Hallo, a

uch ich habe mir den Trojaner 'Play now Radio' eingefangen und werde ihn nicht los. Malware bytes Anti Rootkit habe ich schon gestartet, aber beim Scan keine log-Datei bekommen. Wäre prima, wenn jemand helfen könnte.

Herzlichen Dank und viele Grüße,
golliwog

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

• Starte jetzt FRST.
• Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
• Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
• Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Hallo,

das ging ja fix, vielen Dank. Hier die logs:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by clampe (administrator) on CLAMPE-PC on 16-03-2014 18:06:34
Running from C:\Users\clampe\Desktop
Microsoft® Windows Vista™ Business  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool 
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forums

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
() C:\Windows\system32\Hpservice.exe
(Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files\Intel\AMT\atchksrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Sierra Wireless Inc.) C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Cognizance Corporation) C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsty.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Intel Corporation) C:\Program Files\Intel\AMT\atchk.exe
(Hewlett-Packard) C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Pay By Ads LTD) C:\Users\clampe\AppData\Local\playnowradio\playnowradio\1.3.4.22\playnowradio.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [PDF Complete] - C:\Program Files\PDF Complete\pdfsty.exe [331552 2007-04-13] (PDF Complete Inc)
HKLM\...\Run: [PTHOSTTR] - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [145184 2007-01-09] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [827392 2007-01-12] (Synaptics, Inc.)
HKLM\...\Run: [hpWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [472776 2007-03-01] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WAWifiMessage] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [317128 2007-01-10] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [HP Health Check Scheduler] - C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [50696 2007-03-12] (Hewlett-Packard)
HKLM\...\Run: [QlbCtrl] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [163840 2007-05-02] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [CognizanceTS] - C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll [17920 2003-12-22] (Cognizance Corporation)
HKLM\...\Run: [atchk] - C:\Program Files\Intel\AMT\atchk.exe [404248 2007-04-20] (Intel Corporation)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\DeviceNP: C:\Windows\system32\DeviceNP.dll (Hewlett-Packard Limited)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1551406755-2549777080-3165233293-1003\...\Run: [playnowradio] - C:\Users\clampe\AppData\Local\playnowradio\playnowradio\1.3.4.22\playnowradio.exe [420352 2014-03-06] (Pay By Ads LTD)
HKU\S-1-5-21-1551406755-2549777080-3165233293-1003\...\MountPoints2: {c23b3964-16fa-11e2-bb9e-000000000000} - G:\laucher.exe
Lsa: [Notification Packages] scecli ASWLNPkg

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Gophoto.it Search
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP® Official Site | Laptop Computers, Desktops, Printers, Servers, Services and more
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP® Official Site | Laptop Computers, Desktops, Printers, Servers, Services and more
SearchScopes: HKCU - DefaultScope {4080DD65-F0EB-4DB8-8DFF-E527A3CBE580} URL = hxxp://search.gophoto.it/?pl=1&q={searchTerms}&ch=v1noadmin_1403
SearchScopes: HKCU - {1B435F21-A20C-4A76-AC3A-6E54245E1945} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
SearchScopes: HKCU - {1C98214F-D5EB-44B3-92ED-6899C936919C} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10267&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGY&apn_dtid=^YYYYYY^YY^NL&apn_uid=86664824-dd3f-4b67-96bc-9bc5a4bf5c46&apn_sauid=367FD81E-DA59-41F1-B093-67728A7FA1A5
SearchScopes: HKCU - {4080DD65-F0EB-4DB8-8DFF-E527A3CBE580} URL = hxxp://search.gophoto.it/?pl=1&q={searchTerms}&ch=v1noadmin_1403
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\clampe\AppData\Roaming\Mozilla\Firefox\Profiles\8xi140gf.Christel
FF user.js: detected! => C:\Users\clampe\AppData\Roaming\Mozilla\Firefox\Profiles\8xi140gf.Christel\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\clampe\AppData\Roaming\Mozilla\Firefox\Profiles\8xi140gf.Christel\searchplugins\gophotoit.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

========================== Services (Whitelisted) =================

R2 ASBroker; C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [74240 2007-02-07] (Cognizance Corporation)
R2 ASChannel; C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll [131584 2006-06-22] (Cognizance Corporation)
R2 atchksrv; C:\Program Files\Intel\AMT\atchksrv.exe [183064 2007-04-20] (Intel Corporation)
S3 Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [110592 2007-03-05] (Hewlett-Packard Development Company, L.P.)
S3 FLCDLOCK; C:\Windows\system32\flcdlock.exe [172131 2007-04-30] (Hewlett-Packard Ltd)
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [62984 2007-03-14] (Hewlett-Packard)
R2 hpsrv; C:\Windows\system32\Hpservice.exe [18944 2007-01-05] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [540448 2007-04-13] (PDF Complete Inc)
R2 SWIHPWMI; C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [292384 2006-12-04] (Sierra Wireless Inc.)
S2 UNS; C:\Program Files\Intel\AMT\UNS.exe [1489688 2007-04-20] (Intel Corporation)

