|
Log-Analyse und Auswertung: systweak-oeffnet-neuen-tab-firefox Habe ich auch seit 31.1.14Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
03.02.2014, 22:04 | #1 |
| systweak-oeffnet-neuen-tab-firefox Habe ich auch seit 31.1.14 Hi, nachdem heute mindestens zum zweiten Mal ungefragt so ein doofes Tabfenster hochkam mit Werbung von systweak und Regclean Pro habe ich zu suchen angefangen und diesen Thread hier gefunden: http://www.trojaner-board.de/149126-...firefox-2.html Analog dazu bin ich die einzelnen Schritte durchgegangen. Mein Avast hat bisher nichts gefunden. Mit FRST kam das: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 04 Ran by Christian (administrator) on STANDPC on 03-02-2014 20:45:17 Running from D:\ Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AMD) C:\Windows\System32\atieclxx.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe (VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated) HKLM\...\Run: [VIAxHCUtl] - C:\Program Files\VIA XHCI UASP Utility\usb3Monitor HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-01] (AVAST Software) HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2367512 2014-01-17] (Sony Corporation) HKU\S-1-5-21-1523883789-3797667583-3398338233-1001\...\MountPoints2: {ceefeeda-7e79-11e3-af2f-0019db67d5e3} - H:\Startme.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x094B2A30E45BCE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default FF Homepage: about:blank FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll () FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Christian\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Flash and Video Download - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-01-23] FF Extension: Color Management - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default\Extensions\color_management@seanhayes.name.xpi [2013-05-28] FF Extension: NoScript - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-05-28] FF Extension: Adblock Edge - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-11-11] ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-01] (AVAST Software) R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2014-01-17] (Sony Corporation) ==================== Drivers (Whitelisted) ==================== R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-01] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-27] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-27] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2014-01-01] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2014-01-01] (AVAST Software) R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2014-01-01] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-01] () R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [223744 2013-03-19] (VIA Technologies, Inc.) R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [295424 2013-03-19] (VIA Technologies, Inc.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-03 20:41 - 2014-02-03 20:41 - 00000765 _____ () C:\Users\Christian\Desktop\JRT.txt 2014-02-03 20:35 - 2014-02-03 20:35 - 00000000 ____D () C:\Windows\ERUNT 2014-02-03 20:30 - 2014-02-03 20:32 - 00000000 ____D () C:\AdwCleaner 2014-02-03 20:30 - 2014-02-03 20:30 - 00011264 ___SH () C:\Users\Ricarda\Thumbs.db 2014-02-03 20:23 - 2014-02-03 20:45 - 00000000 ____D () C:\FRST 2014-02-03 20:23 - 2014-02-03 20:23 - 00215590 _____ () C:\Users\Christian\AppData\Local\census.cache 2014-02-03 20:14 - 2014-02-03 20:14 - 00102846 _____ () C:\Users\Christian\AppData\Local\ars.cache 2014-02-03 19:59 - 2014-02-03 19:59 - 00000036 _____ () C:\Users\Christian\AppData\Local\housecall.guid.cache 2014-01-29 19:29 - 2014-01-29 19:29 - 00001971 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-01-25 14:38 - 2014-01-25 14:38 - 00003226 _____ () C:\Windows\System32\Tasks\{113A03E5-F873-4C67-8681-0E631BFB41E2} 2014-01-23 07:56 - 2014-01-23 07:56 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-01-15 20:13 - 2014-01-15 20:13 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk 2014-01-15 14:06 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-01-15 14:06 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-01-15 14:06 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-01-15 14:06 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-01-15 14:06 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-01-15 14:06 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-01-15 14:06 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-01-15 14:06 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-01-15 14:06 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-01-09 08:42 - 2014-01-09 08:42 - 00000000 ____D () C:\Program Files (x86)\SaalDesignSoftware 2014-01-07 16:50 - 2014-01-07 16:50 - 00002022 _____ () C:\Users\Christian\Desktop\InfoGucker.lnk 2014-01-07 16:50 - 2014-01-07 16:50 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InfoGucker 2014-01-07 16:50 - 2014-01-07 16:50 - 00000000 ____D () C:\Program Files (x86)\InfoGucker 2014-01-07 12:10 - 2014-02-03 20:28 - 00012288 ___SH () C:\Users\Christian\Thumbs.db 2014-01-07 11:50 - 2014-01-07 12:00 - 00001815 _____ () C:\Users\Christian\Desktop\ImageMagick Display.lnk 2014-01-07 11:49 - 2014-01-07 12:00 - 00000000 ____D () C:\Program Files\ImageMagick-6.8.8-Q16 2014-01-07 11:41 - 2014-01-07 11:41 - 00000000 ____D () C:\Users\Christian\AppData\Local\ActiveState 2014-01-07 11:39 - 2014-01-29 20:38 - 00000000 ____D () C:\Perl64 ==================== One Month Modified Files and Folders ======= 2014-02-03 20:45 - 2014-02-03 20:23 - 00000000 ____D () C:\FRST 2014-02-03 