| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Virus lässt sich nur kurzzeitig entfernen! Gebläse ist nach dem Neustart wieder laut.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.05.2014, 16:42
| #1 |
 |  Virus lässt sich nur kurzzeitig entfernen! Gebläse ist nach dem Neustart wieder laut. Hallo  Zunächst: Ich kenne mich wirklich so gut wie gar nicht mit PCs/Technik und/oder Viren aus. Ich habe seit geraumer Zeit ein Problem mit meinem PC. Ich habe mir wohl einen Virus eingefangen, jedoch finden die "üblichen" Virenprgramme nichts (Avira). Der Virus lässt mein Gebläse/ meine Lüftung extrem laut werden. Allerdings bekomme ich den Virus mit dem Adwarecleaner (meistens) kurzzeitig in den Griff. Nachdem ich meinen PC gereinigt habe und das Programm ihn wieder neu hochfahren lässt hört man gar nichts mehr, aber sobald der PC ausgeschaltet war oder auf Stand-by Modus fängt das ganze von vorne an.. ich bin verzweifelt  Ist es sinnvoll mir ein kostenpflichtiges Programm zu kaufen und kann dieses den Virus beseitigen oder sollte ich meinen PC formatieren (damit habe ich eigentlich kein Problem, da auf meinem PC keine Daten gespeichert sind an denen ich sonderlich hänge) jedoch gestaltet sich auch das schwer, da ich keine Windows 7 CD habe (das Betriebssystem war meines Wissens schon vorher auf meinem PC aufgespielt) Alles was ich (mit meinen beschränkten Kenntnissen) an Fakten für euch habe ist, dass mein PC von lenovo ist und ich Windows 7 benutze. Ich freue mich über jede Hilfe, liebe Grüße  |
|
07.05.2014, 17:10
| #2 |
| /// TB-Ausbilder   | Virus lässt sich nur kurzzeitig entfernen! Gebläse ist nach dem Neustart wieder laut. Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Bitte alle Logdateien mit Funden posten! Danach FRST: Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
|
|
07.05.2014, 18:10
| #3 |
| | Virus lässt sich nur kurzzeitig entfernen! Gebläse ist nach dem Neustart wieder laut. Danke für die schnelle Antwort, ich habe versucht die Logfiles so korrekt wie möglich zu erstellen, allerdings habe ich nun nur die FRST.txt und die addition.txt auf dem Desktop (Laut Anleitung sollten es ja noch 2 mehr sein) und nach dem letzten Schritt hat sich mein PC unerwartet heruntergefahren (bevor ich SCAN drücken konnte) Nun ja, ich poste hier jetzt mal die FRST.txt und die Addition.txt, hoffentlich dann alles soweit..
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-05-2014
Ran by Leni (administrator) on LENI-PC on 07-05-2014 18:32:10
Running from C:\Users\Leni\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\ipmgui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2012-03-25] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-03-25] (Lenovo(beijing) Limited)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202096 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [VitaKeyTSR] => C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [383344 2010-12-14] (Egis Technology Inc. )
HKLM-x32\...\Run: [PLTSR] => C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe [364400 2010-10-22] (Egis Technology Inc. )
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2010-12-24] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [224352 2010-12-24] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1679360 2012-02-28] (Wondershare)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3441396947-3629565981-192710641-1000\...\Run: [GoogleChromeAutoLaunch_DEBFF46A2282E58548F9708F9B8BD2C7] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-04-24] (Google Inc.)
HKU\S-1-5-21-3441396947-3629565981-192710641-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563096 2013-12-20] (SUPERAntiSpyware)
Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dvd_14_13_ch&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0EtCtByEyDyC0ByCyBzztN0D0Tzu0SzztCzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDyBtB0Ezz0C0D0FtGtA0FtBtDtGzyzzyE0AtGtAyDtC0EtGtC0A0E0BtDyEyCyCtCzztC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtCzztAyEtDyEtGyCyC0E0FtG0F0DyD0AtGtDtA0BtCtGyDtByE0FtByD0B0A0Ezy0ByB2Q&cr=1423007843&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dvd_14_13_ch&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0EtCtByEyDyC0ByCyBzztN0D0Tzu0SzztCzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDyBtB0Ezz0C0D0FtGtA0FtBtDtGzyzzyE0AtGtAyDtC0EtGtC0A0E0BtDyEyCyCtCzztC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtCzztAyEtDyEtGyCyC0E0FtG0F0DyD0AtGtDtA0BtCtGyDtByE0FtByD0B0A0Ezy0ByB2Q&cr=1423007843&ir=
SearchScopes: HKCU - {63DB1E96-4682-4D64-8E61-5C7CD335DDEC} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=2457B877-3736-4633-90B7-77337637439A&apn_sauid=15EAE1EC-A34A-484A-B744-26616FAFF59F
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
BHO: EgisPBIE Class - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll (Egis Technology Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: EgisPBIE Class - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll (Egis Technology Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Leni\AppData\Roaming\Mozilla\Firefox\Profiles\dv7phbpt.default
FF Keyword.URL: https://www.google.com/search
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Leni\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Leni\AppData\Roaming\Mozilla\Firefox\Profiles\dv7phbpt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-25]
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\EgisTec BioExcess\FFExt
FF Extension: Online Accounts Extension - C:\Program Files (x86)\EgisTec BioExcess\FFExt [2012-03-25]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Leni\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Leni\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Adblock Plus) - C:\Users\Leni\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-02-03]
CHR Extension: (AdBlock) - C:\Users\Leni\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-01-13]
CHR Extension: (Privacy Palette) - C:\Users\Leni\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjkcflkplhgpebknipkekjggglimnone [2013-02-03]
CHR Extension: (Ghostery) - C:\Users\Leni\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-03-01]
CHR Extension: (DvdVideoSoft Free Youtube Download) - C:\Users\Leni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2012-09-22]
CHR Extension: (Google Wallet) - C:\Users\Leni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-03-29]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-11] (SUPERAntiSpyware.com)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [956192 2011-02-15] (Broadcom Corporation.)
R2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. )
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S4 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143552 2012-04-05] (TuneUp Software)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-28] (Avira Operations GmbH & Co. KG)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [3293272 2010-12-23] (Windows (R) Win 7 DDK provider)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-03-29] (TuneUp Software)
R3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2011-11-17] (Wondershare)
U3 BcmSqlStartupSvc;
U2 CLKMSVC10_3A60B698;
U2 CLKMSVC10_C3B3B687;
U2 DriverService;
U2 IAStorDataMgrSvc;
U2 iATAgentService;
U2 idealife Update Service;
U3 IGRS;
U2 IviRegMgr;
U2 nvUpdatusService;
U2 Oasis2Service;
U2 PCCarerService;
U2 ReadyComm.DirectRouter;
U2 RichVideo;
U2 RtLedService;
U2 SeaPort;
U2 SoftwareService;
U3 SQLWriter;
U2 Stereo Service;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-07 18:32 - 2014-05-07 18:32 - 00021101 _____ () C:\Users\Leni\Downloads\FRST.txt
2014-05-07 18:31 - 2014-05-07 18:32 - 00000000 ____D () C:\FRST
2014-05-07 18:30 - 2014-05-07 18:30 - 02063872 _____ (Farbar) C:\Users\Leni\Downloads\FRST64.exe
2014-05-07 18:30 - 2014-05-07 18:30 - 01053184 _____ (Farbar) C:\Users\Leni\Downloads\FRST.exe
2014-05-07 18:28 - 2014-05-07 18:28 - 00050477 _____ () C:\Users\Leni\Downloads\Defogger.exe
2014-05-07 18:28 - 2014-05-07 18:28 - 00000470 _____ () C:\Users\Leni\Downloads\defogger_disable.log
2014-05-07 18:28 - 2014-05-07 18:28 - 00000000 _____ () C:\Users\Leni\defogger_reenable
2014-05-06 23:35 - 2014-05-06 23:35 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-05-06 23:35 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-06 23:35 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-06 23:35 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-05-06 23:35 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-06 23:35 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-05-06 23:35 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-05-06 23:35 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-05-06 23:35 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-05-06 23:35 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-05-06 23:35 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-05-06 23:35 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-06 23:35 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-05-06 23:35 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-05-06 23:35 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-05-06 23:35 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-05-06 23:35 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-05-06 23:35 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-05-06 23:35 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-05-06 23:35 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-05-06 23:35 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-05-06 23:35 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-05-06 23:35 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-05-06 23:35 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-05-06 23:35 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-05-06 23:35 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-05-06 23:35 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-05-06 23:35 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-05-06 23:35 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-05-06 23:35 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-05-06 23:35 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-05-06 23:35 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-05-06 23:35 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-05-06 23:35 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-05-06 23:35 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-05-06 23:35 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-06 23:35 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-05-06 23:35 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-05-06 23:35 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-05-06 23:35 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-05-06 23:35 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-05-06 23:35 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-05-06 23:35 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-05-06 23:35 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-05-06 23:35 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-05-06 23:35 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-05-06 23:35 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-05-06 23:35 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-05-06 23:35 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-05-06 19:57 - 2014-05-06 19:57 - 28022424 _____ () C:\Users\Leni\Desktop\neew.wmv
