Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Firefox: Websiten werden auf Lycos umgeleitet - Werbung popt auf - Internet langsam! (https://www.trojaner-board.de/138942-firefox-websiten-lycos-umgeleitet-werbung-popt-internet-langsam.html)

nobody123 28.07.2013 21:34
Firefox: Websiten werden auf Lycos umgeleitet - Werbung popt auf - Internet langsam!
 
Hallo zusammen, ich habe folgendes Problem:
Im Firefox springen meine Seiten plötzlich auf Lycos um. Zusätzlich eigenartige Werbeeinblendungen und das Internet ist extrem langsam.

Folgendes habe ich bisher schon unternommen:

1. Nach "Toolbars" geschaut - keine entdeckt
2. AdwCleaner: Werbeprogramme suchen und löschen
3. Scan mit DDS+
4. Quick-Scan mit Malwarebytes
5. ESET Online Scanner
6. Scan mit SecurityCheck

Leider besteht das Problem immer noch. Wer weiß Rat?

Danke vorab :knuddel:

cosinus 28.07.2013 22:42
Hallo und :hallo:

Zitat:
2. AdwCleaner: Werbeprogramme suchen und löschen
3. Scan mit DDS+
4. Quick-Scan mit Malwarebytes
5. ESET Online Scanner
Bitte alle Logs davon erstmal nachreichen

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

nobody123 30.07.2013 22:01
AdwCleaner Logfile:
Code:
# AdwCleaner v2.306 - Datei am 26/07/2013 um 21:21:49 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Tim - TIM-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Tim\Downloads\adwcleaner06.exe
# Option [Löschen]

**** [Dienste] ****

***** [Dateien / Ordner] *****
Gelöscht mit Neustart : C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma
***** [Registrierungsdatenbank] *****

***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16635
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\bkp2s34p.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v28.0.1500.72
Datei : C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [2044 octets] - [26/07/2013 21:21:13]
AdwCleaner[S2].txt - [1061 octets] - [26/07/2013 21:21:49]
########## EOF - C:\AdwCleaner[S2].txt - [1121 octets] ##########
--- --- ---


[/CODE]

DDS Logfile:
DDS Logfile:
DDS Logfile:
DDS Logfile:
Code:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16635
Run by Tim at 21:41:15 on 2013-07-26
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3326.1899 [GMT 2:00]
.
AV: COMODO Antivirus *Enabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Common Files\COMODO\launcher_service.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Comodo\Dragon\dragon_updater.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
C:\Program Files\Origin\Origin.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Comodo\GeekBuddy\unit_manager.exe
C:\Program Files\Comodo\GeekBuddy\unit.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.de/
uDefault_Page_URL = hxxp://www.aldi.com
BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [EADM] "c:\program files\origin\Origin.exe" -AutoStart
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [gbrspcontrol] "c:\program files\common files\comodo\GeekBuddyRSP.exe" -controlservice -slave
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\startg~1.lnk - c:\program files\comodo\geekbuddy\launcher.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Nach Microsoft E&xel exportieren - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/de-de/wlscctrl2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{914F0FAE-A51C-4BBC-A0E5-9445B0F62A3F} : NameServer = 192.168.1.1
TCP: Interfaces\{D5A96417-5A29-4B59-BBFB-229F4B8E5C92} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
AppInit_DLLs=    c:\windows\system32\guard32.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.72\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\tim\appdata\roaming\mozilla\firefox\profiles\bkp2s34p.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee security scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
FF - ExtSQL: 2013-06-27 20:43; Shuu2lqk7OSV@NTO066xN6gxohjuS.com; c:\users\kris\appdata\roaming\mozilla\firefox\profiles\bkp2s34p.default\extensions\Shuu2lqk7OSV@NTO066xN6gxohjuS.com.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-1-1 37352]
R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [2013-5-7 35064]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2012-11-8 19632]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-11-8 494416]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2012-11-8 36072]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-1-1 84744]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 100328]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-6-23 275048]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8192su.sys [2010-11-25 602216]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
.
=============== Created Last 30 ================
.
2013-07-26 19:36:46    7143960    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{3ec23c3a-36bb-4c58-9055-19c95a900f0d}\mpengine.dll
2013-07-26 19:22:23    171    ----a-w-    c:\windows\DeleteOnReboot.bat
2013-07-26 06:29:54    --------    d-----w-    c:\program files\common files\COMODO
2013-07-25 18:29:57    7143960    ------w-    c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-07-21 21:29:38    74136    ----a-w-    c:\program files\mozilla firefox\breakpadinjector.dll
2013-07-21 20:49:59    698504    ------w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{ebc968a6-7cce-44e1-b6cb-fba21bbf6b07}\gapaengine.dll
2013-07-21 20:49:10    2347520    ----a-w-    c:\windows\system32\win32k.sys
2013-07-21 20:49:03    936448    ----a-w-    c:\program files\common files\microsoft shared\ink\journal.dll
2013-07-21 20:38:18    1247744    ----a-w-    c:\windows\system32\DWrite.dll
2013-07-21 20:37:51    1620480    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-07-21 20:36:51    509440    ----a-w-    c:\windows\system32\qedit.dll
2013-07-21 20:20:49    680960    ----a-w-    c:\program files\windows defender\MpSvc.dll
2013-07-21 20:20:49    392704    ----a-w-    c:\program files\windows defender\MpClient.dll
2013-07-21 20:20:48    224768    ----a-w-    c:\program files\windows defender\MpCommu.dll
.
==================== Find3M  ====================
.
2013-07-21 20:37:06    67168    ----a-w-    c:\windows\system32\drivers\avnetflt.sys
2013-06-23 15:39:33    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-06-23 15:39:32    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-13 06:09:14    55496    ----a-w-    c:\windows\system32\offreg.dll
2013-06-11 23:43:37    1767936    ----a-w-    c:\windows\system32\wininet.dll
2013-06-11 23:43:00    2877440    ----a-w-    c:\windows\system32\jscript9.dll
2013-06-11 23:42:58    61440    ----a-w-    c:\windows\system32\iesetup.dll
2013-06-11 23:42:58    109056    ----a-w-    c:\windows\system32\iesysprep.dll
2013-06-11 22:51:45    71680    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2013-06-07 05:44:46    47368    ----a-w-    c:\windows\system32\certsentry.dll
2013-06-07 02:37:52    2706432    ----a-w-    c:\windows\system32\mshtml.tlb
2013-05-26 17:33:10    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-13 04:45:55    140288    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-05-13 04:45:55    1160192    ----a-w-    c:\windows\system32\crypt32.dll
2013-05-13 04:45:55    103936    ----a-w-    c:\windows\system32\cryptnet.dll
2013-05-13 03:08:10    903168    ----a-w-    c:\windows\system32\certutil.exe
2013-05-13 03:08:06    43008    ----a-w-    c:\windows\system32\certenc.dll
2013-05-10 03:20:54    24576    ----a-w-    c:\windows\system32\cryptdlg.dll
2013-05-08 05:38:00    1293672    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-05-07 07:00:16    35064    ----a-w-    c:\windows\system32\drivers\CFRMD.sys
2013-05-07 07:00:16    35064    ----a-w-    c:\windows\inf\cfrmd\cfrmd.sys
2013-05-06 05:06:47    3968872    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-05-06 05:06:47    3913576    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-05-02 15:28:50    238872    ------w-    c:\windows\system32\MpSigStub.exe
.
============= FINISH: 21:43:31,29 ===============
[/CODE][/CODE][/CODE]
--- --- ---
--- --- ---
--- --- ---
--- --- ---






UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 05.08.2010 18:46:19
System Uptime: 26.07.2013 21:24:56 (0 hours ago)
.
Motherboard: MEDIONPC | | MS-7646
Processor: AMD Athlon(tm) II X4 620 Processor | CPU 1 | 2600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 910 GiB total, 673,054 GiB free.
D: is FIXED (NTFS) - 20 GiB total, 11,151 GiB free.
E: is CDROM (CDFS)
F: is FIXED (NTFS) - 932 GiB total, 903,699 GiB free.
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP270: 03.07.2013 08:17:05 - Wiederherstellungsvorgang
RP271: 07.07.2013 22:08:42 - Windows Update
RP272: 11.07.2013 19:36:27 - Windows Update
RP273: 11.07.2013 23:17:02 - Windows Update
RP274: 17.07.2013 08:06:45 - Windows Update
RP275: 20.07.2013 07:59:33 - Wiederherstellungsvorgang
RP276: 21.07.2013 22:47:41 - Windows Update
RP277: 21.07.2013 23:42:09 - Windows Update
RP278: 25.07.2013 20:28:03 - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3) - Deutsch
Adobe Shockwave Player 11.5
AMD USB Filter Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
Avira Free Antivirus
Bonjour
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Norwegian
CCC Help Spanish
CCC Help Swedish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Command & Conquer™ 4 Tiberian Twilight
Commander: Conquest of the Americas
Comodo Dragon
COMODO Internet Security
Compatibility Pack für 2007 Office System
CorelDRAW Essentials 4
CorelDRAW Essentials 4 - Content
CorelDRAW Essentials 4 - Draw
CorelDRAW Essentials 4 - Extra Content
CorelDRAW Essentials 4 - Filters
CorelDRAW Essentials 4 - ICA
CorelDRAW Essentials 4 - IPM - No VBA
CorelDRAW Essentials 4 - Lang BR
CorelDRAW Essentials 4 - Lang DE
CorelDRAW Essentials 4 - Lang EN
CorelDRAW Essentials 4 - Lang ES
CorelDRAW Essentials 4 - Lang FR
CorelDRAW Essentials 4 - Lang IT
CorelDRAW Essentials 4 - Lang NL
CorelDRAW Essentials 4 - PHOTO-PAINT
EA Installer
ElsterFormular
FUSSBALL MANAGER 11
GeekBuddy
Google Chrome
Google Update Helper
iTunes
Java Auto Updater
Java(TM) 6 Update 24
McAfee Security Scan Plus
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended DEU Language Pack
Microsoft Antimalware Service DE-DE Language Pack
Microsoft Application Error Reporting
Microsoft Expression Encoder 4
Microsoft Expression Encoder 4 Screen Capture Codec
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (German) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office PowerPoint Viewer 2007 (German)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (German) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (German) 2007
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Client DE-DE Language Pack
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [DEU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Mozilla Firefox 22.0 (x86 de)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 2.0.0048.0
Origin
PlayReady PC Runtime x86
QuickTime
Realtek High Definition Audio Driver
REALTEK Wireless LAN Driver and Utility
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Sid Meier's Civilization V
Skype™ 6.3
Snagit 10
Spelling Dictionaries Support For Adobe Reader 9
Steam
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Zip Opener
VLC media player 1.1.7
Windows Live Mesh ActiveX control for remote connections
Windows Live OneCare safety scanner
WinRAR
Wolfschanze II (1.0)
.
==== End Of File ===========================



[/CODE]

Code:

Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2013.07.26.06
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16635
Tim :: TIM-PC [Administrator]
Schutz: Aktiviert
26.07.2013 21:58:51
mbam-log-2013-07-26 (21-58-51).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 381446
Laufzeit: 2 Stunde(n), 7 Minute(n), 51 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 29
c:\program files\comodo\comodo internet security\quarantine\77c844f2-5273-47aa-8ac7-9056b18b7091.data (PUP.DealPly) -> Keine Aktion durchgeführt.
C:\Users\Tim\Desktop\Neuer Ordner\Wolfschanze II v1.0 + 6 Trainer.exe (HackTool.GamesCheat) -> Erfolgreich gelöscht und in Quarantäne gestellt.
c:\program files\comodo\comodo internet security\quarantine\0ade9f1b-85b4-493d-aa22-458663e4f2dd.data (HackTool.Brutus) -> Löschen bei Neustart.
c:\program files\comodo\comodo internet security\quarantine\1436d6f1-56c5-4c5b-bf00-11d2eb119829.data (Rootkit.0Access.EPA) -> Löschen bei Neustart.
c:\program files\comodo\comodo internet security\quarantine\7ce01454-f1e9-4ef2-9261-0ef101cd608c.data (HackTool.Brutus) -> Löschen bei Neustart.
c:\program files\comodo\comodo internet security\quarantine\4c5e7d21-e79b-4495-8be8-22786cdf6d38.data (HackTool.Brutus) -> Löschen bei Neustart.
c:\program files\comodo\comodo internet security\quarantine\e67c45af-19ab-4d70-a255-dd7c232af4a4.data (HackTool.Brutus) -> Löschen bei Neustart.
c:\program files\comodo\comodo internet security\quarantine\f1bfcf55-5d72-4659-8f5b-9b0839cc8735.data (HackTool.Brutus) -> Löschen bei Neustart.
c:\program files\comodo\comodo internet security\quarantine\89ae7a59-9228-4ca5-a788-35763aac68ff.data (HackTool.Brutus) -> Löschen bei Neustart.
c:\program files\comodo\comodo internet security\quarantine\978754b7-aeac-4475-ae6a-6071183cc054.data (HackTool.Brutus) -> Löschen bei Neustart.
c:\program files\comodo\comodo internet security\quarantine\33e226e9-cfb6-433c-8661-6a920ab102c9.data (HackTool.Brutus) -> Löschen bei Neustart.
c:\program files\comodo\comodo internet security\quarantine\3c9a74b3-c66c-454f-a711-876a26fa4ca6.data (Rootkit.0Access) -> Löschen bei Neustart.
c:\program files\comodo\comodo internet security\quarantine\3e5832eb-a33d-4e1f-b57d-ad6992c02acf.data (HackTool.Brutus) -> Löschen bei Neustart.
c:\program files\comodo\comodo internet security\quarantine\8a4bcc79-0fd8-44f1-b506-a2cf2b730003.data (HackTool.Brutus) -> Löschen bei Neustart.
c:\program files\comodo\comodo internet security\quarantine\8b0f365a-fa9e-4896-bbf1-315a7d4db0d6.data (HackTool.Brutus) -> Löschen bei Neustart.
c:\program files\comodo\comodo internet security\quarantine\8e0a291b-f8ed-4d73-ab91-d80cf2722d07.data (HackTool.Brutus) -> Löschen bei Neustart.
c:\program files\comodo\comodo internet security\quarantine\919fc8fe-651c-4a65-9002-59a079c0ee39.data (Trojan.Ransom) -> Löschen bei Neustart.
c:\program files\comodo\comodo internet security\quarantine\bfdaa991-5a74-413d-932e-4474185015b0.data (Trojan.0Access) -> Löschen bei Neustart.
c:\program files\comodo\comodo internet security\quarantine\c4dc727e-4386-4e5a-aacb-0e4103608039.data (HackTool.Brutus) -> Löschen bei Neustart.
c:\program files\comodo\comodo internet security\quarantine\ca5e422d-3d2e-45d8-9a5a-5ce6eb170b7c.data (HackTool.Brutus) -> Löschen bei Neustart.
c:\program files\comodo\comodo internet security\quarantine\6beb2a2b-7a02-4206-a534-fbd25fe7475d.data (HackTool.Brutus) -> Löschen bei Neustart.
c:\program files\comodo\comodo internet security\quarantine\6eda5573-5cc8-46bb-bdb9-6e478dc5b645.data (HackTool.Brutus) -> Löschen bei Neustart.
c:\program files\comodo\comodo internet security\quarantine\229a1a48-0d97-47a5-be14-d3f7ba9f03ed.data (HackTool.Brutus) -> Löschen bei Neustart.
c:\program files\comodo\comodo internet security\quarantine\28fa855a-6bb9-4519-a9a2-0b9c3d0585e2.data (HackTool.Brutus) -> Löschen bei Neustart.
c:\program files\comodo\comodo internet security\quarantine\dc1b01a3-1f3e-4c28-aa12-208607040583.data (HackTool.Brutus) -> Löschen bei Neustart.
c:\program files\comodo\comodo internet security\quarantine\ddb0e69c-81d7-4a85-9dbb-9c5a7889c6ff.data (HackTool.Brutus) -> Löschen bei Neustart.
c:\program files\comodo\comodo internet security\quarantine\e043b487-3d20-4e8e-ba27-81e663e0862b.data (HackTool.Brutus) -> Löschen bei Neustart.
c:\program files\comodo\comodo internet security\quarantine\e137992b-954a-4582-9455-17045c28db79.data (HackTool.Brutus) -> Löschen bei Neustart.
F:\Brutus\brutus-aet2.zip (HackTool.Brutus) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)
Code:

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=23bff815b40679499d3a9479ae45d3af
# engine=14590
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-30 08:53:52
# local_time=2013-07-30 10:53:52 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 12520 240640922 5295 0
# compatibility_mode=3074 16777213 100 100 12140 31354554 0 0
# compatibility_mode=5893 16776574 100 94 744751 126848823 0 0
# scanned=179032
# found=4
# cleaned=0
# scan_time=9918
sh=F439BC6FF954846FAD2B7E9005DE6D024F0F409C ft=0 fh=0000000000000000 vn="Variante von Java/Exploit.CVE-2012-1723.IM Trojaner" ac=I fn="C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\71ede3d6-511960de"
sh=F439BC6FF954846FAD2B7E9005DE6D024F0F409C ft=0 fh=0000000000000000 vn="Variante von Java/Exploit.CVE-2012-1723.IM Trojaner" ac=I fn="C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\b86459-65ab61d5"
sh=F439BC6FF954846FAD2B7E9005DE6D024F0F409C ft=0 fh=0000000000000000 vn="Variante von Java/Exploit.CVE-2012-1723.IM Trojaner" ac=I fn="C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\53071cfb-111c9c3e"
sh=0E829F3D3C14854057322163DBF94145FA5C5D91 ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2012-1723.IK Trojaner" ac=I fn="C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\40d05c7c-7048de0b"

cosinus 30.07.2013 22:05
Zitat:
c:\program files\comodo\comodo internet security\quarantine\bfdaa991-5a74-413d-932e-4474185015b0.data (Trojan.0Access)
ZeroAccess. Der liegt in der Q von Comodo. Weißt du noch wann in etwas der gefunden wurde, hast du vllt noch das Log dazu von Comodo?

Zitat:
F:\Brutus\brutus-aet2.zip (HackTool.Brutus)
Was bitte hattest du denn damit vor? :wtf:

Bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


nobody123 31.07.2013 07:27
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-07-2013 04
Ran by Tim (administrator) on 31-07-2013 08:12:54
Running from C:\Users\Kris\Downloads
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Realtek) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Electronic Arts) C:\Program Files\Origin\Origin.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Farbar) C:\Users\Kris\Downloads\FRST(1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-04-06] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8555040 2010-04-06] (Realtek Semiconductor)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-21] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [6756048 2012-11-08] (COMODO)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM\...\InprocServer32: [Default-cscui]  <==== ATTENTION!
HKCU\...\Run: [msnmsgr] - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [x]
HKCU\...\Run: [EA Core] - "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent [x]
HKCU\...\Run: [EADM] - C:\Program Files\Origin\Origin.exe [3497552 2013-05-19] (Electronic Arts)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [18678376 2013-04-19] (Skype Technologies S.A.)
MountPoints2: I - I:\DTVP_Launcher.exe
MountPoints2: {8377dec1-d708-11e0-9f0a-6c626d491a0a} - I:\DTVP_Launcher.exe
MountPoints2: {ebea2d33-a0a6-11df-9ea1-806e6f6e6963} - E:\Autorun.exe
HKU\Default\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [ 2009-11-12] ()
HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [ 2009-10-23] ()
HKU\Default User\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [ 2009-11-12] ()
HKU\Default User\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [ 2009-10-23] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {1B349F1D-EAC2-4825-A0D1-AB44B87F56AB} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKCU - {FEC19396-EE58-4F28-B179-8060C46869A8} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU -No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/de-de/wlscctrl2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\..\Interfaces\{914F0FAE-A51C-4BBC-A0E5-9445B0F62A3F}: [NameServer]192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\bkp2s34p.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.4 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Shuu2lqk7OSV - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\bkp2s34p.default\Extensions\Shuu2lqk7OSV@NTO066xN6gxohjuS.com.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

Chrome:
=======
CHR Extension: (YouTube) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-07-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-21] (Avira Operations GmbH & Co. KG)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1990464 2012-11-08] (COMODO)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)
R2 Realtek11nSU; C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)

==================== Drivers (Whitelisted) ====================

R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11832 2009-07-07] (Advanced Micro Devices Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-04-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-04-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-04-01] (Avira Operations GmbH & Co. KG)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [19632 2012-11-08] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [494416 2012-11-08] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [36072 2012-11-08] (COMODO)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [82952 2012-11-08] (COMODO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S1 afcbjbbo; \??\C:\Windows\system32\drivers\afcbjbbo.sys [x]
S1 miegnlzi; \??\C:\Windows\system32\drivers\miegnlzi.sys [x]
S1 ntplmfor; \??\C:\Windows\system32\drivers\ntplmfor.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-31 08:12 - 2013-07-31 08:12 - 00000000 ____D C:\FRST
2013-07-31 08:09 - 2013-07-31 08:10 - 01222064 _____ (Farbar) C:\Users\Tim\Downloads\FRST(1).exe
2013-07-31 08:08 - 2013-07-31 08:09 - 01222064 _____ (Farbar) C:\Users\Tim\Downloads\FRST.exe
2013-07-30 19:40 - 2013-07-30 19:40 - 00000000 ____D C:\Program Files\ESET
2013-07-30 19:39 - 2013-07-30 19:40 - 02347384 _____ (ESET) C:\Users\Tim\Downloads\esetsmartinstaller_deu.exe
2013-07-28 18:50 - 2013-07-28 18:50 - 00005686 _____ C:\Users\Tim\Desktop\JRT.txt
2013-07-28 18:47 - 2013-07-28 18:47 - 00000000 ____D C:\Windows\ERUNT
2013-07-28 18:46 - 2013-07-28 18:47 - 00561198 _____ (Oleg N. Scherbakov) C:\Users\Kris\Downloads\JRT.exe
2013-07-27 10:59 - 2013-07-27 11:00 - 00891062 _____ C:\Users\Tim\Downloads\SecurityCheck.exe
2013-07-27 08:39 - 2013-07-27 08:39 - 02347384 _____ (ESET) C:\Users\Tim\Downloads\esetsmartinstaller_enu.exe
2013-07-26 21:53 - 2013-07-26 21:53 - 00001075 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-26 21:53 - 2013-07-26 21:53 - 00000000 ____D C:\Users\Tim\AppData\Roaming\Malwarebytes
2013-07-26 21:53 - 2013-07-26 21:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-26 21:53 - 2013-07-26 21:53 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-26 21:53 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-26 21:49 - 2013-07-26 21:52 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Tim\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-26 21:44 - 2013-07-26 21:44 - 00009501 _____ C:\Users\Tim\Desktop\attach.txt
2013-07-26 21:44 - 2013-07-26 21:43 - 00013587 _____ C:\Users\Tim\Desktop\dds.txt
2013-07-26 21:38 - 2013-07-26 21:38 - 00700783 ____R (Swearware) C:\Users\Kris\Downloads\dds+.exe
2013-07-26 21:22 - 2013-07-26 21:23 - 00000171 _____ C:\Windows\DeleteOnReboot.bat
2013-07-26 21:21 - 2013-07-26 21:23 - 00001190 _____ C:\AdwCleaner[S2].txt
2013-07-26 21:21 - 2013-07-26 21:22 - 00002044 _____ C:\AdwCleaner[S1].txt
2013-07-26 21:02 - 2013-07-26 21:04 - 00666633 _____ C:\Users\Tim\Downloads\adwcleaner06.exe
2013-07-26 20:01 - 2013-07-26 20:01 - 00000005 _____ C:\Users\Tim\AppData\Roaming\WBPU-TTL.DAT
2013-07-26 12:00 - 2013-07-26 12:00 - 00793536 _____ C:\Users\Tim\Downloads\ZipOpenerSetup.exe
2013-07-25 20:37 - 2013-07-25 20:45 - 17165244 _____ C:\Users\Tim\Downloads\FSK18_mi116(1).AVI
2013-07-21 23:52 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-21 23:52 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-21 23:52 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-21 23:52 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-21 23:52 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-21 23:52 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-21 23:52 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-21 23:52 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-21 23:52 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-21 23:52 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-21 23:52 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-21 23:52 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-21 23:52 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-21 23:52 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-21 23:52 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-21 23:52 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-21 23:29 - 2013-07-21 23:29 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-21 22:49 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-21 22:38 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-21 22:37 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-21 22:36 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-03 09:18 - 2013-07-03 09:52 - 753940915 _____ C:\Users\Tim\Downloads\Bravo-Dr-Sommer-Bodycheck.zip