20:44 - 2013-05-29 07:13 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-02-03 20:44 - 2013-05-28 21:33 - 01588395 _____ () C:\Windows\WindowsUpdate.log 2014-02-03 20:44 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-03 20:44 - 2009-07-14 05:51 - 00055935 _____ () C:\Windows\setupact.log 2014-02-03 20:41 - 2014-02-03 20:41 - 00000765 _____ () C:\Users\Christian\Desktop\JRT.txt 2014-02-03 20:40 - 2011-04-12 08:43 - 00699090 _____ () C:\Windows\system32\perfh007.dat 2014-02-03 20:40 - 2011-04-12 08:43 - 00149230 _____ () C:\Windows\system32\perfc007.dat 2014-02-03 20:40 - 2009-07-14 06:13 - 01619272 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-03 20:40 - 2009-07-14 05:45 - 00022368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-03 20:40 - 2009-07-14 05:45 - 00022368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-03 20:35 - 2014-02-03 20:35 - 00000000 ____D () C:\Windows\ERUNT 2014-02-03 20:32 - 2014-02-03 20:30 - 00000000 ____D () C:\AdwCleaner 2014-02-03 20:30 - 2014-02-03 20:30 - 00011264 ___SH () C:\Users\Ricarda\Thumbs.db 2014-02-03 20:30 - 2013-05-28 22:40 - 00000000 ____D () C:\Users\Ricarda 2014-02-03 20:28 - 2014-01-07 12:10 - 00012288 ___SH () C:\Users\Christian\Thumbs.db 2014-02-03 20:23 - 2014-02-03 20:23 - 00215590 _____ () C:\Users\Christian\AppData\Local\census.cache 2014-02-03 20:14 - 2014-02-03 20:14 - 00102846 _____ () C:\Users\Christian\AppData\Local\ars.cache 2014-02-03 20:13 - 2013-05-29 07:13 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-02-03 20:03 - 2013-05-29 13:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-02-03 19:59 - 2014-02-03 19:59 - 00000036 _____ () C:\Users\Christian\AppData\Local\housecall.guid.cache 2014-02-03 15:22 - 2013-05-29 13:40 - 00000000 ____D () C:\Users\Rebekka\Documents\Schule 2014-02-02 21:03 - 2013-05-29 07:13 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-01-31 21:57 - 2010-11-21 04:47 - 00092038 _____ () C:\Windows\PFRO.log 2014-01-31 20:32 - 2013-05-03 16:49 - 00027793 _____ () C:\Users\Christian\Documents\todo_cs.odt 2014-01-29 20:38 - 2014-01-07 11:39 - 00000000 ____D () C:\Perl64 2014-01-29 19:29 - 2014-01-29 19:29 - 00001971 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-01-25 14:38 - 2014-01-25 14:38 - 00003226 _____ () C:\Windows\System32\Tasks\{113A03E5-F873-4C67-8681-0E631BFB41E2} 2014-01-23 07:56 - 2014-01-23 07:56 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-01-23 07:56 - 2013-10-18 15:12 - 00000000 ____D () C:\ProgramData\Oracle 2014-01-23 07:56 - 2013-05-29 15:33 - 00000000 ____D () C:\Program Files (x86)\Java 2014-01-16 18:47 - 2013-05-29 14:07 - 00000000 ____D () C:\Program Files (x86)\IrfanView 2014-01-16 18:36 - 2013-05-28 21:49 - 00065208 _____ () C:\Users\Christian\AppData\Local\GDIPFONTCACHEV1.DAT 2014-01-16 18:34 - 2013-05-29 06:50 - 00000000 ____D () C:\Users\Christian\AppData\Local\Adobe 2014-01-16 18:33 - 2013-05-29 13:24 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-01-16 18:33 - 2013-05-29 13:24 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-01-16 18:33 - 2013-05-29 13:24 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-01-16 07:45 - 2009-07-14 05:45 - 04862872 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-01-15 22:17 - 2013-08-06 17:39 - 00000000 ____D () C:\Windows\system32\MRT 2014-01-15 22:16 - 2013-05-29 13:16 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-01-15 20:13 - 2014-01-15 20:13 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk 2014-01-15 20:13 - 2013-08-03 11:11 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4 2014-01-11 08:55 - 2013-05-28 21:50 - 00000000 ____D () C:\Users\Christian\AppData\Local\Paint.NET 2014-01-09 08:42 - 2014-01-09 08:42 - 00000000 ____D () C:\Program Files (x86)\SaalDesignSoftware 2014-01-07 16:50 - 2014-01-07 16:50 - 00002022 _____ () C:\Users\Christian\Desktop\InfoGucker.lnk 2014-01-07 16:50 - 2014-01-07 16:50 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InfoGucker 2014-01-07 16:50 - 2014-01-07 16:50 - 00000000 ____D () C:\Program Files (x86)\InfoGucker 2014-01-07 12:10 - 2013-05-28 21:33 - 00000000 ____D () C:\Users\Christian 2014-01-07 12:00 - 2014-01-07 11:50 - 00001815 _____ () C:\Users\Christian\Desktop\ImageMagick Display.lnk 2014-01-07 12:00 - 2014-01-07 11:49 - 00000000 ____D () C:\Program Files\ImageMagick-6.8.8-Q16 2014-01-07 11:41 - 2014-01-07 11:41 - 00000000 ____D () C:\Users\Christian\AppData\Local\ActiveState 2014-01-04 13:55 - 2013-05-29 17:00 - 00000000 ____D () C:\Users\Liane\Documents\Arbeitszeit Some content of TEMP: ==================== C:\Users\Christian\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-31 17:07 ==================== End Of Log ============================ Code:
ATTFilter # AdwCleaner v3.018 - Bericht erstellt am 03/02/2014 um 20:32:27 # Updated 28/01/2014 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzername : Christian - STANDPC # Gestartet von : D:\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\Users\Christian\AppData\Roaming\pdfforge Datei Gelöscht : C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default\Extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.16428 -\\ Mozilla Firefox v26.0 (de) [ Datei : C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default\prefs.js ] [ Datei : C:\Users\Rebekka\AppData\Roaming\Mozilla\Firefox\Profiles\oyef4b8j.default\prefs.js ] [ Datei : C:\Users\Ricarda\AppData\Roaming\Mozilla\Firefox\Profiles\x85dedtl.default\prefs.js ] [ Datei : C:\Users\Liane\AppData\Roaming\Mozilla\Firefox\Profiles\f5bskm1p.default\prefs.js ] ************************* AdwCleaner[R0].txt - [1298 octets] - [03/02/2014 20:30:32] AdwCleaner[S0].txt - [1221 octets] - [03/02/2014 20:32:27] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1281 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.0 (01.07.2014:1) OS: Windows 7 Professional x64 Ran by Christian on 03.02.2014 at 20:35:13,45 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\plxuprsp.default\minidumps [19 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 03.02.2014 at 20:41:28,74 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 04 Ran by Christian (administrator) on STANDPC on 03-02-2014 20:45:17 Running from D:\ Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AMD) C:\Windows\System32\atieclxx.