2014-05-06 19:57 - 2014-05-06 19:57 - 00002246 _____ () C:\Users\Leni\Desktop\neew.wlmp
2014-05-06 19:56 - 2014-05-06 19:56 - 00000000 ____D () C:\Users\Leni\AppData\Local\{5A5A7BE7-FC66-4563-83A6-736314726B12}
2014-05-06 19:52 - 2014-05-06 19:53 - 32210794 _____ () C:\Users\Leni\Desktop\neuundalt.wmv
2014-05-06 19:38 - 2010-06-12 23:15 - 09044265 _____ () C:\Users\Leni\Desktop\Wmfertig_0001.wmv
2014-05-06 19:33 - 2014-05-06 19:33 - 00000000 ____D () C:\Users\Leni\AppData\Local\{9612B7D6-5C35-4AD6-AD6D-A6076F08AA32}
2014-05-06 19:22 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-05-06 19:22 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-05-05 20:44 - 2014-05-05 20:44 - 01316991 _____ () C:\Users\Leni\Downloads\adwcleaner.exe
2014-05-05 20:44 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-05-05 20:43 - 2014-05-05 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soft-Now bundle
2014-05-05 20:43 - 2014-05-05 20:43 - 00686664 _____ ( ) C:\Users\Leni\Downloads\COMPUTER_BILD-Download-Manager_fuer_adwcleaner.exe
2014-05-05 20:40 - 2014-05-05 20:40 - 00644168 _____ (© 2014 ClientConnect Ltd.) C:\Users\Leni\Downloads\AdwCleaner_TSA12XTM8.exe
2014-05-05 20:40 - 2014-05-05 20:40 - 00000000 ____D () C:\Users\Leni\Downloads\AdwCleaner_TSA12XTM8
2014-04-24 12:48 - 2014-05-01 18:42 - 00000000 ____D () C:\Users\Leni\Desktop\Originals
2014-04-24 11:40 - 2014-04-24 11:40 - 00000000 ____D () C:\Users\Leni\AppData\Local\{D5ADEB31-318F-4E49-A396-7E76BF9FF3AA}
2014-04-21 15:24 - 2014-04-21 15:25 - 00000000 ____D () C:\Users\Leni\AppData\Local\{74ED34F6-1857-4609-910D-C7FE3C285070}
2014-04-13 09:14 - 2014-04-13 09:14 - 00001481 _____ () C:\Users\Leni\Desktop\AdwCleaner[S2].txt
2014-04-09 18:06 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-04-09 18:06 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2014-04-09 18:06 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2014-04-09 18:06 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2014-04-09 18:06 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2014-04-09 18:06 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2014-04-09 18:06 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-04-09 18:06 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2014-04-09 18:06 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2014-04-09 18:06 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2014-04-09 18:06 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2014-04-09 18:06 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2014-04-09 18:06 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-04-09 18:06 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys
2014-04-09 18:06 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll
2014-04-09 18:06 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iologmsg.dll
2014-04-09 18:06 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-04-07 19:12 - 2014-04-07 19:12 - 00030506 _____ () C:\Users\Leni\Desktop\interrail.odt
2014-04-07 17:33 - 2014-05-07 17:20 - 00000000 ____D () C:\AdwCleaner
==================== One Month Modified Files and Folders =======
2014-05-07 18:32 - 2014-05-07 18:32 - 00021101 _____ () C:\Users\Leni\Downloads\FRST.txt
2014-05-07 18:32 - 2014-05-07 18:31 - 00000000 ____D () C:\FRST
2014-05-07 18:32 - 2012-03-25 15:41 - 00001124 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-07 18:30 - 2014-05-07 18:30 - 02063872 _____ (Farbar) C:\Users\Leni\Downloads\FRST64.exe
2014-05-07 18:30 - 2014-05-07 18:30 - 01053184 _____ (Farbar) C:\Users\Leni\Downloads\FRST.exe
2014-05-07 18:28 - 2014-05-07 18:28 - 00050477 _____ () C:\Users\Leni\Downloads\Defogger.exe
2014-05-07 18:28 - 2014-05-07 18:28 - 00000470 _____ () C:\Users\Leni\Downloads\defogger_disable.log
2014-05-07 18:28 - 2014-05-07 18:28 - 00000000 _____ () C:\Users\Leni\defogger_reenable
2014-05-07 18:28 - 2012-05-11 14:16 - 00000000 ____D () C:\Users\Leni
2014-05-07 18:19 - 2012-03-25 22:45 - 00700134 _____ () C:\windows\system32\perfh007.dat
2014-05-07 18:19 - 2012-03-25 22:45 - 00149984 _____ () C:\windows\system32\perfc007.dat
2014-05-07 18:19 - 2009-07-14 07:13 - 01622300 _____ () C:\windows\system32\PerfStringBackup.INI
2014-05-07 18:17 - 2012-03-25 14:54 - 01642131 _____ () C:\windows\WindowsUpdate.log
2014-05-07 17:38 - 2013-02-27 21:02 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-05-07 17:30 - 2009-07-14 06:45 - 00021072 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-07 17:30 - 2009-07-14 06:45 - 00021072 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-07 17:22 - 2012-03-25 15:41 - 00001120 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-07 17:21 - 2010-11-21 05:47 - 00662498 _____ () C:\windows\PFRO.log
2014-05-07 17:21 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-05-07 17:21 - 2009-07-14 06:51 - 00115426 _____ () C:\windows\setupact.log
2014-05-07 17:20 - 2014-04-07 17:33 - 00000000 ____D () C:\AdwCleaner
2014-05-07 17:20 - 2013-09-30 20:15 - 00000924 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3441396947-3629565981-192710641-1000UA.job
2014-05-07 13:38 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-05-07 13:37 - 2013-02-28 16:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-06 23:35 - 2014-05-06 23:35 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-05-06 21:27 - 2012-03-25 15:41 - 00004120 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-06 21:27 - 2012-03-25 15:41 - 00003868 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 20:20 - 2013-09-30 20:15 - 00000902 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3441396947-3629565981-192710641-1000Core.job
2014-05-06 19:57 - 2014-05-06 19:57 - 28022424 _____ () C:\Users\Leni\Desktop\neew.wmv
2014-05-06 19:57 - 2014-05-06 19:57 - 00002246 _____ () C:\Users\Leni\Desktop\neew.wlmp
2014-05-06 19:56 - 2014-05-06 19:56 - 00000000 ____D () C:\Users\Leni\AppData\Local\{5A5A7BE7-FC66-4563-83A6-736314726B12}
2014-05-06 19:53 - 2014-05-06 19:52 - 32210794 _____ () C:\Users\Leni\Desktop\neuundalt.wmv
2014-05-06 19:33 - 2014-05-06 19:33 - 00000000 ____D () C:\Users\Leni\AppData\Local\{9612B7D6-5C35-4AD6-AD6D-A6076F08AA32}
2014-05-06 16:02 - 2013-07-15 17:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-05 20:50 - 2014-05-05 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soft-Now bundle
2014-05-05 20:44 - 2014-05-05 20:44 - 01316991 _____ () C:\Users\Leni\Downloads\adwcleaner.exe
2014-05-05 20:43 - 2014-05-05 20:43 - 00686664 _____ ( ) C:\Users\Leni\Downloads\COMPUTER_BILD-Download-Manager_fuer_adwcleaner.exe
2014-05-05 20:40 - 2014-05-05 20:40 - 00644168 _____ (© 2014 ClientConnect Ltd.) C:\Users\Leni\Downloads\AdwCleaner_TSA12XTM8.exe
2014-05-05 20:40 - 2014-05-05 20:40 - 00000000 ____D () C:\Users\Leni\Downloads\AdwCleaner_TSA12XTM8
2014-05-01 18:42 - 2014-04-24 12:48 - 00000000 ____D () C:\Users\Leni\Desktop\Originals
2014-04-29 22:28 - 2012-03-25 15:42 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-28 00:32 - 2012-05-12 15:03 - 00000000 ____D () C:\Users\Leni\AppData\Roaming\SoftGrid Client
2014-04-24 11:40 - 2014-04-24 11:40 - 00000000 ____D () C:\Users\Leni\AppData\Local\{D5ADEB31-318F-4E49-A396-7E76BF9FF3AA}
2014-04-23 17:53 - 2014-04-01 15:53 - 00000000 ____D () C:\Users\Leni\Desktop\Neuer Ordner
2014-04-22 20:06 - 2013-06-02 11:50 - 00000000 ____D () C:\Users\Leni\Desktop\kleiderkreisel
2014-04-22 13:02 - 2014-03-24 00:21 - 00000000 ____D () C:\Users\Leni\Desktop\sozialkunde
2014-04-21 15:25 - 2014-04-21 15:24 - 00000000 ____D () C:\Users\Leni\AppData\Local\{74ED34F6-1857-4609-910D-C7FE3C285070}
2014-04-21 15:06 - 2012-03-31 17:11 - 00000000 ____D () C:\Users\Leni\Downloads\Neuer Ordner (6)
2014-04-14 16:27 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-04-14 11:09 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\LiveKernelReports
2014-04-14 04:24 - 2014-05-06 19:22 - 00465408 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-04-14 04:19 - 2014-05-06 19:22 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-04-13 21:20 - 2014-02-11 22:35 - 00000000 ____D () C:\Users\Leni\Desktop\lisa
2014-04-13 14:23 - 2009-07-14 07:08 - 00032632 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-04-13 09:14 - 2014-04-13 09:14 - 00001481 _____ () C:\Users\Leni\Desktop\AdwCleaner[S2].txt
2014-04-09 22:08 - 2013-12-14 21:56 - 00000000 ____D () C:\windows\system32\MRT
2014-04-09 22:05 - 2013-12-14 21:55 - 90655440 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-04-07 22:14 - 2012-05-11 14:19 - 00072296 _____ () C:\Users\Leni\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-07 19:12 - 2014-04-07 19:12 - 00030506 _____ () C:\Users\Leni\Desktop\interrail.odt
Some content of TEMP:
====================
C:\Users\Leni\AppData\Local\Temp\APNStub.exe
C:\Users\Leni\AppData\Local\Temp\AskSLib.dll
C:\Users\Leni\AppData\Local\Temp\avgnt.exe
C:\Users\Leni\AppData\Local\Temp\BackupSetup.exe
C:\Users\Leni\AppData\Local\Temp\DeleteUninstall.exe
C:\Users\Leni\AppData\Local\Temp\IminentSetup-1-.exe
C:\Users\Leni\AppData\Local\Temp\nsc33F1.exe
C:\Users\Leni\AppData\Local\Temp\nsh9CE5.exe
C:\Users\Leni\AppData\Local\Temp\nshA2FE.exe
C:\Users\Leni\AppData\Local\Temp\nshA6A7.exe
C:\Users\Leni\AppData\Local\Temp\nsw2FDA.exe
C:\Users\Leni\AppData\Local\Temp\nsw3816.exe
C:\Users\Leni\AppData\Local\Temp\plus-hd-4-91.exe
C:\Users\Leni\AppData\Local\Temp\Quarantine.exe
C:\Users\Leni\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Leni\AppData\Local\Temp\vis-de.exe
C:\Users\Leni\AppData\Local\Temp\VIS_DE-2013-12-13.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-05 22:10
==================== End Of Log ============================
--- --- --- Hier addition.txt FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-05-2014
Ran by Leni (administrator) on LENI-PC on 07-05-2014 18:32:10
Running from C:\Users\Leni\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\ipmgui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2012-03-25] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-03-25] (Lenovo(beijing) Limited)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202096 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [VitaKeyTSR] => C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [383344 2010-12-14] (Egis Technology Inc. )
HKLM-x32\...\Run: [PLTSR] => C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe [364400 2010-10-22] (Egis Technology Inc. )
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2010-12-24] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [224352 2010-12-24] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1679360 2012-02-28] (Wondershare)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3441396947-3629565981-192710641-1000\...\Run: [GoogleChromeAutoLaunch_DEBFF46A2282E58548F9708F9B8BD2C7] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-04-24] (Google Inc.)