==================== One Month Modified Files and Folders =======

2013-07-31 08:12 - 2013-07-31 08:12 - 00000000 ____D C:\FRST
2013-07-31 08:10 - 2013-07-31 08:09 - 01222064 _____ (Farbar) C:\Users\Tim\Downloads\FRST(1).exe
2013-07-31 08:09 - 2013-07-31 08:08 - 01222064 _____ (Farbar) C:\Users\Tim\Downloads\FRST.exe
2013-07-31 08:05 - 2013-05-19 17:00 - 00000000 ____D C:\Users\Tim\AppData\Roaming\Skype
2013-07-31 08:05 - 2009-07-14 06:34 - 00010096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-31 08:05 - 2009-07-14 06:34 - 00010096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-31 07:57 - 2013-02-03 11:50 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-31 07:57 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-31 07:57 - 2009-07-14 06:39 - 00116791 _____ C:\Windows\setupact.log
2013-07-30 23:34 - 2010-08-05 18:44 - 01591404 _____ C:\Windows\WindowsUpdate.log
2013-07-30 22:56 - 2013-02-03 11:50 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-30 22:39 - 2013-01-01 21:14 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-30 19:40 - 2013-07-30 19:40 - 00000000 ____D C:\Program Files\ESET
2013-07-30 19:40 - 2013-07-30 19:39 - 02347384 _____ (ESET) C:\Users\Tim\Downloads\esetsmartinstaller_deu.exe
2013-07-28 18:50 - 2013-07-28 18:50 - 00005686 _____ C:\Users\Tim\Desktop\JRT.txt
2013-07-28 18:47 - 2013-07-28 18:47 - 00000000 ____D C:\Windows\ERUNT
2013-07-28 18:47 - 2013-07-28 18:46 - 00561198 _____ (Oleg N. Scherbakov) C:\Users\Tim\Downloads\JRT.exe
2013-07-28 18:15 - 2010-01-26 18:04 - 00113518 _____ C:\Windows\PFRO.log
2013-07-27 15:11 - 2013-01-03 20:26 - 00000000 ____D C:\Program Files\Comodo
2013-07-27 11:00 - 2013-07-27 10:59 - 00891062 _____ C:\Users\Tim\Downloads\SecurityCheck.exe
2013-07-27 08:39 - 2013-07-27 08:39 - 02347384 _____ (ESET) C:\Users\Tim\Downloads\esetsmartinstaller_enu.exe
2013-07-27 08:37 - 2013-01-03 20:30 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2013-07-27 08:17 - 2009-07-14 10:57 - 00000000 ____D C:\Windows\ShellNew
2013-07-27 08:13 - 2012-11-20 22:52 - 00000000 ____D C:\Users\Tim\Desktop\Neuer Ordner
2013-07-26 21:53 - 2013-07-26 21:53 - 00001075 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-26 21:53 - 2013-07-26 21:53 - 00000000 ____D C:\Users\Tim\AppData\Roaming\Malwarebytes
2013-07-26 21:53 - 2013-07-26 21:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-26 21:53 - 2013-07-26 21:53 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-26 21:52 - 2013-07-26 21:49 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Tim\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-26 21:44 - 2013-07-26 21:44 - 00009501 _____ C:\Users\Tim\Desktop\attach.txt
2013-07-26 21:43 - 2013-07-26 21:44 - 00013587 _____ C:\Users\Tim\Desktop\dds.txt
2013-07-26 21:38 - 2013-07-26 21:38 - 00700783 ____R (Swearware) C:\Users\Tim\Downloads\dds+.exe
2013-07-26 21:23 - 2013-07-26 21:22 - 00000171 _____ C:\Windows\DeleteOnReboot.bat
2013-07-26 21:23 - 2013-07-26 21:21 - 00001190 _____ C:\AdwCleaner[S2].txt
2013-07-26 21:22 - 2013-07-26 21:21 - 00002044 _____ C:\AdwCleaner[S1].txt
2013-07-26 21:04 - 2013-07-26 21:02 - 00666633 _____ C:\Users\Tim\Downloads\adwcleaner06.exe
2013-07-26 20:01 - 2013-07-26 20:01 - 00000005 _____ C:\Users\Tim\AppData\Roaming\WBPU-TTL.DAT
2013-07-26 12:00 - 2013-07-26 12:00 - 00793536 _____ C:\Users\Tim\Downloads\ZipOpenerSetup.exe
2013-07-25 20:45 - 2013-07-25 20:37 - 17165244 _____ C:\Users\Tim\Downloads\FSK18_mi116(1).AVI
2013-07-23 20:08 - 2013-02-03 11:51 - 00002133 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-23 19:46 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-22 22:47 - 2011-01-02 19:19 - 00000000 ____D C:\Users\Tim\Desktop\Thomas Sabo
2013-07-22 22:45 - 2013-01-18 11:58 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-22 08:09 - 2010-01-26 16:21 - 01612736 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-22 08:03 - 2009-07-14 06:33 - 00381992 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-22 08:01 - 2010-04-29 14:23 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-22 08:01 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-21 23:48 - 2010-01-28 15:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-21 23:48 - 2010-01-26 16:42 - 75699896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-21 23:29 - 2013-07-21 23:29 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-21 22:37 - 2013-05-07 20:01 - 00067168 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-07-20 08:41 - 2010-08-05 18:46 - 00000000 ____D C:\Users\Tim
2013-07-20 08:12 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp
2013-07-20 08:09 - 2013-01-31 22:04 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-07-20 08:09 - 2013-01-01 16:09 - 00000000 ____D C:\ProgramData\Origin
2013-07-20 08:09 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\AppCompat
2013-07-20 08:08 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-07-20 08:07 - 2009-07-14 10:56 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-07-20 08:05 - 2010-01-26 17:30 - 00000000 ____D C:\Windows\system32\Macromed
2013-07-20 08:05 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-07-20 08:05 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2013-07-20 08:04 - 2013-01-03 20:27 - 00000000 ____D C:\ProgramData\Comodo
2013-07-03 09:52 - 2013-07-03 09:18 - 753940915 _____ C:\Users\Tim\Downloads\Bravo-Dr-Sommer-Bodycheck.zip

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1134337333-2194941772-1915032697-1000\$87e7496d519f3441179914277f337ed4

Files to move or delete:
====================
C:\ProgramData\jQBjASj.pad

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-23 20:25

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---


Vielen Dank schon mal für die Mühe:


Zitat:
c:\program files\comodo\comodo internet security\quarantine\bfdaa991-5a74-413d-932e-4474185015b0.data (Trojan.0Access)
ZeroAccess. Der liegt in der Q von Comodo. Weißt du noch wann in etwas der gefunden wurde, hast du vllt noch das Log dazu von Comodo?

-> Sorry aber ich weiß nicht mehr, wann der gefunden wurde und das Log (was auch immer das ist) von Comodo habe ich leider auch nicht.

FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 30-07-2013 04
Ran by Tim at 2013-07-31 08:14:48
Running from C:\Users\Tim\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 Update for Microsoft Office 2007 (KB2508958)
Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader X (10.1.3) - Deutsch (Version: 10.1.3)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
AMD USB Filter Driver (Version: 1.0.15.94)
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.769.0)
Avira Free Antivirus (Version: 13.0.0.3884)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center Core Implementation (Version: 2010.0406.2133.36843)
Catalyst Control Center Graphics Full Existing (Version: 2010.0406.2133.36843)
Catalyst Control Center Graphics Full New (Version: 2010.0406.2133.36843)
Catalyst Control Center Graphics Light (Version: 2010.0406.2133.36843)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0406.2133.36843)
Catalyst Control Center InstallProxy (Version: 2010.0406.2133.36843)
Catalyst Control Center Localization All (Version: 2010.0406.2133.36843)
CCC Help Danish (Version: 2010.0406.2132.36843)
CCC Help Dutch (Version: 2010.0406.2132.36843)
CCC Help English (Version: 2010.0406.2132.36843)
CCC Help Finnish (Version: 2010.0406.2132.36843)
CCC Help French (Version: 2010.0406.2132.36843)
CCC Help German (Version: 2010.0406.2132.36843)
CCC Help Italian (Version: 2010.0406.2132.36843)
CCC Help Japanese (Version: 2010.0406.2132.36843)
CCC Help Norwegian (Version: 2010.0406.2132.36843)
CCC Help Spanish (Version: 2010.0406.2132.36843)
CCC Help Swedish (Version: 2010.0406.2132.36843)
ccc-core-static (Version: 2010.0406.2133.36843)
ccc-utility (Version: 2010.0406.2133.36843)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Command & Conquer™ 4 Tiberian Twilight (Version: 1.0.0.0)
Commander: Conquest of the Americas
COMODO Internet Security (Version: 5.12.59641.2599)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
CorelDRAW Essentials 4 - Content (Version: 4.0)
CorelDRAW Essentials 4 - Draw (Version: 4.0)
CorelDRAW Essentials 4 - Extra Content
CorelDRAW Essentials 4 - Extra Content (Version: 4.0)
CorelDRAW Essentials 4 - Filters (Version: 4.0)
CorelDRAW Essentials 4 - ICA (Version: 4.0)
CorelDRAW Essentials 4 - IPM - No VBA (Version: 4.0)
CorelDRAW Essentials 4 - Lang BR (Version: 4.0)
CorelDRAW Essentials 4 - Lang DE (Version: 4.0)
CorelDRAW Essentials 4 - Lang EN (Version: 4.0)
CorelDRAW Essentials 4 - Lang ES (Version: 4.0)
CorelDRAW Essentials 4 - Lang FR (Version: 4.0)
CorelDRAW Essentials 4 - Lang IT (Version: 4.0)
CorelDRAW Essentials 4 - Lang NL (Version: 4.0)
CorelDRAW Essentials 4 - PHOTO-PAINT (Version: 4.0)
CorelDRAW Essentials 4 (Version: 4.0)
EA Installer (Version: 2.3.0.74)
ESET Online Scanner v3
FUSSBALL MANAGER 11 (Version: 1.0.0.3)
Google Chrome (Version: 28.0.1500.72)
Google Update Helper (Version: 1.3.21.153)
iTunes (Version: 11.0.1.12)
Java Auto Updater (Version: 2.0.3.1)
Java(TM) 6 Update 24 (Version: 6.0.240)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee Security Scan Plus (Version: 3.0.318.3)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Expression Encoder 4 (Version: 4.0.1651.0)
Microsoft Expression Encoder 4 Screen Capture Codec (Version: 4.0.1651.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.4 (Version: 2.0.3008.0)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Search Enhancement Pack (Version: 3.0.133.0)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [DEU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox 22.0 (x86 de) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Origin (Version: 9.1.3.2637)
PlayReady PC Runtime x86 (Version: 1.3.0)
QuickTime (Version: 7.73.80.64)
Realtek High Definition Audio Driver (Version: 6.0.1.6083)
REALTEK Wireless LAN Driver and Utility (Version: 1.00.0182)
Sid Meier's Civilization V
Skype™ 6.3 (Version: 6.3.107)
Snagit 10 (Version: 10.0.0)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Steam (Version: 1.0.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Zip Opener
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
VLC media player 1.1.7 (Version: 1.1.7)
Windows Live Mesh ActiveX control for remote connections (Version: 15.4.5722.2)
Windows Live OneCare safety scanner
Windows Live OneCare safety scanner (Version: 1.0.0.0)
WinRAR
Wolfschanze II (1.0)
 

==================== Restore Points  =========================

17-07-2013 06:06:45 Windows Update
20-07-2013 05:59:33 Wiederherstellungsvorgang
21-07-2013 20:47:41 Windows Update
21-07-2013 21:42:09 Windows Update
25-07-2013 18:28:03 Windows Update
27-07-2013 13:09:49 Removed GeekBuddy.
30-07-2013 17:35:20 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {12AECC96-7E85-447F-BE57-584ADD24D1B1} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {231680FE-BCD0-4811-BE67-8C906D785E51} - System32\Tasks\DealPly => C:\Users\Tim\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE No File
Task: {35C580BD-4AB0-4BE2-A970-B3E909A28C83} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-23] (Adobe Systems Incorporated)
Task: {4276C3A5-E6FB-486D-AB5B-D1911AFBA123} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4CD4F0BC-BE70-40C1-B454-BA6F51C62DEE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-03] (Google Inc.)
Task: {5D7AFBCA-6BEC-4EDF-BB16-14BD3F405801} - System32\Tasks\DealPlyUpdate => C:\Program No File
Task: {651B4FF7-AA4C-47BA-959F-938DB11E3410} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {6954EFB7-4C92-44F5-A387-8D6F536A0A2B} - System32\Tasks\User_Feed_Synchronization-{8A42D831-1594-44D2-B4AB-24981981ADFF} => C:\Windows\system32\msfeedssync.exe [2013-05-26] (Microsoft Corporation)
Task: {DA6265EA-4494-4396-808C-F419F1AAE605} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-03] (Google Inc.)
Task: {E55B9DFD-F40A-4465-B12C-1A9F445EDE49} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/30/2013 07:25:53 PM) (Source: Application Hang) (User: )
Description: Programm avnotify.exe, Version 13.6.0.1550 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: bd0