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe (VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated) HKLM\...\Run: [VIAxHCUtl] - C:\Program Files\VIA XHCI UASP Utility\usb3Monitor HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-01] (AVAST Software) HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2367512 2014-01-17] (Sony Corporation) HKU\S-1-5-21-1523883789-3797667583-3398338233-1001\...\MountPoints2: {ceefeeda-7e79-11e3-af2f-0019db67d5e3} - H:\Startme.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x094B2A30E45BCE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default FF Homepage: about:blank FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll () FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Christian\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Flash and Video Download - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-01-23] FF Extension: Color Management - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default\Extensions\color_management@seanhayes.name.xpi [2013-05-28] FF Extension: NoScript - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-05-28] FF Extension: Adblock Edge - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-11-11] ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-01] (AVAST Software) R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2014-01-17] (Sony Corporation) ==================== Drivers (Whitelisted) ==================== R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-01] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-27] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-27] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2014-01-01] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2014-01-01] (AVAST Software) R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2014-01-01] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-01] () R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [223744 2013-03-19] (VIA Technologies, Inc.) R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [295424 2013-03-19] (VIA Technologies, Inc.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-03 20:41 - 2014-02-03 20:41 - 00000765 _____ () C:\Users\Christian\Desktop\JRT.txt 2014-02-03 20:35 - 2014-02-03 20:35 - 00000000 ____D () C:\Windows\ERUNT 2014-02-03 20:30 - 2014-02-03 20:32 - 00000000 ____D () C:\AdwCleaner 2014-02-03 20:30 - 2014-02-03 20:30 - 00011264 ___SH () C:\Users\Ricarda\Thumbs.db 2014-02-03 20:23 - 2014-02-03 20:45 - 00000000 ____D () C:\FRST 2014-02-03 20:23 - 2014-02-03 20:23 - 00215590 _____ () C:\Users\Christian\AppData\Local\census.cache 2014-02-03 20:14 - 2014-02-03 20:14 - 00102846 _____ () C:\Users\Christian\AppData\Local\ars.cache 2014-02-03 19:59 - 2014-02-03 19:59 - 00000036 _____ () C:\Users\Christian\AppData\Local\housecall.guid.cache 2014-01-29 19:29 - 2014-01-29 19:29 - 00001971 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-01-25 14:38 - 2014-01-25 14:38 - 00003226 _____ () C:\Windows\System32\Tasks\{113A03E5-F873-4C67-8681-0E631BFB41E2} 2014-01-23 07:56 - 2014-01-23 07:56 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-01-15 20:13 - 2014-01-15 20:13 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk 2014-01-15 14:06 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-01-15 14:06 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-01-15 14:06 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-01-15 14:06 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-01-15 14:06 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-01-15 14:06 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-01-15 14:06 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-01-15 14:06 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-01-15 14:06 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-01-09 08:42 - 2014-01-09 08:42 - 00000000 ____D () C:\Program Files (x86)\SaalDesignSoftware 2014-01-07 16:50 - 2014-01-07 16:50 - 00002022 _____ () C:\Users\Christian\Desktop\InfoGucker.lnk 2014-01-07 16:50 - 2014-01-07 16:50 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InfoGucker 2014-01-07 16:50 - 2014-01-07 16:50 - 00000000 ____D () C:\Program Files (x86)\InfoGucker 2014-01-07 12:10 - 2014-02-03 20:28 - 00012288 ___SH () C:\Users\Christian\Thumbs.db 2014-01-07 11:50 - 2014-01-07 12:00 - 00001815 _____ () C:\Users\Christian\Desktop\ImageMagick Display.lnk 2014-01-07 11:49 - 2014-01-07 12:00 - 00000000 ____D () C:\Program Files\ImageMagick-6.8.8-Q16 2014-01-07 11:41 - 2014-01-07 11:41 - 00000000 ____D () C:\Users\Christian\AppData\Local\ActiveState 2014-01-07 11:39 - 2014-01-29 20:38 - 00000000 ____D () C:\Perl64 ==================== One Month Modified Files and Folders ======= 2014-02-03 20:45 - 2014-02-03 20:23 - 00000000 ____D () C:\FRST 2014-02-03 20:44 - 2013-05-29 07:13 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-02-03 20:44 - 2013-05-28 21:33 - 01588395 _____ () C:\Windows\WindowsUpdate.log 