HKU\S-1-5-21-3441396947-3629565981-192710641-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563096 2013-12-20] (SUPERAntiSpyware)
Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dvd_14_13_ch&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0EtCtByEyDyC0ByCyBzztN0D0Tzu0SzztCzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDyBtB0Ezz0C0D0FtGtA0FtBtDtGzyzzyE0AtGtAyDtC0EtGtC0A0E0BtDyEyCyCtCzztC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtCzztAyEtDyEtGyCyC0E0FtG0F0DyD0AtGtDtA0BtCtGyDtByE0FtByD0B0A0Ezy0ByB2Q&cr=1423007843&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dvd_14_13_ch&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0EtCtByEyDyC0ByCyBzztN0D0Tzu0SzztCzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDyBtB0Ezz0C0D0FtGtA0FtBtDtGzyzzyE0AtGtAyDtC0EtGtC0A0E0BtDyEyCyCtCzztC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtCzztAyEtDyEtGyCyC0E0FtG0F0DyD0AtGtDtA0BtCtGyDtByE0FtByD0B0A0Ezy0ByB2Q&cr=1423007843&ir=
SearchScopes: HKCU - {63DB1E96-4682-4D64-8E61-5C7CD335DDEC} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=2457B877-3736-4633-90B7-77337637439A&apn_sauid=15EAE1EC-A34A-484A-B744-26616FAFF59F
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
BHO: EgisPBIE Class - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll (Egis Technology Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: EgisPBIE Class - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll (Egis Technology Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Leni\AppData\Roaming\Mozilla\Firefox\Profiles\dv7phbpt.default
FF Keyword.URL: https://www.google.com/search
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Leni\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Leni\AppData\Roaming\Mozilla\Firefox\Profiles\dv7phbpt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-25]
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\EgisTec BioExcess\FFExt
FF Extension: Online Accounts Extension - C:\Program Files (x86)\EgisTec BioExcess\FFExt [2012-03-25]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Leni\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Leni\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Adblock Plus) - C:\Users\Leni\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-02-03]
CHR Extension: (AdBlock) - C:\Users\Leni\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-01-13]
CHR Extension: (Privacy Palette) - C:\Users\Leni\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjkcflkplhgpebknipkekjggglimnone [2013-02-03]
CHR Extension: (Ghostery) - C:\Users\Leni\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-03-01]
CHR Extension: (DvdVideoSoft Free Youtube Download) - C:\Users\Leni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2012-09-22]
CHR Extension: (Google Wallet) - C:\Users\Leni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-03-29]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-11] (SUPERAntiSpyware.com)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [956192 2011-02-15] (Broadcom Corporation.)
R2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. )
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S4 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143552 2012-04-05] (TuneUp Software)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-28] (Avira Operations GmbH & Co. KG)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [3293272 2010-12-23] (Windows (R) Win 7 DDK provider)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-03-29] (TuneUp Software)
R3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2011-11-17] (Wondershare)
U3 BcmSqlStartupSvc;
U2 CLKMSVC10_3A60B698;
U2 CLKMSVC10_C3B3B687;
U2 DriverService;
U2 IAStorDataMgrSvc;
U2 iATAgentService;
U2 idealife Update Service;
U3 IGRS;
U2 IviRegMgr;
U2 nvUpdatusService;
U2 Oasis2Service;
U2 PCCarerService;
U2 ReadyComm.DirectRouter;
U2 RichVideo;
U2 RtLedService;
U2 SeaPort;
U2 SoftwareService;
U3 SQLWriter;
U2 Stereo Service;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-07 18:32 - 2014-05-07 18:32 - 00021101 _____ () C:\Users\Leni\Downloads\FRST.txt
2014-05-07 18:31 - 2014-05-07 18:32 - 00000000 ____D () C:\FRST
2014-05-07 18:30 - 2014-05-07 18:30 - 02063872 _____ (Farbar) C:\Users\Leni\Downloads\FRST64.exe
2014-05-07 18:30 - 2014-05-07 18:30 - 01053184 _____ (Farbar) C:\Users\Leni\Downloads\FRST.exe
2014-05-07 18:28 - 2014-05-07 18:28 - 00050477 _____ () C:\Users\Leni\Downloads\Defogger.exe
2014-05-07 18:28 - 2014-05-07 18:28 - 00000470 _____ () C:\Users\Leni\Downloads\defogger_disable.log
2014-05-07 18:28 - 2014-05-07 18:28 - 00000000 _____ () C:\Users\Leni\defogger_reenable
2014-05-06 23:35 - 2014-05-06 23:35 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-05-06 23:35 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-06 23:35 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-06 23:35 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-05-06 23:35 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-06 23:35 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-05-06 23:35 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-05-06 23:35 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-05-06 23:35 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-05-06 23:35 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-05-06 23:35 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-05-06 23:35 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-06 23:35 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-05-06 23:35 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-05-06 23:35 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-05-06 23:35 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-05-06 23:35 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-05-06 23:35 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-05-06 23:35 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-05-06 23:35 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-05-06 23:35 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-05-06 23:35 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-05-06 23:35 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-05-06 23:35 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-05-06 23:35 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-05-06 23:35 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-05-06 23:35 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-05-06 23:35 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-05-06 23:35 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-05-06 23:35 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-05-06 23:35 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-05-06 23:35 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-05-06 23:35 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-05-06 23:35 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-05-06 23:35 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-05-06 23:35 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-06 23:35 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-05-06 23:35 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-05-06 23:35 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-05-06 23:35 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-05-06 23:35 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-05-06 23:35 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-05-06 23:35 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-05-06 23:35 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-05-06 23:35 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-05-06 23:35 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-05-06 23:35 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-05-06 23:35 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-05-06 23:35 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-05-06 19:57 - 2014-05-06 19:57 - 28022424 _____ () C:\Users\Leni\Desktop\neew.wmv
2014-05-06 19:57 - 2014-05-06 19:57 - 00002246 _____ () C:\Users\Leni\Desktop\neew.wlmp
2014-05-06 19:56 - 2014-05-06 19:56 - 00000000 ____D () C:\Users\Leni\AppData\Local\{5A5A7BE7-FC66-4563-83A6-736314726B12}
2014-05-06 19:52 - 2014-05-06 19:53 - 32210794 _____ () C:\Users\Leni\Desktop\neuundalt.wmv
2014-05-06 19:38 - 2010-06-12 23:15 - 09044265 _____ () C:\Users\Leni\Desktop\Wmfertig_0001.wmv
2014-05-06 19:33 - 2014-05-06 19:33 - 00000000 ____D () C:\Users\Leni\AppData\Local\{9612B7D6-5C35-4AD6-AD6D-A6076F08AA32}
2014-05-06 19:22 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-05-06 19:22 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-05-05 20:44 - 2014-05-05 20:44 - 01316991 _____ () C:\Users\Leni\Downloads\adwcleaner.exe
2014-05-05 20:44 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-05-05 20:43 - 2014-05-05 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soft-Now bundle
2014-05-05 20:43 - 2014-05-05 20:43 - 00686664 _____ ( ) C:\Users\Leni\Downloads\COMPUTER_BILD-Download-Manager_fuer_adwcleaner.exe
2014-05-05 20:40 - 2014-05-05 20:40 - 00644168 _____ (© 2014 ClientConnect Ltd.) C:\Users\Leni\Downloads\AdwCleaner_TSA12XTM8.exe
2014-05-05 20:40 - 2014-05-05 20:40 - 00000000 ____D () C:\Users\Leni\Downloads\AdwCleaner_TSA12XTM8
2014-04-24 12:48 - 2014-05-01 18:42 - 00000000 ____D () C:\Users\Leni\Desktop\Originals
2014-04-24 11:40 - 2014-04-24 11:40 - 00000000 ____D () C:\Users\Leni\AppData\Local\{D5ADEB31-318F-4E49-A396-7E76BF9FF3AA}
2014-04-21 15:24 - 2014-04-21 15:25 - 00000000 ____D () C:\Users\Leni\AppData\Local\{74ED34F6-1857-4609-910D-C7FE3C285070}
2014-04-13 09:14 - 2014-04-13 09:14 - 00001481 _____ () C:\Users\Leni\Desktop\AdwCleaner[S2].txt
2014-04-09 18:06 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-04-09 18:06 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2014-04-09 18:06 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2014-04-09 18:06 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2014-04-09 18:06 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2014-04-09 18:06 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2014-04-09 18:06 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-04-09 18:06 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2014-04-09 18:06 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2014-04-09 18:06 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2014-04-09 18:06 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2014-04-09 18:06 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2014-04-09 18:06 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-04-09 18:06 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys
2014-04-09 18:06 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll
2014-04-09 18:06 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iologmsg.dll
2014-04-09 18:06 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-04-07 19:12 - 2014-04-07 19:12 - 00030506 _____ () C:\Users\Leni\Desktop\interrail.odt
2014-04-07 17:33 - 2014-05-07 17:20 - 00000000 ____D () C:\AdwCleaner
==================== One Month Modified Files and Folders =======
2014-05-07 18:32 - 2014-05-07 18:32 - 00021101 _____ () C:\Users\Leni\Downloads\FRST.txt
