Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Ich bin Teil von einem server, also ich habe einen Administrator über mir

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 12.04.2015, 06:23   #1
yazoon
 
Ich bin Teil von einem server, also ich habe einen Administrator über mir - Standard

Ich bin Teil von einem server, also ich habe einen Administrator über mir



Ich kann mich nicht von einem fremden server lösen, ich habe mein win 7 neuinstalliert zonealarm und spy boot installert und malware gefunden und gelöscht danach habe ich es mit otl oldtimer mit einem kompletten scan für alles und alle benutzer gescannt, habe aber dann nach 2 stunden bei "bereinigen" denn laptop ausgeschaltet da sich otl nicht ausschalten ließ
immer wieder bekomme ich nachrichten von zone Alarm das Pakete geblockt werden.
Ich bin Also immer noch mit einem Server verbunden. habe alle Remoteverbindungen gekappt
Weiß jetzt nicht mehr weiter. gruß

Alt 12.04.2015, 06:53   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Ich bin Teil von einem server, also ich habe einen Administrator über mir - Standard

Ich bin Teil von einem server, also ich habe einen Administrator über mir



hi,

Screenshot von den Meldungen bitte.


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 12.04.2015, 14:07   #3
yazoon
 
Ich bin Teil von einem server, also ich habe einen Administrator über mir - Standard

Ich bin Teil von einem server, also ich habe einen Administrator über mir



Hallo, ich weiß nicht wie ich die dateien posten kann gruß yazoon

AditionFRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-04-2015
Ran by yazoon at 2015-04-12 14:45:12
Running from C:\Users\yazoon\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ZoneAlarm Antivirus (Enabled - Up to date) {23B6D20A-C2DE-B3F5-C67D-07ECD854E6A9}
AS: ZoneAlarm Anti-Spyware (Enabled - Up to date) {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: ZoneAlarm Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 de) (HKLM\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.2 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
ZoneAlarm Antivirus (Version: 13.3.052.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (Version: 13.3.052.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Antivirus + Firewall (HKLM\...\ZoneAlarm Free Antivirus + Firewall) (Version: 13.3.052.000 - Check Point)
ZoneAlarm Security (Version: 13.3.052.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar  (HKLM\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)
ZoneAlarm Security Toolbar  (HKU\S-1-5-21-3545629256-1271623422-3480388008-1000\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

11-04-2015 18:48:39 Windows Update
11-04-2015 21:36:06 Windows Live Essentials
11-04-2015 21:39:10 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2015-04-11 20:20 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	032439.com
127.0.0.1	032439.com
127.0.0.1	0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	1000gratisproben.com - Informationen zum Thema 1000gratisproben. Diese Website steht zum Verkauf!
127.0.0.1	1001namen.com
127.0.0.1	A Summary of Disability Insurance | AbigailSoap.com | Your Best Source for Knowledge
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	100sexlinks.com - Informationen zum Thema Sex links. Diese Website steht zum Verkauf!
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	Gadgets And More
127.0.0.1	1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {3828AF08-EE88-487B-A64A-A209E365AAAD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {3FBCA4EA-B07A-4D8A-AE10-4E4D611FB617} - System32\Tasks\{7B1607FA-AB9C-4D5A-AC44-EFD58BFEA542} => pcalua.exe -a C:\Users\yazoon\Documents\Programme\wlsetup3528-all.exe -d C:\Users\yazoon\Documents\Programme
Task: {89938D41-E75D-4196-9490-EE489A1D8036} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {AAD8C560-5069-4E1B-AF0C-A1CA3938E6A4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {D40618EE-B27F-4D30-B6C1-62B7E008B303} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (whitelisted) ==============

2015-04-11 18:51 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-04-11 18:51 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-04-11 18:51 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-02-19 23:40 - 2015-02-19 23:40 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-04-11 18:51 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-04-11 18:51 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3545629256-1271623422-3480388008-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\yazoon\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3545629256-1271623422-3480388008-500 - Administrator - Disabled)
Gast (S-1-5-21-3545629256-1271623422-3480388008-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3545629256-1271623422-3480388008-1002 - Limited - Enabled)
yazoon (S-1-5-21-3545629256-1271623422-3480388008-1000 - Administrator - Enabled) => C:\Users\yazoon

==================== Faulty Device Manager Devices =============

Name: Atheros AR5007EG-Drathlosnetzwerkadapter
Description: Atheros AR5007EG-Drathlosnetzwerkadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/12/2015 02:15:45 PM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.

Error: (04/12/2015 02:13:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2015 06:34:28 AM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.

Error: (04/12/2015 06:32:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2015 05:25:13 AM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.

Error: (04/12/2015 05:22:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2015 05:10:40 AM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.

Error: (04/12/2015 05:07:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2015 05:04:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/11/2015 10:10:09 PM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.


System errors:
=============
Error: (04/12/2015 02:14:08 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (04/12/2015 07:40:52 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (04/12/2015 05:24:26 AM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{510CB267-239D-4290-99C0-D838047898FC} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (04/12/2015 05:23:26 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (04/12/2015 05:04:44 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147024846.

Error: (04/12/2015 05:04:44 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT-AUTORITÄT)
Description: Fehler beim Starten des BITS-Dienstes. Fehler: 2147942450.

Error: (04/12/2015 05:04:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (04/12/2015 05:04:38 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WSearch" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%50

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (04/12/2015 05:04:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Diagnosediensthost" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (04/12/2015 05:04:38 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WdiServiceHost" konnte sich nicht als "NT AUTHORITY\LocalService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%50

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).


Microsoft Office Sessions:
=========================
Error: (04/12/2015 02:15:45 PM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.

Error: (04/12/2015 02:13:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2015 06:34:28 AM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.

Error: (04/12/2015 06:32:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2015 05:25:13 AM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.

Error: (04/12/2015 05:22:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2015 05:10:40 AM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.

Error: (04/12/2015 05:07:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2015 05:04:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/11/2015 10:10:09 PM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.