2014-02-03 20:44 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-03 20:44 - 2009-07-14 05:51 - 00055935 _____ () C:\Windows\setupact.log 2014-02-03 20:41 - 2014-02-03 20:41 - 00000765 _____ () C:\Users\Christian\Desktop\JRT.txt 2014-02-03 20:40 - 2011-04-12 08:43 - 00699090 _____ () C:\Windows\system32\perfh007.dat 2014-02-03 20:40 - 2011-04-12 08:43 - 00149230 _____ () C:\Windows\system32\perfc007.dat 2014-02-03 20:40 - 2009-07-14 06:13 - 01619272 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-03 20:40 - 2009-07-14 05:45 - 00022368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-03 20:40 - 2009-07-14 05:45 - 00022368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-03 20:35 - 2014-02-03 20:35 - 00000000 ____D () C:\Windows\ERUNT 2014-02-03 20:32 - 2014-02-03 20:30 - 00000000 ____D () C:\AdwCleaner 2014-02-03 20:30 - 2014-02-03 20:30 - 00011264 ___SH () C:\Users\Ricarda\Thumbs.db 2014-02-03 20:30 - 2013-05-28 22:40 - 00000000 ____D () C:\Users\Ricarda 2014-02-03 20:28 - 2014-01-07 12:10 - 00012288 ___SH () C:\Users\Christian\Thumbs.db 2014-02-03 20:23 - 2014-02-03 20:23 - 00215590 _____ () C:\Users\Christian\AppData\Local\census.cache 2014-02-03 20:14 - 2014-02-03 20:14 - 00102846 _____ () C:\Users\Christian\AppData\Local\ars.cache 2014-02-03 20:13 - 2013-05-29 07:13 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-02-03 20:03 - 2013-05-29 13:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-02-03 19:59 - 2014-02-03 19:59 - 00000036 _____ () C:\Users\Christian\AppData\Local\housecall.guid.cache 2014-02-03 15:22 - 2013-05-29 13:40 - 00000000 ____D () C:\Users\Rebekka\Documents\Schule 2014-02-02 21:03 - 2013-05-29 07:13 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-01-31 21:57 - 2010-11-21 04:47 - 00092038 _____ () C:\Windows\PFRO.log 2014-01-31 20:32 - 2013-05-03 16:49 - 00027793 _____ () C:\Users\Christian\Documents\todo_cs.odt 2014-01-29 20:38 - 2014-01-07 11:39 - 00000000 ____D () C:\Perl64 2014-01-29 19:29 - 2014-01-29 19:29 - 00001971 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-01-25 14:38 - 2014-01-25 14:38 - 00003226 _____ () C:\Windows\System32\Tasks\{113A03E5-F873-4C67-8681-0E631BFB41E2} 2014-01-23 07:56 - 2014-01-23 07:56 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-01-23 07:56 - 2013-10-18 15:12 - 00000000 ____D () C:\ProgramData\Oracle 2014-01-23 07:56 - 2013-05-29 15:33 - 00000000 ____D () C:\Program Files (x86)\Java 2014-01-16 18:47 - 2013-05-29 14:07 - 00000000 ____D () C:\Program Files (x86)\IrfanView 2014-01-16 18:36 - 2013-05-28 21:49 - 00065208 _____ () C:\Users\Christian\AppData\Local\GDIPFONTCACHEV1.DAT 2014-01-16 18:34 - 2013-05-29 06:50 - 00000000 ____D () C:\Users\Christian\AppData\Local\Adobe 2014-01-16 18:33 - 2013-05-29 13:24 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-01-16 18:33 - 2013-05-29 13:24 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-01-16 18:33 - 2013-05-29 13:24 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-01-16 07:45 - 2009-07-14 05:45 - 04862872 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-01-15 22:17 - 2013-08-06 17:39 - 00000000 ____D () C:\Windows\system32\MRT 2014-01-15 22:16 - 2013-05-29 13:16 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-01-15 20:13 - 2014-01-15 20:13 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk 2014-01-15 20:13 - 2013-08-03 11:11 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4 2014-01-11 08:55 - 2013-05-28 21:50 - 00000000 ____D () C:\Users\Christian\AppData\Local\Paint.NET 2014-01-09 08:42 - 2014-01-09 08:42 - 00000000 ____D () C:\Program Files (x86)\SaalDesignSoftware 2014-01-07 16:50 - 2014-01-07 16:50 - 00002022 _____ () C:\Users\Christian\Desktop\InfoGucker.lnk 2014-01-07 16:50 - 2014-01-07 16:50 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InfoGucker 2014-01-07 16:50 - 2014-01-07 16:50 - 00000000 ____D () C:\Program Files (x86)\InfoGucker 2014-01-07 12:10 - 2013-05-28 21:33 - 00000000 ____D () C:\Users\Christian 2014-01-07 12:00 - 2014-01-07 11:50 - 00001815 _____ () C:\Users\Christian\Desktop\ImageMagick Display.lnk 2014-01-07 12:00 - 2014-01-07 11:49 - 00000000 ____D () C:\Program Files\ImageMagick-6.8.8-Q16 2014-01-07 11:41 - 2014-01-07 11:41 - 00000000 ____D () C:\Users\Christian\AppData\Local\ActiveState 2014-01-04 13:55 - 2013-05-29 17:00 - 00000000 ____D () C:\Users\Liane\Documents\Arbeitszeit Some content of TEMP: ==================== C:\Users\Christian\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-31 17:07 ==================== End Of Log ============================ C:\Users\Christian\AppData\Local\Temp\Quarantine.exe Davor oder danach habe ich auch MBAM laufen lassen: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.02.03.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 Christian :: STANDPC [Administrator] Schutz: Aktiviert 03.02.2014 20:59:12 mbam-log-2014-02-03 (20-59-12).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 280824 Laufzeit: 1 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) ESET habe ich auch laufen lassen, der findet einen html/scrinject.b.gen. Da aber hier im Forum das als halb so wild eingestuft wird, habe ich da nix gemacht. http://www.trojaner-board.de/127174-...ect-b-gen.html Als nächstes werde ich TFC laufen lassen. Ich hoffe damit das Problem losgeworden zu sein. Was mich frustriert ist, dass auf meinem Rechner noscript läuft und auch AdblockEdge und trotzdem so ein Mist drauf kommt. |
03.02.2014, 22:31 | #2 |
/// the machine /// TB-Ausbilder | systweak-oeffnet-neuen-tab-firefox Habe ich auch seit 31.1.14 Hast Du denn nach all den Aktionen noch Probleme?