2014-05-07 18:32 - 2014-05-07 18:31 - 00000000 ____D () C:\FRST
2014-05-07 18:32 - 2012-03-25 15:41 - 00001124 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-07 18:30 - 2014-05-07 18:30 - 02063872 _____ (Farbar) C:\Users\Leni\Downloads\FRST64.exe
2014-05-07 18:30 - 2014-05-07 18:30 - 01053184 _____ (Farbar) C:\Users\Leni\Downloads\FRST.exe
2014-05-07 18:28 - 2014-05-07 18:28 - 00050477 _____ () C:\Users\Leni\Downloads\Defogger.exe
2014-05-07 18:28 - 2014-05-07 18:28 - 00000470 _____ () C:\Users\Leni\Downloads\defogger_disable.log
2014-05-07 18:28 - 2014-05-07 18:28 - 00000000 _____ () C:\Users\Leni\defogger_reenable
2014-05-07 18:28 - 2012-05-11 14:16 - 00000000 ____D () C:\Users\Leni
2014-05-07 18:19 - 2012-03-25 22:45 - 00700134 _____ () C:\windows\system32\perfh007.dat
2014-05-07 18:19 - 2012-03-25 22:45 - 00149984 _____ () C:\windows\system32\perfc007.dat
2014-05-07 18:19 - 2009-07-14 07:13 - 01622300 _____ () C:\windows\system32\PerfStringBackup.INI
2014-05-07 18:17 - 2012-03-25 14:54 - 01642131 _____ () C:\windows\WindowsUpdate.log
2014-05-07 17:38 - 2013-02-27 21:02 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-05-07 17:30 - 2009-07-14 06:45 - 00021072 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-07 17:30 - 2009-07-14 06:45 - 00021072 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-07 17:22 - 2012-03-25 15:41 - 00001120 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-07 17:21 - 2010-11-21 05:47 - 00662498 _____ () C:\windows\PFRO.log
2014-05-07 17:21 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-05-07 17:21 - 2009-07-14 06:51 - 00115426 _____ () C:\windows\setupact.log
2014-05-07 17:20 - 2014-04-07 17:33 - 00000000 ____D () C:\AdwCleaner
2014-05-07 17:20 - 2013-09-30 20:15 - 00000924 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3441396947-3629565981-192710641-1000UA.job
2014-05-07 13:38 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-05-07 13:37 - 2013-02-28 16:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-06 23:35 - 2014-05-06 23:35 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-05-06 21:27 - 2012-03-25 15:41 - 00004120 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-06 21:27 - 2012-03-25 15:41 - 00003868 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 20:20 - 2013-09-30 20:15 - 00000902 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3441396947-3629565981-192710641-1000Core.job
2014-05-06 19:57 - 2014-05-06 19:57 - 28022424 _____ () C:\Users\Leni\Desktop\neew.wmv
2014-05-06 19:57 - 2014-05-06 19:57 - 00002246 _____ () C:\Users\Leni\Desktop\neew.wlmp
2014-05-06 19:56 - 2014-05-06 19:56 - 00000000 ____D () C:\Users\Leni\AppData\Local\{5A5A7BE7-FC66-4563-83A6-736314726B12}
2014-05-06 19:53 - 2014-05-06 19:52 - 32210794 _____ () C:\Users\Leni\Desktop\neuundalt.wmv
2014-05-06 19:33 - 2014-05-06 19:33 - 00000000 ____D () C:\Users\Leni\AppData\Local\{9612B7D6-5C35-4AD6-AD6D-A6076F08AA32}
2014-05-06 16:02 - 2013-07-15 17:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-05 20:50 - 2014-05-05 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soft-Now bundle
2014-05-05 20:44 - 2014-05-05 20:44 - 01316991 _____ () C:\Users\Leni\Downloads\adwcleaner.exe
2014-05-05 20:43 - 2014-05-05 20:43 - 00686664 _____ ( ) C:\Users\Leni\Downloads\COMPUTER_BILD-Download-Manager_fuer_adwcleaner.exe
2014-05-05 20:40 - 2014-05-05 20:40 - 00644168 _____ (© 2014 ClientConnect Ltd.) C:\Users\Leni\Downloads\AdwCleaner_TSA12XTM8.exe
2014-05-05 20:40 - 2014-05-05 20:40 - 00000000 ____D () C:\Users\Leni\Downloads\AdwCleaner_TSA12XTM8
2014-05-01 18:42 - 2014-04-24 12:48 - 00000000 ____D () C:\Users\Leni\Desktop\Originals
2014-04-29 22:28 - 2012-03-25 15:42 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-28 00:32 - 2012-05-12 15:03 - 00000000 ____D () C:\Users\Leni\AppData\Roaming\SoftGrid Client
2014-04-24 11:40 - 2014-04-24 11:40 - 00000000 ____D () C:\Users\Leni\AppData\Local\{D5ADEB31-318F-4E49-A396-7E76BF9FF3AA}
2014-04-23 17:53 - 2014-04-01 15:53 - 00000000 ____D () C:\Users\Leni\Desktop\Neuer Ordner
2014-04-22 20:06 - 2013-06-02 11:50 - 00000000 ____D () C:\Users\Leni\Desktop\kleiderkreisel
2014-04-22 13:02 - 2014-03-24 00:21 - 00000000 ____D () C:\Users\Leni\Desktop\sozialkunde
2014-04-21 15:25 - 2014-04-21 15:24 - 00000000 ____D () C:\Users\Leni\AppData\Local\{74ED34F6-1857-4609-910D-C7FE3C285070}
2014-04-21 15:06 - 2012-03-31 17:11 - 00000000 ____D () C:\Users\Leni\Downloads\Neuer Ordner (6)
2014-04-14 16:27 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-04-14 11:09 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\LiveKernelReports
2014-04-14 04:24 - 2014-05-06 19:22 - 00465408 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-04-14 04:19 - 2014-05-06 19:22 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-04-13 21:20 - 2014-02-11 22:35 - 00000000 ____D () C:\Users\Leni\Desktop\lisa
2014-04-13 14:23 - 2009-07-14 07:08 - 00032632 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-04-13 09:14 - 2014-04-13 09:14 - 00001481 _____ () C:\Users\Leni\Desktop\AdwCleaner[S2].txt
2014-04-09 22:08 - 2013-12-14 21:56 - 00000000 ____D () C:\windows\system32\MRT
2014-04-09 22:05 - 2013-12-14 21:55 - 90655440 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-04-07 22:14 - 2012-05-11 14:19 - 00072296 _____ () C:\Users\Leni\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-07 19:12 - 2014-04-07 19:12 - 00030506 _____ () C:\Users\Leni\Desktop\interrail.odt
Some content of TEMP:
====================
C:\Users\Leni\AppData\Local\Temp\APNStub.exe
C:\Users\Leni\AppData\Local\Temp\AskSLib.dll
C:\Users\Leni\AppData\Local\Temp\avgnt.exe
C:\Users\Leni\AppData\Local\Temp\BackupSetup.exe
C:\Users\Leni\AppData\Local\Temp\DeleteUninstall.exe
C:\Users\Leni\AppData\Local\Temp\IminentSetup-1-.exe
C:\Users\Leni\AppData\Local\Temp\nsc33F1.exe
C:\Users\Leni\AppData\Local\Temp\nsh9CE5.exe
C:\Users\Leni\AppData\Local\Temp\nshA2FE.exe
C:\Users\Leni\AppData\Local\Temp\nshA6A7.exe
C:\Users\Leni\AppData\Local\Temp\nsw2FDA.exe
C:\Users\Leni\AppData\Local\Temp\nsw3816.exe
C:\Users\Leni\AppData\Local\Temp\plus-hd-4-91.exe
C:\Users\Leni\AppData\Local\Temp\Quarantine.exe
C:\Users\Leni\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Leni\AppData\Local\Temp\vis-de.exe
C:\Users\Leni\AppData\Local\Temp\VIS_DE-2013-12-13.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-05 22:10
==================== End Of Log ============================
--- --- --- |
|
07.05.2014, 18:31
| #4 | |
| /// TB-Ausbilder | Virus lässt sich nur kurzzeitig entfernen! Gebläse ist nach dem Neustart wieder laut.Zitat:
 (man kann die heruntergeladenen Dateien ganz einfach vom Downloadordner auf den Desktop verschieben) Wir beginnen so: Scan mit Combofix
|
|
07.05.2014, 19:18
| #5 |
| | Virus lässt sich nur kurzzeitig entfernen! Gebläse ist nach dem Neustart wieder laut. So, ich wollte es auf meinem Desktop speichern, allerdings wurde ich danach gar nicht gefragt, es hat sich automatisch abgespeichert und nach dem Ausführen ging es auch schon direkt los... entschuldige bitte, wenn ich mich etwas dämlich anstelle :/ Ich habe den Echtzeitscanner von Avira ausgeschalten, allerdings kam trotzdem eine Meldung, diese hat jedoch den Scan nicht verhindert, sondern mich nur "darauf hingewiesen" Ist das so in Ordnung? Oder hat irgendwas nicht geklappt? Das laute Geräusch meines Gebläses hat sich mittlerweile in ein dezenteres Pfeifen verwandelt. Danke für Ihre Geduld. Code:
ATTFilter ComboFix 14-05-07.03 - Leni 07.05.2014 19:54:55.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4010.2339 [GMT 2:00]
ausgeführt von:: c:\users\Leni\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Leni\AppData\Local\Temp\SAS31F9.tmp
c:\windows\gt.exe
c:\windows\s.bat
c:\windows\version.txt
c:\windows\wininit.ini
.
Infizierte Kopie von c:\windows\SysWow64\userinit.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-04-07 bis 2014-05-07 ))))))))))))))))))))))))))))))
.
.
2014-05-07 18:04 . 2014-05-07 18:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-07 16:31 . 2014-05-07 16:33 -------- d-----w- C:\FRST
2014-05-06 19:29 . 2014-04-16 10:22 10651704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0913E0C0-4A6D-4042-973E-9F625A548991}\mpengine.dll
2014-05-06 17:22 . 2014-04-14 02:24 465408 ----a-w- c:\windows\system32\aepdu.dll
2014-05-06 17:22 . 2014-04-14 02:19 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-05-05 18:44 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-05-05 18:22 . 2014-05-03 20:03 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D27D0887-D3C1-485E-94C5-A0205A657DCD}\gapaengine.dll
2014-05-05 18:14 . 2014-04-16 10:22 10651704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-07 15:58 . 2013-10-17 17:44 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-05-03 20:03 . 2014-01-24 13:52 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-09 20:05 . 2013-12-14 19:55 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-03-11 07:52 . 2013-09-27 08:53 133928 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-04 09:17 . 2014-04-09 16:06 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-02-22 17:48 . 2014-02-22 17:48 0 ----a-w- c:\windows\SysWow64\shoDA5E.tmp
2014-02-07 01:23 . 2014-03-13 16:55 3156480 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_DEBFF46A2282E58548F9708F9B8BD2C7"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-04-24 841032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-11-05 407920]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-11-05 202096]
"VitaKeyTSR"="c:\program files (x86)\EgisTec BioExcess\EgisTSR.exe" [2010-12-13 383344]
"PLTSR"="c:\program files (x86)\EgisTec Port Locker\EgisPLTSR.exe" [2010-10-22 364400]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2010-12-24 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2010-12-24 224352]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-28 1679360]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-20 689744]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-01 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0FbDefrag\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 EgisTecFF;EgisTecFF;c:\windows\system32\DRIVERS\EgisTecFF.sys;c:\windows\SYSNATIVE\DRIVERS\EgisTecFF.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 EgisTec Service Help;EgisTec Service Help;c:\program files (x86)\EgisTec Port Locker\Egishlpsvc.exe;c:\program files (x86)\EgisTec Port Locker\Egishlpsvc.exe [x]
S2 EgisTec Service;EgisTec Service;c:\program files (x86)\EgisTec BioExcess\EgisService.exe;c:\program files (x86)\EgisTec BioExcess\EgisService.exe [x]
S2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys;c:\windows\SYSNATIVE\Drivers\FPSensor.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\Drivers\S6000KNT.sys;c:\windows\SYSNATIVE\Drivers\S6000KNT.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);c:\windows\system32\drivers\WsAudioDevice_383S(1).sys;c:\windows\SYSNATIVE\drivers\WsAudioDevice_383S(1).sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-29 20:26 1078088 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-27 17:38]
.