==================== Drivers (Whitelisted) ====================

R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [140808 2007-04-10] (AuthenTec, Inc.)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv.sys [30008 2007-04-23] (Hewlett-Packard Development Company L.P.)
R1 eabfiltr; C:\Windows\System32\DRIVERS\eabfiltr.sys [8192 2006-11-30] (Hewlett-Packard Development Company, L.P.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R3 rismc32; C:\Windows\System32\DRIVERS\rismc32.sys [47616 2006-12-20] (RICOH Company, Ltd.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 igfx; system32\DRIVERS\igdkmd32.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-16 18:06 - 2014-03-16 18:06 - 00012238 _____ () C:\Users\clampe\Desktop\FRST.txt
2014-03-16 18:06 - 2014-03-16 18:06 - 00000000 ____D () C:\FRST
2014-03-16 18:04 - 2014-03-16 18:05 - 01145856 _____ (Farbar) C:\Users\clampe\Desktop\FRST.exe
2014-03-16 17:23 - 2014-03-16 17:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-16 17:23 - 2014-03-16 17:23 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-16 17:23 - 2014-03-16 17:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-16 17:21 - 2014-03-16 17:44 - 00000000 ____D () C:\Users\clampe\Desktop\mbar
2014-03-16 17:21 - 2014-03-16 17:21 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-16 17:19 - 2014-03-16 17:19 - 12589848 _____ (Malwarebytes Corp.) C:\Users\clampe\Desktop\mbar-1.07.0.1009.exe
2014-03-15 16:30 - 2014-03-16 17:17 - 00001258 _____ () C:\Users\clampe\Desktop\Play Now Radio.lnk
2014-03-15 16:01 - 2014-03-15 16:01 - 00045270 _____ () C:\Users\clampe\Downloads\Extras.Txt
2014-03-15 16:00 - 2014-03-15 16:00 - 00064436 _____ () C:\Users\clampe\Downloads\OTL.Txt
2014-03-15 15:54 - 2014-03-15 15:54 - 00602112 _____ (OldTimer Tools) C:\Users\clampe\Downloads\OTL.exe
2014-03-14 23:15 - 2014-03-14 23:15 - 00000000 ____D () C:\ProgramData\Licenses
2014-03-14 23:08 - 2014-03-14 23:08 - 21407864 _____ (Simply Super Software ) C:\Users\clampe\Downloads\trjsetup690.exe
2014-03-14 18:17 - 2014-02-23 06:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-14 18:17 - 2014-02-23 06:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-14 18:17 - 2014-02-23 06:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-14 18:17 - 2014-02-23 06:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-14 18:17 - 2014-02-23 06:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-14 18:17 - 2014-02-23 06:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-14 18:17 - 2014-02-23 06:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-14 18:17 - 2014-02-23 06:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-14 18:17 - 2014-02-23 06:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-14 18:17 - 2014-02-23 06:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-14 18:17 - 2014-02-23 06:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-14 18:17 - 2014-02-23 06:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-14 18:17 - 2014-02-23 06:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-14 18:17 - 2014-02-23 06:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-14 18:17 - 2014-02-23 06:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-14 18:17 - 2014-02-23 06:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 20:53 - 2014-02-07 11:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 20:53 - 2014-02-03 11:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 20:53 - 2014-01-30 08:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 20:53 - 2013-11-13 01:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-03-09 19:28 - 2014-03-09 19:28 - 00000000 ____D () C:\Users\clampe\AppData\Roaming\Cool Mirage Ltd
2014-03-09 19:27 - 2014-03-09 19:27 - 00000000 ____D () C:\Users\clampe\AppData\Local\playnowradio
2014-03-08 21:30 - 2014-03-08 22:15 - 00000000 ____D () C:\Users\clampe\Desktop\Neuer Ordner
2014-03-08 19:13 - 2014-03-08 19:13 - 00001664 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-08 19:12 - 2014-03-08 19:13 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-08 19:04 - 2014-03-08 19:04 - 00001726 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-03-08 19:04 - 2014-03-08 19:04 - 00000000 ____D () C:\Program Files\QuickTime
2014-03-01 17:57 - 2014-03-16 17:16 - 00051228 _____ () C:\Windows\PFRO.log
2014-03-01 08:40 - 2014-03-01 08:40 - 00000000 ____D () C:\Program Files\Microsoft CAPICOM 2.1.0.2
2014-02-22 19:21 - 2014-03-16 17:17 - 00000436 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-02-22 14:29 - 2014-02-22 14:29 - 00002154 _____ () C:\Windows\epplauncher.mif
2014-02-22 14:27 - 2014-02-22 14:28 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-02-22 14:26 - 2010-04-05 21:00 - 00221568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-02-22 14:22 - 2014-02-22 14:22 - 00004890 _____ () C:\Users\clampe\Documents\cc_20140222_142224.reg
2014-02-22 12:59 - 2014-02-22 12:59 - 00921000 _____ (Oracle Corporation) C:\Users\clampe\Downloads\jxpiinstall.exe
2014-02-22 12:46 - 2014-02-22 12:46 - 00068570 _____ () C:\Users\clampe\Documents\cc_20140222_124613.reg
2014-02-22 12:02 - 2014-02-22 12:02 - 03645064 _____ (Piriform Ltd) C:\Users\clampe\Downloads\ccsetup410_slim.exe
2014-02-22 11:58 - 2014-02-22 11:58 - 00000000 ____D () C:\Windows\pss
2014-02-18 21:14 - 2014-02-18 21:14 - 00000000 ____D () C:\Users\clampe\Documents\tax
2014-02-15 20:22 - 2014-02-15 20:22 - 00001995 _____ () C:\Users\clampe\Desktop\t@x 2014.lnk
2014-02-15 20:21 - 2014-02-15 20:21 - 00000000 ____D () C:\Users\clampe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\t@x 2014
2014-02-15 19:25 - 2014-02-18 20:46 - 00000000 ____D () C:\Users\clampe\Desktop\t@x 2014 (für Steuerjahr 2013) (Download)
2014-02-15 13:57 - 2014-02-22 12:49 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-14 13:30 - 2013-12-05 03:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