__________________
__________________ |
03.02.2014, 22:39 | #3 |
| systweak-oeffnet-neuen-tab-firefox Habe ich auch seit 31.1.14 Gute Frage. Ich habe das mit dem Hochpoppen des Tabs nicht jeden Tag gehabt, von daher weiss ich nicht ob es jetzt alles weg ist. Frage mich auch was die Quarantine.exe da gemacht hat. Nach all dem ganzen und auch noch TFC habe ich den Rechner neu gestartet und im Explorer hatte er nun meine Standardeinstellung dass Erweiterungen angezeigt werden vergessen. Sonst scheint alles normal.
__________________ |
04.02.2014, 17:13 | #4 |
/// the machine /// TB-Ausbilder | systweak-oeffnet-neuen-tab-firefox Habe ich auch seit 31.1.14 die Quarantine.exe im Temp Ordner gehlrt zu JRT.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
04.02.2014, 20:44 | #5 |
| systweak-oeffnet-neuen-tab-firefox Habe ich auch seit 31.1.14 Ah, Danke, eine Sorge weniger :-) |
05.02.2014, 13:21 | #6 |
/// the machine /// TB-Ausbilder | systweak-oeffnet-neuen-tab-firefox Habe ich auch seit 31.1.14 So bin ich wadd haben wir sonst noch für Sorgen wo ich dran schrauben kann?
__________________ --> systweak-oeffnet-neuen-tab-firefox Habe ich auch seit 31.1.14 |
09.02.2014, 15:54 | #7 |
| systweak-oeffnet-neuen-tab-firefox Habe ich auch seit 31.1.14 Leider war es heute wieder soweit: Kurz nach dem Einloggen in Ebay und etwas suchen kam wieder das Fenster von SYSTWEAK hoch mit Beschleunigen Sie blabla FRST-Log FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-02-2014 Ran by Christian (administrator) on STANDPC on 09-02-2014 15:17:04 Running from D:\Lauf 5-Februar Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AMD) C:\Windows\system32\atieclxx.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated) HKLM\...\Run: [VIAxHCUtl] - C:\Program Files\VIA XHCI UASP Utility\usb3Monitor HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-09] (AVAST Software) HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2367512 2014-01-17] (Sony Corporation) HKU\S-1-5-21-1523883789-3797667583-3398338233-1001\...\MountPoints2: {ceefeeda-7e79-11e3-af2f-0019db67d5e3} - H:\Startme.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x094B2A30E45BCE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default FF Homepage: www.google.com FF NetworkProxy: "type", 0 FF SelectedSearchEngine: Google FF DefaultSearchEngine: Google FF SearchEngineOrder.1: Google FF Keyword.URL: https://www.google.com/search FF NewTab: www.google.com FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll () FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Christian\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Flash and Video Download - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-01-23] FF Extension: Color Management - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default\Extensions\color_management@seanhayes.name.xpi [2013-05-28] FF Extension: NoScript - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-05-28] FF Extension: Adblock Edge - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-11-11] ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-09] (AVAST Software) R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2014-01-17] (Sony Corporation) ==================== Drivers (Whitelisted) ==================== R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-09] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-27] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-27] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-09] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-09] (AVAST Software) R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-01] () R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [223744 2013-03-19] (VIA Technologies, Inc.) R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [295424 2013-03-19] (VIA Technologies, Inc.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-09 11:29 - 2014-02-09 11:29 - 00003584 _____ () C:\Users\Ricarda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-02-04 21:56 - 2014-02-04 21:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-02-03 22:17 - 2014-02-03 22:17 - 00020646 _____ () C:\Users\Liane\bookmarks-2014-02-03.json 2014-02-03 20:54 - 2014-02-03 20:54 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Malwarebytes 2014-02-03 20:54 - 2014-02-03 20:54 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-03 20:35 - 2014-02-03 20:35 - 00000000 ____D () C:\Windows\ERUNT 2014-02-03 20:30 - 2014-02-09 14:54 - 00000000 ____D () C:\AdwCleaner 2014-02-03 20:30 - 2014-02-03 20:30 - 00011264 ___SH () C:\Users\Ricarda\Thumbs.db 2014-02-03 20:23 - 2014-02-09 15:17 - 00000000 ____D () C:\FRST 2014-02-03 20:23 - 2014-02-03 20:23 - 00215590 _____ () C:\Users\Christian\AppData\Local\census.cache 2014-02-03 20:14 - 2014-02-03 20:14 - 00102846 _____ () C:\Users\Christian\AppData\Local\ars.cache 2014-02-03 19:59 - 2014-02-03 19:59 - 00000036 _____ () C:\Users\Christian\AppData\Local\housecall.guid.cache 2014-01-29 19:29 - 2014-02-09 13:52 - 00001971 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-01-25 14:38 - 2014-01-25 14:38 - 00003226 _____ () C:\Windows\System32\Tasks\{113A03E5-F873-4C67-8681-0E631BFB41E2} 2014-01-23 07:56 - 2014-01-23 07:56 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-01-15 20:13 - 2014-02-04 06:58 - 00001545 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk 2014-01-15 14:06 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-01-15 14:06 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-01-15 14:06 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-01-15 14:06 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-01-15 14:06 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-01-15 14:06 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-01-15 14:06 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-01-15 14:06 