==================== Memory info =========================== 

Processor: AMD Sempron(tm) SI-40
Percentage of memory in use: 84%
Total physical RAM: 765.83 MB
Available physical RAM: 118.89 MB
Total Pagefile: 1789.83 MB
Available Pagefile: 383.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.27 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:101.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 0005E737)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
--- --- ---

AditionFRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-04-2015
Ran by yazoon at 2015-04-12 14:45:12
Running from C:\Users\yazoon\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ZoneAlarm Antivirus (Enabled - Up to date) {23B6D20A-C2DE-B3F5-C67D-07ECD854E6A9}
AS: ZoneAlarm Anti-Spyware (Enabled - Up to date) {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: ZoneAlarm Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 de) (HKLM\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.2 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
ZoneAlarm Antivirus (Version: 13.3.052.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (Version: 13.3.052.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Antivirus + Firewall (HKLM\...\ZoneAlarm Free Antivirus + Firewall) (Version: 13.3.052.000 - Check Point)
ZoneAlarm Security (Version: 13.3.052.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar  (HKLM\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)
ZoneAlarm Security Toolbar  (HKU\S-1-5-21-3545629256-1271623422-3480388008-1000\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

11-04-2015 18:48:39 Windows Update
11-04-2015 21:36:06 Windows Live Essentials
11-04-2015 21:39:10 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2015-04-11 20:20 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	032439.com
127.0.0.1	032439.com
127.0.0.1	0scan.com - Informationen zum Thema 0scan. Diese Website steht zum Verkauf!
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	Coach Factory Store insurance | ShopFastMall.com | Your Best Source for Knowledge
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	100sexlinks.com - Informationen zum Thema Sex links. Diese Website steht zum Verkauf!
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	Gadgets And More
127.0.0.1	1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {3828AF08-EE88-487B-A64A-A209E365AAAD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {3FBCA4EA-B07A-4D8A-AE10-4E4D611FB617} - System32\Tasks\{7B1607FA-AB9C-4D5A-AC44-EFD58BFEA542} => pcalua.exe -a C:\Users\yazoon\Documents\Programme\wlsetup3528-all.exe -d C:\Users\yazoon\Documents\Programme
Task: {89938D41-E75D-4196-9490-EE489A1D8036} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {AAD8C560-5069-4E1B-AF0C-A1CA3938E6A4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {D40618EE-B27F-4D30-B6C1-62B7E008B303} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (whitelisted) ==============

2015-04-11 18:51 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-04-11 18:51 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-04-11 18:51 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-02-19 23:40 - 2015-02-19 23:40 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-04-11 18:51 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-04-11 18:51 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3545629256-1271623422-3480388008-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\yazoon\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3545629256-1271623422-3480388008-500 - Administrator - Disabled)
Gast (S-1-5-21-3545629256-1271623422-3480388008-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3545629256-1271623422-3480388008-1002 - Limited - Enabled)
yazoon (S-1-5-21-3545629256-1271623422-3480388008-1000 - Administrator - Enabled) => C:\Users\yazoon

==================== Faulty Device Manager Devices =============

Name: Atheros AR5007EG-Drathlosnetzwerkadapter
Description: Atheros AR5007EG-Drathlosnetzwerkadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/12/2015 02:15:45 PM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.

Error: (04/12/2015 02:13:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2015 06:34:28 AM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.

Error: (04/12/2015 06:32:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2015 05:25:13 AM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.

Error: (04/12/2015 05:22:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2015 05:10:40 AM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.

Error: (04/12/2015 05:07:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2015 05:04:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/11/2015 10:10:09 PM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.


System errors:
=============
Error: (04/12/2015 02:14:08 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (04/12/2015 07:40:52 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (04/12/2015 05:24:26 AM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{510CB267-239D-4290-99C0-D838047898FC} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (04/12/2015 05:23:26 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (04/12/2015 05:04:44 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147024846.

Error: (04/12/2015 05:04:44 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT-AUTORITÄT)
Description: Fehler beim Starten des BITS-Dienstes. Fehler: 2147942450.

Error: (04/12/2015 05:04:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (04/12/2015 05:04:38 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WSearch" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%50

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (04/12/2015 05:04:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Diagnosediensthost" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (04/12/2015 05:04:38 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WdiServiceHost" konnte sich nicht als "NT AUTHORITY\LocalService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%50

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).


Microsoft Office Sessions:
=========================
Error: (04/12/2015 02:15:45 PM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.

Error: (04/12/2015 02:13:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2015 06:34:28 AM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.

Error: (04/12/2015 06:32:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2015 05:25:13 AM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.

Error: (04/12/2015 05:22:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2015 05:10:40 AM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.

Error: (04/12/2015 05:07:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2015 05:04:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/11/2015 10:10:09 PM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.


==================== Memory info =========================== 

Processor: AMD Sempron(tm) SI-40
Percentage of memory in use: 84%
Total physical RAM: 765.83 MB
Available physical RAM: 118.89 MB
Total Pagefile: 1789.83 MB
Available Pagefile: 383.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.27 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:101.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 0005E737)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
--- --- ---

AditionFRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-04-2015
Ran by yazoon at 2015-04-12 14:45:12
Running from C:\Users\yazoon\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ZoneAlarm Antivirus (Enabled - Up to date) {23B6D20A-C2DE-B3F5-C67D-07ECD854E6A9}
AS: ZoneAlarm Anti-Spyware (Enabled - Up to date) {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: ZoneAlarm Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 de) (HKLM\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.2 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
ZoneAlarm Antivirus (Version: 13.3.052.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (Version: 13.3.052.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Antivirus + Firewall (HKLM\...\ZoneAlarm Free Antivirus + Firewall) (Version: 13.3.052.000 - Check Point)
ZoneAlarm Security (Version: 13.3.052.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar  (HKLM\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)
ZoneAlarm Security Toolbar  (HKU\S-1-5-21-3545629256-1271623422-3480388008-1000\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

11-04-2015 18:48:39 Windows Update
11-04-2015 21:36:06 Windows Live Essentials
11-04-2015 21:39:10 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2015-04-11 20:20 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	032439.com
127.0.0.1	032439.com
127.0.0.1	0Scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	1000gratisproben.com - Informationen zum Thema 1000gratisproben. Diese Website steht zum Verkauf!
127.0.0.1	1001namen.com
127.0.0.1	Huebner.xyz | Your Best Source for Knowledge |
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	100sexlinks.com - Informationen zum Thema Sex links. Diese Website steht zum Verkauf!
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	Gadgets And More
127.0.0.1	1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {3828AF08-EE88-487B-A64A-A209E365AAAD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {3FBCA4EA-B07A-4D8A-AE10-4E4D611FB617} - System32\Tasks\{7B1607FA-AB9C-4D5A-AC44-EFD58BFEA542} => pcalua.exe -a C:\Users\yazoon\Documents\Programme\wlsetup3528-all.exe -d C:\Users\yazoon\Documents\Programme
Task: {89938D41-E75D-4196-9490-EE489A1D8036} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {AAD8C560-5069-4E1B-AF0C-A1CA3938E6A4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {D40618EE-B27F-4D30-B6C1-62B7E008B303} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (whitelisted) ==============

2015-04-11 18:51 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-04-11 18:51 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-04-11 18:51 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-02-19 23:40 - 2015-02-19 23:40 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-04-11 18:51 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-04-11 18:51 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3545629256-1271623422-3480388008-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\yazoon\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3545629256-1271623422-3480388008-500 - Administrator - Disabled)
Gast (S-1-5-21-3545629256-1271623422-3480388008-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3545629256-1271623422-3480388008-1002 - Limited - Enabled)
yazoon (S-1-5-21-3545629256-1271623422-3480388008-1000 - Administrator - Enabled) => C:\Users\yazoon

==================== Faulty Device Manager Devices =============

Name: Atheros AR5007EG-Drathlosnetzwerkadapter
Description: Atheros AR5007EG-Drathlosnetzwerkadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/12/2015 02:15:45 PM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.