2014-05-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3441396947-3629565981-192710641-1000Core.job
- c:\users\Leni\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-30 18:15]
.
2014-05-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3441396947-3629565981-192710641-1000UA.job
- c:\users\Leni\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-30 18:15]
.
2014-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-25 13:41]
.
2014-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-25 13:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-29 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-29 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-29 418840]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-04 11772520]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-03-25 9769888]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-03-25 5908928]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Leni\AppData\Roaming\Mozilla\Firefox\Profiles\dv7phbpt.default\
FF - prefs.js: keyword.URL - hxxps://www.google.com/search
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Soft-Now bundle - c:\program files (x86)\sweetpacks bundle uninstaller\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-05-07 20:12:55 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-05-07 18:12
.
Vor Suchlauf: 11 Verzeichnis(se), 372.678.369.280 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 375.736.922.112 Bytes frei
.
- - End Of File - - 3DD5A5BE4DD422886B10DEC7CCE0BAA9
|
|
08.05.2014, 09:16
| #6 | |||
| /// TB-Ausbilder | Virus lässt sich nur kurzzeitig entfernen! Gebläse ist nach dem Neustart wieder laut.Zitat:
Zitat:
Deinstalliere bitte jetzt einen davon. Zitat:
so geht es weiter: Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Downloade Dir bitte  Malwarebytes Anti-Malware
|
|
08.05.2014, 17:17
| #7 |
| | Virus lässt sich nur kurzzeitig entfernen! Gebläse ist nach dem Neustart wieder laut. So, nun erst mal die Adwarecleaner Ergebnisse. den Rest führe ich jetzt durch: Code:
ATTFilter # AdwCleaner v3.207 - Bericht erstellt am 08/05/2014 um 17:27:45
# Aktualisiert 05/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Leni - LENI-PC
# Gestartet von : C:\Users\Leni\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\f8b34e3b5e6e337aa6491ee3f713f8f5\adwcleaner_3.2.0.7.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\Leni\AppData\Local\Temp\OCS
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\OCS
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Mozilla Firefox v27.0.1 (de)
[ Datei : C:\Users\Leni\AppData\Roaming\Mozilla\Firefox\Profiles\dv7phbpt.default\prefs.js ]
-\\ Google Chrome v34.0.1847.131
[ Datei : C:\Users\Leni\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [11753 octets] - [07/04/2014 17:34:01]
AdwCleaner[R10].txt - [2314 octets] - [08/05/2014 17:25:54]
AdwCleaner[R1].txt - [11750 octets] - [07/04/2014 17:45:20]
AdwCleaner[R2].txt - [1344 octets] - [09/04/2014 18:23:58]
AdwCleaner[R3].txt - [1464 octets] - [13/04/2014 09:10:45]
AdwCleaner[R4].txt - [1584 octets] - [13/04/2014 14:21:28]
AdwCleaner[R5].txt - [1704 octets] - [13/04/2014 14:26:04]
AdwCleaner[R6].txt - [1824 octets] - [14/04/2014 10:27:38]
AdwCleaner[R7].txt - [5614 octets] - [05/05/2014 20:44:30]
AdwCleaner[R8].txt - [1831 octets] - [06/05/2014 15:32:58]
AdwCleaner[R9].txt - [1953 octets] - [07/05/2014 17:19:29]
AdwCleaner[S0].txt - [10334 octets] - [07/04/2014 17:46:08]
AdwCleaner[S1].txt - [1361 octets] - [09/04/2014 18:24:28]
AdwCleaner[S2].txt - [1481 octets] - [13/04/2014 09:11:42]
AdwCleaner[S3].txt - [1601 octets] - [13/04/2014 14:22:31]
AdwCleaner[S4].txt - [1721 octets] - [13/04/2014 14:26:48]
AdwCleaner[S5].txt - [1841 octets] - [14/04/2014 10:31:42]
AdwCleaner[S6].txt - [6075 octets] - [05/05/2014 20:50:17]
AdwCleaner[S7].txt - [1892 octets] - [06/05/2014 15:34:01]
AdwCleaner[S8].txt - [2014 octets] - [07/05/2014 17:20:25]
AdwCleaner[S9].txt - [2188 octets] - [08/05/2014 17:27:45]
########## EOF - C:\AdwCleaner\AdwCleaner[S9].txt - [2248 octets] ##########
Code:
ATTFilter
~~~ Files
Successfully deleted: [File] C:\windows\syswow64\sho5BE2.tmp
Successfully deleted: [File] C:\windows\syswow64\sho95D5.tmp
Successfully deleted: [File] C:\windows\syswow64\shoDA5E.tmp
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{007DE5E4-56B9-40D9-88EE-25CF48F60A94}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{008B3CE4-07E5-433B-8E8E-8572E48AA5B6}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{036DDE08-C24A-4E2B-A7CF-A44ACE258120}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{0E25A752-11C7-4303-A711-542DC695B384}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{0F4973AC-93FE-410C-8D1C-CB830EA7A522}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{104DDADE-D35A-4331-B1F5-660990928272}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{1F5635C7-29D9-4B21-A8B5-08AE8C172F92}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{226FF9D7-ACC6-4D95-99DD-56D7C2CD5E8F}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{272883BB-9650-4436-B670-27A682334EBD}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{27D29C51-078B-45FC-BBF3-D004A78E028A}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{2ACB72C4-D041-464A-837C-A66C07F39520}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{2D72DC28-5AF5-45DF-8065-3204526B9D9D}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{37402844-E9CE-48ED-8A95-DAD0BDC37753}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{39028FE9-C352-40AD-9AB9-6E9351E68815}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{3AADC575-4AC3-466E-B70D-6418159C6DD0}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{3F574F8D-4FD0-4255-98A7-D31769D127EF}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{4247D71B-4089-4E3E-9E91-050EDBD70F0B}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{4C87AF9E-4390-4DA1-BC17-7D2D39D7CCF1}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{4F55879E-D055-4ED5-8B8E-D9D8DD9CD571}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{52458FF7-7327-4285-AD3A-806402E76C44}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{58A4391D-DC2E-4A3A-98E4-35E5EC3B92A6}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{5A5A7BE7-FC66-4563-83A6-736314726B12}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{5C259281-925E-4499-A905-5A06FA234CBC}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{5CB179A0-8C54-4A91-9E39-00DF7A430B25}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{60903C47-496B-48D1-9151-F2ECFB00EB25}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{60CEC6CF-5CB1-4D13-91AB-9A281A15D32B}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{60EFBDA7-BE92-4451-B1C8-8575FD1940EB}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{6A2FE563-6D58-448F-8A21-7C46D2877BC9}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{6D9D2167-DAA6-4C09-A0E4-9E5DF93AA95D}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{6F72B477-A5A8-4E61-8D76-B885CB811AB2}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{74ED34F6-1857-4609-910D-C7FE3C285070}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{7C677338-9597-4501-A344-6828FFEFAA69}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{8B93D844-9E10-4B6D-BB7D-82AB2BAB7FB0}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{8E1622B1-50DB-4F9D-A494-DB3BAD006667}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{913DB2B8-D3E9-4C78-9DB9-2F0C03B96D25}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{9612B7D6-5C35-4AD6-AD6D-A6076F08AA32}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{973F2704-28F6-4DB4-84FF-7422BDFF5BA8}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{9A60DEB9-5C10-450B-AF46-0357D9E6F923}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{9D71B3B6-2DE5-46D9-9B95-C43780A5A463}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{9DC79DCA-1A11-4FC2-A62D-A38A68A3517D}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{A3E08639-356B-4586-84C3-5563CDFAE5C4}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{A69797A6-0D74-41C5-9CDE-FB9ACFD41CCF}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{B72E544B-B6CA-4DF6-B64C-8D1EBFE81E84}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{B8ECDD73-A755-4A39-B3ED-C407058F9972}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{BAC366AB-F179-4292-B7EE-0DF33F116ADA}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{BB870890-A0F3-4E54-9C16-75400FADA2F3}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{BF93028B-401B-4D9A-AB4A-43CAEBD9E345}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{C1E1918A-1E88-44E3-B0F0-D2E28855A1D0}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{C5A5ECBD-4FF8-42DA-BE22-5A7D3DCEE208}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{CED802DE-2885-4A97-B845-EA6E2913FDD2}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{D4D29C0C-D979-46F3-ADFC-F8CB9C573861}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{D5ADEB31-318F-4E49-A396-7E76BF9FF3AA}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{E951E2F6-3726-4C1D-AF25-9174223FE699}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{EBDCC0D7-3771-4F66-A2CF-1D35CD17E0EC}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{FA2DEC8E-F226-4A38-8148-9EF6F08250BE}
Successfully deleted: [Empty Folder] C:\Users\Leni\appdata\local\{FD410F00-2915-42CA-94F4-DEE85E378CB3}
~~~ FireFox
Emptied folder: C:\Users\Leni\AppData\Roaming\mozilla\firefox\profiles\dv7phbpt.default\minidumps [10 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.05.2014 at 17:41:07,09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Schon vor einiger Zeit ausprobiert und da war s genau das selbe Spiel. Damals habe ich ihn nur im abgesicherten Modus mit Systemwiederherstellung zum Laufen bekommen. Soll ich das wieder tun? |
|
08.05.2014, 18:39
| #8 | |
| /// TB-Ausbilder | Virus lässt sich nur kurzzeitig entfernen! Gebläse ist nach dem Neustart wieder laut.Zitat:
 |
|
09.05.2014, 12:28
| #9 |
| | Virus lässt sich nur kurzzeitig entfernen! Gebläse ist nach dem Neustart wieder laut. gut, getan. Und nun? |
|
09.05.2014, 12:57
| #10 |
| /// TB-Ausbilder | Virus lässt sich nur kurzzeitig entfernen! Gebläse ist nach dem Neustart wieder laut. Schritt 1 Bitte deaktiviere dein Anti-Viren-Programm, da es das Ergebnis beeinflussen oder ggf. die Bereinigung stören kann. Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/ und speichere die Datei auf deinem Desktop.