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-01-15 14:06 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys ==================== One Month Modified Files and Folders ======= 2014-02-09 15:17 - 2014-02-03 20:23 - 00000000 ____D () C:\FRST 2014-02-09 15:16 - 2011-04-12 08:43 - 00699090 _____ () C:\Windows\system32\perfh007.dat 2014-02-09 15:16 - 2011-04-12 08:43 - 00149230 _____ () C:\Windows\system32\perfc007.dat 2014-02-09 15:16 - 2009-07-14 06:13 - 01619272 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-09 15:14 - 2013-05-29 07:13 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-02-09 15:13 - 2013-05-29 07:13 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-02-09 15:11 - 2013-05-28 22:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-02-09 15:11 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-09 15:11 - 2009-07-14 05:51 - 00056159 _____ () C:\Windows\setupact.log 2014-02-09 15:10 - 2013-05-28 21:33 - 01768758 _____ () C:\Windows\WindowsUpdate.log 2014-02-09 15:03 - 2013-05-29 13:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-02-09 14:54 - 2014-02-03 20:30 - 00000000 ____D () C:\AdwCleaner 2014-02-09 13:52 - 2014-01-29 19:29 - 00001971 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-02-09 13:51 - 2014-01-01 16:26 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-02-09 13:51 - 2013-05-29 07:13 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-02-09 13:51 - 2013-05-29 07:13 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-02-09 13:51 - 2013-05-29 07:13 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-02-09 13:51 - 2013-05-29 07:13 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-02-09 13:51 - 2013-05-29 07:13 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-02-09 13:51 - 2013-05-29 07:12 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-02-09 11:29 - 2014-02-09 11:29 - 00003584 _____ () C:\Users\Ricarda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-02-09 11:28 - 2013-05-28 22:40 - 00000000 ____D () C:\Users\Ricarda\AppData\Local\VirtualStore 2014-02-06 10:03 - 2013-05-29 13:24 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-02-06 10:03 - 2013-05-29 13:24 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-02-06 10:03 - 2013-05-29 13:24 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-02-04 21:57 - 2014-02-04 21:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-02-04 20:45 - 2009-07-14 05:45 - 00022368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-04 20:45 - 2009-07-14 05:45 - 00022368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-04 06:58 - 2014-01-15 20:13 - 00001545 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk 2014-02-04 06:58 - 2013-05-28 21:33 - 00000000 ____D () C:\Users\Christian 2014-02-03 22:29 - 2010-11-21 04:47 - 00092616 _____ () C:\Windows\PFRO.log 2014-02-03 22:17 - 2014-02-03 22:17 - 00020646 _____ () C:\Users\Liane\bookmarks-2014-02-03.json 2014-02-03 22:17 - 2013-05-28 22:30 - 00000000 ____D () C:\Users\Liane 2014-02-03 20:54 - 2014-02-03 20:54 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Malwarebytes 2014-02-03 20:54 - 2014-02-03 20:54 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-03 20:35 - 2014-02-03 20:35 - 00000000 ____D () C:\Windows\ERUNT 2014-02-03 20:30 - 2014-02-03 20:30 - 00011264 ___SH () C:\Users\Ricarda\Thumbs.db 2014-02-03 20:30 - 2013-05-28 22:40 - 00000000 ____D () C:\Users\Ricarda 2014-02-03 20:28 - 2014-01-07 12:10 - 00012288 ___SH () C:\Users\Christian\Thumbs.db 2014-02-03 20:23 - 2014-02-03 20:23 - 00215590 _____ () C:\Users\Christian\AppData\Local\census.cache 2014-02-03 20:14 - 2014-02-03 20:14 - 00102846 _____ () C:\Users\Christian\AppData\Local\ars.cache 2014-02-03 19:59 - 2014-02-03 19:59 - 00000036 _____ () C:\Users\Christian\AppData\Local\housecall.guid.cache 2014-02-03 15:22 - 2013-05-29 13:40 - 00000000 ____D () C:\Users\Rebekka\Documents\Schule 2014-01-31 20:32 - 2013-05-03 16:49 - 00027793 _____ () C:\Users\Christian\Documents\todo_cs.odt 2014-01-29 20:38 - 2014-01-07 11:39 - 00000000 ____D () C:\Perl64 2014-01-25 14:38 - 2014-01-25 14:38 - 00003226 _____ () C:\Windows\System32\Tasks\{113A03E5-F873-4C67-8681-0E631BFB41E2} 2014-01-23 07:56 - 2014-01-23 07:56 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-01-23 07:56 - 2013-10-18 15:12 - 00000000 ____D () C:\ProgramData\Oracle 2014-01-23 07:56 - 2013-05-29 15:33 - 00000000 ____D () C:\Program Files (x86)\Java 2014-01-16 18:47 - 2013-05-29 14:07 - 00000000 ____D () C:\Program Files (x86)\IrfanView 2014-01-16 18:36 - 2013-05-28 21:49 - 00065208 _____ () C:\Users\Christian\AppData\Local\GDIPFONTCACHEV1.DAT 2014-01-16 18:34 - 2013-05-29 06:50 - 00000000 ____D () C:\Users\Christian\AppData\Local\Adobe 2014-01-16 07:45 - 2009-07-14 05:45 - 04862872 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-01-15 22:17 - 2013-08-06 17:39 - 00000000 ____D () C:\Windows\system32\MRT 2014-01-15 22:16 - 2013-05-29 13:16 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-01-15 20:13 - 2013-08-03 11:11 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4 2014-01-11 08:55 - 2013-05-28 21:50 - 00000000 ____D () C:\Users\Christian\AppData\Local\Paint.NET Some content of TEMP: ==================== C:\Users\Christian\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-08 12:40 ==================== End Of Log ============================ Malware: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.02.09.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 Christian :: STANDPC [Administrator] Schutz: Deaktiviert 09.02.2014 15:24:51 mbam-log-2014-02-09 (15-24-51).