Startzeit: 01ce8d49aa3acf24

Endzeit: 16

Anwendungspfad: C:\Program Files\Avira\AntiVir Desktop\avnotify.exe

Berichts-ID: 1419c3e4-f93d-11e2-ab00-6c626d491a0a


System errors:
=============
Error: (07/30/2013 09:22:18 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-07-26 23:17:04.276
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\Temp\TMP0000000723B38D8A25A3A171" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-26 23:17:04.266
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\Temp\TMP0000000723B38D8A25A3A171" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 42%
Total physical RAM: 3326.3 MB
Available physical RAM: 1908.07 MB
Total Pagefile: 6650.9 MB
Available Pagefile: 4723.15 MB
Total Virtual: 2047.88 MB
Available Virtual: 1870.72 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:910.41 GB) (Free:674.86 GB) NTFS
Drive d: (Recover) (Fixed) (Total:20 GB) (Free:11.15 GB) NTFS
Drive e: (MANAGER11) (CDROM) (Total:7.22 GB) (Free:0 GB) CDFS
Drive f: (Volume) (Fixed) (Total:931.51 GB) (Free:903.7 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=910 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 78B46051)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ========================
--- --- ---

cosinus 31.07.2013 08:39
Bevor wir uns an die weitere Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

nobody123 02.08.2013 23:46
Combofix Logfile:
Code:
ComboFix 13-08-02.01 - Tim 03.08.2013  0:32.1.4 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3326.1835 [GMT 2:00]
ausgeführt von:: c:\users\Tim\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\jQBjASj.pad
F:\Autorun.inf
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-07-02 bis 2013-08-02  ))))))))))))))))))))))))))))))
.
.
2013-08-02 22:40 . 2013-08-02 22:40        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-08-02 22:33 . 2013-08-02 22:33        60872        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2B3416E2-A0F0-4896-8705-3C16B1C4684A}\offreg.dll
2013-08-02 22:32 . 2013-08-02 22:32        29904        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2B3416E2-A0F0-4896-8705-3C16B1C4684A}\MpKsl8341c558.sys
2013-08-02 22:24 . 2013-07-02 06:54        7143960        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2B3416E2-A0F0-4896-8705-3C16B1C4684A}\mpengine.dll
2013-07-31 06:12 . 2013-07-31 06:12        --------        d-----w-        C:\FRST
2013-07-30 17:40 . 2013-07-30 17:40        --------        d-----w-        c:\program files\ESET
2013-07-30 17:36 . 2013-07-02 06:54        7143960        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-28 16:47 . 2013-07-28 16:47        --------        d-----w-        c:\windows\ERUNT
2013-07-26 19:53 . 2013-07-26 19:53        --------        d-----w-        c:\users\Tim\AppData\Roaming\Malwarebytes
2013-07-26 19:53 . 2013-07-26 19:53        --------        d-----w-        c:\programdata\Malwarebytes
2013-07-26 19:53 . 2013-07-26 19:53        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2013-07-26 19:53 . 2013-04-04 12:50        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-07-26 19:52 . 2013-07-26 19:52        --------        d-----w-        c:\users\Tim\AppData\Local\Programs
2013-07-26 19:22 . 2013-07-26 19:23        171        ----a-w-        c:\windows\DeleteOnReboot.bat
2013-07-21 20:49 . 2013-07-21 20:48        698504        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EBC968A6-7CCE-44E1-B6CB-FBA21BBF6B07}\gapaengine.dll
2013-07-21 20:49 . 2013-06-05 03:05        2347520        ----a-w-        c:\windows\system32\win32k.sys
2013-07-21 20:49 . 2013-04-10 05:03        936448        ----a-w-        c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-21 20:38 . 2013-04-09 23:34        1247744        ----a-w-        c:\windows\system32\DWrite.dll
2013-07-21 20:37 . 2013-05-06 04:56        1620480        ----a-w-        c:\windows\system32\WMVDECOD.DLL
2013-07-21 20:36 . 2013-06-04 04:53        509440        ----a-w-        c:\windows\system32\qedit.dll
2013-07-21 20:20 . 2013-05-27 04:57        680960        ----a-w-        c:\program files\Windows Defender\MpSvc.dll
2013-07-21 20:20 . 2013-05-27 04:57        392704        ----a-w-        c:\program files\Windows Defender\MpClient.dll
2013-07-21 20:20 . 2013-05-27 04:57        224768        ----a-w-        c:\program files\Windows Defender\MpCommu.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-21 20:37 . 2013-05-07 18:01        67168        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2013-06-23 15:39 . 2013-01-01 19:14        692104        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2013-06-23 15:39 . 2013-01-01 19:14        71048        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-23 14:22 . 2011-04-03 18:09        724464        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-26 17:36 . 2013-05-26 17:36        745472        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-26 17:36 . 2013-05-26 17:36        185344        ----a-w-        c:\windows\system32\elshyph.dll
2013-05-26 17:36 . 2013-05-26 17:36        158720        ----a-w-        c:\windows\system32\msls31.dll
2013-05-26 17:36 . 2013-05-26 17:36        523264        ----a-w-        c:\windows\system32\vbscript.dll
2013-05-26 17:36 . 2013-05-26 17:36        150528        ----a-w-        c:\windows\system32\iexpress.exe
2013-05-26 17:36 . 2013-05-26 17:36        138752        ----a-w-        c:\windows\system32\wextract.exe
2013-05-26 17:36 . 2013-05-26 17:36        137216        ----a-w-        c:\windows\system32\ieUnatt.exe
2013-05-26 17:36 . 2013-05-26 17:36        12800        ----a-w-        c:\windows\system32\mshta.exe
2013-05-26 17:36 . 2013-05-26 17:36        38400        ----a-w-        c:\windows\system32\imgutil.dll
2013-05-26 17:36 . 2013-05-26 17:36        73728        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2013-05-26 17:36 . 2013-05-26 17:36        110592        ----a-w-        c:\windows\system32\IEAdvpack.dll
2013-05-26 17:36 . 2013-05-26 17:36        61952        ----a-w-        c:\windows\system32\tdc.ocx
2013-05-26 17:36 . 2013-05-26 17:36        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2013-05-26 17:36 . 2013-05-26 17:36        361984        ----a-w-        c:\windows\system32\html.iec
2013-05-26 17:36 . 2013-05-26 17:36        719360        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2013-05-26 17:36 . 2013-05-26 17:36        1441280        ----a-w-        c:\windows\system32\inetcpl.cpl
2013-05-26 17:36 . 2013-05-26 17:36        23040        ----a-w-        c:\windows\system32\licmgr10.dll
2013-05-26 17:33 . 2013-05-26 17:33        9728        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-26 17:33 . 2013-05-26 17:33        4096        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-26 17:33 . 2013-05-26 17:33        3072        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-26 17:33 . 2013-05-26 17:33        5632        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-26 17:33 . 2013-05-26 17:33        5632        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-26 17:33 . 2013-05-26 17:33        3584        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-26 17:33 . 2013-05-26 17:33        3072        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-26 17:33 . 2013-05-26 17:33        2560        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-26 17:33 . 2013-05-26 17:33        10752        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-26 17:33 . 2013-05-26 17:33        364544        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2013-05-26 17:33 . 2013-05-26 17:33        2284544        ----a-w-        c:\windows\system32\msmpeg2vdec.dll
2013-05-26 17:33 . 2013-05-26 17:33        1158144        ----a-w-        c:\windows\system32\XpsPrint.dll
2013-05-26 17:33 . 2013-05-26 17:33        906240        ----a-w-        c:\windows\system32\FntCache.dll
2013-05-26 17:33 . 2013-05-26 17:33        417792        ----a-w-        c:\windows\system32\WMPhoto.dll
2013-05-26 17:33 . 2013-05-26 17:33        249856        ----a-w-        c:\windows\system32\d3d10_1core.dll
2013-05-26 17:33 . 2013-05-26 17:33        220160        ----a-w-        c:\windows\system32\d3d10core.dll
2013-05-26 17:33 . 2013-05-26 17:33        207872        ----a-w-        c:\windows\system32\WindowsCodecsExt.dll
2013-05-26 17:33 . 2013-05-26 17:33        1080832        ----a-w-        c:\windows\system32\d3d10.dll
2013-05-26 17:33 . 2013-05-26 17:33        604160        ----a-w-        c:\windows\system32\d3d10level9.dll
2013-05-26 17:33 . 2013-05-26 17:33        3419136        ----a-w-        c:\windows\system32\d2d1.dll
2013-05-26 17:33 . 2013-05-26 17:33        161792        ----a-w-        c:\windows\system32\d3d10_1.dll
2013-05-26 17:33 . 2013-05-26 17:33        293376        ----a-w-        c:\windows\system32\dxgi.dll
2013-05-26 17:33 . 2013-05-26 17:33        1988096        ----a-w-        c:\windows\system32\d3d10warp.dll
2013-05-26 17:33 . 2013-05-26 17:33        187392        ----a-w-        c:\windows\system32\UIAnimation.dll
2013-05-13 04:45 . 2013-06-23 14:29        1160192        ----a-w-        c:\windows\system32\crypt32.dll
2013-05-13 04:45 . 2013-06-23 14:29        140288        ----a-w-        c:\windows\system32\cryptsvc.dll
2013-05-13 04:45 . 2013-06-23 14:29        103936        ----a-w-        c:\windows\system32\cryptnet.dll
2013-05-13 03:08 . 2013-06-23 14:29        903168        ----a-w-        c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-23 14:29        43008        ----a-w-        c:\windows\system32\certenc.dll
2013-05-10 03:20 . 2013-06-23 14:29        24576        ----a-w-        c:\windows\system32\cryptdlg.dll
2013-05-08 05:38 . 2013-06-23 14:28        1293672        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2013-05-06 05:06 . 2013-06-23 14:28        3913576        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-05-06 05:06 . 2013-06-23 14:28        3968872        ----a-w-        c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EADM"="c:\program files\Origin\Origin.exe" [2013-05-19 3497552]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-04-19 18678376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-06 8555040]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-07-21 345144]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 6756048]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-04-01 280576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-04-04 05:53        843712        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-12-12 12:57        152544        ----a-w-        c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 02:12        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-18 19:07        1242448        ----a-w-        c:\program files\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 13:49        249064        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe
.
R1 afcbjbbo;afcbjbbo;c:\windows\system32\drivers\afcbjbbo.sys [x]
R1 miegnlzi;miegnlzi;c:\windows\system32\drivers\miegnlzi.sys [x]
R1 ntplmfor;ntplmfor;c:\windows\system32\drivers\ntplmfor.sys [x]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2013-02-03 116648]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-04-19 161384]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2013-02-03 116648]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-29 1343400]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-04-01 37352]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2012-11-07 19632]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-11-07 494416]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-11-07 36072]
S1 MpKsl8341c558;MpKsl8341c558;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2B3416E2-A0F0-4896-8705-3C16B1C4684A}\MpKsl8341c558.sys [2013-08-02 29904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-07 172032]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-07-21 84024]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 100328]
S2 Realtek11nSU;Realtek11nSU;c:\program files\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2010-04-16 36864]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 295232]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2011-08-11 602216]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 30392]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MPKSL8341C558
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-23 18:08        1173456        ----a-w-        c:\program files\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-01 15:39]
.
2013-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-03 09:50]
.
2013-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-03 09:50]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{914F0FAE-A51C-4BBC-A0E5-9445B0F62A3F}: NameServer = 192.168.1.1
FF - ProfilePath - c:\users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\bkp2s34p.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - ExtSQL: 2013-06-27 20:43; Shuu2lqk7OSV@NTO066xN6gxohjuS.com; c:\users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\bkp2s34p.default\extensions\Shuu2lqk7OSV@NTO066xN6gxohjuS.com.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
SafeBoot-BsScanner
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
AddRemove-DSite - c:\users\Tim\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(620)
c:\windows\system32\guard32.dll
.
Zeit der Fertigstellung: 2013-08-03  00:43:24
ComboFix-quarantined-files.txt  2013-08-02 22:43
.
Vor Suchlauf: 7 Verzeichnis(se), 725.157.761.024 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 726.125.809.664 Bytes frei
.
- - End Of File - - 0C382CE61C4A053153D8BAC2CB4F7AD1
--- --- ---
8BCB23B30DB1819E7D8DDAE01AEBB583
[/CODE]

nobody123 06.08.2013 21:26
Erinnerung an meinem Thread. Geht es bitte weiter - das Problem besteht leider immer noch. :dankeschoen:

cosinus 06.08.2013 23:30
Sry hab deinen Thread übersehen

Zitat:
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
Sowas geht nicht. Wenn bitte nur einen Virenscanner!
Bitte alle deinstallieren bis auf einen den du behalten willst.

nobody123 09.08.2013 22:02
Zitat:
Zitat von cosinus (Beitrag 1127276)
Sry hab deinen Thread übersehen