Schritt 2 Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan. FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt). Poste mir beide Logdateien mit deiner nächsten Antwort. Bitte poste mit deiner nächsten Antwort
|
|
11.05.2014, 17:55
| #11 |
| | Virus lässt sich nur kurzzeitig entfernen! Gebläse ist nach dem Neustart wieder laut. Zoek: Code:
ATTFilter Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Leni on 11.05.2014 at 18:30:04,20.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Leni\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
11.05.2014 18:33:39 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3441396947-3629565981-192710641-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_USERS\S-1-5-21-3441396947-3629565981-192710641-1000\Software\Microsoft\Internet Explorer\SearchScopes\{63DB1E96-4682-4D64-8E61-5C7CD335DDEC} deleted successfully
HKEY_USERS\S-1-5-21-3441396947-3629565981-192710641-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32004B8A-44A9-43E7-84E9-808838809519} deleted successfully
HKEY_USERS\S-1-5-21-3441396947-3629565981-192710641-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully
HKEY_USERS\S-1-5-21-3441396947-3629565981-192710641-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully
HKEY_USERS\S-1-5-21-3441396947-3629565981-192710641-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-3441396947-3629565981-192710641-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Leni\AppData\Roaming\Mozilla\Firefox\Profiles\dv7phbpt.default\prefs.js:
user_pref("browser.search.defaultengine", "Google");
user_pref("keyword.URL", "https://www.google.com/search");
Added to C:\Users\Leni\AppData\Roaming\Mozilla\Firefox\Profiles\dv7phbpt.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
ProfilePath: C:\Users\Leni\AppData\Roaming\Mozilla\Firefox\Profiles\dv7phbpt.default
user.js not found
---- Lines mysearch removed from prefs.js ----
user_pref("extensions.irmysearch.aflt", "dvd_14_13_ch");
user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0EtCtByEyDyC0ByCyBzztN0D0Tzu0SzztCzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1
user_pref("extensions.irmysearch.cr", "1423007843");
user_pref("extensions.irmysearch.instlRef", "140305_b");
---- FireFox user.js and prefs.js backups ----
prefs__1840_.backup
==== Deleting Files \ Folders ======================
C:\PROGRA~3\OneKey Recovery deleted
C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
C:\PROGRA~2\Wondershare deleted
C:\PROGRA~2\COMMON~1\Wondershare deleted
C:\Users\Leni\AppData\Roaming\Wondershare deleted
C:\Users\Leni\AppData\Local\APN deleted
C:\Users\Leni\AppData\Local\Wondershare deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted
C:\Users\Leni\Downloads\FreeYouTubeToMP3Converter_3.12.31.325 (1).exe deleted
C:\Users\Leni\Downloads\FreeYouTubeToMP3Converter_3.12.31.325.exe deleted
C:\windows\Syswow64\sho5BE2.tmp deleted
C:\windows\Syswow64\sho95D5.tmp deleted
C:\windows\Syswow64\shoDA5E.tmp deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}"="C:\Program Files (x86)\EgisTec BioExcess\FFExt" [25.03.2012 15:30]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{B64D9B05-48E1-4CEB-BF58-E0643994E900}"="C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff" [29.03.2014 15:46]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Leni\AppData\Roaming\Mozilla\Firefox\Profiles\dv7phbpt.default
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
==== Chrome Look ======================
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
nikpibnbobmbdbheedjfogjlikpgpnhp - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx[20.03.2014 19:06]
AdBlock - Leni\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Ghostery - Leni\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij
==== Chrome Fix ======================
C:\Users\Leni\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fmlgoencnlndpglbocajlimaikjohmab_0.localstorage deleted successfully
C:\Users\Leni\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fmlgoencnlndpglbocajlimaikjohmab_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
C:\Users\Leni\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Leni\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyOverride"="*.local"
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lenovo EE Boot Optimizer deleted successfully
==== Empty IE Cache ======================
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Leni\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Leni\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Leni\AppData\Local\Mozilla\Firefox\Profiles\dv7phbpt.default\Cache will be emptied at reboot
==== Empty Chrome Cache ======================
C:\Users\Leni\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache is not empty, a reboot is needed
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=306 folders=65 55084972 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Leni\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\windows\Temp successfully emptied
C:\Users\Leni\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Leni\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8EUKG2K\www.tape.tv" not found
==== EOF on 11.05.2014 at 18:47:39,50 ======================
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014
Ran by Leni (administrator) on LENI-PC on 11-05-2014 18:51:06
Running from C:\Users\Leni\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\ipmgui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2012-03-25] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-03-25] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202096 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [VitaKeyTSR] => C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [383344 2010-12-14] (Egis Technology Inc. )
HKLM-x32\...\Run: [PLTSR] => C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe [364400 2010-10-22] (Egis Technology Inc. )
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2010-12-24] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [224352 2010-12-24] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3441396947-3629565981-192710641-1000\...\Run: [GoogleChromeAutoLaunch_DEBFF46A2282E58548F9708F9B8BD2C7] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-04-24] (Google Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: EgisPBIE Class - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll (Egis Technology Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: EgisPBIE Class - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll (Egis Technology Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Leni\AppData\Roaming\Mozilla\Firefox\Profiles\dv7phbpt.default
FF NewTab: hxxp://www.google.com/
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Leni\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Leni\AppData\Roaming\Mozilla\Firefox\Profiles\dv7phbpt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-25]
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\EgisTec BioExcess\FFExt
FF Extension: Online Accounts Extension - C:\Program Files (x86)\EgisTec BioExcess\FFExt [2012-03-25]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []
Chrome:
=======
CHR Extension: (Google Wallet) - C:\Users\Leni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-03-29]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [956192 2011-02-15] (Broadcom Corporation.)
R2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. )
S4 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143552 2012-04-05] (TuneUp Software)
==================== Drivers (Whitelisted) ====================
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-28] (Avira Operations GmbH & Co. KG)
R3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [3293272 2010-12-23] (Windows (R) Win 7 DDK provider)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-03-29] (TuneUp Software)
R3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2011-11-17] (Wondershare)
U3 BcmSqlStartupSvc;
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 CLKMSVC10_3A60B698;
U2 CLKMSVC10_C3B3B687;
U2 DriverService;
U2 IAStorDataMgrSvc;
U2 iATAgentService;
U2 idealife Update Service;
U3 IGRS;
U2 IviRegMgr;
U2 nvUpdatusService;
U2 Oasis2Service;
U2 PCCarerService;
U2 ReadyComm.DirectRouter;
U2 RichVideo;
U2 RtLedService;
U2 SeaPort;
U2 SoftwareService;
U3 SQLWriter;
U2 Stereo Service;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-11 18:50 - 2014-05-11 18:50 - 00000000 ____D () C:\Users\Leni\Desktop\FRST-OlderVersion
2014-05-11 18:43 - 2014-05-11 18:43 - 00000162 _____ () C:\folders.txt
2014-05-11 18:43 - 2014-05-11 18:29 - 00024064 _____ () C:\windows\zoek-delete.exe
2014-05-11 18:32 - 2014-05-11 18:47 - 00010283 _____ () C:\zoek-results.log
2014-05-11 18:29 - 2014-05-11 18:42 - 00000000 ____D () C:\zoek_backup
2014-05-11 18:29 - 2014-05-11 18:29 - 01285120 _____ () C:\Users\Leni\Desktop\zoek.exe
2014-05-09 15:11 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-09 15:11 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-09 15:11 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-09 15:11 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-08 17:45 - 2014-05-09 13:21 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-08 17:41 - 2014-05-08 17:41 - 00007362 _____ () C:\Users\Leni\Desktop\JRT.txt
2014-05-07 20:12 - 2014-05-07 20:12 - 00015727 _____ () C:\ComboFix.txt
2014-05-07 19:53 - 2014-05-07 20:12 - 00000000 ____D () C:\Qoobox
2014-05-07 19:53 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2014-05-07 19:53 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2014-05-07 19:53 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-05-07 19:53 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-05-07 19:53 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-05-07 19:53 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2014-05-07 19:53 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2014-05-07 19:53 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2014-05-07 19:52 - 2014-05-07 20:11 - 00000000 ____D () C:\windows\erdnt
2014-05-07 19:52 - 2014-05-07 19:52 - 05200039 ____R (Swearware) C:\Users\Leni\Downloads\ComboFix.exe
2014-05-07 18:56 - 2014-05-07 18:56 - 00262144 _____ () C:\windows\Minidump\050714-21559-01.dmp
2014-05-07 18:39 - 2014-05-07 18:39 - 00380416 _____ () C:\Users\Leni\Downloads\Gmer-19357.exe
2014-05-07 18:34 - 2014-05-11 18:51 - 00014683 _____ () C:\Users\Leni\Desktop\FRST.txt
2014-05-07 18:34 - 2014-05-07 18:34 - 00027206 _____ () C:\Users\Leni\Downloads\Addition2.txt
2014-05-07 18:33 - 2014-05-07 18:33 - 00027206 _____ () C:\Users\Leni\Downloads\Addition.txt
2014-05-07 18:32 - 2014-05-07 18:33 - 00039046 _____ () C:\Users\Leni\Downloads\FRST.txt
2014-05-07 18:31 - 2014-05-11 18:51 - 00000000 ____D () C:\FRST
2014-05-07 18:30 - 2014-05-11 18:50 - 02066432 _____ (Farbar) C:\Users\Leni\Desktop\FRST64.exe
2014-05-07 18:28 - 2014-05-07 18:28 - 00050477 _____ () C:\Users\Leni\Downloads\Defogger.exe
2014-05-07 18:28 - 2014-05-07 18:28 - 00000470 _____ () C:\Users\Leni\Downloads\defogger_disable.log
