents\zeug
2014-01-04 17:09 - 2010-12-27 09:56 - 00000000 ____D C:\Program Files\MoneyMaker
2014-01-04 15:30 - 2014-01-04 11:41 - 00000000 ___RD C:\Documents and Settings\anita *****\Desktop\icons
2014-01-04 15:29 - 2006-12-04 02:55 - 00000000 ____D C:\Program Files\KeyNote
2014-01-04 15:21 - 2014-01-04 15:21 - 00000645 _____ C:\Documents and Settings\anita *****\My Documents\DIEMeisterarbeit.lnk
2014-01-04 13:07 - 2014-01-04 13:07 - 00000000 _____ C:\WINDOWS\setuperr.log
2014-01-04 13:07 - 2014-01-04 13:07 - 00000000 _____ C:\WINDOWS\setupact.log
2014-01-04 13:07 - 2014-01-04 08:55 - 00014460 _____ C:\WINDOWS\setupapi.log
2014-01-04 12:40 - 2004-08-10 18:51 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2014-01-04 10:50 - 2008-01-24 04:02 - 00124928 ___SH C:\Documents and Settings\anita *****\My Documents\Thumbs.db
2014-01-01 11:07 - 2007-02-03 19:48 - 00000000 ____D C:\Program Files\CCleaner
2014-01-01 11:03 - 2012-07-25 14:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2013-12-31 15:07 - 2013-12-31 15:07 - 00026950 _____ C:\Documents and Settings\anita *****\hs_err_pid1052.log
2013-12-24 18:43 - 2013-12-24 18:43 - 00028776 _____ C:\Documents and Settings\anita *****\hs_err_pid3856.log
2013-12-23 10:36 - 2013-12-22 19:54 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-18 08:22 - 2013-03-02 08:38 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2013-12-18 08:22 - 2013-03-02 08:38 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2013-12-18 08:17 - 2013-12-18 08:17 - 00026953 _____ C:\Documents and Settings\anita *****\hs_err_pid2708.log
2013-12-14 13:14 - 2004-08-10 18:57 - 00379240 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-14 10:29 - 2013-12-14 10:29 - 00026709 _____ C:\Documents and Settings\anita *****\hs_err_pid2904.log
2013-12-14 09:30 - 2009-09-19 11:03 - 00000000 ____D C:\WINDOWS\ie8updates
2013-12-14 09:29 - 2007-02-14 12:09 - 00893882 _____ C:\WINDOWS\system32\TZLog.log
2013-12-14 09:23 - 2013-07-29 19:04 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-14 09:16 - 2006-10-14 03:26 - 88123800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-12-13 08:25 - 2012-03-31 15:18 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-12-13 08:25 - 2012-03-31 15:18 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Documents and Settings\anita *****\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\anita *****\Local Settings\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
         

--- --- ---



Addition

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-01-2014
Ran by anita ***** at 2014-01-10 10:21:00
Running from C:\Documents and Settings\anita *****\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection (Disabled) {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