==================== One Month Modified Files and Folders =======

2014-03-16 18:06 - 2014-03-16 18:06 - 00012238 _____ () C:\Users\clampe\Desktop\FRST.txt
2014-03-16 18:06 - 2014-03-16 18:06 - 00000000 ____D () C:\FRST
2014-03-16 18:05 - 2014-03-16 18:04 - 01145856 _____ (Farbar) C:\Users\clampe\Desktop\FRST.exe
2014-03-16 18:04 - 2014-02-02 13:58 - 00000680 _____ () C:\Users\clampe\AppData\Local\d3d9caps.dat
2014-03-16 18:04 - 2006-11-02 13:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-16 18:04 - 2006-11-02 13:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-16 17:44 - 2014-03-16 17:23 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-16 17:44 - 2014-03-16 17:21 - 00000000 ____D () C:\Users\clampe\Desktop\mbar
2014-03-16 17:43 - 2011-08-05 21:12 - 02017940 _____ () C:\Windows\WindowsUpdate.log
2014-03-16 17:37 - 2012-04-08 17:27 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-16 17:23 - 2014-03-16 17:23 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-16 17:23 - 2014-03-16 17:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-16 17:23 - 2006-11-02 11:33 - 00006848 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-16 17:21 - 2014-03-16 17:21 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-16 17:19 - 2014-03-16 17:19 - 12589848 _____ (Malwarebytes Corp.) C:\Users\clampe\Desktop\mbar-1.07.0.1009.exe
2014-03-16 17:17 - 2014-03-15 16:30 - 00001258 _____ () C:\Users\clampe\Desktop\Play Now Radio.lnk
2014-03-16 17:17 - 2014-02-22 19:21 - 00000436 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-03-16 17:16 - 2014-03-01 17:57 - 00051228 _____ () C:\Windows\PFRO.log
2014-03-16 17:16 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-16 17:15 - 2006-11-09 17:45 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-03-16 17:15 - 2006-11-02 14:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-15 16:01 - 2014-03-15 16:01 - 00045270 _____ () C:\Users\clampe\Downloads\Extras.Txt
2014-03-15 16:00 - 2014-03-15 16:00 - 00064436 _____ () C:\Users\clampe\Downloads\OTL.Txt
2014-03-15 15:54 - 2014-03-15 15:54 - 00602112 _____ (OldTimer Tools) C:\Users\clampe\Downloads\OTL.exe
2014-03-14 23:15 - 2014-03-14 23:15 - 00000000 ____D () C:\ProgramData\Licenses
2014-03-14 23:08 - 2014-03-14 23:08 - 21407864 _____ (Simply Super Software ) C:\Users\clampe\Downloads\trjsetup690.exe
2014-03-14 22:36 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-03-14 22:18 - 2006-11-02 13:47 - 00321752 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 18:16 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-03-11 21:37 - 2012-04-08 17:27 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-11 21:37 - 2011-08-22 17:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-09 19:28 - 2014-03-09 19:28 - 00000000 ____D () C:\Users\clampe\AppData\Roaming\Cool Mirage Ltd
2014-03-09 19:28 - 2011-08-05 21:45 - 00000000 ____D () C:\Users\clampe\AppData\Local\Google
2014-03-09 19:27 - 2014-03-09 19:27 - 00000000 ____D () C:\Users\clampe\AppData\Local\playnowradio
2014-03-08 22:15 - 2014-03-08 21:30 - 00000000 ____D () C:\Users\clampe\Desktop\Neuer Ordner
2014-03-08 19:13 - 2014-03-08 19:13 - 00001664 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-08 19:13 - 2014-03-08 19:12 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-08 19:13 - 2011-08-06 06:20 - 00000000 ____D () C:\Program Files\iTunes
2014-03-08 19:12 - 2011-08-11 21:54 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-03-08 19:12 - 2011-08-06 06:20 - 00000000 ____D () C:\Program Files\iPod
2014-03-08 19:07 - 2011-08-11 21:54 - 00000000 ____D () C:\ProgramData\Apple
2014-03-08 19:04 - 2014-03-08 19:04 - 00001726 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-03-08 19:04 - 2014-03-08 19:04 - 00000000 ____D () C:\Program Files\QuickTime
2014-03-08 14:58 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-03-01 08:40 - 2014-03-01 08:40 - 00000000 ____D () C:\Program Files\Microsoft CAPICOM 2.1.0.2
2014-02-28 10:41 - 2013-11-27 21:01 - 00000000 ____D () C:\Users\clampe\AppData\Roaming\Dropbox
2014-02-28 10:40 - 2013-11-27 21:14 - 00000922 _____ () C:\Users\clampe\Desktop\Dropbox.lnk
2014-02-28 10:40 - 2013-11-27 21:14 - 00000000 ___RD () C:\Users\clampe\Dropbox
2014-02-28 10:40 - 2013-11-27 21:04 - 00000000 ____D () C:\Users\clampe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-02-23 06:50 - 2014-03-14 18:17 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-23 06:47 - 2014-03-14 18:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-23 06:43 - 2014-03-14 18:17 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-23 06:41 - 2014-03-14 18:17 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-23 06:40 - 2014-03-14 18:17 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-23 06:39 - 2014-03-14 18:17 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-23 06:38 - 2014-03-14 18:17 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-23 06:38 - 2014-03-14 18:17 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-23 06:38 - 2014-03-14 18:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-23 06:37 - 2014-03-14 18:17 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-23 06:37 - 2014-03-14 18:17 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-23 06:37 - 2014-03-14 18:17 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-23 06:37 - 2014-03-14 18:17 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-23 06:36 - 2014-03-14 18:17 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-23 06:36 - 2014-03-14 18:17 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-23 06:35 - 2014-03-14 18:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-22 14:29 - 2014-02-22 14:29 - 00002154 _____ () C:\Windows\epplauncher.mif
2014-02-22 14:28 - 2014-02-22 14:27 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-02-22 14:22 - 2014-02-22 14:22 - 00004890 _____ () C:\Users\clampe\Documents\cc_20140222_142224.reg
2014-02-22 12:59 - 2014-02-22 12:59 - 00921000 _____ (Oracle Corporation) C:\Users\clampe\Downloads\jxpiinstall.exe
2014-02-22 12:49 - 2014-02-15 13:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-22 12:46 - 2014-02-22 12:46 - 00068570 _____ () C:\Users\clampe\Documents\cc_20140222_124613.reg
2014-02-22 12:12 - 2013-05-14 16:29 - 00000000 ____D () C:\Windows\Minidump
2014-02-22 12:12 - 2011-10-31 09:09 - 00000000 ____D () C:\Program Files\PDFCreator
2014-02-22 12:12 - 2006-11-09 18:39 - 00000000 ____D () C:\Windows\Panther
2014-02-22 12:02 - 2014-02-22 12:02 - 03645064 _____ (Piriform Ltd) C:\Users\clampe\Downloads\ccsetup410_slim.exe
2014-02-22 11:58 - 2014-02-22 11:58 - 00000000 ____D () C:\Windows\pss
2014-02-22 10:23 - 2007-06-19 14:28 - 00000000 ____D () C:\Windows\SMINST
2014-02-18 21:14 - 2014-02-18 21:14 - 00000000 ____D () C:\Users\clampe\Documents\tax
2014-02-18 20:59 - 2011-12-27 20:30 - 00010240 _____ () C:\Users\clampe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-18 20:46 - 2014-02-15 19:25 - 00000000 ____D () C:\Users\clampe\Desktop\t@x 2014 (für Steuerjahr 2013) (Download)
2014-02-18 20:46 - 2013-05-12 15:37 - 00000000 ____D () C:\Users\clampe\.gimp-2.8
2014-02-18 20:46 - 2011-08-05 21:27 - 00000000 ____D () C:\Users\clampe
2014-02-15 20:24 - 2013-04-23 19:27 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2014-02-15 20:23 - 2013-04-23 19:36 - 00000149 _____ () C:\Windows\wiso.ini
2014-02-15 20:22 - 2014-02-15 20:22 - 00001995 _____ () C:\Users\clampe\Desktop\t@x 2014.lnk
2014-02-15 20:22 - 2013-04-23 19:36 - 00000000 ____D () C:\Users\clampe\AppData\Local\Buhl
2014-02-15 20:21 - 2014-02-15 20:21 - 00000000 ____D () C:\Users\clampe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\t@x 2014
2014-02-15 20:18 - 2013-04-23 19:32 - 00000000 ____D () C:\Users\clampe\AppData\Roaming\InstallShield Installation Information
2014-02-15 20:18 - 2013-04-23 19:32 - 00000000 ____D () C:\Program Files\Buhl finance
2014-02-15 18:04 - 2012-05-04 16:40 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-14 14:32 - 2013-08-15 22:10 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-14 14:29 - 2006-11-02 11:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-16 17:23