Error: (04/12/2015 02:13:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2015 06:34:28 AM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.

Error: (04/12/2015 06:32:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2015 05:25:13 AM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.

Error: (04/12/2015 05:22:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2015 05:10:40 AM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.

Error: (04/12/2015 05:07:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2015 05:04:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/11/2015 10:10:09 PM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.


System errors:
=============
Error: (04/12/2015 02:14:08 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (04/12/2015 07:40:52 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (04/12/2015 05:24:26 AM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{510CB267-239D-4290-99C0-D838047898FC} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (04/12/2015 05:23:26 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (04/12/2015 05:04:44 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147024846.

Error: (04/12/2015 05:04:44 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT-AUTORITÄT)
Description: Fehler beim Starten des BITS-Dienstes. Fehler: 2147942450.

Error: (04/12/2015 05:04:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (04/12/2015 05:04:38 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WSearch" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%50

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (04/12/2015 05:04:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Diagnosediensthost" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (04/12/2015 05:04:38 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WdiServiceHost" konnte sich nicht als "NT AUTHORITY\LocalService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%50

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).


Microsoft Office Sessions:
=========================
Error: (04/12/2015 02:15:45 PM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.

Error: (04/12/2015 02:13:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2015 06:34:28 AM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.

Error: (04/12/2015 06:32:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2015 05:25:13 AM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.

Error: (04/12/2015 05:22:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2015 05:10:40 AM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.

Error: (04/12/2015 05:07:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2015 05:04:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/11/2015 10:10:09 PM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a.


==================== Memory info =========================== 

Processor: AMD Sempron(tm) SI-40
Percentage of memory in use: 84%
Total physical RAM: 765.83 MB
Available physical RAM: 118.89 MB
Total Pagefile: 1789.83 MB
Available Pagefile: 383.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.27 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:101.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 0005E737)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
--- --- ---

First
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-04-2015
Ran by yazoon (administrator) on YAZOON-PC on 12-04-2015 14:44:13
Running from C:\Users\yazoon\Desktop
Loaded Profiles: yazoon (Available profiles: yazoon)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Comfort Software Group) C:\Users\yazoon\Desktop\FreeVK.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [134624 2014-07-23] (Check Point Software Technologies Ltd.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-3545629256-1271623422-3480388008-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5503768 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-3545629256-1271623422-3480388008-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-3545629256-1271623422-3480388008-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3545629256-1271623422-3480388008-1000] => localhost:21320
HKU\S-1-5-21-3545629256-1271623422-3480388008-1000\Software\Microsoft\Internet Explorer\Main,Start Page = Google
BHO: Zonealarm Helper Object -> {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} -> C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.29.17\bh\zonealarm.dll [2014-02-26] (Check Point Software Technologies LTD)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Toolbar: HKLM - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmTlbr.dll [2014-02-26] (Check Point Software Technologies LTD)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\yazoon\AppData\Roaming\Mozilla\Firefox\Profiles\qbd1nym4.default
FF Homepage: Google
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [3596240 2014-07-23] (Check Point Software Technologies Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [93712 2014-07-03] (Check Point Software Technologies, Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-06-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [488032 2014-06-10] (Kaspersky Lab ZAO)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [456088 2014-07-23] (Check Point Software Technologies Ltd.)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2014-06-10] (Kaspersky Lab ZAO)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-12 14:42 - 2015-04-12 14:43 - 00017175 _____ () C:\Users\yazoon\Desktop\Addition.txt
2015-04-12 14:41 - 2015-04-12 14:44 - 00006374 _____ () C:\Users\yazoon\Desktop\FRST.txt
2015-04-12 14:40 - 2015-04-12 14:44 - 00000000 ____D () C:\FRST
2015-04-12 14:39 - 2015-04-12 14:39 - 01135104 _____ (Farbar) C:\Users\yazoon\Desktop\FRST.exe
2015-04-12 06:37 - 2015-04-12 06:37 - 00602112 _____ (OldTimer Tools) C:\Users\yazoon\Desktop\otl.exe
2015-04-12 05:03 - 2015-04-12 14:11 - 00000280 _____ () C:\Windows\setupact.log
2015-04-12 05:03 - 2015-04-12 06:30 - 00013946 _____ () C:\Windows\PFRO.log
2015-04-12 05:03 - 2015-04-12 05:03 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-12 04:38 - 2015-04-12 04:38 - 00000000 ____D () C:\Users\yazoon\Documents\ProcAlyzer Dumps
2015-04-11 22:23 - 2015-04-11 22:23 - 00001230 _____ () C:\Users\yazoon\Desktop\Calculator.lnk
2015-04-11 22:12 - 2015-04-12 14:16 - 00000153 _____ () C:\Users\yazoon\Desktop\FreeVK.ini
2015-04-11 22:10 - 2015-04-12 14:14 - 00000000 ____D () C:\Users\yazoon\AppData\Roaming\Skype
2015-04-11 22:10 - 2015-04-11 22:11 - 00000000 ___RD () C:\Program Files\Skype
2015-04-11 22:10 - 2015-04-11 22:10 - 00002687 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-04-11 22:10 - 2015-04-11 22:10 - 00000000 ____D () C:\Users\yazoon\AppData\Local\Skype
2015-04-11 22:10 - 2015-04-11 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-11 22:10 - 2015-04-11 22:10 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-04-11 22:08 - 2015-04-11 22:10 - 00000000 ____D () C:\ProgramData\Skype
2015-04-11 21:37 - 2015-04-11 21:37 - 00000000 ____D () C:\2eb892c90bfabe3db78284d9f95ab9
2015-04-11 21:36 - 2015-04-11 21:36 - 00000000 ____D () C:\Users\yazoon\AppData\Local\Windows Live
2015-04-11 21:31 - 2015-04-11 21:31 - 00057560 _____ () C:\Users\yazoon\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-11 21:31 - 2015-04-11 21:31 - 00000000 ____D () C:\Program Files\Common Files\Windows Live
2015-04-11 21:25 - 2015-04-11 21:25 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-11 21:25 - 2015-04-11 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-04-11 21:25 - 2015-04-11 21:25 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-11 21:19 - 2015-03-31 01:15 - 00209736 _____ (Comfort Software Group) C:\Users\yazoon\Desktop\FreeVK.exe
2015-04-11 21:18 - 2015-04-11 21:24 - 00000000 ____D () C:\Users\yazoon\Documents\Programme
2015-04-11 20:31 - 2015-04-11 20:32 - 00000000 ____D () C:\Users\yazoon\AppData\Roaming\Mozilla
2015-04-11 20:31 - 2015-04-11 20:32 - 00000000 ____D () C:\Users\yazoon\AppData\Local\Mozilla
2015-04-11 20:30 - 2015-04-11 20:30 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-11 20:30 - 2015-04-11 20:30 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-11 20:30 - 2015-04-11 20:30 - 00000000 ____D () C:\ProgramData\Mozilla
2015-04-11 20:30 - 2015-04-11 20:30 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-11 20:20 - 2009-06-10 23:39 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150411-202010.backup
2015-04-11 18:51 - 2015-04-11 20:18 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-11 18:51 - 2015-04-11 18:59 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-04-11 18:51 - 2015-04-11 18:51 - 00002135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-04-11 18:51 - 2015-04-11 18:51 - 00002123 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-04-11 18:51 - 2015-04-11 18:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-04-11 18:51 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-04-11 18:49 - 2015-04-11 18:49 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\yazoon\Downloads\spybot-2.4.exe
2015-04-11 18:49 - 2015-02-24 04:23 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-04-11 18:42 - 2015-04-11 21:26 - 00000000 ____D () C:\Windows\Panther
2015-04-11 18:00 - 2015-04-11 18:03 - 00431395 _____ () C:\Windows\system32\Drivers\vsconfig.xml
2015-04-11 18:00 - 2014-06-10 15:44 - 00488032 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-04-11 18:00 - 2014-06-10 15:44 - 00135776 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2015-04-11 18:00 - 2014-06-10 15:44 - 00074848 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-04-11 17:59 - 2015-04-11 17:59 - 00000732 _____ () C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2015-04-11 17:59 - 2015-04-11 17:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2015-04-11 17:58 - 2015-04-11 20:31 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-11 17:58 - 2015-04-11 17:59 - 00000000 ____D () C:\Program Files\CheckPoint
2015-04-11 17:58 - 2015-04-11 17:58 - 00000000 ____D () C:\Users\yazoon\AppData\Roaming\Check Point Software Technologies LTD
2015-04-11 17:58 - 2015-04-11 17:58 - 00000000 ____D () C:\ProgramData\CheckPoint
2015-04-11 17:58 - 2015-04-11 17:58 - 00000000 ____D () C:\Program Files\Check Point Software Technologies LTD
2015-04-11 17:57 - 2015-04-11 17:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-04-11 17:51 - 2015-04-11 17:51 - 00001413 _____ () C:\Users\yazoon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-11 17:50 - 2015-04-11 17:51 - 00000000 ____D () C:\Users\yazoon
2015-04-11 17:50 - 2015-04-11 17:50 - 00000020 ___SH () C:\Users\yazoon\ntuser.ini
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 _SHDL () C:\Users\yazoon\Startmenü
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 _SHDL () C:\Users\yazoon\Netzwerkumgebung
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 _SHDL () C:\Users\yazoon\Druckumgebung
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 _SHDL () C:\Users\yazoon\Documents\Eigene Musik
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 _SHDL () C:\Users\yazoon\Documents\Eigene Bilder
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 _SHDL () C:\Users\yazoon\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 _SHDL () C:\Users\yazoon\AppData\Local\Verlauf
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 _SHDL () C:\Users\Default\Startmenü
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 _SHDL () C:\Programme
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 _SHDL () C:\ProgramData\Startmenü
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 _SHDL () C:\ProgramData\Dokumente
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 __SHD () C:\Recovery
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 ____D () C:\Users\yazoon\AppData\Local\VirtualStore
2015-04-11 17:50 - 2009-07-14 06:42 - 00000000 ___RD () C:\Users\yazoon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-11 17:50 - 2009-07-14 06:37 - 00000000 ___RD () C:\Users\yazoon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-11 17:47 - 2015-04-11 17:47 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-04-11 17:47 - 2015-04-11 17:47 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-04-11 17:46 - 2015-04-12 14:17 - 00061596 _____ () C:\Windows\WindowsUpdate.log
2015-04-11 17:46 - 2015-04-11 17:46 - 00000000 _____ () C:\Windows\system32\atiicdxx.dat
2015-04-11 17:46 - 2015-04-11 17:46 - 00000000 _____ () C:\Windows\ativpsrm.bin