Sowas geht nicht. Wenn bitte nur einen Virenscanner!
Bitte alle deinstallieren bis auf einen den du behalten willst.
Zitat:
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

-> erledigt - wie geht es nun weiter?

cosinus 09.08.2013 22:05
Combofix-Skript
WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
  • Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
  • Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
    Code:
    Driver::
    afcbjbbo
    miegnlzi
    ntplmfor
    Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Speichere dies als CFScript.txt auf deinem Desktop.
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
    Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!

nobody123 13.08.2013 21:36
Combofix Logfile:
Code:
ComboFix 13-08-13.02 - Tim 13.08.2013  22:17:58.2.4 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3326.2307 [GMT 2:00]
ausgeführt von:: c:\users\Tim\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-07-13 bis 2013-08-13  ))))))))))))))))))))))))))))))
.
.
2013-08-13 20:24 . 2013-08-13 20:24        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-08-13 20:24 . 2013-08-13 20:24        --------        d-----w-        c:\users\Administrator\AppData\Local\temp
2013-08-13 19:55 . 2013-07-02 06:54        7143960        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BC0E309F-591F-4E13-88D3-9EF67A86097F}\mpengine.dll
2013-08-12 06:18 . 2013-07-02 06:54        7143960        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-11 20:08 . 2013-08-11 20:09        --------        d-----w-        c:\programdata\Tarma Installer
2013-08-11 20:04 . 2013-08-11 20:04        --------        d-----w-        c:\users\Tim\AppData\Roaming\Babylon
2013-08-11 20:04 . 2013-08-11 20:04        --------        d-----w-        c:\programdata\Babylon
2013-07-31 06:12 . 2013-07-31 06:12        --------        d-----w-        C:\FRST
2013-07-30 17:40 . 2013-07-30 17:40        --------        d-----w-        c:\program files\ESET
2013-07-28 16:47 . 2013-07-28 16:47        --------        d-----w-        c:\windows\ERUNT
2013-07-26 19:53 . 2013-07-26 19:53        --------        d-----w-        c:\users\Tim\AppData\Roaming\Malwarebytes
2013-07-26 19:53 . 2013-07-26 19:53        --------        d-----w-        c:\programdata\Malwarebytes
2013-07-26 19:53 . 2013-07-26 19:53        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2013-07-26 19:53 . 2013-04-04 12:50        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-07-26 19:52 . 2013-07-26 19:52        --------        d-----w-        c:\users\Tim\AppData\Local\Programs
2013-07-26 19:22 . 2013-07-26 19:23        171        ----a-w-        c:\windows\DeleteOnReboot.bat
2013-07-21 20:49 . 2013-07-21 20:48        698504        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EBC968A6-7CCE-44E1-B6CB-FBA21BBF6B07}\gapaengine.dll
2013-07-21 20:49 . 2013-06-05 03:05        2347520        ----a-w-        c:\windows\system32\win32k.sys
2013-07-21 20:49 . 2013-04-10 05:03        936448        ----a-w-        c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-21 20:38 . 2013-04-09 23:34        1247744        ----a-w-        c:\windows\system32\DWrite.dll
2013-07-21 20:37 . 2013-05-06 04:56        1620480        ----a-w-        c:\windows\system32\WMVDECOD.DLL
2013-07-21 20:36 . 2013-06-04 04:53        509440        ----a-w-        c:\windows\system32\qedit.dll
2013-07-21 20:20 . 2013-05-27 04:57        680960        ----a-w-        c:\program files\Windows Defender\MpSvc.dll
2013-07-21 20:20 . 2013-05-27 04:57        392704        ----a-w-        c:\program files\Windows Defender\MpClient.dll
2013-07-21 20:20 . 2013-05-27 04:57        224768        ----a-w-        c:\program files\Windows Defender\MpCommu.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-23 15:39 . 2013-01-01 19:14        692104        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2013-06-23 15:39 . 2013-01-01 19:14        71048        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-23 14:22 . 2011-04-03 18:09        724464        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-26 17:36 . 2013-05-26 17:36        745472        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-26 17:36 . 2013-05-26 17:36        185344        ----a-w-        c:\windows\system32\elshyph.dll
2013-05-26 17:36 . 2013-05-26 17:36        158720        ----a-w-        c:\windows\system32\msls31.dll
2013-05-26 17:36 . 2013-05-26 17:36        523264        ----a-w-        c:\windows\system32\vbscript.dll
2013-05-26 17:36 . 2013-05-26 17:36        150528        ----a-w-        c:\windows\system32\iexpress.exe
2013-05-26 17:36 . 2013-05-26 17:36        138752        ----a-w-        c:\windows\system32\wextract.exe
2013-05-26 17:36 . 2013-05-26 17:36        137216        ----a-w-        c:\windows\system32\ieUnatt.exe
2013-05-26 17:36 . 2013-05-26 17:36        12800        ----a-w-        c:\windows\system32\mshta.exe
2013-05-26 17:36 . 2013-05-26 17:36        38400        ----a-w-        c:\windows\system32\imgutil.dll
2013-05-26 17:36 . 2013-05-26 17:36        73728        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2013-05-26 17:36 . 2013-05-26 17:36        110592        ----a-w-        c:\windows\system32\IEAdvpack.dll
2013-05-26 17:36 . 2013-05-26 17:36        61952        ----a-w-        c:\windows\system32\tdc.ocx
2013-05-26 17:36 . 2013-05-26 17:36        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2013-05-26 17:36 . 2013-05-26 17:36        361984        ----a-w-        c:\windows\system32\html.iec
2013-05-26 17:36 . 2013-05-26 17:36        719360        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2013-05-26 17:36 . 2013-05-26 17:36        1441280        ----a-w-        c:\windows\system32\inetcpl.cpl
2013-05-26 17:36 . 2013-05-26 17:36        23040        ----a-w-        c:\windows\system32\licmgr10.dll
2013-05-26 17:33 . 2013-05-26 17:33        9728        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-26 17:33 . 2013-05-26 17:33        4096        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-26 17:33 . 2013-05-26 17:33        3072        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-26 17:33 . 2013-05-26 17:33        5632        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-26 17:33 . 2013-05-26 17:33        5632        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-26 17:33 . 2013-05-26 17:33        3584        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-26 17:33 . 2013-05-26 17:33        3072        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-26 17:33 . 2013-05-26 17:33        2560        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-26 17:33 . 2013-05-26 17:33        10752        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-26 17:33 . 2013-05-26 17:33        364544        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2013-05-26 17:33 . 2013-05-26 17:33        2284544        ----a-w-        c:\windows\system32\msmpeg2vdec.dll
2013-05-26 17:33 . 2013-05-26 17:33        1158144        ----a-w-        c:\windows\system32\XpsPrint.dll
2013-05-26 17:33 . 2013-05-26 17:33        906240        ----a-w-        c:\windows\system32\FntCache.dll
2013-05-26 17:33 . 2013-05-26 17:33        417792        ----a-w-        c:\windows\system32\WMPhoto.dll
2013-05-26 17:33 . 2013-05-26 17:33        249856        ----a-w-        c:\windows\system32\d3d10_1core.dll
2013-05-26 17:33 . 2013-05-26 17:33        220160        ----a-w-        c:\windows\system32\d3d10core.dll
2013-05-26 17:33 . 2013-05-26 17:33        207872        ----a-w-        c:\windows\system32\WindowsCodecsExt.dll
2013-05-26 17:33 . 2013-05-26 17:33        1080832        ----a-w-        c:\windows\system32\d3d10.dll
2013-05-26 17:33 . 2013-05-26 17:33        604160        ----a-w-        c:\windows\system32\d3d10level9.dll
2013-05-26 17:33 . 2013-05-26 17:33        3419136        ----a-w-        c:\windows\system32\d2d1.dll
2013-05-26 17:33 . 2013-05-26 17:33        161792        ----a-w-        c:\windows\system32\d3d10_1.dll
2013-05-26 17:33 . 2013-05-26 17:33        293376        ----a-w-        c:\windows\system32\dxgi.dll
2013-05-26 17:33 . 2013-05-26 17:33        1988096        ----a-w-        c:\windows\system32\d3d10warp.dll
2013-05-26 17:33 . 2013-05-26 17:33        187392        ----a-w-        c:\windows\system32\UIAnimation.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EADM"="c:\program files\Origin\Origin.exe" [2013-05-19 3497552]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-04-19 18678376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-06 8555040]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-04-01 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-04-04 05:53        843712        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-12-12 12:57        152544        ----a-w-        c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 02:12        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-18 19:07        1242448        ----a-w-        c:\program files\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 13:49        249064        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe
.
R1 afcbjbbo;afcbjbbo;c:\windows\system32\drivers\afcbjbbo.sys [x]
R1 miegnlzi;miegnlzi;c:\windows\system32\drivers\miegnlzi.sys [x]
R1 ntplmfor;ntplmfor;c:\windows\system32\drivers\ntplmfor.sys [x]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2013-02-03 116648]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-04-19 161384]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2013-02-03 116648]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 100328]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 295232]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-29 1343400]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-07 172032]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 Realtek11nSU;Realtek11nSU;c:\program files\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2010-04-16 36864]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2011-08-11 602216]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 30392]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-02 23:00        1173456        ----a-w-        c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-01 15:39]
.
2013-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-03 09:50]
.
2013-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-03 09:50]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=A03A74F06D1A81C7&affID=119523&tt=070813_wt4&tsp=4971
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{914F0FAE-A51C-4BBC-A0E5-9445B0F62A3F}: NameServer = 192.168.1.1
FF - ProfilePath - c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\bkp2s34p.default\
FF - ExtSQL: 2013-06-27 20:43; Shuu2lqk7OSV@NTO066xN6gxohjuS.com; c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\bkp2s34p.default\extensions\Shuu2lqk7OSV@NTO066xN6gxohjuS.com.xpi
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - a03a8f6200000000000074f06d1a81c7
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15928
FF - user.js: extensions.delta.vrsn - 1.8.22.0
FF - user.js: extensions.delta.vrsni - 1.8.22.0
FF - user.js: extensions.delta.vrsnTs - 1.8.22.022:06
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - de
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119523&tt=070813_wt4&tsp=4971
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-08-13  22:30:13
ComboFix-quarantined-files.txt  2013-08-13 20:30
ComboFix2.txt  2013-08-02 22:43
.
Vor Suchlauf: 10 Verzeichnis(se), 729.198.133.248 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 728.821.182.464 Bytes frei
.
- - End Of File - - BF62835C6D41C097276A04A83200217F
--- --- ---
8BCB23B30DB1819E7D8DDAE01AEBB583
[/CODE]

OK - Was muss ich als nächstes machen?

:abklatsch:

cosinus 13.08.2013 23:32
Sry aber die Anleitung hast du garnicht umgesetzt. Das mit CFscript scheint garnicht gelaufen zu sein. Das Log von CF schreibt nicht mal etwas davon, dass eine derartige Scriptdatei verwendet wurd. Mach es bitte nochmal aber richtig.