==================== End Of Log ============================
         

--- --- ---

Code: Alles auswählenAufklappen

ATTFilter

Und hier Addition.txt

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by clampe at 2014-03-16 18:07:01
Running from C:\Users\clampe\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Adobe Digital Editions (HKLM\...\Digital Editions) (Version:  - )
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 9 ActiveX (HKLM\...\ShockwaveFlash) (Version: 9 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Installer 4.00.B13 (HKLM\...\{70CEFEBA-F757-4DBE-8A21-027C326137CE}) (Version: 4.00.B13 - Hewlett-Packard Company)
BIOS Configuration for HP ProtectTools (HKLM\...\{F7B5554B-5CDE-4D16-9ACF-00BFB1ACD668}) (Version: 3.00 A1 - Hewlett-Packard)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Credential Manager for HP ProtectTools (HKLM\...\{BE41F3D2-FC73-4C3E-A2C2-5D2B08A5B2D0}) (Version: 2.5.0.880.13 - Hewlett-Packard)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 2.0.0.0 - Ihr Firmenname)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
ESU for Microsoft Vista (HKLM\...\{DFE967A8-9C30-413C-B2D5-C0D576949553}) (Version: 1.0.10.1 - Hewlett-Packard)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
GoPhotoIt Extension  (HKCU\...\${PRDCT_UNINST}) (Version: 1.8.29.17 - Cool Mirage Ltd)
Hewlett-Packard Active Check (Version: 1.1.7.0 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent (Version: 2.0.58.0 - HP) Hidden
HP 3D DriveGuard (HKLM\...\{767816EB-C937-4AE0-8A83-A5C0651916E8}) (Version: 3.00 A5 - Hewlett-Packard)
HP Active Support Library (Version: 2.0.9.1 - Hewlett-Packard) Hidden
HP Active Support Library 32 bit components (Version: 1.0.9 - Hewlett-Packard) Hidden
HP Broadband Wireless Modules (HKLM\...\{773D6C77-4A5A-45C4-B4DE-3B6DAB4785BC}) (Version: 18.13.2.1410 - Sierra Wireless Inc)
HP Compaq 2400-2500 Notebook PC Accessories Tour (HKLM\...\{F41F06EC-EF02-4BA1-9328-ABDA2E2EF4FD}) (Version: 1.2.0 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}) (Version: 5.0.0.2258 - Hewlett-Packard)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.01.0005 - Hewlett-Packard)
HP Easy Setup - Core (HKLM\...\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}) (Version: 5.0.0.2258 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}) (Version: 5.0.0.2258 - Hewlett-Packard)
HP Help and Support (HKLM\...\{755C609D-5792-4136-A0D8-0513E04D4EBE}) (Version: 1.2.1 - Hewlett-Packard)
HP ProtectTools Security Manager (HKLM\...\{2DB165DC-DDB4-403F-B985-19F3EC7D0357}) (Version: 3.00 A10 - Hewlett-Packard)
HP Quick Launch Buttons 6.20 F2 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.20 F2 - Hewlett-Packard)
HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP User Guides 0065 (HKLM\...\{2ADC2D55-15C1-4CC4-A28E-1DD9AA6670F7}) (Version: 1.02.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{D32067CD-7409-4792-BFA0-1469BCD8F0C8}) (Version: 3.00 F1 - Hewlett-Packard)
InfraRecorder (HKLM\...\InfraRecorder) (Version:  - Christian Kindahl)
Intel(R) Active Management Technology Device Software (HKLM\...\MESOL) (Version:  - )
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version:  - )
Intel(R) PRO Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
InterVideo DVD Check (HKLM\...\{5D97A4A7-C274-4B63-86D9-07A33435F505}) (Version:  - )
InterVideo Register Manager (Version: 1.0.4.0 - InterVideo Inc.) Hidden
InterVideo WinDVD (HKLM\...\{3912A629-0020-0005-3131-2FBA74D4DF0A}) (Version:  - )
InterVideo WinDVD (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.1166 - InterVideo Inc.)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Kobo (HKLM\...\Kobo) (Version: 3.5.0 - Kobo Inc.)
LightScribe  1.4.136.1 (Version: 1.4.136.1 - hxxp://www.lightscribe.com) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 German Language Pack (HKLM\...\{E78BFA60-5393-4C38-82AB-E8019E464EB4}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSCU for Microsoft Vista (HKLM\...\{8CC5F040-44F2-4FB7-9720-47F53F96D180}) (Version: 1.0.1.3 - Hewlett-Packard)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OpenOffice.org 3.3 (HKLM\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
PDF Complete (HKLM\...\PDF Complete) (Version:  - )
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
Play Now Radio (HKCU\...\playnowradio) (Version:  - playnowradio) <==== ATTENTION
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator Basic v9 (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio MyDVD Basic v9 (HKLM\...\{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}) (Version: 9.0.116 - Roxio)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2C06_hpZ1379z) (Version:  - )
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.1.5180 - Analog Devices)
ST Wiederherstellungs- & Sicherungsprogramme (HKLM\...\{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}) (Version: 4.0.14 - Hewlett-Packard Company )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.1.11.0 - Synaptics)
t@x 2013 (HKCU\...\{6737F045-A91A-4177-9C8C-59460FC1C84D}) (Version: 20.00.8137 - Buhl Data Service GmbH)
t@x 2014 (HKCU\...\{2547CF96-DBB7-4EDD-9327-0EFDD0D1FA8A}) (Version: 21.00.8480 - Buhl Data Service GmbH)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Vista Default Settings (HKLM\...\{41977E38-C671-4383-96F2-D2C83A815EB4}) (Version: 1.00 C2 - Hewlett-Packard)

==================== Restore Points  =========================

10-03-2014 17:53:36 Windows Update
13-03-2014 19:55:18 Windows Update
14-03-2014 17:14:49 Windows Update
15-03-2014 09:33:42 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {155723BA-60E2-4354-93AF-84EAC8D3C2D8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2011-08-07] ()
Task: {2DE18FE4-6467-484F-8431-206702EC5546} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {2E5B7D97-F14C-4CFF-864E-620AABA892D1} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {4D72741E-769C-45DB-8604-CB8EBDADAA29} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {604BD631-C042-4D67-BF58-F45983ADAD97} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {63DDFE46-38F9-42BF-8615-108F9576154B} - System32\Tasks\HP Health Check => C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-03-12] (Hewlett-Packard)
Task: {6B87774F-5DEA-4408-9723-CBA2679BA9AC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6CC60157-E45A-443E-8439-86156DF9EDCB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {8EB238BF-0296-4160-975A-D1ED88203677} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {B18626C9-34E9-4B4B-86D2-AD5282B0FD91} - System32\Tasks\Play Now Radio => C:\Users\clampe\AppData\Local\playnowradio\playnowradio\1.3.4.22\playnowradio.exe [2014-03-06] (Pay By Ads LTD) <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2007-06-19 10:20 - 2007-01-05 04:00 - 00018944 _____ () C:\Windows\system32\Hpservice.exe
2011-10-31 09:09 - 2001-10-28 17:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2007-04-30 07:31 - 2007-04-30 07:31 - 00274432 _____ () C:\Windows\system32\flcdlmsg.dll
2007-06-19 15:01 - 2007-04-26 14:00 - 00667648 _____ () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
2014-02-15 13:58 - 2014-02-15 13:58 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-03-06 16:11 - 2014-03-06 16:11 - 00181248 _____ () C:\Users\clampe\AppData\Local\playnowradio\playnowradio\1.3.4.22\ffxtn.dll
2014-03-11 21:37 - 2014-03-11 21:37 - 16276872 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk => C:\Windows\pss\DVD Check.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^clampe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^t@x aktuell.lnk => C:\Windows\pss\t@x aktuell.lnk.Startup
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: SearchSettings => "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
MSCONFIG\startupreg: ST Recovery Launcher => %WINDIR%\SMINST\launcher.exe