2014-05-07 18:28 - 2014-05-07 18:28 - 00000000 _____ () C:\Users\Leni\defogger_reenable
2014-05-06 23:35 - 2014-05-06 23:35 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-05-06 23:35 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-05-06 23:35 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-05-06 23:35 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-05-06 23:35 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-05-06 23:35 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-05-06 23:35 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-05-06 23:35 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-05-06 23:35 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-05-06 23:35 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-05-06 23:35 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-05-06 23:35 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-05-06 23:35 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-05-06 23:35 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-05-06 23:35 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-05-06 23:35 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-05-06 23:35 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-05-06 23:35 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-05-06 23:35 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-05-06 23:35 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-05-06 23:35 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-05-06 23:35 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-05-06 23:35 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-05-06 23:35 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-05-06 23:35 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-05-06 23:35 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-05-06 23:35 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-05-06 23:35 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-05-06 23:35 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-05-06 23:35 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-05-06 23:35 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-05-06 23:35 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-06 23:35 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-05-06 23:35 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-05-06 23:35 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-05-06 23:35 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-05-06 23:35 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-05-06 23:35 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-05-06 23:35 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-05-06 23:35 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-05-06 23:35 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-05-06 23:35 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-05-06 23:35 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-05-06 23:35 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-05-06 23:35 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-05-06 19:22 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-05-06 19:22 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-05-05 20:44 - 2014-05-05 20:44 - 01316991 _____ () C:\Users\Leni\Downloads\adwcleaner.exe
2014-05-05 20:44 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-05-05 20:43 - 2014-05-05 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soft-Now bundle
2014-05-05 20:43 - 2014-05-05 20:43 - 00686664 _____ ( ) C:\Users\Leni\Downloads\COMPUTER_BILD-Download-Manager_fuer_adwcleaner.exe
2014-05-05 20:40 - 2014-05-05 20:40 - 00000000 ____D () C:\Users\Leni\Downloads\AdwCleaner_TSA12XTM8
==================== One Month Modified Files and Folders =======
2014-05-11 18:51 - 2014-05-07 18:34 - 00014683 _____ () C:\Users\Leni\Desktop\FRST.txt
2014-05-11 18:51 - 2014-05-07 18:31 - 00000000 ____D () C:\FRST
2014-05-11 18:50 - 2014-05-11 18:50 - 00000000 ____D () C:\Users\Leni\Desktop\FRST-OlderVersion
2014-05-11 18:50 - 2014-05-07 18:30 - 02066432 _____ (Farbar) C:\Users\Leni\Desktop\FRST64.exe
2014-05-11 18:50 - 2012-03-25 14:54 - 01755375 _____ () C:\windows\WindowsUpdate.log
2014-05-11 18:47 - 2014-05-11 18:32 - 00010283 _____ () C:\zoek-results.log
2014-05-11 18:46 - 2012-03-25 15:41 - 00001120 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-11 18:46 - 2010-11-21 05:47 - 00665364 _____ () C:\windows\PFRO.log
2014-05-11 18:46 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-05-11 18:46 - 2009-07-14 06:51 - 00115706 _____ () C:\windows\setupact.log
2014-05-11 18:43 - 2014-05-11 18:43 - 00000162 _____ () C:\folders.txt
2014-05-11 18:42 - 2014-05-11 18:29 - 00000000 ____D () C:\zoek_backup
2014-05-11 18:38 - 2013-02-27 21:02 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-05-11 18:32 - 2012-03-25 15:41 - 00001124 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-11 18:29 - 2014-05-11 18:43 - 00024064 _____ () C:\windows\zoek-delete.exe
2014-05-11 18:29 - 2014-05-11 18:29 - 01285120 _____ () C:\Users\Leni\Desktop\zoek.exe
2014-05-11 18:29 - 2014-01-16 15:35 - 00001912 _____ () C:\windows\epplauncher.mif
2014-05-11 17:20 - 2013-09-30 20:15 - 00000924 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3441396947-3629565981-192710641-1000UA.job
2014-05-11 16:53 - 2009-07-14 06:45 - 00021072 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-11 16:53 - 2009-07-14 06:45 - 00021072 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-11 16:51 - 2012-03-25 22:45 - 00700134 _____ () C:\windows\system32\perfh007.dat
2014-05-11 16:51 - 2012-03-25 22:45 - 00149984 _____ () C:\windows\system32\perfc007.dat
2014-05-11 16:51 - 2009-07-14 07:13 - 01622300 _____ () C:\windows\system32\PerfStringBackup.INI
2014-05-09 13:21 - 2014-05-08 17:45 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-09 13:21 - 2014-04-07 17:33 - 00000000 ____D () C:\AdwCleaner
2014-05-09 13:21 - 2012-05-11 14:19 - 00000000 ____D () C:\Users\Leni\AppData\Local\BioExcess
2014-05-09 13:21 - 2012-05-11 14:16 - 00000000 ____D () C:\Users\Leni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-05-09 13:21 - 2012-05-11 14:16 - 00000000 ____D () C:\Users\Leni
2014-05-09 13:21 - 2012-03-25 15:34 - 00000000 ____D () C:\ProgramData\Port Locker
2014-05-09 13:21 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-05-09 13:21 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\registration
2014-05-08 17:45 - 2013-11-02 14:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-08 17:41 - 2014-05-08 17:41 - 00007362 _____ () C:\Users\Leni\Desktop\JRT.txt
2014-05-07 20:20 - 2013-09-30 20:15 - 00000902 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3441396947-3629565981-192710641-1000Core.job
2014-05-07 20:12 - 2014-05-07 20:12 - 00015727 _____ () C:\ComboFix.txt
2014-05-07 20:12 - 2014-05-07 19:53 - 00000000 ____D () C:\Qoobox
2014-05-07 20:12 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-05-07 20:11 - 2014-05-07 19:52 - 00000000 ____D () C:\windows\erdnt
2014-05-07 20:06 - 2009-07-14 04:34 - 00000215 _____ () C:\windows\system.ini
2014-05-07 19:52 - 2014-05-07 19:52 - 05200039 ____R (Swearware) C:\Users\Leni\Downloads\ComboFix.exe
2014-05-07 19:46 - 2014-02-11 22:35 - 00000000 ____D () C:\Users\Leni\Desktop\lisa
2014-05-07 19:46 - 2013-06-02 11:50 - 00000000 ____D () C:\Users\Leni\Desktop\kleiderkreisel
2014-05-07 18:56 - 2014-05-07 18:56 - 00262144 _____ () C:\windows\Minidump\050714-21559-01.dmp
2014-05-07 18:56 - 2013-07-10 21:50 - 540163794 _____ () C:\windows\MEMORY.DMP
2014-05-07 18:56 - 2013-07-10 21:50 - 00000000 ____D () C:\windows\Minidump
2014-05-07 18:39 - 2014-05-07 18:39 - 00380416 _____ () C:\Users\Leni\Downloads\Gmer-19357.exe
2014-05-07 18:34 - 2014-05-07 18:34 - 00027206 _____ () C:\Users\Leni\Downloads\Addition2.txt
2014-05-07 18:33 - 2014-05-07 18:33 - 00027206 _____ () C:\Users\Leni\Downloads\Addition.txt
2014-05-07 18:33 - 2014-05-07 18:32 - 00039046 _____ () C:\Users\Leni\Downloads\FRST.txt
2014-05-07 18:28 - 2014-05-07 18:28 - 00050477 _____ () C:\Users\Leni\Downloads\Defogger.exe
2014-05-07 18:28 - 2014-05-07 18:28 - 00000470 _____ () C:\Users\Leni\Downloads\defogger_disable.log
2014-05-07 18:28 - 2014-05-07 18:28 - 00000000 _____ () C:\Users\Leni\defogger_reenable
2014-05-07 13:38 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-05-07 13:37 - 2013-02-28 16:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-06 23:35 - 2014-05-06 23:35 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-05-06 21:27 - 2012-03-25 15:41 - 00004120 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-06 21:27 - 2012-03-25 15:41 - 00003868 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 16:02 - 2013-07-15 17:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-05 20:50 - 2014-05-05 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soft-Now bundle
2014-05-05 20:44 - 2014-05-05 20:44 - 01316991 _____ () C:\Users\Leni\Downloads\adwcleaner.exe
2014-05-05 20:43 - 2014-05-05 20:43 - 00686664 _____ ( ) C:\Users\Leni\Downloads\COMPUTER_BILD-Download-Manager_fuer_adwcleaner.exe
2014-05-05 20:40 - 2014-05-05 20:40 - 00000000 ____D () C:\Users\Leni\Downloads\AdwCleaner_TSA12XTM8
2014-04-29 22:28 - 2012-03-25 15:42 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-29 16:01 - 2014-05-09 15:11 - 23547904 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-04-29 15:40 - 2014-05-09 15:11 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-04-29 14:48 - 2014-05-09 15:11 - 17384448 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-04-29 14:34 - 2014-05-09 15:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-04-28 00:32 - 2012-05-12 15:03 - 00000000 ____D () C:\Users\Leni\AppData\Roaming\SoftGrid Client
2014-04-22 13:02 - 2014-03-24 00:21 - 00000000 ____D () C:\Users\Leni\Desktop\sozialkunde
2014-04-21 15:06 - 2012-03-31 17:11 - 00000000 ____D () C:\Users\Leni\Downloads\Neuer Ordner (6)
2014-04-14 11:09 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\LiveKernelReports
2014-04-14 04:24 - 2014-05-06 19:22 - 00465408 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-04-14 04:19 - 2014-05-06 19:22 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-04-13 14:23 - 2009-07-14 07:08 - 00032632 _____ () C:\windows\Tasks\SCHEDLGU.TXT
Some content of TEMP:
====================
C:\Users\Leni\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-05 22:10
==================== End Of Log ============================
--- --- --- Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-05-2014
Ran by Leni at 2014-05-11 18:52:01
Running from C:\Users\Leni\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.6) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.6 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM-x32\...\{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}) (Version: 7.0 - Atheros)
aTube Catcher (HKLM-x32\...\aTube Catcher) (Version: 3.8.5187 - DsNET Corp)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
BioExcess (HKLM-x32\...\InstallShield_{E6CB67CC-71D2-46b9-8D43-A4641A9EECB2}) (Version: 7.0.67.0 - Egis Technology Inc.)