nobody123 19.08.2013 07:09
Code:
ComboFix 13-08-18.01 - Tim 19.08.2013  7:50.3.4 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3326.2248 [GMT 2:00]
ausgeführt von:: c:\users\Tim\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Tim\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_afcbjbbo
-------\Service_miegnlzi
-------\Service_ntplmfor
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-07-19 bis 2013-08-19  ))))))))))))))))))))))))))))))
.
.
2013-08-19 05:55 . 2013-08-19 05:55        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-08-19 05:55 . 2013-08-19 05:55        --------        d-----w-        c:\users\Administrator\AppData\Local\temp
2013-08-18 13:12 . 2013-07-02 06:54        7143960        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{321838C2-98B1-4F0D-B1CA-126EB08BD6F5}\mpengine.dll
2013-08-16 17:39 . 2013-07-02 06:54        7143960        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-14 08:06 . 2013-08-14 08:08        --------        d-----w-        c:\windows\system32\MRT
2013-08-14 06:45 . 2013-07-09 04:50        652800        ----a-w-        c:\windows\system32\rpcrt4.dll
2013-08-14 06:45 . 2013-07-09 04:52        175104        ----a-w-        c:\windows\system32\wintrust.dll
2013-08-14 06:45 . 2013-07-09 04:46        140288        ----a-w-        c:\windows\system32\cryptsvc.dll
2013-08-14 06:45 . 2013-07-09 04:46        1166848        ----a-w-        c:\windows\system32\crypt32.dll
2013-08-14 06:45 . 2013-07-09 04:46        103936        ----a-w-        c:\windows\system32\cryptnet.dll
2013-08-14 06:44 . 2013-07-09 05:03        3968960        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2013-08-14 06:44 . 2013-07-09 05:03        3913664        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-08-14 06:44 . 2013-07-09 04:53        1289096        ----a-w-        c:\windows\system32\ntdll.dll
2013-08-14 06:44 . 2013-07-06 05:05        1293760        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2013-08-14 06:43 . 2013-07-25 08:57        1620992        ----a-w-        c:\windows\system32\WMVDECOD.DLL
2013-08-14 06:38 . 2013-07-19 01:41        2048        ----a-w-        c:\windows\system32\tzres.dll
2013-08-14 06:38 . 2013-06-15 03:38        31232        ----a-w-        c:\windows\system32\drivers\tssecsrv.sys
2013-08-11 20:08 . 2013-08-11 20:09        --------        d-----w-        c:\programdata\Tarma Installer
2013-08-11 20:04 . 2013-08-11 20:04        --------        d-----w-        c:\users\Tim\AppData\Roaming\Babylon
2013-08-11 20:04 . 2013-08-11 20:04        --------        d-----w-        c:\programdata\Babylon
2013-07-31 06:12 . 2013-07-31 06:12        --------        d-----w-        C:\FRST
2013-07-28 16:47 . 2013-07-28 16:47        --------        d-----w-        c:\windows\ERUNT
2013-07-26 19:53 . 2013-07-26 19:53        --------        d-----w-        c:\users\Tim\AppData\Roaming\Malwarebytes
2013-07-26 19:53 . 2013-07-26 19:53        --------        d-----w-        c:\programdata\Malwarebytes
2013-07-26 19:53 . 2013-07-26 19:53        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2013-07-26 19:53 . 2013-04-04 12:50        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-07-26 19:52 . 2013-07-26 19:52        --------        d-----w-        c:\users\Tim\AppData\Local\Programs
2013-07-26 19:22 . 2013-07-26 19:23        171        ----a-w-        c:\windows\DeleteOnReboot.bat
2013-07-21 20:49 . 2013-07-21 20:48        698504        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EBC968A6-7CCE-44E1-B6CB-FBA21BBF6B07}\gapaengine.dll
2013-07-21 20:49 . 2013-06-05 03:05        2347520        ----a-w-        c:\windows\system32\win32k.sys
2013-07-21 20:49 . 2013-04-10 05:03        936448        ----a-w-        c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-21 20:38 . 2013-04-09 23:34        1247744        ----a-w-        c:\windows\system32\DWrite.dll
2013-07-21 20:36 . 2013-06-04 04:53        509440        ----a-w-        c:\windows\system32\qedit.dll
2013-07-21 20:20 . 2013-05-27 04:57        680960        ----a-w-        c:\program files\Windows Defender\MpSvc.dll
2013-07-21 20:20 . 2013-05-27 04:57        392704        ----a-w-        c:\program files\Windows Defender\MpClient.dll
2013-07-21 20:20 . 2013-05-27 04:57        224768        ----a-w-        c:\program files\Windows Defender\MpCommu.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-23 15:39 . 2013-01-01 19:14        692104        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2013-06-23 15:39 . 2013-01-01 19:14        71048        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-23 14:22 . 2011-04-03 18:09        724464        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-26 17:36 . 2013-05-26 17:36        745472        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-26 17:36 . 2013-05-26 17:36        185344        ----a-w-        c:\windows\system32\elshyph.dll
2013-05-26 17:36 . 2013-05-26 17:36        158720        ----a-w-        c:\windows\system32\msls31.dll
2013-05-26 17:36 . 2013-05-26 17:36        523264        ----a-w-        c:\windows\system32\vbscript.dll
2013-05-26 17:36 . 2013-05-26 17:36        150528        ----a-w-        c:\windows\system32\iexpress.exe
2013-05-26 17:36 . 2013-05-26 17:36        138752        ----a-w-        c:\windows\system32\wextract.exe
2013-05-26 17:36 . 2013-05-26 17:36        137216        ----a-w-        c:\windows\system32\ieUnatt.exe
2013-05-26 17:36 . 2013-05-26 17:36        12800        ----a-w-        c:\windows\system32\mshta.exe
2013-05-26 17:36 . 2013-05-26 17:36        38400        ----a-w-        c:\windows\system32\imgutil.dll
2013-05-26 17:36 . 2013-05-26 17:36        73728        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2013-05-26 17:36 . 2013-05-26 17:36        110592        ----a-w-        c:\windows\system32\IEAdvpack.dll
2013-05-26 17:36 . 2013-05-26 17:36        61952        ----a-w-        c:\windows\system32\tdc.ocx
2013-05-26 17:36 . 2013-05-26 17:36        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2013-05-26 17:36 . 2013-05-26 17:36        361984        ----a-w-        c:\windows\system32\html.iec
Zitat:
Zitat von cosinus (Beitrag 1132045)
Sry aber die Anleitung hast du garnicht umgesetzt. Das mit CFscript scheint garnicht gelaufen zu sein. Das Log von CF schreibt nicht mal etwas davon, dass eine derartige Scriptdatei verwendet wurd. Mach es bitte nochmal aber richtig.
-> Sorry aber ich habe es genau wie in der Beschreibung umgesetzt. Was kann ich denn falsch gemacht haben?

cosinus 19.08.2013 10:31
Jetzt ist richtig. Aber das CF-Log ist unvollständig

nobody123 21.08.2013 07:11
Code:
ComboFix 13-08-18.01 - Tim 19.08.2013  7:50.3.4 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3326.2248 [GMT 2:00]
ausgeführt von:: c:\users\Tim\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Tim\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_afcbjbbo
-------\Service_miegnlzi
-------\Service_ntplmfor
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-07-19 bis 2013-08-19  ))))))))))))))))))))))))))))))
.
.
2013-08-19 05:55 . 2013-08-19 05:55        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-08-19 05:55 . 2013-08-19 05:55        --------        d-----w-        c:\users\Administrator\AppData\Local\temp
2013-08-18 13:12 . 2013-07-02 06:54        7143960        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{321838C2-98B1-4F0D-B1CA-126EB08BD6F5}\mpengine.dll
2013-08-16 17:39 . 2013-07-02 06:54        7143960        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-14 08:06 . 2013-08-14 08:08        --------        d-----w-        c:\windows\system32\MRT
2013-08-14 06:45 . 2013-07-09 04:50        652800        ----a-w-        c:\windows\system32\rpcrt4.dll
2013-08-14 06:45 . 2013-07-09 04:52        175104        ----a-w-        c:\windows\system32\wintrust.dll
2013-08-14 06:45 . 2013-07-09 04:46        140288        ----a-w-        c:\windows\system32\cryptsvc.dll
2013-08-14 06:45 . 2013-07-09 04:46        1166848        ----a-w-        c:\windows\system32\crypt32.dll
2013-08-14 06:45 . 2013-07-09 04:46        103936        ----a-w-        c:\windows\system32\cryptnet.dll
2013-08-14 06:44 . 2013-07-09 05:03        3968960        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2013-08-14 06:44 . 2013-07-09 05:03        3913664        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-08-14 06:44 . 2013-07-09 04:53        1289096        ----a-w-        c:\windows\system32\ntdll.dll
2013-08-14 06:44 . 2013-07-06 05:05        1293760        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2013-08-14 06:43 . 2013-07-25 08:57        1620992        ----a-w-        c:\windows\system32\WMVDECOD.DLL
2013-08-14 06:38 . 2013-07-19 01:41        2048        ----a-w-        c:\windows\system32\tzres.dll
2013-08-14 06:38 . 2013-06-15 03:38        31232        ----a-w-        c:\windows\system32\drivers\tssecsrv.sys
2013-08-11 20:08 . 2013-08-11 20:09        --------        d-----w-        c:\programdata\Tarma Installer
2013-08-11 20:04 . 2013-08-11 20:04        --------        d-----w-        c:\users\Tim\AppData\Roaming\Babylon
2013-08-11 20:04 . 2013-08-11 20:04        --------        d-----w-        c:\programdata\Babylon
2013-07-31 06:12 . 2013-07-31 06:12        --------        d-----w-        C:\FRST
2013-07-28 16:47 . 2013-07-28 16:47        --------        d-----w-        c:\windows\ERUNT
2013-07-26 19:53 . 2013-07-26 19:53        --------        d-----w-        c:\users\Tim\AppData\Roaming\Malwarebytes
2013-07-26 19:53 . 2013-07-26 19:53        --------        d-----w-        c:\programdata\Malwarebytes
2013-07-26 19:53 . 2013-07-26 19:53        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2013-07-26 19:53 . 2013-04-04 12:50        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-07-26 19:52 . 2013-07-26 19:52        --------        d-----w-        c:\users\Tim\AppData\Local\Programs
2013-07-26 19:22 . 2013-07-26 19:23        171        ----a-w-        c:\windows\DeleteOnReboot.bat
2013-07-21 20:49 . 2013-07-21 20:48        698504        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EBC968A6-7CCE-44E1-B6CB-FBA21BBF6B07}\gapaengine.dll
2013-07-21 20:49 . 2013-06-05 03:05        2347520        ----a-w-        c:\windows\system32\win32k.sys
2013-07-21 20:49 . 2013-04-10 05:03        936448        ----a-w-        c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-21 20:38 . 2013-04-09 23:34        1247744        ----a-w-        c:\windows\system32\DWrite.dll
2013-07-21 20:36 . 2013-06-04 04:53        509440        ----a-w-        c:\windows\system32\qedit.dll
2013-07-21 20:20 . 2013-05-27 04:57        680960        ----a-w-        c:\program files\Windows Defender\MpSvc.dll
2013-07-21 20:20 . 2013-05-27 04:57        392704        ----a-w-        c:\program files\Windows Defender\MpClient.dll
2013-07-21 20:20 . 2013-05-27 04:57        224768        ----a-w-        c:\program files\Windows Defender\MpCommu.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-23 15:39 . 2013-01-01 19:14        692104        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2013-06-23 15:39 . 2013-01-01 19:14        71048        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-23 14:22 . 2011-04-03 18:09        724464        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-26 17:36 . 2013-05-26 17:36        745472        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-26 17:36 . 2013-05-26 17:36        185344        ----a-w-        c:\windows\system32\elshyph.dll
2013-05-26 17:36 . 2013-05-26 17:36        158720        ----a-w-        c:\windows\system32\msls31.dll
2013-05-26 17:36 . 2013-05-26 17:36        523264        ----a-w-        c:\windows\system32\vbscript.dll
2013-05-26 17:36 . 2013-05-26 17:36        150528        ----a-w-        c:\windows\system32\iexpress.exe
2013-05-26 17:36 . 2013-05-26 17:36        138752        ----a-w-        c:\windows\system32\wextract.exe
2013-05-26 17:36 . 2013-05-26 17:36        137216        ----a-w-        c:\windows\system32\ieUnatt.exe
2013-05-26 17:36 . 2013-05-26 17:36        12800        ----a-w-        c:\windows\system32\mshta.exe
2013-05-26 17:36 . 2013-05-26 17:36        38400        ----a-w-        c:\windows\system32\imgutil.dll
2013-05-26 17:36 . 2013-05-26 17:36        73728        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2013-05-26 17:36 . 2013-05-26 17:36        110592        ----a-w-        c:\windows\system32\IEAdvpack.dll
2013-05-26 17:36 . 2013-05-26 17:36        61952        ----a-w-        c:\windows\system32\tdc.ocx
2013-05-26 17:36 . 2013-05-26 17:36        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2013-05-26 17:36 . 2013-05-26 17:36        361984        ----a-w-        c:\windows\system32\html.iec
2013-05-26 17:36 . 2013-05-26 17:36        719360        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2013-05-26 17:36 . 2013-05-26 17:36        1441280        ----a-w-        c:\windows\system32\inetcpl.cpl
2013-05-26 17:36 . 2013-05-26 17:36        23040        ----a-w-        c:\windows\system32\licmgr10.dll
2013-05-26 17:33 . 2013-05-26 17:33        9728        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-26 17:33 . 2013-05-26 17:33        4096        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-26 17:33 . 2013-05-26 17:33        3072        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-26 17:33 . 2013-05-26 17:33        5632        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-26 17:33 . 2013-05-26 17:33        5632        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-26 17:33 . 2013-05-26 17:33        3584        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-26 17:33 . 2013-05-26 17:33        3072        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-26 17:33 . 2013-05-26 17:33        2560        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-26 17:33 . 2013-05-26 17:33        10752        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-26 17:33 . 2013-05-26 17:33        364544        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2013-05-26 17:33 . 2013-05-26 17:33        2284544        ----a-w-        c:\windows\system32\msmpeg2vdec.dll
2013-05-26 17:33 . 2013-05-26 17:33        1158144        ----a-w-        c:\windows\system32\XpsPrint.dll
2013-05-26 17:33 . 2013-05-26 17:33        906240        ----a-w-        c:\windows\system32\FntCache.dll
2013-05-26 17:33 . 2013-05-26 17:33        417792        ----a-w-        c:\windows\system32\WMPhoto.dll
2013-05-26 17:33 . 2013-05-26 17:33        249856        ----a-w-        c:\windows\system32\d3d10_1core.dll
2013-05-26 17:33 . 2013-05-26 17:33        220160        ----a-w-        c:\windows\system32\d3d10core.dll
2013-05-26 17:33 . 2013-05-26 17:33        207872        ----a-w-        c:\windows\system32\WindowsCodecsExt.dll
2013-05-26 17:33 . 2013-05-26 17:33        1080832        ----a-w-        c:\windows\system32\d3d10.dll
2013-05-26 17:33 . 2013-05-26 17:33        604160        ----a-w-        c:\windows\system32\d3d10level9.dll
2013-05-26 17:33 . 2013-05-26 17:33        3419136        ----a-w-        c:\windows\system32\d2d1.dll
2013-05-26 17:33 . 2013-05-26 17:33        161792        ----a-w-        c:\windows\system32\d3d10_1.dll
2013-05-26 17:33 . 2013-05-26 17:33        293376        ----a-w-        c:\windows\system32\dxgi.dll
2013-05-26 17:33 . 2013-05-26 17:33        1988096        ----a-w-        c:\windows\system32\d3d10warp.dll
2013-05-26 17:33 . 2013-05-26 17:33        187392        ----a-w-        c:\windows\system32\UIAnimation.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EADM"="c:\program files\Origin\Origin.exe" [2013-05-19 3497552]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-04-19 18678376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-06 8555040]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-04-01 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-04-04 05:53        843712        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-12-12 12:57        152544        ----a-w-        c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 02:12        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-18 19:07        1242448        ----a-w-        c:\program files\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 13:49        249064        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-04-19 161384]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 100328]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 295232]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-29 1343400]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-07 172032]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 Realtek11nSU;Realtek11nSU;c:\program files\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2010-04-16 36864]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2011-08-11 602216]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 30392]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-02 23:00        1173456        ----a-w-        c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-01 15:39]
.
2013-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-03 09:50]
.
2013-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-03 09:50]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=A03A74F06D1A81C7&affID=119523&tt=070813_wt4&tsp=4971
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{914F0FAE-A51C-4BBC-A0E5-9445B0F62A3F}: NameServer = 192.168.1.1
FF - ProfilePath - c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\bkp2s34p.default\
FF - ExtSQL: 2013-06-27 20:43; Shuu2lqk7OSV@NTO066xN6gxohjuS.com; c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\bkp2s34p.default\extensions\Shuu2lqk7OSV@NTO066xN6gxohjuS.com.xpi
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - a03a8f6200000000000074f06d1a81c7
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15928
FF - user.js: extensions.delta.vrsn - 1.8.22.0
FF - user.js: extensions.delta.vrsni - 1.8.22.0
FF - user.js: extensions.delta.vrsnTs - 1.8.22.022:06
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - de
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119523&tt=070813_wt4&tsp=4971
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-08-19  08:01:15 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-08-19 06:01
ComboFix2.txt  2013-08-13 20:30
ComboFix3.txt  2013-08-02 22:43
.
Vor Suchlauf: 10 Verzeichnis(se), 729.751.683.072 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 729.320.689.664 Bytes frei
.
- - End Of File - - 4F47FFB3B4FA1BB2102FD71DFA43463F
8BCB23B30DB1819E7D8DDAE01AEBB583