==================== Faulty Device Manager Devices =============

Name: Videocontroller (VGA-kompatibel)
Description: Videocontroller (VGA-kompatibel)
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/16/2014 05:23:02 PM) (Source: LoadPerf) (User: )
Description: WmiApRplWmiApRpl8

Error: (03/16/2014 05:23:02 PM) (Source: LoadPerf) (User: )
Description: Performance16

Error: (03/16/2014 05:23:02 PM) (Source: LoadPerf) (User: )
Description: Performance16

Error: (03/16/2014 05:09:59 PM) (Source: LoadPerf) (User: )
Description: WmiApRplWmiApRpl8

Error: (03/16/2014 05:09:59 PM) (Source: LoadPerf) (User: )
Description: Performance16

Error: (03/16/2014 05:09:59 PM) (Source: LoadPerf) (User: )
Description: Performance16

Error: (03/16/2014 05:03:11 PM) (Source: Intel(R) AMT) (User: )
Description: [UNS] Failed to subscribe to local Intel(R) AMT.

Error: (03/15/2014 04:36:22 PM) (Source: LoadPerf) (User: )
Description: WmiApRplWmiApRpl8

Error: (03/15/2014 04:36:22 PM) (Source: LoadPerf) (User: )
Description: Performance16

Error: (03/15/2014 04:36:22 PM) (Source: LoadPerf) (User: )
Description: Performance16


System errors:
=============
Error: (03/16/2014 05:18:09 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/16/2014 05:16:58 PM) (Source: Service Control Manager) (User: )
Description: Intel(R) Active Management Technology User Notification Service%%1053

Error: (03/16/2014 05:16:58 PM) (Source: Service Control Manager) (User: )
Description: 30000Intel(R) Active Management Technology User Notification Service

Error: (03/16/2014 05:15:14 PM) (Source: Microsoft Antimalware) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.167.1994.0

	Aktualisierungsquelle: %NT-AUTORITÄT59

	Aktualisierungsphase: 4.4.0304.00

	Quellpfad: 4.4.0304.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\SYSTEM

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (03/16/2014 05:15:14 PM) (Source: Microsoft Antimalware) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.167.1994.0

	Aktualisierungsquelle: %NT-AUTORITÄT59

	Aktualisierungsphase: 4.4.0304.00

	Quellpfad: 4.4.0304.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\SYSTEM

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (03/15/2014 04:31:27 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/15/2014 03:39:02 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/15/2014 03:38:41 PM) (Source: ipnathlp) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.

Error: (03/15/2014 03:37:40 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 15.03.2014 um 14:56:44 unerwartet heruntergefahren.

Error: (03/15/2014 02:42:55 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 15.03.2014 um 14:03:58 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================
Error: (03/16/2014 05:23:02 PM) (Source: LoadPerf)(User: )
Description: WmiApRplWmiApRpl8

Error: (03/16/2014 05:23:02 PM) (Source: LoadPerf)(User: )
Description: Performance16

Error: (03/16/2014 05:23:02 PM) (Source: LoadPerf)(User: )
Description: Performance16

Error: (03/16/2014 05:09:59 PM) (Source: LoadPerf)(User: )
Description: WmiApRplWmiApRpl8

Error: (03/16/2014 05:09:59 PM) (Source: LoadPerf)(User: )
Description: Performance16

Error: (03/16/2014 05:09:59 PM) (Source: LoadPerf)(User: )
Description: Performance16

Error: (03/16/2014 05:03:11 PM) (Source: Intel(R) AMT)(User: )
Description: [UNS] Failed to subscribe to local Intel(R) AMT.

Error: (03/15/2014 04:36:22 PM) (Source: LoadPerf)(User: )
Description: WmiApRplWmiApRpl8

Error: (03/15/2014 04:36:22 PM) (Source: LoadPerf)(User: )
Description: Performance16

Error: (03/15/2014 04:36:22 PM) (Source: LoadPerf)(User: )
Description: Performance16


CodeIntegrity Errors:
===================================
  Date: 2014-03-16 18:06:54.135
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-16 18:06:53.934
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-16 18:06:53.736
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-16 18:06:53.536
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-16 18:06:53.336
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-16 18:06:53.134
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-16 18:06:52.919
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-16 18:06:52.714
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 65%
Total physical RAM: 2014.52 MB
Available physical RAM: 685.41 MB
Total Pagefile: 4268.07 MB
Available Pagefile: 2806.49 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.34 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:66.65 GB) (Free:27.27 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:6.33 GB) (Free:1.42 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Fixed) (Total:1.55 GB) (Free:1.38 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 75 GB) (Disk ID: 02053839)
Partition 1: (Active) - (Size=67 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=2 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Viel Erfolg :-)

golliwog

Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.



Downloade Dir bitte Malwarebytes Anti-Malware

• Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
• Starte Malwarebytes' Anti-Malware (MBAM).
• Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
• Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
• Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
• Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
• Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
• Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

• Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
• Drücke eine beliebige Taste, um das Tool zu starten.
• Je nach System kann der Scan eine Weile dauern.
• Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
• Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Hallo Schrauber,

Malwarebytes und AdwCleaner habe ich heruntergeladen, gestartet, hat alles wunderbar geklappt: einige Dateien waren indiziert, die habe ich gelöscht. Bei Junkware Removal Tool gabs ein paar böse Überraschungen mit auf einmal sehr viel mehr Popup-Fenstern etc. Ich habe dann die ersten beiden Anwendungen noch einmal laufen lassen, alles mögliche entfernen lassen - und zur Kontrolle gerade eben noch einmal. Nun ist alles prima, nichts Verdächtiges mehr gefunden.

Besten Dank!!

Golliwog

Logfiles?