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-12 14:15 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-12 14:12 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-12 07:41 - 2009-07-14 06:34 - 00016656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-12 07:41 - 2009-07-14 06:34 - 00016656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-12 05:28 - 2010-11-20 23:01 - 01485678 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-11 21:34 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-04-11 18:50 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Public\Libraries
2015-04-11 18:48 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\system32\restore
2015-04-11 18:42 - 2009-07-14 06:57 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2015-04-11 18:42 - 2009-07-14 06:52 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2015-04-11 17:58 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-04-11 17:50 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2015-04-11 17:50 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Windows NT
2015-04-11 17:49 - 2009-07-14 06:33 - 00265640 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-11 17:47 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-11 17:44 - 2011-04-12 03:39 - 00000000 ____D () C:\Windows\CSC

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-12 05:57

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Hi, hoffe das geht so gruß yazoon
__________________

Alt 12.04.2015, 18:48   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Ich bin Teil von einem server, also ich habe einen Administrator über mir - Standard

Ich bin Teil von einem server, also ich habe einen Administrator über mir



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
RemoveProxy:
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 12.04.2015, 20:48   #5
yazoon
 
Ich bin Teil von einem server, also ich habe einen Administrator über mir - Standard

Ich bin Teil von einem server, also ich habe einen Administrator über mir



Hier die Fixlog Gruß yazoon
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-04-2015
Ran by yazoon at 2015-04-12 20:21:55 Run:1
Running from C:\Users\yazoon\Desktop
Loaded Profiles: yazoon (Available profiles: yazoon)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
RemoveProxy:
Emptytemp:
*****************


========= RemoveProxy: =========

HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-3545629256-1271623422-3480388008-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\S-1-5-21-3545629256-1271623422-3480388008-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\S-1-5-21-3545629256-1271623422-3480388008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-3545629256-1271623422-3480388008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.


========= End of RemoveProxy: =========

EmptyTemp: => Removed 91.2 MB temporary data.


The system needed a reboot.