cosinus 21.08.2013 08:12
Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


nobody123 23.08.2013 06:35
Code:
# AdwCleaner v3.000 - Report created 23/08/2013 at 07:08:28
# Updated 20/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Tim - Tim-PC
# Running from : C:\Users\Tim\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Tim\AppData\Roaming\Babylon
File Deleted : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\bkp2s34p.default\searchplugins\Babylon.xml
File Deleted : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\bkp2s34p.default\user.js
File Deleted : C:\Windows\System32\Tasks\Dealply
File Deleted : C:\Windows\System32\Tasks\DealPlyUpdate

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\a6dd88bc6aea43
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\BabSolution
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\FoxyDeal
Key Deleted : HKLM\Software\Delta

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v23.0.1 (de)

[ File : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\bkp2s34p.default\prefs.js ]

Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "de");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "a03a8f6200000000000074f06d1a81c7");
Line Deleted : user_pref("extensions.delta.instlDay", "15928");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.22.0");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.22.022:06:46");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.22.0");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=119523&tt=070813_wt4&tsp=4971");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");

-\\ Google Chrome v29.0.1547.57

[ File : C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [4457 octets] - [23/08/2013 07:07:03]
AdwCleaner[S0].txt - [3658 octets] - [23/08/2013 07:08:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3718 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Windows 7 Home Premium x86
Ran by Tim on 23.08.2013 at  7:18:47,16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dsiteproducts
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\Tim\AppData\Roaming\mozilla\firefox\profiles\bkp2s34p.default\invalidprefs.js
Emptied folder: C:\Users\Tim\AppData\Roaming\mozilla\firefox\profiles\bkp2s34p.default\minidumps [10 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.08.2013 at  7:20:23,23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-08-2013 02
Ran by Tim (administrator) on 23-08-2013 07:26:26
Running from C:\Users\Tim\Downloads
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Realtek) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Electronic Arts) C:\Program Files\Origin\Origin.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Farbar) C:\Users\Tim\Downloads\FRST(2).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-04-06] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8555040 2010-04-06] (Realtek Semiconductor)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKCU\...\Run: [EADM] - C:\Program Files\Origin\Origin.exe [3497552 2013-05-19] (Electronic Arts)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [18678376 2013-04-19] (Skype Technologies S.A.)
HKU\Default\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [ 2009-11-12] ()
HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [ 2009-10-23] ()
HKU\Default User\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [ 2009-11-12] ()
HKU\Default User\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [ 2009-10-23] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {1B349F1D-EAC2-4825-A0D1-AB44B87F56AB} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKCU - {FEC19396-EE58-4F28-B179-8060C46869A8} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll No File
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/de-de/wlscctrl2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{914F0FAE-A51C-4BBC-A0E5-9445B0F62A3F}: [NameServer]192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\bkp2s34p.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.4 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Shuu2lqk7OSV - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\bkp2s34p.default\Extensions\Shuu2lqk7OSV@NTO066xN6gxohjuS.com.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========================== Services (Whitelisted) =================

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)
R2 Realtek11nSU; C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe" [x]

==================== Drivers (Whitelisted) ====================

R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11832 2009-07-07] (Advanced Micro Devices Inc.)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Tim\AppData\Local\Temp\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-23 07:20 - 2013-08-23 07:20 - 00001170 _____ C:\Users\Tim\Desktop\JRT.txt
2013-08-23 07:17 - 2013-08-23 07:17 - 01021434 _____ (Thisisu) C:\Users\Tim\Downloads\JRT(1).exe
2013-08-23 07:06 - 2013-08-23 07:08 - 00000000 ____D C:\AdwCleaner
2013-08-23 07:04 - 2013-08-23 07:06 - 00000000 ____D C:\Users\Tim\Desktop\Fotos
2013-08-23 07:04 - 2013-08-23 07:05 - 00975858 _____ C:\Users\Tim\Desktop\adwcleaner.exe
2013-08-19 08:58 - 2013-08-19 08:58 - 00030234 _____ C:\Users\Tim\Desktop\user_1.jpeg
2013-08-19 08:58 - 2013-08-19 08:58 - 00029067 _____ C:\Users\Tim\Desktop\0.jpeg
2013-08-19 08:39 - 2013-08-19 08:40 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-19 08:01 - 2013-08-19 08:01 - 00017989 _____ C:\ComboFix.txt
2013-08-18 15:02 - 2013-08-18 15:04 - 05105231 ____R (Swearware) C:\Users\Tim\Desktop\ComboFix.exe
2013-08-16 09:43 - 2013-08-16 09:43 - 61079552 _____ C:\Users\Tim\Desktop\iTunes64.msi
2013-08-16 09:43 - 2013-08-16 09:43 - 00077136 _____ (Apple Inc.) C:\Users\Tim\Desktop\SetupAdmin.exe
2013-08-16 08:37 - 2013-08-16 08:37 - 21538816 _____ C:\Users\Tim\Desktop\AppleApplicationSupport.msi
2013-08-14 10:06 - 2013-08-14 10:08 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 10:02 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 10:02 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 10:02 - 2013-07-26 05:13 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 10:02 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 10:02 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 10:02 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 10:02 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 10:02 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 10:02 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 10:02 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 10:02 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 10:02 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 10:02 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 10:02 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 10:02 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 10:02 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 08:45 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 08:45 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 08:45 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 08:45 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 08:45 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 08:44 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-14 08:44 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 08:44 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 08:44 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 08:43 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 08:38 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 08:38 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-11 22:54 - 2013-08-11 22:55 - 00000000 ____D C:\Users\Tim\Desktop\Bilder August
2013-08-11 22:01 - 2013-08-11 22:02 - 01066136 _____ C:\Users\Tim\Downloads\setup.exe
2013-08-03 00:30 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-03 00:30 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-03 00:30 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-03 00:30 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-03 00:30 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-03 00:30 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-03 00:30 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-03 00:30 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-03 00:20 - 2013-08-19 08:01 - 00000000 ____D C:\Qoobox
2013-08-03 00:19 - 2013-08-19 07:55 - 00000000 ____D C:\Windows\erdnt
2013-08-03 00:14 - 2013-08-13 21:52 - 05103833 _____ (Swearware) C:\Users\Tim\Downloads\ComboFix.exe
2013-07-31 08:14 - 2013-07-31 08:15 - 00013610 _____ C:\Users\Tim\Downloads\Addition.txt
2013-07-31 08:12 - 2013-07-31 08:12 - 00000000 ____D C:\FRST
2013-07-31 08:09 - 2013-07-31 08:10 - 01222064 _____ (Farbar) C:\Users\Tim\Downloads\FRST(1).exe
2013-07-31 08:08 - 2013-07-31 08:09 - 01222064 _____ (Farbar) C:\Users\Tim\Downloads\FRST.exe
2013-07-30 19:39 - 2013-07-30 19:40 - 02347384 _____ (ESET) C:\Users\Tim\Downloads\esetsmartinstaller_deu.exe
2013-07-28 18:47 - 2013-07-28 18:47 - 00000000 ____D C:\Windows\ERUNT
2013-07-28 18:46 - 2013-07-28 18:47 - 00561198 _____ (Oleg N. Scherbakov) C:\Users\Tim\Downloads\JRT.exe
2013-07-27 10:59 - 2013-07-27 11:00 - 00891062 _____ C:\Users\Tim\Downloads\SecurityCheck.exe
2013-07-27 08:39 - 2013-07-27 08:39 - 02347384 _____ (ESET) C:\Users\Tim\Downloads\esetsmartinstaller_enu.exe
2013-07-26 21:53 - 2013-07-26 21:53 - 00001075 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-26 21:53 - 2013-07-26 21:53 - 00000000 ____D C:\Users\Tim\AppData\Roaming\Malwarebytes
2013-07-26 21:53 - 2013-07-26 21:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-26 21:53 - 2013-07-26 21:53 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-26 21:53 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-26 21:49 - 2013-07-26 21:52 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Tim\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-26 21:38 - 2013-07-26 21:38 - 00700783 ____R (Swearware) C:\Users\Tim\Downloads\dds+.exe
2013-07-26 21:22 - 2013-07-26 21:23 - 00000171 _____ C:\Windows\DeleteOnReboot.bat
2013-07-26 21:21 - 2013-07-26 21:23 - 00001190 _____ C:\AdwCleaner[S2].txt
2013-07-26 21:21 - 2013-07-26 21:22 - 00002044 _____ C:\AdwCleaner[S1].txt
2013-07-26 21:02 - 2013-07-26 21:04 - 00666633 _____ C:\Users\Tim\Downloads\adwcleaner06.exe
2013-07-26 20:01 - 2013-07-26 20:01 - 00000005 _____ C:\Users\Tim\AppData\Roaming\WBPU-TTL.DAT
2013-07-26 12:00 - 2013-07-26 12:00 - 00793536 _____ C:\Users\Tim\Downloads\ZipOpenerSetup.exe
2013-07-25 20:37 - 2013-07-25 20:45 - 17165244 _____ C:\Users\Tim\Downloads\FSK18_mi116(1).AVI