==================== Installed Programs ======================

µTorrent (Version: 1.8.1 - )
7-Zip 4.57 (Version:  - )
Abacast Client (Version:  - )
Adobe Acrobat - Reader 6.0.2 Update (Version: 6.0.2 - Adobe Systems)
Adobe Acrobat 6.0.1 Standard (Version: 006.000.001 - Adobe Systems)
Adobe Acrobat and Reader 6.0.3 Update (Version: 6.0.3 - Adobe Systems)
Adobe Acrobat and Reader 6.0.4 Update (Version: 6.0.4 - Adobe Systems)
Adobe Acrobat and Reader 6.0.5 Update (Version: 6.0.5 - Adobe Systems)
Adobe Acrobat and Reader 6.0.6 Update (Version: 6.0.6 - Adobe Systems)
Adobe Atmosphere Player for Acrobat and Adobe Reader (Version:  - )
Adobe Flash Player 10 ActiveX (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader 6.0.1 (Version: 006.000.001 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (Version:  - )
Audacity 1.2.6 (Version:  - )
Avira Free Antivirus (Version: 14.0.2.286 - Avira)
Bluetooth Stack for Windows by Toshiba (Version: v4.00.22(D) - )
Broadcom Advanced Control Suite (Version: 8.68.05 - Broadcom Corporation)
Canon Easy-PhotoPrint EX (Version:  - )
Canon Kurzwahlprogramm (Version:  - )
Canon MP Navigator EX 5.1 (Version:  - )
Canon MX890 series MP Drivers (Version:  - )
Canon MX890 series On-screen Manual (Version:  - )
Canon My Printer (Version:  - )
Canon Solution Menu EX (Version:  - )
CCleaner (Version: 4.09 - Piriform)
Corel Uninstaller (Version:  - )
Digital Line Detect (Version: 1.15 - BVRP Software, Inc)
eQ-3 USB Serial Converter Drivers (Version: 2.00.00.2 - eQ-3 Entwicklung GmbH)
Foxit Reader (Version:  - )
GE 98067 MiniCam Pro (Version: 4.11.0.3 - )
Google SketchUp 8 (Version: 3.0.11762 - Google, Inc.)
Intel(R) Graphics Media Accelerator Driver (Version: 6.14.10.4446 - )
Intel(R) PROSet/Wireless Software (Version: 10.1.0.3 - Intel Corporation)
Java 7 Update 45 (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
KeyNote 1.6.5 (Version:  - )
LADSPA_plugins-win-0.4.15 (Version:  - Audacity Team)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
mCore (Version: 5.45.0000 - Intel Corporation) Hidden
mDrWiFi (Version: 5.45.0000 - Intel Corporation) Hidden
mHlpDell (Version: 5.45.0000 - Intel) Hidden
Microsoft .NET Framework 1.1 (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Office Outlook 2003 with Business Contact Manager Update (Version: 2.0.4013.0 - Microsoft Corporation)
Microsoft Office Small Business Edition 2003 (Version: 11.0.7969.0 - Microsoft Corporation)
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ) (Version: 8.00.2039 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
mIWA (Version: 5.45.0000 - Intel Corporation) Hidden
mLogView (Version: 5.45.0000 - Intel Corporation) Hidden
mMHouse (Version: 5.45.0000 - Intel Corporation) Hidden
Modem Helper (Version: 3.02 - BVRP Software)
MoneyMaker (Version: 20.05.2010 - Moneysoft Softwarevertriebs - GesmbH)
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0 - Mozilla)
mPfMgr (Version: 5.45.0000 - Intel Corporation) Hidden
mPfWiz (Version: 5.45.0000 - Intel Corporation) Hidden
mProSafe (Version: 9.00.0000 - Intel) Hidden
mSSO (Version: 5.45.0000 - Intel Corporation) Hidden
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB954459) (Version: 6.20.1099.0 - Microsoft Corporation)
mWlsSafe (Version: 9.00.0000 - Intel) Hidden
mWMI (Version: 5.45.0000 - Intel Corporation) Hidden
mXML (Version: 5.45.0000 - Intel Corporation) Hidden
mZConfig (Version: 5.45.0000 - Intel Corporation) Hidden
NetWaiting (Version: 2.5.23 - BVRP Software, Inc)
NTRU Hybrid TSS v2.0.25 (Version: 2.0.25 - NTRU Cryptosystems) Hidden
QuickSet (Version: 7.1.10 - )
Roxio DLA (Version: 5.2.0 - Roxio)
Roxio RecordNow Audio (Version: 2.0.4 - Roxio)
Roxio RecordNow Copy (Version: 2.0.4 - Roxio)
Roxio RecordNow Data (Version: 2.0.4 - Roxio)
Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
Skype™ 5.5 (Version: 5.5.124 - Skype Technologies S.A.)
Symantec KB-DocID:2003093015493306 (Version: 1.0.0.1 - Symantec Corporation) Hidden
Tweak UI (Version:  - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1 - Microsoft Corporation)
VideoLAN VLC media player 0.8.5 (Version: 0.8.5 - VideoLAN Team)
WeatherProfessional (Version:  - ELV Elektronik AG)
WeatherProfessional (Version: 1.83 - ELV Elektronik AG) Hidden
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Driver Package - MobileTop (sshpmdm) Modem  (02/23/2007 2.5.0.0) (Version: 02/23/2007 2.5.0.0 - MobileTop)
Windows Driver Package - MobileTop (sshpusb) USB  (02/23/2007 2.5.0.0) (Version: 02/23/2007 2.5.0.0 - MobileTop)
Windows Genuine Advantage Validation Tool (KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Imaging Component (Version: 3.0.0.0 - Microsoft Corporation)
Windows Installer 3.1 (KB893803) (Version:  - Microsoft Corporation)
Windows Internet Explorer 8 (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows Resource Kit Tools - SubInAcl.exe (Version: 5.2.3790.1164 - Microsoft Corporation)
Windows XP Service Pack 3 (Version: 20080414.031525 - Microsoft Corporation)