==== End of Fixlog 20:22:57 ====

MBMB
Nico Mak Computing
WinZip Malware Protector

Datum der Überprüfung Sonntag, 12. April 2015
Datenbankversion 2185
Gefundene Elemente insgesamt 62
Überprüfte Objekte: 317534
Abgelaufene Zeit: 00:08:27
Name Gefundene Elemente
Name der Infektion trojan-downloader.banload
Kategorie Trojan-Downloader
Bedrohungsstufe Severe
Durchgeführte Aktion NoActionTaken
Elemente gefunden 18
Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range10


Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range10
*

Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range10
:range

Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range15


Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range15
*

Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range15
:range

Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range2


Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range2
*

Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range2
:range

Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range5


Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range5
*

Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range5
:range

Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range6


Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range6
*

Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range6
:range

Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range7


Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range7
*

Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_users
.default\software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range7
:range


Name der Infektion roguesecurityprogram.anti-spyware-plus-2006
Kategorie Rogue Antispyware Program
Bedrohungsstufe Severe
Durchgeführte Aktion NoActionTaken
Elemente gefunden 21
Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_current_user
software\microsoft\windows\currentversion\internet settings\p3p\history\180solutions.com


Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_current_user
software\microsoft\windows\currentversion\internet settings\p3p\history\bluemountain.com


Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_current_user
software\microsoft\windows\currentversion\internet settings\p3p\history\casalemedia.com


Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_current_user
software\microsoft\windows\currentversion\internet settings\p3p\history\goclick.com


Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_current_user
software\microsoft\windows\currentversion\internet settings\p3p\history\shopathomeselect.com


Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_current_user
software\microsoft\windows\currentversion\internet settings\p3p\history\statcounter.com


Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_current_user
software\microsoft\windows\currentversion\internet settings\zonemap\domains\010402.com


Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_current_user
software\microsoft\windows\currentversion\internet settings\zonemap\domains\010402.com
*

Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_current_user
software\microsoft\windows\currentversion\internet settings\zonemap\domains\971searchbox.com\www
*

Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_current_user
software\microsoft\windows\currentversion\internet settings\zonemap\domains\971searchbox.com\www


Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_current_user
software\microsoft\windows\currentversion\internet settings\zonemap\domains\971searchbox.com


Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_current_user
software\microsoft\windows\currentversion\internet settings\zonemap\domains\971searchbox.com
*

Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_current_user
software\microsoft\windows\currentversion\internet settings\zonemap\domains\allforadult.com


Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_current_user
software\microsoft\windows\currentversion\internet settings\zonemap\domains\allforadult.com
*

Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_current_user
software\microsoft\windows\currentversion\internet settings\zonemap\domains\angelfire.com


Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_current_user
software\microsoft\windows\currentversion\internet settings\zonemap\domains\angelfire.com\fuviseni


Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_current_user
software\microsoft\windows\currentversion\internet settings\zonemap\domains\angelfire.com\fuviseni
*

Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_current_user
software\microsoft\windows\currentversion\internet settings\zonemap\domains\angelfire.com\hetefow


Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_current_user
software\microsoft\windows\currentversion\internet settings\zonemap\domains\angelfire.com\hetefow
*

Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_current_user
software\microsoft\windows\currentversion\internet settings\zonemap\domains\angelfire.com\medopena


Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_current_user
software\microsoft\windows\currentversion\internet settings\zonemap\domains\angelfire.com\medopena
*


Name der Infektion pup.optional-tuv
Kategorie Potentially Unwanted Application
Bedrohungsstufe High
Durchgeführte Aktion NoActionTaken
Elemente gefunden 23
Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_local_machine
software\classes\appid\{4e1e9d45-8bf9-4139-915c-9f83cc3d5921}


Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_local_machine
software\classes\appid\{b12e99ed-69bd-437c-86be-c862b9e5444d}


Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_local_machine
software\classes\appid\{d7ee8177-d51e-4f89-92b6-83ea2ec40800}


Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_local_machine
software\classes\appid\escortapp.dll


Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_local_machine
software\classes\appid\escortapp.dll
appid

Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_local_machine
software\classes\appid\escorteng.dll


Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_local_machine
software\classes\appid\escorteng.dll
appid

Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_local_machine
software\classes\appid\escortlbr.dll


Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_local_machine
software\classes\appid\escortlbr.dll
appid

Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_local_machine
software\classes\appid\esrv.exe


Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_local_machine
software\classes\appid\esrv.exe
appid

Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_local_machine
software\classes\typelib\{4e1e9d45-8bf9-4139-915c-9f83cc3d5921}


Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_local_machine
software\classes\typelib\{4e1e9d45-8bf9-4139-915c-9f83cc3d5921}\1.0


Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_local_machine
software\classes\typelib\{4e1e9d45-8bf9-4139-915c-9f83cc3d5921}\1.0\0


Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_local_machine
software\classes\typelib\{4e1e9d45-8bf9-4139-915c-9f83cc3d5921}\1.0\0\win32


Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_local_machine
software\classes\typelib\{4e1e9d45-8bf9-4139-915c-9f83cc3d5921}\1.0\flags


Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_local_machine
software\classes\typelib\{4e1e9d45-8bf9-4139-915c-9f83cc3d5921}\1.0\helpdir


Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_local_machine
software\classes\typelib\{d7ee8177-d51e-4f89-92b6-83ea2ec40800}


Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_local_machine
software\classes\typelib\{d7ee8177-d51e-4f89-92b6-83ea2ec40800}\1.0


Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_local_machine
software\classes\typelib\{d7ee8177-d51e-4f89-92b6-83ea2ec40800}\1.0\0


Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_local_machine
software\classes\typelib\{d7ee8177-d51e-4f89-92b6-83ea2ec40800}\1.0\0\win32


Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_local_machine
software\classes\typelib\{d7ee8177-d51e-4f89-92b6-83ea2ec40800}\1.0\flags


Gefundener Bereich Registry
Details Registrierungsschlüssel hkey_local_machine
software\classes\typelib\{d7ee8177-d51e-4f89-92b6-83ea2ec40800}\1.0\helpdir



© 2013 WinZip International LLC. All rights reserved.

Hallo hier die neue logAdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v4.201 - Bericht erstellt 12/04/2015 um 21:09:08
# Aktualisiert 08/04/2015 von Xplode
# Datenbank : 2015-04-08.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x86)
# Benutzername : yazoon - YAZOON-PC
# Gestarted von : C:\Users\yazoon\Downloads\AdwCleaner_4.201.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
Ordner Gelöscht : C:\Program Files\WinZip Malware Protector
Ordner Gelöscht : C:\Program Files\Check Point Software Technologies LTD
Ordner Gelöscht : C:\Users\yazoon\AppData\LocalLow\Check Point Software Technologies LTD
Ordner Gelöscht : C:\Users\yazoon\AppData\Roaming\Check Point Software Technologies LTD
Datei Gelöscht : C:\Users\Public\Desktop\WinZip Malware Protector.lnk

***** [ Geplante Tasks ] *****

Task Gelöscht : WinZip Malware Protector_startup

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F1963E76-845B-474C-8C7F-D69A96D8AA34}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinZip Malware Protector_is1

***** [ Internetbrowser ] *****

-\\ Internet Explorer v8.0.7601.17514

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v37.0.1 (x86 de)


*************************

AdwCleaner[R0].txt - [4946 Bytes] - [12/04/2015 21:01:44]
AdwCleaner[S0].txt - [4746 Bytes] - [12/04/2015 21:09:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4805  Bytes] ##########
         