==================== One Month Modified Files and Folders =======

2013-08-23 07:25 - 2013-08-23 07:25 - 01070315 _____ (Farbar) C:\Users\Tim\Downloads\FRST(2).exe
2013-08-23 07:20 - 2013-08-23 07:20 - 00001170 _____ C:\Users\Tim\Desktop\JRT.txt
2013-08-23 07:17 - 2013-08-23 07:17 - 01021434 _____ (Thisisu) C:\Users\Tim\Downloads\JRT(1).exe
2013-08-23 07:17 - 2009-07-14 06:34 - 00010096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-23 07:17 - 2009-07-14 06:34 - 00010096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-23 07:11 - 2013-05-19 17:00 - 00000000 ____D C:\Users\Tim\AppData\Roaming\Skype
2013-08-23 07:10 - 2013-02-03 11:50 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-23 07:10 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-23 07:10 - 2009-07-14 06:39 - 00117967 _____ C:\Windows\setupact.log
2013-08-23 07:08 - 2013-08-23 07:06 - 00000000 ____D C:\AdwCleaner
2013-08-23 07:08 - 2010-08-05 18:44 - 01167319 _____ C:\Windows\WindowsUpdate.log
2013-08-23 07:06 - 2013-08-23 07:04 - 00000000 ____D C:\Users\Tim\Desktop\Fotos
2013-08-23 07:05 - 2013-08-23 07:04 - 00975858 _____ C:\Users\Tim\Desktop\adwcleaner.exe
2013-08-23 06:56 - 2013-02-03 11:50 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-23 06:39 - 2013-01-01 21:14 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-23 04:03 - 2013-02-03 11:51 - 00002133 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-22 23:45 - 2013-06-24 04:29 - 00000000 ____D C:\Users\Tim\Desktop\Kalifornien 2013
2013-08-22 23:35 - 2013-02-03 16:12 - 00000000 ____D C:\Users\Tim\Desktop\ebay
2013-08-22 22:50 - 2013-01-01 21:14 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-22 22:50 - 2013-01-01 21:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-22 21:56 - 2013-01-18 11:58 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-19 08:58 - 2013-08-19 08:58 - 00030234 _____ C:\Users\Tim\Desktop\user_1.jpeg
2013-08-19 08:58 - 2013-08-19 08:58 - 00029067 _____ C:\Users\Tim\Desktop\0.jpeg
2013-08-19 08:40 - 2013-08-19 08:39 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-19 08:01 - 2013-08-19 08:01 - 00017989 _____ C:\ComboFix.txt
2013-08-19 08:01 - 2013-08-03 00:20 - 00000000 ____D C:\Qoobox
2013-08-19 07:57 - 2010-01-26 18:04 - 00119792 _____ C:\Windows\PFRO.log
2013-08-19 07:57 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-08-19 07:56 - 2009-07-14 04:03 - 53477376 _____ C:\Windows\system32\config\software.bak
2013-08-19 07:56 - 2009-07-14 04:03 - 20185088 _____ C:\Windows\system32\config\system.bak
2013-08-19 07:56 - 2009-07-14 04:03 - 00262144 _____ C:\Windows\system32\config\security.bak
2013-08-19 07:56 - 2009-07-14 04:03 - 00262144 _____ C:\Windows\system32\config\sam.bak
2013-08-19 07:56 - 2009-07-14 04:03 - 00262144 _____ C:\Windows\system32\config\default.bak
2013-08-19 07:55 - 2013-08-03 00:19 - 00000000 ____D C:\Windows\erdnt
2013-08-18 15:35 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-08-18 15:04 - 2013-08-18 15:02 - 05105231 ____R (Swearware) C:\Users\Tim\Desktop\ComboFix.exe
2013-08-16 19:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-16 19:26 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-08-16 09:43 - 2013-08-16 09:43 - 61079552 _____ C:\Users\Tim\Desktop\iTunes64.msi
2013-08-16 09:43 - 2013-08-16 09:43 - 00077136 _____ (Apple Inc.) C:\Users\Tim\Desktop\SetupAdmin.exe
2013-08-16 08:37 - 2013-08-16 08:37 - 21538816 _____ C:\Users\Tim\Desktop\AppleApplicationSupport.msi
2013-08-14 10:08 - 2013-08-14 10:06 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 10:06 - 2010-01-28 15:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-14 10:06 - 2010-01-26 16:42 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-14 10:04 - 2010-01-26 16:21 - 01633792 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-13 21:52 - 2013-08-03 00:14 - 05103833 _____ (Swearware) C:\Users\Tim\Downloads\ComboFix.exe
2013-08-11 22:55 - 2013-08-11 22:54 - 00000000 ____D C:\Users\Tim\Desktop\Bilder August
2013-08-11 22:02 - 2013-08-11 22:01 - 01066136 _____ C:\Users\Tim\Downloads\setup.exe
2013-08-11 01:11 - 2013-01-03 20:27 - 00000000 ____D C:\ProgramData\Comodo
2013-08-11 01:11 - 2013-01-03 20:26 - 00000000 ____D C:\Program Files\Comodo
2013-08-04 22:01 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2013-08-03 07:00 - 2009-07-14 06:53 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-03 00:43 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-08-03 00:43 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-07-31 08:15 - 2013-07-31 08:14 - 00013610 _____ C:\Users\Tim\Downloads\Addition.txt
2013-07-31 08:12 - 2013-07-31 08:12 - 00000000 ____D C:\FRST
2013-07-31 08:10 - 2013-07-31 08:09 - 01222064 _____ (Farbar) C:\Users\Tim\Downloads\FRST(1).exe
2013-07-31 08:09 - 2013-07-31 08:08 - 01222064 _____ (Farbar) C:\Users\Tim\Downloads\FRST.exe
2013-07-30 19:40 - 2013-07-30 19:39 - 02347384 _____ (ESET) C:\Users\Tim\Downloads\esetsmartinstaller_deu.exe
2013-07-28 18:47 - 2013-07-28 18:47 - 00000000 ____D C:\Windows\ERUNT
2013-07-28 18:47 - 2013-07-28 18:46 - 00561198 _____ (Oleg N. Scherbakov) C:\Users\Tim\Downloads\JRT.exe
2013-07-27 11:00 - 2013-07-27 10:59 - 00891062 _____ C:\Users\Tim\Downloads\SecurityCheck.exe
2013-07-27 08:39 - 2013-07-27 08:39 - 02347384 _____ (ESET) C:\Users\Tim\Downloads\esetsmartinstaller_enu.exe
2013-07-27 08:37 - 2013-01-03 20:30 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2013-07-27 08:17 - 2009-07-14 10:57 - 00000000 ____D C:\Windows\ShellNew
2013-07-27 08:13 - 2012-11-20 22:52 - 00000000 ____D C:\Users\Tim\Desktop\Neuer Ordner
2013-07-26 21:53 - 2013-07-26 21:53 - 00001075 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-26 21:53 - 2013-07-26 21:53 - 00000000 ____D C:\Users\Tim\AppData\Roaming\Malwarebytes
2013-07-26 21:53 - 2013-07-26 21:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-26 21:53 - 2013-07-26 21:53 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-26 21:52 - 2013-07-26 21:49 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Tim\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-26 21:38 - 2013-07-26 21:38 - 00700783 ____R (Swearware) C:\Users\Tim\Downloads\dds+.exe
2013-07-26 21:23 - 2013-07-26 21:22 - 00000171 _____ C:\Windows\DeleteOnReboot.bat
2013-07-26 21:23 - 2013-07-26 21:21 - 00001190 _____ C:\AdwCleaner[S2].txt
2013-07-26 21:22 - 2013-07-26 21:21 - 00002044 _____ C:\AdwCleaner[S1].txt
2013-07-26 21:04 - 2013-07-26 21:02 - 00666633 _____ C:\Users\Tim\Downloads\adwcleaner06.exe
2013-07-26 20:01 - 2013-07-26 20:01 - 00000005 _____ C:\Users\Tim\AppData\Roaming\WBPU-TTL.DAT
2013-07-26 12:00 - 2013-07-26 12:00 - 00793536 _____ C:\Users\Tim\Downloads\ZipOpenerSetup.exe
2013-07-26 05:13 - 2013-08-14 10:02 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 05:13 - 2013-08-14 10:02 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 05:13 - 2013-08-14 10:02 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 05:12 - 2013-08-14 10:02 - 14329344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 05:12 - 2013-08-14 10:02 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 05:12 - 2013-08-14 10:02 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 05:12 - 2013-08-14 10:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 05:12 - 2013-08-14 10:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 05:12 - 2013-08-14 10:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 05:12 - 2013-08-14 10:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 05:12 - 2013-08-14 10:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 05:12 - 2013-08-14 10:02 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 05:11 - 2013-08-14 10:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 05:11 - 2013-08-14 10:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 04:49 - 2013-08-14 10:02 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 03:59 - 2013-08-14 10:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-25 20:45 - 2013-07-25 20:37 - 17165244 _____ C:\Users\Tim\Downloads\FSK18_mi116(1).AVI
2013-07-25 10:57 - 2013-08-14 08:43 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-23 00:55

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Erledigt - was muss ich als nächstes machen? :pfeiff:

Danke vielmals nochmal!

cosinus 23.08.2013 09:06
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\bkp2s34p.default\Extensions\Shuu2lqk7OSV@NTO066xN6gxohjuS.com.xpi

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


nobody123 26.08.2013 21:23
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 21-08-2013 02
Ran by Tim at 2013-08-26 22:22:06 Run:1
Running from C:\Users\Tim\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\bkp2s34p.default\Extensions\Shuu2lqk7OSV@NTO066xN6gxohjuS.com.xpi
*****************

C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\bkp2s34p.default\Extensions\Shuu2lqk7OSV@NTO066xN6gxohjuS.com.xpi => Moved successfully.

==== End of Fixlog ====

cosinus 27.08.2013 11:14
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


nobody123 29.08.2013 20:48
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.29.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16660
Tim :: TIM-PC [Administrator]

29.08.2013 21:37:38
mbam-log-2013-08-29 (21-37-38).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 228400
Laufzeit: 7 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Tim\Downloads\setup.exe (PUP.Optional.IBryte.A) -> Keine Aktion durchgeführt.
C:\Users\Tim\Downloads\ZipOpenerSetup.exe (PUP.Optional.InstallCore) -> Keine Aktion durchgeführt.

(Ende)

cosinus 29.08.2013 20:58
Warum entfernst du die Funde nicht? :confused:
Sind aber eh nur harmlose Geschichten. Die Setups enthalten Toolbars bzw. sind Adware

nobody123 29.08.2013 22:47
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=23bff815b40679499d3a9479ae45d3af
# engine=14947
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-29 09:13:27
# local_time=2013-08-29 11:13:27 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 3337926 129441998 0 0
# scanned=178667
# found=7
# cleaned=0
# scan_time=4077
sh=690FB32A205C66446E7951575E2DA510F6D896E5 ft=1 fh=62779f90b138744b vn="a variant of Win32/SpeedingUpMyPC.B application" ac=I fn="C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2QYYKW2D\OptimizerPro[1].exe"
sh=1DDC39E810FA90F8B11DFE07640EC359F66FC1FC ft=1 fh=f2284be2c764232b vn="multiple threats" ac=I fn="C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\93MJOWZA\WebCakesetup[1].exe"
sh=F439BC6FF954846FAD2B7E9005DE6D024F0F409C ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-1723.IM trojan" ac=I fn="C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\71ede3d6-511960de"
sh=F439BC6FF954846FAD2B7E9005DE6D024F0F409C ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-1723.IM trojan" ac=I fn="C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\b86459-65ab61d5"
sh=F439BC6FF954846FAD2B7E9005DE6D024F0F409C ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-1723.IM trojan" ac=I fn="C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\53071cfb-111c9c3e"
sh=0E829F3D3C14854057322163DBF94145FA5C5D91 ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2012-1723.IK trojan" ac=I fn="C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\40d05c7c-7048de0b"
sh=B216C60147C641164E7338C89856434AC951D253 ft=1 fh=f436bf275bc52bd6 vn="a variant of Win32/Adware.iBryte.G application" ac=I fn="C:\Users\Tim\Downloads\setup.exe"
Immer noch 7 Funde! :headbang:

Was muss ich als nächstes machen? Danke vorab und LG

cosinus 29.08.2013 23:29
Das sind alles nur Müll-Reste :D

TFC ausführen:

TFC - Temp File Cleaner

Lade dir TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
  • Öffne die TFC.exe.
    Vista und Win 7 User mit Rechtsklick "als Administrator starten".
  • Schließe alle anderen Programme.
  • Drücke auf den Button Start.
  • Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.


nobody123 30.08.2013 08:09
Erledigt!

Leider ist mein Internet immer noch wahnsinnig langsam. Ich dachte, das hängt mit den Trojanern zusammen. An was kann das liegen?

Vielen Dank

cosinus 30.08.2013 10:17
Router mal neu starten

nobody123 06.09.2013 03:44
Bei mir passt jetzt alles :-)

Viiiiiiiielen Dank nochmal!


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:32 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131