Hier sind sie:

Malware

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.03.19.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
clampe :: CLAMPE-PC [Administrator]

Schutz: Aktiviert

19.03.2014 20:36:23
mbam-log-2014-03-19 (20-36-23).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 248676
Laufzeit: 13 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

AdwareAdwCleaner Logfile:

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v3.022 - Bericht erstellt am 19/03/2014 um 21:15:52
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Business Service Pack 2 (32 bits)
# Benutzername : clampe - CLAMPE-PC
# Gestartet von : C:\Users\clampe\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16540


-\\ Mozilla Firefox v27.0.1 (de)

[ Datei : C:\Users\clampe\AppData\Roaming\Mozilla\Firefox\Profiles\8xi140gf.Christel\prefs.js ]


[ Datei : C:\Users\clampe\AppData\Roaming\Mozilla\Firefox\Profiles\rypzd1dv.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [3033 octets] - [18/03/2014 21:04:06]
AdwCleaner[R1].txt - [10562 octets] - [18/03/2014 21:59:29]
AdwCleaner[R2].txt - [1157 octets] - [19/03/2014 20:50:31]
AdwCleaner[S0].txt - [3098 octets] - [18/03/2014 21:16:51]
AdwCleaner[S1].txt - [10754 octets] - [18/03/2014 22:18:08]
AdwCleaner[S2].txt - [1079 octets] - [19/03/2014 21:15:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1139 octets] ##########
         

--- --- ---

und hier das frische frst

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by clampe (administrator) on CLAMPE-PC on 21-03-2014 21:29:26
Running from C:\Users\clampe\Desktop
Microsoft® Windows Vista™ Business  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
() C:\Windows\system32\Hpservice.exe
(Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files\Intel\AMT\atchksrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Intel Corporation) C:\Program Files\Intel\AMT\UNS.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Sierra Wireless Inc.) C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Cognizance Corporation) C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsty.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Intel Corporation) C:\Program Files\Intel\AMT\atchk.exe
(Hewlett-Packard) C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [PDF Complete] - C:\Program Files\PDF Complete\pdfsty.exe [331552 2007-04-13] (PDF Complete Inc)
HKLM\...\Run: [PTHOSTTR] - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [145184 2007-01-09] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [827392 2007-01-12] (Synaptics, Inc.)
HKLM\...\Run: [hpWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [472776 2007-03-01] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WAWifiMessage] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [317128 2007-01-10] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [HP Health Check Scheduler] - C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [50696 2007-03-12] (Hewlett-Packard)
HKLM\...\Run: [QlbCtrl] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [163840 2007-05-02] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [CognizanceTS] - C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll [17920 2003-12-22] (Cognizance Corporation)
HKLM\...\Run: [atchk] - C:\Program Files\Intel\AMT\atchk.exe [404248 2007-04-20] (Intel Corporation)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\DeviceNP: C:\Windows\system32\DeviceNP.dll (Hewlett-Packard Limited)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1551406755-2549777080-3165233293-1003\...\MountPoints2: {c23b3964-16fa-11e2-bb9e-000000000000} - G:\laucher.exe
AppInit_DLLs: c:\progra~1\optimi~1\optpro~1.dll => c:\progra~1\optimi~1\optpro~1.dll File Not Found
Lsa: [Notification Packages] scecli ASWLNPkg

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.hp.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {1B435F21-A20C-4A76-AC3A-6E54245E1945} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
SearchScopes: HKCU - {1C98214F-D5EB-44B3-92ED-6899C936919C} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10267&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGY&apn_dtid=^YYYYYY^YY^NL&apn_uid=86664824-dd3f-4b67-96bc-9bc5a4bf5c46&apn_sauid=367FD81E-DA59-41F1-B093-67728A7FA1A5
SearchScopes: HKCU - {4080DD65-F0EB-4DB8-8DFF-E527A3CBE580} URL = hxxp://search.gophoto.it/?pl=1&q={searchTerms}&ch=v1noadmin_1403
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\clampe\AppData\Roaming\Mozilla\Firefox\Profiles\8xi140gf.Christel
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\clampe\AppData\Roaming\Mozilla\Firefox\Profiles\8xi140gf.Christel\searchplugins\gophotoit.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: BuenoSearch - C:\Users\clampe\AppData\Roaming\Mozilla\Firefox\Profiles\8xi140gf.Christel\Extensions\ffxtlbr@buenosearch.com [2014-03-18]
FF Extension: MySearchDial - C:\Users\clampe\AppData\Roaming\Mozilla\Firefox\Profiles\8xi140gf.Christel\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi [2014-03-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{20d1f7b3-7721-4da0-b6f3-78bb4d7248f4}] - C:\Program Files\Browser Guard\browserguard.xpi
FF Extension: No Name - C:\Program Files\Browser Guard\browserguard.xpi [2014-02-24]

========================== Services (Whitelisted) =================

R2 ASBroker; C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [74240 2007-02-07] (Cognizance Corporation)
R2 ASChannel; C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll [131584 2006-06-22] (Cognizance Corporation)
R2 atchksrv; C:\Program Files\Intel\AMT\atchksrv.exe [183064 2007-04-20] (Intel Corporation)
S3 Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [110592 2007-03-05] (Hewlett-Packard Development Company, L.P.)
S3 FLCDLOCK; C:\Windows\system32\flcdlock.exe [172131 2007-04-30] (Hewlett-Packard Ltd)
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [62984 2007-03-14] (Hewlett-Packard)
R2 hpsrv; C:\Windows\system32\Hpservice.exe [18944 2007-01-05] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [540448 2007-04-13] (PDF Complete Inc)
R2 SWIHPWMI; C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [292384 2006-12-04] (Sierra Wireless Inc.)
R2 UNS; C:\Program Files\Intel\AMT\UNS.exe [1489688 2007-04-20] (Intel Corporation)