--- --- ---

Hi, jrtJRT Logfile:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.3 (04.07.2015:1)
OS: Windows 7 Professional x86
Ran by yazoon on 12.04.2015 at 21:28:07,30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.04.2015 at 21:37:18,59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
--- --- ---

Hi, neue Frst Gruß yazoonFRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-04-2015
Ran by yazoon at 2015-04-12 21:42:52
Running from C:\Users\yazoon\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ZoneAlarm Antivirus (Enabled - Up to date) {23B6D20A-C2DE-B3F5-C67D-07ECD854E6A9}
AS: ZoneAlarm Anti-Spyware (Enabled - Up to date) {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: ZoneAlarm Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 de) (HKLM\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.2 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
ZoneAlarm Antivirus (Version: 13.3.052.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (Version: 13.3.052.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Antivirus + Firewall (HKLM\...\ZoneAlarm Free Antivirus + Firewall) (Version: 13.3.052.000 - Check Point)
ZoneAlarm Security (Version: 13.3.052.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar  (HKLM\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)
ZoneAlarm Security Toolbar  (HKU\S-1-5-21-3545629256-1271623422-3480388008-1000\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

11-04-2015 18:48:39 Windows Update
11-04-2015 21:36:06 Windows Live Essentials
11-04-2015 21:39:10 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2015-04-11 20:20 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	032439.com
127.0.0.1	032439.com
127.0.0.1	0scan.com - Informationen zum Thema 0scan. Diese Website steht zum Verkauf!
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	1000gratisproben.com - Informationen zum Thema 1000gratisproben. Diese Website steht zum Verkauf!
127.0.0.1	1001namen.com
127.0.0.1	Huebner.xyz | Your Best Source for Knowledge |
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	100sexlinks.com - Informationen zum Thema Sex links. Diese Website steht zum Verkauf!
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	Gadgets And More
127.0.0.1	1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {3828AF08-EE88-487B-A64A-A209E365AAAD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {3FBCA4EA-B07A-4D8A-AE10-4E4D611FB617} - System32\Tasks\{7B1607FA-AB9C-4D5A-AC44-EFD58BFEA542} => pcalua.exe -a C:\Users\yazoon\Documents\Programme\wlsetup3528-all.exe -d C:\Users\yazoon\Documents\Programme
Task: {89938D41-E75D-4196-9490-EE489A1D8036} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {AAD8C560-5069-4E1B-AF0C-A1CA3938E6A4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {D40618EE-B27F-4D30-B6C1-62B7E008B303} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (whitelisted) ==============

2015-04-11 18:51 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-04-11 18:51 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-02-19 23:40 - 2015-02-19 23:40 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-04-11 18:51 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-04-11 18:51 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-04-11 18:51 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3545629256-1271623422-3480388008-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\yazoon\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3545629256-1271623422-3480388008-500 - Administrator - Disabled)
Gast (S-1-5-21-3545629256-1271623422-3480388008-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3545629256-1271623422-3480388008-1002 - Limited - Enabled)
yazoon (S-1-5-21-3545629256-1271623422-3480388008-1000 - Administrator - Enabled) => C:\Users\yazoon

==================== Faulty Device Manager Devices =============

Name: Atheros AR5007EG-Drathlosnetzwerkadapter
Description: Atheros AR5007EG-Drathlosnetzwerkadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: AMD Sempron(tm) SI-40
Percentage of memory in use: 89%
Total physical RAM: 765.83 MB
Available physical RAM: 81.57 MB
Total Pagefile: 1789.83 MB
Available Pagefile: 394.69 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.65 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:101.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 0005E737)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
--- --- ---


Alt 13.04.2015, 10:01   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Ich bin Teil von einem server, also ich habe einen Administrator über mir - Standard

Ich bin Teil von einem server, also ich habe einen Administrator über mir




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> Ich bin Teil von einem server, also ich habe einen Administrator über mir

Alt 13.04.2015, 16:52   #7
yazoon
 
Ich bin Teil von einem server, also ich habe einen Administrator über mir - Standard

Ich bin Teil von einem server, also ich habe einen Administrator über mir



Hallo, alle Trojaner weg bis auf banload und Rogue Antispyware

Alt 14.04.2015, 06:41   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Ich bin Teil von einem server, also ich habe einen Administrator über mir - Standard

Ich bin Teil von einem server, also ich habe einen Administrator über mir



Wo siehst Du das? Logfiles aus meinem letzten Post?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 14.04.2015, 10:59   #9
yazoon
 
Ich bin Teil von einem server, also ich habe einen Administrator über mir - Standard

Ich bin Teil von einem server, also ich habe einen Administrator über mir



Hallo, Banload und rogue zeigt es mir wenn ich einen Scan mit Win Zip Malware Protector
mache, leider blockiert mein Zone Alarm immer noch ausgehende Pakete besonders wenn ich an neuen Projekten Arbeite. Gruß yazoon

Alt 14.04.2015, 19:12   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Ich bin Teil von einem server, also ich habe einen Administrator über mir - Standard

Ich bin Teil von einem server, also ich habe einen Administrator über mir



Ich warte immer noch auf die Logfiles von ESET und Co.

Zone Alarm ist Müll
WinZip Malware Protector ist ein Fake Programm

Nur mal so als Info
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.04.2015, 09:40   #11
yazoon
 
Ich bin Teil von einem server, also ich habe einen Administrator über mir - Standard