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 282264 Laufzeit: 1 Minute(n), 54 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter # AdwCleaner v3.018 - Bericht erstellt am 09/02/2014 um 15:32:01 # Updated 28/01/2014 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzername : Christian - STANDPC # Gestartet von : D:\Lauf 5-Februar\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.16428 -\\ Mozilla Firefox v26.0 (de) [ Datei : C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default\prefs.js ] [ Datei : C:\Users\Rebekka\AppData\Roaming\Mozilla\Firefox\Profiles\oyef4b8j.default\prefs.js ] [ Datei : C:\Users\Ricarda\AppData\Roaming\Mozilla\Firefox\Profiles\x85dedtl.default\prefs.js ] [ Datei : C:\Users\Liane\AppData\Roaming\Mozilla\Firefox\Profiles\f5bskm1p.default\prefs.js ] ************************* AdwCleaner[R0].txt - [1298 octets] - [03/02/2014 20:30:32] AdwCleaner[R1].txt - [1250 octets] - [09/02/2014 14:54:10] AdwCleaner[R2].txt - [1283 octets] - [09/02/2014 15:30:31] AdwCleaner[S0].txt - [1361 octets] - [03/02/2014 20:32:27] AdwCleaner[S1].txt - [1204 octets] - [09/02/2014 15:32:01] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1264 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.1 (02.04.2014:1) OS: Windows 7 Professional x64 Ran by Christian on 09.02.2014 at 15:37:24,07 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\plxuprsp.default\minidumps [3 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 09.02.2014 at 15:43:48,62 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-02-2014 Ran by Christian (administrator) on STANDPC on 09-02-2014 15:45:43 Running from D:\Lauf 5-Februar Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AMD) C:\Windows\system32\atieclxx.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated) HKLM\...\Run: [VIAxHCUtl] - C:\Program Files\VIA XHCI UASP Utility\usb3Monitor HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-09] (AVAST Software) HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2367512 2014-01-17] (Sony Corporation) HKU\S-1-5-21-1523883789-3797667583-3398338233-1001\...\MountPoints2: {ceefeeda-7e79-11e3-af2f-0019db67d5e3} - H:\Startme.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x094B2A30E45BCE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default FF NewTab: www.google.com FF SearchEngineOrder.1: Google FF SelectedSearchEngine: Google FF Homepage: www.google.com FF Keyword.URL: https://www.google.com/search FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll () FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Christian\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Color Management - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default\Extensions\color_management@seanhayes.name.xpi [2013-05-28] FF Extension: NoScript - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-05-28] FF Extension: Adblock Edge - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-11-11] ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-09] (AVAST Software) R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2014-01-17] (Sony Corporation) ==================== Drivers (Whitelisted) ==================== R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-09] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-27] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-27] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-09] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-09] (AVAST Software) S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-01] () R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [223744 2013-03-19] (VIA Technologies, Inc.) R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [295424 2013-03-19] (VIA Technologies, Inc.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-09 11:29 - 2014-02-09 11:29 - 00003584 _____ () C:\Users\Ricarda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-02-04 21:56 - 2014-02-04 21:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-02-03 22:17 - 2014-02-03 22:17 - 00020646 _____ () C:\Users\Liane\bookmarks-2014-02-03.json 2014-02-03 20:54 - 2014-02-03 20:54 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Malwarebytes 2014-02-03 20:54 - 2014-02-03 20:54 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-03 20:35 - 2014-02-03 20:35 - 00000000 ____D () C:\Windows\ERUNT 2014-02-03 20:30 - 2014-02-09 15:36 - 00000000 ____D () C:\AdwCleaner 2014-02-03 20:30 - 2014-02-03 20:30 - 00011264 ___SH () C:\Users\Ricarda\Thumbs.db 2014-02-03 20:23 - 2014-02-09 15:45 - 00000000 ____D () C:\FRST 2014-02-03 20:23 - 2014-02-03 20:23 - 00215590 _____ () C:\Users\Christian\AppData\Local\census.cache 2014-02-03 20:14 - 2014-02-03 20:14 - 00102846 _____ () C:\Users\Christian\AppData\Local\ars.cache 2014-02-03 19:59 - 2014-02-03 19:59 - 00000036 _____ () C:\Users\Christian\AppData\Local\housecall.guid.cache 2014-01-29 19:29 - 2014-02-09 13:52 - 00001971 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-01-25 14:38 - 2014-01-25 14:38 - 00003226 _____ () C:\Windows\System32\Tasks\{113A03E5-F873-4C67-8681-0E631BFB41E2} 2014-01-23 07:56 - 2014-01-23 07:56 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-01-15 20:13 - 2014-02-04 06:58 - 00001545 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk 2014-01-15 14:06 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-01-15 14:06 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-01-15 14:06 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-01-15 14:06 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-01-15 14:06 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-01-15 14:06 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-01-15 14:06 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-01-15 14:06 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-01-15 14:06 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys ==================== One Month Modified Files and Folders ======= 2014-02-09 15:45 - 2014-02-03 20:23 - 00000000 ____D () C:\FRST 2014-02-09 15:40 - 2009-07-14 05:45 - 00022368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-09 15:40 - 2009-07-14 05:45 - 