BioExcess (Version: 7.0.67.0 - Egis Technology Inc.) Hidden
BioExcess (x32 Version: 7.0.67.0 - Egis Technology Inc.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3623 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.1.3623 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.21.123 - Electronic Arts)
Die Sims™ 3 Lebensfreude (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
druckstdu.de Designer 1.7.1 (HKLM-x32\...\druckstdu.de Designer 1.7.1_is1) (Version: - druckstdu)
EgisTec ES603 WDM Driver (HKLM-x32\...\InstallShield_{AE4167B0-F589-4D2A-BF05-E181D543C49F}) (Version: 3.0.10.4 - Egis Technology Inc.)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.1 - Lenovo)
Energy Management (x32 Version: 6.0.2.1 - Lenovo) Hidden
ES603 WDM Driver (x32 Version: 3.0.10.4 - Egis Technology Inc.) Hidden
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Free YouTube to MP3 Converter version 3.12.32.327 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.32.327 - DVDVideoSoft Ltd.)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
JustCloud (HKLM\...\JustCloud) (Version: - JustCloud)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8000 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{FC9B811E-39BC-4813-9E29-B83CCF700010}) (Version: 2.16.23.3 - Alcor)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo Security Suite (HKLM-x32\...\InstallShield_{0034859F-8E01-4C1D-BE77-F891C4786FBC}) (Version: 2.0.11.0 - Lenovo)
Lenovo Security Suite (x32 Version: 2.0.11.0 - Lenovo) Hidden
Lidl-Fotos (HKLM-x32\...\Lidl-Fotos_is1) (Version: - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
No23 Recorder (HKLM-x32\...\{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}) (Version: 2.1.0.3 - No23)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Port Locker (HKLM-x32\...\InstallShield_{A6FEE06D-C7E1-48CB-A9DF-1E317CF83CA4}) (Version: 1.0.5.24 - Egis Technology Inc.)
Port Locker (Version: 1.0.5.24 - Egis Technology Inc.) Hidden
Port Locker (x32 Version: 1.0.5.24 - Egis Technology Inc.) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6282 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10008 - Realtek Semiconductor Corp.)
Soft-Now bundle (HKLM-x32\...\Soft-Now bundle) (Version: 2.0.0.5 - Soft-Now)
Spotify (HKCU\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.7.0 - Synaptics Incorporated)
TuneUp Utilities 2012 (HKLM-x32\...\TuneUp Utilities 2012) (Version: 12.0.3500.13 - TuneUp Software)
TuneUp Utilities 2012 (x32 Version: 12.0.3500.13 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3500.13 - TuneUp Software) Hidden
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
Wondershare Streaming Audio Recorder(Build 2.1.0.0) (HKLM-x32\...\Wondershare Streaming Audio Recorder_is1) (Version: 2.1.0.0 - Wondershare Software Co.,Ltd.)
==================== Restore Points =========================
17-04-2014 12:56:51 Windows Update
20-04-2014 13:06:28 Windows Update
25-04-2014 08:44:01 Windows Update
29-04-2014 20:19:12 Windows Update
03-05-2014 20:02:32 Windows Update
03-05-2014 20:41:26 Windows Update
06-05-2014 21:34:30 Windows Update
07-05-2014 19:44:45 Windows Update
09-05-2014 13:11:27 Windows Update
11-05-2014 16:32:54 zoek.exe restore point
==================== Hosts content: ==========================
2009-07-14 04:34 - 2014-05-07 20:04 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {08329552-AB93-459F-B8BD-CB0066599BD0} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe [2012-04-05] (TuneUp Software)
Task: {0C0B4344-FC5A-40F0-A950-95711302EE14} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0D07C3EF-FBD3-4038-A53A-0CBD6FA7B693} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2010-12-24] (CyberLink)
Task: {23769987-E229-4920-9B86-52702F522A38} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-25] (Google Inc.)
Task: {62862F20-5CA4-4A27-984C-446F277213C3} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {C4F1882C-08A8-40E9-AE1F-009455E3E170} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-25] (Google Inc.)
Task: {CB5E5E01-7329-4177-844B-77B7AC87B169} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3441396947-3629565981-192710641-1000Core => C:\Users\Leni\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-30] (Facebook Inc.)
Task: {DB97257C-32CD-4556-9C5B-9C17D2EE947E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3441396947-3629565981-192710641-1000UA => C:\Users\Leni\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-30] (Facebook Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3441396947-3629565981-192710641-1000Core.job => C:\Users\Leni\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3441396947-3629565981-192710641-1000UA.job => C:\Users\Leni\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-04-15 07:28 - 2011-03-25 11:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2008-12-20 05:20 - 2012-03-25 15:43 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2008-12-20 05:20 - 2012-03-25 15:43 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2013-02-24 10:21 - 2013-02-24 02:50 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-02-20 21:29 - 2012-02-20 21:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 21:28 - 2012-02-20 21:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-29 22:28 - 2014-04-24 02:33 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
2014-04-29 22:28 - 2014-04-24 02:33 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libglesv2.dll
2014-04-29 22:28 - 2014-04-24 02:33 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libegl.dll
2014-04-29 22:28 - 2014-04-24 02:33 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll
2014-04-29 22:28 - 2014-04-24 02:33 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
2014-04-29 22:28 - 2014-04-24 02:33 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: btwdins => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Leni^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^JustCloud.lnk => C:\windows\pss\JustCloud.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Users\Leni\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: S6000Mnt => C:\windows\SysWOW64\Rundll32.exe S6000Rmv.dll,WinMainRmv /StartStillMnt
MSCONFIG\startupreg: Spotify => "C:\Users\Leni\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Leni\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/11/2014 06:48:13 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/11/2014 04:46:58 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/09/2014 01:26:13 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT) (EventID: 4117)
Description: Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!
Error: (05/09/2014 01:25:41 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT) (EventID: 4117)
Description: Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!
Error: (05/09/2014 01:25:30 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT) (EventID: 4117)
Description: Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!
Error: (05/09/2014 01:25:21 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT) (EventID: 4117)
Description: Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!
Error: (05/09/2014 01:23:48 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/09/2014 01:22:36 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT) (EventID: 4117)
Description: Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!
Error: (05/09/2014 01:18:59 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/08/2014 07:48:29 PM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: m->NextScheduledSPRetry 3449042
System errors:
=============
Error: (05/11/2014 06:40:47 PM) (Source: Service Control Manager) (User: ) (EventID: 7030)
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/11/2014 06:40:47 PM) (Source: Service Control Manager) (User: ) (EventID: 7030)
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/11/2014 06:40:47 PM) (Source: Service Control Manager) (User: ) (EventID: 7030)
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/11/2014 06:40:46 PM) (Source: Service Control Manager) (User: ) (EventID: 7030)
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/11/2014 06:40:45 PM) (Source: Service Control Manager) (User: ) (EventID: 7030)
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/09/2014 01:22:18 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2004)
Description: %%8604.5.0216.02%%8250x80070002Das System kann die angegebene Datei nicht finden. 0.0.0.0;0.0.0.00.0.0.0
Error: (05/09/2014 01:22:18 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2004)
Description: %%8604.5.0216.01%%8240x80070002Das System kann die angegebene Datei nicht finden. 0.0.0.0;0.0.0.00.0.0.0
Error: (05/09/2014 01:19:01 PM) (Source: DCOM) (User: ) (EventID: 10005)
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error: (05/09/2014 01:17:58 PM) (Source: Service Control Manager) (User: ) (EventID: 7001)
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (05/09/2014 01:17:58 PM) (Source: Service Control Manager) (User: ) (EventID: 7001)
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Microsoft Office Sessions:
=========================
Error: (05/11/2014 06:48:13 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/11/2014 04:46:58 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/09/2014 01:26:13 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT) (EventID: 4117)
Description: 0x0
Error: (05/09/2014 01:25:41 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT) (EventID: 4117)
Description: 0x0
Error: (05/09/2014 01:25:30 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT) (EventID: 4117)
Description: 0x0
Error: (05/09/2014 01:25:21 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT) (EventID: 4117)
Description: 0x0
Error: (05/09/2014 01:23:48 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/09/2014 01:22:36 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT) (EventID: 4117)
Description: 0x0
Error: (05/09/2014 01:18:59 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/08/2014 07:48:29 PM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: m->NextScheduledSPRetry 3449042
CodeIntegrity Errors:
===================================
Date: 2014-05-07 20:03:30.019
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-05-07 20:03:29.982
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 50%
Total physical RAM: 4010.14 MB
Available physical RAM: 1992.45 MB
Total Pagefile: 8018.46 MB
Available Pagefile: 6025.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:421.81 GB) (Free:352.68 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:26.79 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 3BFC3715)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=422 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15 GB) - (Type=12)
==================== End Of Log ============================
|
|
11.05.2014, 20:27
| #12 |
| /// TB-Ausbilder | Virus lässt sich nur kurzzeitig entfernen! Gebläse ist nach dem Neustart wieder laut. Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern. Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg. Schritt 1 ESET Online Scanner
Schritt 2 Downloade Dir bitte  SecurityCheck und:
Bitte poste mit deiner nächsten Antwort
|
|
12.05.2014, 19:45
| #13 |
| | Virus lässt sich nur kurzzeitig entfernen! Gebläse ist nach dem Neustart wieder laut. ist das mit dem online Scanner denn unbedenklich? Wenn ich dem Zugriff auf alle meine Daten erlaube? LG und schon mal danke für die geduldige Hilfe bis jetzt |
|
13.05.2014, 16:33
| #14 | |
| /// TB-Ausbilder | Virus lässt sich nur kurzzeitig entfernen! Gebläse ist nach dem Neustart wieder laut.Zitat:
Keine Angst, der wurde schon tausendfach verwendet. |
|
16.05.2014, 14:51
| #15 |
| /// TB-Ausbilder | Virus lässt sich nur kurzzeitig entfernen! Gebläse ist nach dem Neustart wieder laut. Ich bin froh, dass wir helfen konnten In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest: Lob, Kritik und Wünsche Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
|
| Themen zu Virus lässt sich nur kurzzeitig entfernen! Gebläse ist nach dem Neustart wieder laut. |
| adwearcleaner, avira, beseitigen, betriebssystem, daten, eingefangen, entfernen, formatieren, gen, hochfahren, kaufen, lüftung, modus, neu, neustart, nichts, problem, programm, schwer, viren, virus, virus beseitigen, voll, windows, windows 7, wirklich, wissens |
Linear-Darstellung