==================== Drivers (Whitelisted) ====================

R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [140808 2007-04-10] (AuthenTec, Inc.)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv.sys [30008 2007-04-23] (Hewlett-Packard Development Company L.P.)
R1 eabfiltr; C:\Windows\System32\DRIVERS\eabfiltr.sys [8192 2006-11-30] (Hewlett-Packard Development Company, L.P.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R3 rismc32; C:\Windows\System32\DRIVERS\rismc32.sys [47616 2006-12-20] (RICOH Company, Ltd.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 igfx; system32\DRIVERS\igdkmd32.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-21 21:28 - 2014-03-21 21:29 - 00013041 _____ () C:\Users\clampe\Desktop\FRST.txt
2014-03-18 21:28 - 2014-03-18 21:28 - 00000044 _____ () C:\Users\clampe\AppData\Roaming\WB.CFG
2014-03-18 21:27 - 2014-03-18 21:27 - 00000000 ____D () C:\Program Files\Browser Guard
2014-03-18 21:25 - 2014-03-18 21:25 - 00000000 ____D () C:\Users\clampe\AppData\Roaming\0D0S1L2Z1P1B
2014-03-18 21:23 - 2014-03-18 21:23 - 00685456 _____ () C:\Users\clampe\Downloads\ZipExtractorSetup.exe
2014-03-18 21:02 - 2014-03-19 21:15 - 00000000 ____D () C:\AdwCleaner
2014-03-18 20:50 - 2014-03-19 21:19 - 00000000 ____D () C:\Users\clampe\Desktop\trojaner
2014-03-18 20:26 - 2014-03-18 20:26 - 00000000 ____D () C:\Users\clampe\AppData\Roaming\Malwarebytes
2014-03-18 20:26 - 2014-03-18 20:26 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-18 20:26 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-18 20:24 - 2014-03-18 20:24 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\clampe\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-16 18:07 - 2014-03-17 07:09 - 00022511 _____ () C:\Users\clampe\Desktop\Addition.txt
2014-03-16 18:06 - 2014-03-21 21:29 - 00000000 ____D () C:\FRST
2014-03-16 18:04 - 2014-03-16 18:05 - 01145856 _____ (Farbar) C:\Users\clampe\Desktop\FRST.exe
2014-03-16 17:23 - 2014-03-16 17:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-16 17:23 - 2014-03-16 17:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-16 17:21 - 2014-03-16 17:44 - 00000000 ____D () C:\Users\clampe\Desktop\mbar
2014-03-16 17:21 - 2014-03-16 17:21 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-16 17:19 - 2014-03-16 17:19 - 12589848 _____ (Malwarebytes Corp.) C:\Users\clampe\Desktop\mbar-1.07.0.1009.exe
2014-03-15 16:01 - 2014-03-15 16:01 - 00045270 _____ () C:\Users\clampe\Downloads\Extras.Txt
2014-03-15 16:00 - 2014-03-15 16:00 - 00064436 _____ () C:\Users\clampe\Downloads\OTL.Txt
2014-03-15 15:54 - 2014-03-15 15:54 - 00602112 _____ (OldTimer Tools) C:\Users\clampe\Downloads\OTL.exe
2014-03-14 23:15 - 2014-03-14 23:15 - 00000000 ____D () C:\ProgramData\Licenses
2014-03-14 23:08 - 2014-03-14 23:08 - 21407864 _____ (Simply Super Software ) C:\Users\clampe\Downloads\trjsetup690.exe
2014-03-14 18:17 - 2014-02-23 06:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-14 18:17 - 2014-02-23 06:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-14 18:17 - 2014-02-23 06:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-14 18:17 - 2014-02-23 06:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-14 18:17 - 2014-02-23 06:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-14 18:17 - 2014-02-23 06:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-14 18:17 - 2014-02-23 06:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-14 18:17 - 2014-02-23 06:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-14 18:17 - 2014-02-23 06:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-14 18:17 - 2014-02-23 06:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-14 18:17 - 2014-02-23 06:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-14 18:17 - 2014-02-23 06:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-14 18:17 - 2014-02-23 06:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-14 18:17 - 2014-02-23 06:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-14 18:17 - 2014-02-23 06:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-14 18:17 - 2014-02-23 06:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 20:53 - 2014-02-07 11:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 20:53 - 2014-02-03 11:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 20:53 - 2014-01-30 08:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 20:53 - 2013-11-13 01:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-03-09 19:28 - 2014-03-18 20:39 - 00000000 ____D () C:\Users\clampe\AppData\Roaming\Cool Mirage Ltd
2014-03-08 21:30 - 2014-03-08 22:15 - 00000000 ____D () C:\Users\clampe\Desktop\Neuer Ordner
2014-03-08 19:13 - 2014-03-08 19:13 - 00001664 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-08 19:12 - 2014-03-08 19:13 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-08 19:04 - 2014-03-08 19:04 - 00001726 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-03-08 19:04 - 2014-03-08 19:04 - 00000000 ____D () C:\Program Files\QuickTime
2014-03-01 17:57 - 2014-03-18 21:57 - 00071558 _____ () C:\Windows\PFRO.log
2014-03-01 08:40 - 2014-03-01 08:40 - 00000000 ____D () C:\Program Files\Microsoft CAPICOM 2.1.0.2
2014-02-22 19:21 - 2014-03-21 20:51 - 00000436 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-02-22 14:29 - 2014-02-22 14:29 - 00002154 _____ () C:\Windows\epplauncher.mif
2014-02-22 14:27 - 2014-02-22 14:28 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-02-22 14:26 - 2010-04-05 21:00 - 00221568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-02-22 14:22 - 2014-02-22 14:22 - 00004890 _____ () C:\Users\clampe\Documents\cc_20140222_142224.reg
2014-02-22 12:59 - 2014-02-22 12:59 - 00921000 _____ (Oracle Corporation) C:\Users\clampe\Downloads\jxpiinstall.exe
2014-02-22 12:46 - 2014-02-22 12:46 - 00068570 _____ () C:\Users\clampe\Documents\cc_20140222_124613.reg
2014-02-22 12:02 - 2014-02-22 12:02 - 03645064 _____ (Piriform Ltd) C:\Users\clampe\Downloads\ccsetup410_slim.exe
2014-02-22 11:58 - 2014-02-22 11:58 - 00000000 ____D () C:\Windows\pss