==================== Restore Points  =========================

09-12-2013 18:32:57 System Checkpoint
09-12-2013 21:01:49 System Checkpoint
13-12-2013 08:03:52 System Checkpoint
14-12-2013 08:15:11 Software Distribution Service 3.0
14-12-2013 11:33:42 Software Distribution Service 3.0
16-12-2013 08:31:37 System Checkpoint
17-12-2013 10:55:54 System Checkpoint
18-12-2013 13:05:12 System Checkpoint
19-12-2013 13:32:57 System Checkpoint
21-12-2013 10:24:46 System Checkpoint
22-12-2013 19:35:15 System Checkpoint
24-12-2013 09:09:17 System Checkpoint
25-12-2013 11:04:09 System Checkpoint
27-12-2013 11:53:58 System Checkpoint
28-12-2013 12:38:37 System Checkpoint
29-12-2013 16:49:19 System Checkpoint
30-12-2013 18:11:12 System Checkpoint
01-01-2014 10:34:51 System Checkpoint
02-01-2014 11:57:09 System Checkpoint
03-01-2014 20:26:19 System Checkpoint
05-01-2014 11:56:50 System Checkpoint
06-01-2014 12:02:40 System Checkpoint
06-01-2014 13:47:11 Configured EMBASSY Trust Suite by Wave Systems
06-01-2014 13:47:44 Configured ETS Upgrade
06-01-2014 13:48:03 Configured Wave Support Software
06-01-2014 13:49:42 Configured Document Manager Lite
06-01-2014 13:50:10 Configured Private Information Manager
06-01-2014 13:50:35 Configured EMBASSY Security Center
06-01-2014 13:52:11 Configured Security Wizards
06-01-2014 13:52:28 Configured Secure Update
06-01-2014 13:52:44 Configured ETS Launch Pad
06-01-2014 13:53:58 Removed Broadcom TPM Driver Installer
06-01-2014 13:54:15 Removed EMBASSY Trust Suite by Wave Systems
08-01-2014 16:10:33 System Checkpoint
09-01-2014 11:22:20 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ==========================

2004-08-10 18:51 - 2010-03-28 17:10 - 00381022 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	123topsearch.com
127.0.0.1	www.123topsearch.com
127.0.0.1	132.com
127.0.0.1	www.132.com
127.0.0.1	www.136136.net
127.0.0.1	136136.net
127.0.0.1	163ns.com
127.0.0.1	www.163ns.com
127.0.0.1	171203.com
127.0.0.1	17-plus.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2004-07-20 23:04 - 2004-07-20 23:04 - 00094208 _____ () C:\WINDOWS\system32\TosBtHcrpAPI.dll
2013-03-02 08:38 - 2013-03-02 08:25 - 00397704 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2007-08-10 06:07 - 1997-11-18 17:34 - 00907264 ____N () C:\Corel\Graphics8\programs\CMFFld80.dll
2013-12-22 19:54 - 2013-12-22 19:55 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: Intel(R) PRO/Wireless 3945ABG Network Connection
Description: Intel(R) PRO/Wireless 3945ABG Network Connection
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel Corporation
Service: w39n51
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/07/2014 09:14:05 PM) (Source: Application Hang) (User: )
Description: Hanging application EXCEL.EXE, version 11.0.6560.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/06/2014 02:43:43 PM) (Source: Wave.Authentication) (User: )
Description: TPM State is invalid
   at Wave.Authentication.AMInterface.AMCredential.IsUserEnrolled(String userNameIn, String domainNameIn)

Error: (01/06/2014 02:43:43 PM) (Source: Wave.Authentication) (User: )
Description: The TPM is off
   at TrustedPlatformManager.CPlatformManagerClass.get_Enabled()
   at Wave.Authentication.AMInterface.AMCredential.IsTPMStateValid()

Error: (01/04/2014 00:14:38 PM) (Source: Application Error) (User: )
Description: Faulting application vlc.exe, version 0.8.5.0, faulting module msvcrt.dll, version 7.0.2600.5512, fault address 0x00037740.
Processing media-specific event for [vlc.exe!ws!]

Error: (01/02/2014 08:15:49 PM) (Source: MsiInstaller) (User: ANITA)
Description: Product: Adobe Acrobat 6.0.1 Standard -- Error 1706.No valid source could be found for product Adobe Acrobat 6.0.1 Standard.  The Windows Installer cannot continue.