00022368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-09 15:37 - 2011-04-12 08:43 - 00699090 _____ () C:\Windows\system32\perfh007.dat 2014-02-09 15:37 - 2011-04-12 08:43 - 00149230 _____ () C:\Windows\system32\perfc007.dat 2014-02-09 15:37 - 2009-07-14 06:13 - 01619272 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-09 15:36 - 2014-02-03 20:30 - 00000000 ____D () C:\AdwCleaner 2014-02-09 15:33 - 2013-05-29 07:13 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-02-09 15:32 - 2013-05-28 21:33 - 01774928 _____ () C:\Windows\WindowsUpdate.log 2014-02-09 15:32 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-09 15:32 - 2009-07-14 05:51 - 00056215 _____ () C:\Windows\setupact.log 2014-02-09 15:14 - 2013-05-29 07:13 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-02-09 15:11 - 2013-05-28 22:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-02-09 15:03 - 2013-05-29 13:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-02-09 13:52 - 2014-01-29 19:29 - 00001971 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-02-09 13:51 - 2014-01-01 16:26 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-02-09 13:51 - 2013-05-29 07:13 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-02-09 13:51 - 2013-05-29 07:13 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-02-09 13:51 - 2013-05-29 07:13 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-02-09 13:51 - 2013-05-29 07:13 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-02-09 13:51 - 2013-05-29 07:13 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-02-09 13:51 - 2013-05-29 07:12 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-02-09 11:29 - 2014-02-09 11:29 - 00003584 _____ () C:\Users\Ricarda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-02-09 11:28 - 2013-05-28 22:40 - 00000000 ____D () C:\Users\Ricarda\AppData\Local\VirtualStore 2014-02-06 10:03 - 2013-05-29 13:24 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-02-06 10:03 - 2013-05-29 13:24 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-02-06 10:03 - 2013-05-29 13:24 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-02-04 21:57 - 2014-02-04 21:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-02-04 06:58 - 2014-01-15 20:13 - 00001545 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk 2014-02-04 06:58 - 2013-05-28 21:33 - 00000000 ____D () C:\Users\Christian 2014-02-03 22:29 - 2010-11-21 04:47 - 00092616 _____ () C:\Windows\PFRO.log 2014-02-03 22:17 - 2014-02-03 22:17 - 00020646 _____ () C:\Users\Liane\bookmarks-2014-02-03.json 2014-02-03 22:17 - 2013-05-28 22:30 - 00000000 ____D () C:\Users\Liane 2014-02-03 20:54 - 2014-02-03 20:54 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Malwarebytes 2014-02-03 20:54 - 2014-02-03 20:54 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-03 20:35 - 2014-02-03 20:35 - 00000000 ____D () C:\Windows\ERUNT 2014-02-03 20:30 - 2014-02-03 20:30 - 00011264 ___SH () C:\Users\Ricarda\Thumbs.db 2014-02-03 20:30 - 2013-05-28 22:40 - 00000000 ____D () C:\Users\Ricarda 2014-02-03 20:28 - 2014-01-07 12:10 - 00012288 ___SH () C:\Users\Christian\Thumbs.db 2014-02-03 20:23 - 2014-02-03 20:23 - 00215590 _____ () C:\Users\Christian\AppData\Local\census.cache 2014-02-03 20:14 - 2014-02-03 20:14 - 00102846 _____ () C:\Users\Christian\AppData\Local\ars.cache 2014-02-03 19:59 - 2014-02-03 19:59 - 00000036 _____ () C:\Users\Christian\AppData\Local\housecall.guid.cache 2014-02-03 15:22 - 2013-05-29 13:40 - 00000000 ____D () C:\Users\Rebekka\Documents\Schule 2014-01-31 20:32 - 2013-05-03 16:49 - 00027793 _____ () C:\Users\Christian\Documents\todo_cs.odt 2014-01-29 20:38 - 2014-01-07 11:39 - 00000000 ____D () C:\Perl64 2014-01-25 14:38 - 2014-01-25 14:38 - 00003226 _____ () C:\Windows\System32\Tasks\{113A03E5-F873-4C67-8681-0E631BFB41E2} 2014-01-23 07:56 - 2014-01-23 07:56 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-01-23 07:56 - 2013-10-18 15:12 - 00000000 ____D () C:\ProgramData\Oracle 2014-01-23 07:56 - 2013-05-29 15:33 - 00000000 ____D () C:\Program Files (x86)\Java 2014-01-16 18:47 - 2013-05-29 14:07 - 00000000 ____D () C:\Program Files (x86)\IrfanView 2014-01-16 18:36 - 2013-05-28 21:49 - 00065208 _____ () C:\Users\Christian\AppData\Local\GDIPFONTCACHEV1.DAT 2014-01-16 18:34 - 2013-05-29 06:50 - 00000000 ____D () C:\Users\Christian\AppData\Local\Adobe 2014-01-16 07:45 - 2009-07-14 05:45 - 04862872 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-01-15 22:17 - 2013-08-06 17:39 - 00000000 ____D () C:\Windows\system32\MRT 2014-01-15 22:16 - 2013-05-29 13:16 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-01-15 20:13 - 2013-08-03 11:11 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4 2014-01-11 08:55 - 2013-05-28 21:50 - 00000000 ____D () C:\Users\Christian\AppData\Local\Paint.NET ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-08 12:40 ==================== End Of Log ============================ Für mich sieht das so aus als ob die Ursache nicht gefunden wurde/wird. Entweder ist ein Programm auf dem Rechner das dies bei Benutzung wieder verbiegt oder??? Frustriert... |
10.02.2014, 10:14 | #8 |
/// the machine /// TB-Ausbilder | systweak-oeffnet-neuen-tab-firefox Habe ich auch seit 31.1.14 Man muss unterscheiden zwischen aktiver Malware auf dem system und durch Malware zerschossene Browser. Revo Uninstaller - Download - Filepony damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.mozilla.org/de/kb/fi...einfach-loesen ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu systweak-oeffnet-neuen-tab-firefox Habe ich auch seit 31.1.14 |
.dll, adblock, administrator, adobe flash player, antivirus, avast, browser, desktop, explorer, flash player, helper, home, homepage, mozilla, problem, registrierungsdatenbank, registry, scan, security, services.exe, software, svchost.exe, system, temp, tracker, usb, werbung, winlogon.exe |