Ich bin Teil von einem server, also ich habe einen Administrator über mir



Hi, hier ein frisches frst und wäre ein anderes Antiviren programm besser, wenn ja welches
*
*
*
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-04-2015
Ran by yazoon (administrator) on YAZOON-PC on 15-04-2015 10:34:47
Running from C:\Users\yazoon\Downloads
Loaded Profiles: yazoon (Available profiles: yazoon)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Comfort Software Group) C:\Users\yazoon\Desktop\FreeVK.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [134624 2014-07-23] (Check Point Software Technologies Ltd.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-3545629256-1271623422-3480388008-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5503768 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-3545629256-1271623422-3480388008-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3545629256-1271623422-3480388008-1000\Software\Microsoft\Internet Explorer\Main,Start Page = Google
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\yazoon\AppData\Roaming\Mozilla\Firefox\Profiles\qbd1nym4.default
FF Homepage: Google
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [3596240 2014-07-23] (Check Point Software Technologies Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [93712 2014-07-03] (Check Point Software Technologies, Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-06-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [488032 2014-06-10] (Kaspersky Lab ZAO)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [456088 2014-07-23] (Check Point Software Technologies Ltd.)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2014-06-10] (Kaspersky Lab ZAO)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-15 10:34 - 2015-04-15 10:36 - 00006082 _____ () C:\Users\yazoon\Downloads\FRST.txt
2015-04-15 10:34 - 2015-04-15 10:35 - 00000000 ____D () C:\FRST
2015-04-15 10:33 - 2015-04-15 10:33 - 01136128 _____ (Farbar) C:\Users\yazoon\Downloads\FRST.exe
2015-04-14 11:38 - 2015-04-15 07:21 - 00000168 _____ () C:\Windows\setupact.log
2015-04-14 11:38 - 2015-04-14 11:38 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-13 21:29 - 2015-04-15 07:26 - 00016180 _____ () C:\Windows\WindowsUpdate.log
2015-04-13 15:17 - 2015-04-13 15:17 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\yazoon\Downloads\SpyHunter-Installer(1).exe
2015-04-13 14:57 - 2015-04-13 14:57 - 00000000 ____D () C:\Users\yazoon\AppData\Roaming\Nico Mak Computing
2015-04-13 14:54 - 2015-04-13 14:54 - 04798152 _____ (WinZip International LLC ) C:\Users\yazoon\Downloads\wzmp_10.exe
2015-04-13 14:18 - 2015-04-13 14:19 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\yazoon\Downloads\mbam-setup-2.1.4.1018(1).exe
2015-04-13 13:02 - 2015-04-13 13:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-13 12:59 - 2015-04-13 12:59 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\yazoon\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-13 12:04 - 2015-04-13 12:05 - 00852616 _____ () C:\Users\yazoon\Downloads\SecurityCheck.exe
2015-04-13 12:03 - 2015-04-13 12:03 - 02347384 _____ (ESET) C:\Users\yazoon\Downloads\esetsmartinstaller_deu.exe
2015-04-12 23:19 - 2015-04-12 23:20 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\yazoon\Downloads\SpyHunter-Installer.exe
2015-04-12 21:28 - 2015-04-12 21:28 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-YAZOON-PC-Windows-7-Professional-(32-bit).dat
2015-04-12 21:28 - 2015-04-12 21:28 - 00000000 ____D () C:\RegBackup
2015-04-12 21:26 - 2015-04-12 21:27 - 02686959 _____ (Thisisu) C:\Users\yazoon\Downloads\JRT.exe
2015-04-12 21:01 - 2015-04-12 21:09 - 00000000 ____D () C:\AdwCleaner
2015-04-12 20:59 - 2015-04-12 20:59 - 02217984 _____ () C:\Users\yazoon\Downloads\AdwCleaner_4.201.exe
2015-04-12 20:54 - 2015-04-12 20:54 - 00000000 ____D () C:\Users\yazoon\AppData\Local\DoNotTrackPlus
2015-04-12 20:37 - 2015-04-15 10:29 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2015-04-12 04:38 - 2015-04-12 04:38 - 00000000 ____D () C:\Users\yazoon\Documents\ProcAlyzer Dumps
2015-04-11 22:23 - 2015-04-11 22:23 - 00001230 _____ () C:\Users\yazoon\Desktop\Calculator.lnk
2015-04-11 22:12 - 2015-04-15 10:11 - 00000153 _____ () C:\Users\yazoon\Desktop\FreeVK.ini
2015-04-11 22:10 - 2015-04-15 10:23 - 00000000 ____D () C:\Users\yazoon\AppData\Roaming\Skype
2015-04-11 22:10 - 2015-04-11 22:11 - 00000000 ___RD () C:\Program Files\Skype
2015-04-11 22:10 - 2015-04-11 22:10 - 00002687 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-04-11 22:10 - 2015-04-11 22:10 - 00000000 ____D () C:\Users\yazoon\AppData\Local\Skype
2015-04-11 22:10 - 2015-04-11 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-11 22:10 - 2015-04-11 22:10 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-04-11 22:08 - 2015-04-11 22:10 - 00000000 ____D () C:\ProgramData\Skype
2015-04-11 21:37 - 2015-04-11 21:37 - 00000000 ____D () C:\2eb892c90bfabe3db78284d9f95ab9
2015-04-11 21:36 - 2015-04-11 21:36 - 00000000 ____D () C:\Users\yazoon\AppData\Local\Windows Live
2015-04-11 21:31 - 2015-04-11 21:31 - 00057560 _____ () C:\Users\yazoon\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-11 21:31 - 2015-04-11 21:31 - 00000000 ____D () C:\Program Files\Common Files\Windows Live
2015-04-11 21:25 - 2015-04-11 21:25 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-11 21:25 - 2015-04-11 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-04-11 21:25 - 2015-04-11 21:25 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-11 21:19 - 2015-03-31 01:15 - 00209736 _____ (Comfort Software Group) C:\Users\yazoon\Desktop\FreeVK.exe
2015-04-11 21:18 - 2015-04-13 12:48 - 00000000 ____D () C:\Users\yazoon\Documents\Programme
2015-04-11 20:31 - 2015-04-11 20:32 - 00000000 ____D () C:\Users\yazoon\AppData\Roaming\Mozilla
2015-04-11 20:31 - 2015-04-11 20:32 - 00000000 ____D () C:\Users\yazoon\AppData\Local\Mozilla
2015-04-11 20:30 - 2015-04-11 20:30 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-11 20:30 - 2015-04-11 20:30 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-11 20:30 - 2015-04-11 20:30 - 00000000 ____D () C:\ProgramData\Mozilla
2015-04-11 20:30 - 2015-04-11 20:30 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-11 20:20 - 2009-06-10 23:39 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150411-202010.backup
2015-04-11 18:51 - 2015-04-11 20:18 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-11 18:51 - 2015-04-11 18:59 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-04-11 18:51 - 2015-04-11 18:51 - 00002135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-04-11 18:51 - 2015-04-11 18:51 - 00002123 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-04-11 18:51 - 2015-04-11 18:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-04-11 18:51 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-04-11 18:49 - 2015-04-11 18:49 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\yazoon\Downloads\spybot-2.4.exe
2015-04-11 18:49 - 2015-02-24 04:23 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-04-11 18:42 - 2015-04-11 21:26 - 00000000 ____D () C:\Windows\Panther
2015-04-11 18:00 - 2015-04-11 18:03 - 00431395 _____ () C:\Windows\system32\Drivers\vsconfig.xml
2015-04-11 18:00 - 2014-06-10 15:44 - 00488032 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-04-11 18:00 - 2014-06-10 15:44 - 00135776 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2015-04-11 18:00 - 2014-06-10 15:44 - 00074848 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-04-11 17:59 - 2015-04-11 17:59 - 00000732 _____ () C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2015-04-11 17:59 - 2015-04-11 17:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2015-04-11 17:58 - 2015-04-11 20:31 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-11 17:58 - 2015-04-11 17:59 - 00000000 ____D () C:\Program Files\CheckPoint
2015-04-11 17:58 - 2015-04-11 17:58 - 00000000 ____D () C:\ProgramData\CheckPoint
2015-04-11 17:57 - 2015-04-11 17:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-04-11 17:51 - 2015-04-11 17:51 - 00001413 _____ () C:\Users\yazoon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-11 17:50 - 2015-04-12 23:22 - 00000000 ____D () C:\Users\yazoon
2015-04-11 17:50 - 2015-04-11 17:50 - 00000020 ___SH () C:\Users\yazoon\ntuser.ini
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 _SHDL () C:\Users\yazoon\Startmenü
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 _SHDL () C:\Users\yazoon\Netzwerkumgebung
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 _SHDL () C:\Users\yazoon\Druckumgebung
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 _SHDL () C:\Users\yazoon\Documents\Eigene Musik
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 _SHDL () C:\Users\yazoon\Documents\Eigene Bilder
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 _SHDL () C:\Users\yazoon\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 _SHDL () C:\Users\yazoon\AppData\Local\Verlauf
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 _SHDL () C:\Users\Default\Startmenü
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 _SHDL () C:\Programme
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 _SHDL () C:\ProgramData\Startmenü
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 _SHDL () C:\ProgramData\Dokumente
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 __SHD () C:\Recovery
2015-04-11 17:50 - 2015-04-11 17:50 - 00000000 ____D () C:\Users\yazoon\AppData\Local\VirtualStore
2015-04-11 17:50 - 2009-07-14 06:42 - 00000000 ___RD () C:\Users\yazoon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-11 17:50 - 2009-07-14 06:37 - 00000000 ___RD () C:\Users\yazoon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-11 17:47 - 2015-04-11 17:47 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-04-11 17:47 - 2015-04-11 17:47 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-04-11 17:46 - 2015-04-11 17:46 - 00000000 _____ () C:\Windows\system32\atiicdxx.dat
2015-04-11 17:46 - 2015-04-11 17:46 - 00000000 _____ () C:\Windows\ativpsrm.bin