Error: (01/01/2014 07:53:45 PM) (Source: Application Hang) (User: )
Description: Hanging application coreldrw.exe, version 8.232.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/01/2014 07:51:28 PM) (Source: Application Hang) (User: )
Description: Hanging application coreldrw.exe, version 8.232.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/01/2014 07:51:28 PM) (Source: Application Hang) (User: )
Description: Hanging application coreldrw.exe, version 8.232.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/01/2014 09:29:18 AM) (Source: Application Hang) (User: )
Description: Hanging application coreldrw.exe, version 8.232.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/31/2013 04:47:29 PM) (Source: MsiInstaller) (User: ANITA)
Description: Product: Adobe Acrobat 6.0.1 Standard -- Error 1706.No valid source could be found for product Adobe Acrobat 6.0.1 Standard.  The Windows Installer cannot continue.


System errors:
=============
Error: (01/10/2014 09:11:06 AM) (Source: Service Control Manager) (User: )
Description: The NTRU Hybrid TSS v2.0.25 TCS service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/10/2014 09:05:40 AM) (Source: Service Control Manager) (User: )
Description: The NTRU Hybrid TSS v2.0.25 TCS service hung on starting.

Error: (01/10/2014 09:04:15 AM) (Source: Service Control Manager) (User: )
Description: The Symantec Core LC service failed to start due to the following error: 
%%3

Error: (01/10/2014 09:04:15 AM) (Source: Service Control Manager) (User: )
Description: The DataSvr2 service failed to start due to the following error: 
%%2

Error: (01/10/2014 09:04:15 AM) (Source: Service Control Manager) (User: )
Description: The Intel(R) PROSet/Wireless SSO Service service depends on the Intel(R) PROSet/Wireless Service service which failed to start because of the following error: 
%%2

Error: (01/10/2014 09:04:15 AM) (Source: Service Control Manager) (User: )
Description: The Intel(R) PROSet/Wireless Service service failed to start due to the following error: 
%%2

Error: (01/09/2014 00:35:45 PM) (Source: Service Control Manager) (User: )
Description: The IMAPI CD-Burning COM Service service failed to start due to the following error: 
%%1053

Error: (01/09/2014 00:35:45 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

Error: (01/09/2014 00:35:10 PM) (Source: Service Control Manager) (User: )
Description: The NTRU Hybrid TSS v2.0.25 TCS service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/09/2014 00:31:58 PM) (Source: Service Control Manager) (User: )
Description: The NTRU Hybrid TSS v2.0.25 TCS service hung on starting.


Microsoft Office Sessions:
=========================
Error: (10/08/2009 07:38:05 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: 10Microsoft Office Visio12.0.4518.101412.0.4518.101427860


==================== Memory info =========================== 

Percentage of memory in use: 84%
Total physical RAM: 1014.11 MB
Available physical RAM: 157.73 MB
Total Pagefile: 2440.63 MB
Available Pagefile: 1478.03 MB
Total Virtual: 2047.88 MB
Available Virtual: 1940.22 MB

==================== Drives ================================

Drive c: (Local Disk) (Fixed) (Total:37.19 GB) (Free:13.12 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 37 GB) (Disk ID: D0F4738C)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Active) - (Size=37 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Hi, weder MBAM noch ESET hat etwas gefunden. Hier die logs dazu.

Gruss,
Anita

MBAM

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.01.10.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
anita ******* :: ANITA [limitiert]

10.01.2014 17:12:15
mbam-log-2014-01-10 (17-12-15).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 232757
Laufzeit: 36 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

ESET

Code: Alles auswählenAufklappen

ATTFilter

ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b81d2ac44e47114a9d0ea0e802d4f92d
# engine=16610
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-11 12:06:36
# local_time=2014-01-11 01:06:36 (+0100, W. Europe Standard Time)
# country="Austria"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1799 16775165 100 97 186744 160113301 179161 0
# scanned=94985
# found=0
# cleaned=0
# scan_time=9527
         

TFC - Temp File Cleaner

Lade dir TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.

• Öffne die TFC.exe.
  Vista und Win 7 User mit Rechtsklick "als Administrator starten".
• Schließe alle anderen Programme.
• Drücke auf den Button Start.
• Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.

Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Das mit den Host files muss ich mir nochmal genauer anschauen, danke jedenfalls für den Hinweis.

Meinem Laptop gehts soweit gut. Einzig, MBAM verlangsamt mit seinem Prozess mbamservice.exe den Computer sehr. Dachte, MBAM ist keine Echtzeit-Überwachung, warum muss dieser Prozess immer am laufen sein? Kann ich ihn entfernen (wenn ja, wie?) bzw. gibts gute Alternativen zu MBAM? (Clamwin is es ja jedenfalls nicht wie wir am Anfang festgestellt haben.)