==================== One Month Modified Files and Folders =======

2014-03-21 21:29 - 2014-03-21 21:28 - 00013041 _____ () C:\Users\clampe\Desktop\FRST.txt
2014-03-21 21:29 - 2014-03-16 18:06 - 00000000 ____D () C:\FRST
2014-03-21 21:23 - 2014-02-02 13:58 - 00000680 _____ () C:\Users\clampe\AppData\Local\d3d9caps.dat
2014-03-21 21:03 - 2011-08-05 21:12 - 01247880 _____ () C:\Windows\WindowsUpdate.log
2014-03-21 20:57 - 2006-11-02 11:33 - 00006848 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-21 20:51 - 2014-02-22 19:21 - 00000436 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-03-21 20:51 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-21 20:51 - 2006-11-02 13:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-21 20:51 - 2006-11-02 13:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-19 22:54 - 2013-08-15 22:10 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 22:54 - 2006-11-09 17:45 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-03-19 22:54 - 2006-11-02 14:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-19 22:52 - 2006-11-02 11:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-03-19 22:37 - 2012-04-08 17:27 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-19 21:19 - 2014-03-18 20:50 - 00000000 ____D () C:\Users\clampe\Desktop\trojaner
2014-03-19 21:15 - 2014-03-18 21:02 - 00000000 ____D () C:\AdwCleaner
2014-03-18 21:57 - 2014-03-01 17:57 - 00071558 _____ () C:\Windows\PFRO.log
2014-03-18 21:28 - 2014-03-18 21:28 - 00000044 _____ () C:\Users\clampe\AppData\Roaming\WB.CFG
2014-03-18 21:27 - 2014-03-18 21:27 - 00000000 ____D () C:\Program Files\Browser Guard
2014-03-18 21:25 - 2014-03-18 21:25 - 00000000 ____D () C:\Users\clampe\AppData\Roaming\0D0S1L2Z1P1B
2014-03-18 21:23 - 2014-03-18 21:23 - 00685456 _____ () C:\Users\clampe\Downloads\ZipExtractorSetup.exe
2014-03-18 20:42 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\L2Schemas
2014-03-18 20:39 - 2014-03-09 19:28 - 00000000 ____D () C:\Users\clampe\AppData\Roaming\Cool Mirage Ltd
2014-03-18 20:26 - 2014-03-18 20:26 - 00000000 ____D () C:\Users\clampe\AppData\Roaming\Malwarebytes
2014-03-18 20:26 - 2014-03-18 20:26 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-18 20:24 - 2014-03-18 20:24 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\clampe\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-17 07:09 - 2014-03-16 18:07 - 00022511 _____ () C:\Users\clampe\Desktop\Addition.txt
2014-03-16 18:05 - 2014-03-16 18:04 - 01145856 _____ (Farbar) C:\Users\clampe\Desktop\FRST.exe
2014-03-16 17:44 - 2014-03-16 17:23 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-16 17:44 - 2014-03-16 17:21 - 00000000 ____D () C:\Users\clampe\Desktop\mbar
2014-03-16 17:23 - 2014-03-16 17:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-16 17:21 - 2014-03-16 17:21 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-16 17:19 - 2014-03-16 17:19 - 12589848 _____ (Malwarebytes Corp.) C:\Users\clampe\Desktop\mbar-1.07.0.1009.exe
2014-03-15 16:01 - 2014-03-15 16:01 - 00045270 _____ () C:\Users\clampe\Downloads\Extras.Txt
2014-03-15 16:00 - 2014-03-15 16:00 - 00064436 _____ () C:\Users\clampe\Downloads\OTL.Txt
2014-03-15 15:54 - 2014-03-15 15:54 - 00602112 _____ (OldTimer Tools) C:\Users\clampe\Downloads\OTL.exe
2014-03-14 23:15 - 2014-03-14 23:15 - 00000000 ____D () C:\ProgramData\Licenses
2014-03-14 23:08 - 2014-03-14 23:08 - 21407864 _____ (Simply Super Software ) C:\Users\clampe\Downloads\trjsetup690.exe
2014-03-14 22:36 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-03-14 22:18 - 2006-11-02 13:47 - 00321752 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 18:16 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-03-11 21:37 - 2012-04-08 17:27 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-11 21:37 - 2011-08-22 17:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-09 19:28 - 2011-08-05 21:45 - 00000000 ____D () C:\Users\clampe\AppData\Local\Google
2014-03-08 22:15 - 2014-03-08 21:30 - 00000000 ____D () C:\Users\clampe\Desktop\Neuer Ordner
2014-03-08 19:13 - 2014-03-08 19:13 - 00001664 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-08 19:13 - 2014-03-08 19:12 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-08 19:13 - 2011-08-06 06:20 - 00000000 ____D () C:\Program Files\iTunes
2014-03-08 19:12 - 2011-08-11 21:54 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-03-08 19:12 - 2011-08-06 06:20 - 00000000 ____D () C:\Program Files\iPod
2014-03-08 19:07 - 2011-08-11 21:54 - 00000000 ____D () C:\ProgramData\Apple
2014-03-08 19:04 - 2014-03-08 19:04 - 00001726 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-03-08 19:04 - 2014-03-08 19:04 - 00000000 ____D () C:\Program Files\QuickTime
2014-03-08 14:58 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-03-01 08:40 - 2014-03-01 08:40 - 00000000 ____D () C:\Program Files\Microsoft CAPICOM 2.1.0.2
2014-02-28 10:41 - 2013-11-27 21:01 - 00000000 ____D () C:\Users\clampe\AppData\Roaming\Dropbox
2014-02-28 10:40 - 2013-11-27 21:14 - 00000922 _____ () C:\Users\clampe\Desktop\Dropbox.lnk
2014-02-28 10:40 - 2013-11-27 21:14 - 00000000 ___RD () C:\Users\clampe\Dropbox
2014-02-28 10:40 - 2013-11-27 21:04 - 00000000 ____D () C:\Users\clampe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-02-23 06:50 - 2014-03-14 18:17 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-23 06:47 - 2014-03-14 18:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-23 06:43 - 2014-03-14 18:17 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-23 06:41 - 2014-03-14 18:17 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-23 06:40 - 2014-03-14 18:17 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-23 06:39 - 2014-03-14 18:17 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-23 06:38 - 2014-03-14 18:17 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-23 06:38 - 2014-03-14 18:17 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-23 06:38 - 2014-03-14 18:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-23 06:37 - 2014-03-14 18:17 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-23 06:37 - 2014-03-14 18:17 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-23 06:37 - 2014-03-14 18:17 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-23 06:37 - 2014-03-14 18:17 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-23 06:36 - 2014-03-14 18:17 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-23 06:36 - 2014-03-14 18:17 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-23 06:35 - 2014-03-14 18:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-22 14:29 - 2014-02-22 14:29 - 00002154 _____ () C:\Windows\epplauncher.mif
2014-02-22 14:28 - 2014-02-22 14:27 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-02-22 14:22 - 2014-02-22 14:22 - 00004890 _____ () C:\Users\clampe\Documents\cc_20140222_142224.reg
2014-02-22 12:59 - 2014-02-22 12:59 - 00921000 _____ (Oracle Corporation) C:\Users\clampe\Downloads\jxpiinstall.exe
2014-02-22 12:49 - 2014-02-15 13:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-22 12:46 - 2014-02-22 12:46 - 00068570 _____ () C:\Users\clampe\Documents\cc_20140222_124613.reg
2014-02-22 12:12 - 2013-05-14 16:29 - 00000000 ____D () C:\Windows\Minidump
2014-02-22 12:12 - 2011-10-31 09:09 - 00000000 ____D () C:\Program Files\PDFCreator
2014-02-22 12:12 - 2006-11-09 18:39 - 00000000 ____D () C:\Windows\Panther
2014-02-22 12:02 - 2014-02-22 12:02 - 03645064 _____ (Piriform Ltd) C:\Users\clampe\Downloads\ccsetup410_slim.exe
2014-02-22 11:58 - 2014-02-22 11:58 - 00000000 ____D () C:\Windows\pss
2014-02-22 10:23 - 2007-06-19 14:28 - 00000000 ____D () C:\Windows\SMINST

Some content of TEMP:
====================
C:\Users\clampe\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-21 20:57

==================== End Of Log ============================
         

--- --- ---


Grüße, golliwog

ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte SecurityCheck und:

• Speichere es auf dem Desktop.
• Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
• Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Hallo Schrauber,

ich lass alles so wie es ist, habe keine Probleme mehr und malware etc. haben beim letzten Scan ja auch nichts mehr gefunden. Dank dir für deine Hilfe!!

golliwog

Kontrollscan auf Reste wäre schon von Vorteil...