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-15 10:25 - 2009-07-14 06:34 - 00016656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-15 10:25 - 2009-07-14 06:34 - 00016656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-15 07:25 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-15 07:21 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-13 22:09 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-13 21:12 - 2010-11-20 23:01 - 01485678 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-11 21:34 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-04-11 18:50 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Public\Libraries
2015-04-11 18:48 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\system32\restore
2015-04-11 18:42 - 2009-07-14 06:57 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2015-04-11 18:42 - 2009-07-14 06:52 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2015-04-11 17:58 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-04-11 17:50 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2015-04-11 17:50 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Windows NT
2015-04-11 17:49 - 2009-07-14 06:33 - 00265640 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-11 17:47 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-11 17:44 - 2011-04-12 03:39 - 00000000 ____D () C:\Windows\CSC

Some content of TEMP:
====================
C:\Users\yazoon\AppData\Local\Temp\Quarantine.exe
C:\Users\yazoon\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-14 12:50

==================== End Of Log ============================
         
--- --- ---

Alt 15.04.2015, 19:27   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Ich bin Teil von einem server, also ich habe einen Administrator über mir - Standard

Ich bin Teil von einem server, also ich habe einen Administrator über mir



Ich empfehle immer Emsisoft, ich arbeite aber auch da

ESET Scan gemacht? SecurityCheck gemacht?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Ich bin Teil von einem server, also ich habe einen Administrator über mir
administrator, ausgeschaltet, ausschalten, benutzer, bereinigen, boot, fremde, fremden, geblockt, gelöscht, gescannt, hänge an fremden server, installer, komplette, laptop, malware, nachrichten, neuinstalliert, nicht mehr, pakete, scan, server, spy, stunden, win, zonealarm




Ähnliche Themen: Ich bin Teil von einem server, also ich habe einen Administrator über mir


  1. .scr Datei (Virus?) über Steam erhalten, habe ich jetzt einen Virus (oder Passwortscanner, etc.)?
    Log-Analyse und Auswertung - 09.06.2015 (3)
  2. Diverse Maleware-Meldungen über Avira - FlowSurf - Teil 1
    Log-Analyse und Auswertung - 19.01.2015 (6)
  3. Habe Telekom Rechnung geöffnet! Bin mir nicht sicher, ob ich einen Trjoaner eingefangen habe
    Plagegeister aller Art und deren Bekämpfung - 08.06.2014 (15)
  4. Ich habe eien E Mail von einem Online Anwalt erhalten mit Anlage, die ich geöffnet habe. Seit dem Probleme
    Log-Analyse und Auswertung - 10.04.2014 (13)
  5. Ich habe 2 DllHost.exe Prozesse, Habe ich mir einen Virus eingefangen?
    Log-Analyse und Auswertung - 29.08.2013 (9)
  6. PC wird immer langsamer. Ich habe mehrere Backdoor server und einen trojaner + Adware
    Log-Analyse und Auswertung - 28.08.2013 (6)
  7. Habe einen virus! aber was für einen ?
    Log-Analyse und Auswertung - 17.07.2013 (8)
  8. 2x | Habe einen virus !aber was für einen?
    Mülltonne - 20.05.2013 (0)
  9. Gmx Mail Account gehackt? Habe ich einen Trojaner oder einen Spybot auf dem Rechner?
    Log-Analyse und Auswertung - 01.05.2013 (18)
  10. Vermute Freundin ist einem betrügerischen Administrator auf dem Leim gegangen.
    Diskussionsforum - 15.04.2013 (4)
  11. Speicherkapazität von C: schwankt (zum teil erheblich) Diene ich als Server o.ä ?
    Plagegeister aller Art und deren Bekämpfung - 11.05.2012 (2)
  12. Benötige einen Check meiner Dienste, evtl. habe ich einen Virus, der meinen PC überwacht!
    Log-Analyse und Auswertung - 19.12.2011 (10)
  13. Antivir meldet einen Wurm den ich wahrscheinlich von einem Facebook Link habe!!!
    Plagegeister aller Art und deren Bekämpfung - 17.08.2011 (1)
  14. Guten Morgen ich habe ein Gefühl ich habe nun einen Virus/Trojaner
    Log-Analyse und Auswertung - 23.12.2009 (1)
  15. DNS-Umleitung über einen ausländischen Server? *Hilfe?!
    Log-Analyse und Auswertung - 22.01.2008 (4)
  16. 2007 Spielerentscheidungs-Umfrage beginnt, nehmen sie teil um einen Gamer PC
    Mülltonne - 29.06.2007 (2)
  17. 2007 Spielerentscheidungs-Umfrage beginnt, nehmen sie teil um einen Gamer PC
    Mülltonne - 29.06.2007 (0)

Zum Thema Ich bin Teil von einem server, also ich habe einen Administrator über mir - Ich kann mich nicht von einem fremden server lösen, ich habe mein win 7 neuinstalliert zonealarm und spy boot installert und malware gefunden und gelöscht danach habe ich es mit - Ich bin Teil von einem server, also ich habe einen Administrator über mir...
Archiv
Du betrachtest: Ich bin Teil von einem server, also ich habe einen Administrator über mir auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.