 | |
Adware/Junkware/Toolbars entfernen Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren! 1. Schritt: adwCleaner
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
- Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
- Starte die AdwCleaner.exe mit einem Doppelklick.
- Stimme den Nutzungsbedingungen zu.
- Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
- Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
- Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
- Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
- Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade  Junkware Removal Tool auf Deinen Desktop - Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
- Drücke eine beliebige Taste, um das Tool zu starten.
- Je nach System kann der Scan eine Weile dauern.
- Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
- Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.
3. Schritt: Frisches Log mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
- Starte jetzt FRST.
- Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
- Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
- Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)
|
Ok, hier schonmal der adwCleaner Bericht: Code:
# AdwCleaner v4.111 - Bericht erstellt 03/03/2015 um 17:17:56
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-03-02.3 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x86)
# Benutzername : Hermann-Lersch - LERSCH_HOME
# Gestarted von : C:\Users\Hermann-Lersch\Downloads\AdwCleaner_4.111.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : ReimageRealTimeProtector
Dienst Gelöscht : Service Mgr StrongSignal
Dienst Gelöscht : Update Mgr StrongSignal
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Reimage Protector
Ordner Gelöscht : C:\Program Files\Reimage
Ordner Gelöscht : C:\Program Files\Strong Signal
Ordner Gelöscht : C:\Users\Hermann-Lersch\AppData\Local\PriceFountain
Datei Gelöscht : C:\Users\Hermann-Lersch\AppData\Roaming\Mozilla\Firefox\Profiles\liavd9uu.default\Extensions\{629ac51d-702d-4c48-8a56-6d6a5061a41f}.xpi
Datei Gelöscht : C:\Windows\Reimage.ini
Datei Gelöscht : C:\Users\Hermann-Lersch\AppData\Roaming\Mozilla\Firefox\Profiles\liavd9uu.default\searchplugins\bingp.xml
Datei Gelöscht : C:\Users\Hermann-Lersch\AppData\Roaming\Mozilla\Firefox\Profiles\liavd9uu.default\user.js
***** [ Geplante Tasks ] *****
Task Gelöscht : ReimageUpdater
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Reimage
Schlüssel Gelöscht : HKCU\Software\PriceFountain
Schlüssel Gelöscht : HKCU\Software\Super Optimizer
Schlüssel Gelöscht : HKCU\Software\Binkiland Browser
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Reimage
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Protector
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - fritz.box;192.168.178.1;192.168.178.254;169.254.1.1
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17631
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v35.0.1 (x86 de)
[liavd9uu.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "Binkiland");
[liavd9uu.default\prefs.js] - Zeile Gelöscht : user_pref("browser.startup.homepage", "hxxp://binkiland.com/?f=1&a=bnk_dnldastr_15_06&cd=2XzuyEtN2Y1L1QzutByEyCyDtCtC0CtAyC0FyB0CtDtA0EyDtN0D0Tzu0StCtCtAtAtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1[...]
*************************
AdwCleaner[R0].txt - [3323 Bytes] - [03/03/2015 17:15:54]
AdwCleaner[S0].txt - [2896 Bytes] - [03/03/2015 17:17:56]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2955 Bytes] ##########
Mache jetzt mit Schritt 2 weiter. JRT Bericht: Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 7 Professional x86
Ran by Hermann-Lersch on 03.03.2015 at 17:24:21,21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Hermann-Lersch\AppData\Roaming\mozilla\firefox\profiles\liavd9uu.default\minidumps [155 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.03.2015 at 17:25:54,27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Schritt 3 FRST
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-03-2015
Ran by Hermann-Lersch (administrator) on LERSCH_HOME on 03-03-2015 17:28:02
Running from C:\Users\Hermann-Lersch\Downloads
Loaded Profiles: Hermann-Lersch (Available profiles: Hermann-Lersch)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKU\S-1-5-21-3716939913-3452383447-4055694784-1000\...\Run: [ccleaner] => C:\Program Files\CCleaner\CCleaner.exe [3288856 2013-02-19] (Piriform Ltd)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3716939913-3452383447-4055694784-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3716939913-3452383447-4055694784-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3716939913-3452383447-4055694784-1000 -> 3CBF62F78DC2495D836FCB4161A8E876 URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\S-1-5-21-3716939913-3452383447-4055694784-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Hermann-Lersch\AppData\Roaming\Mozilla\Firefox\Profiles\liavd9uu.default
FF SearchEngineOrder.3: Bing
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3716939913-3452383447-4055694784-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Hermann-Lersch\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Extension: Avira Browser Safety - C:\Users\Hermann-Lersch\AppData\Roaming\Mozilla\Firefox\Profiles\liavd9uu.default\Extensions\abs@avira.com [2015-02-07]
FF Extension: Adblock Plus - C:\Users\Hermann-Lersch\AppData\Roaming\Mozilla\Firefox\Profiles\liavd9uu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-03-25]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-01-01]
FF HKU\S-1-5-21-3716939913-3452383447-4055694784-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-3716939913-3452383447-4055694784-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1840304 2015-01-13] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2012-04-25] (AVM Berlin) [File not signed]
R3 fwlanusb5; C:\Windows\System32\DRIVERS\fwlanusb5.sys [811520 2012-08-21] (AVM GmbH)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10.sys [52096 2010-10-01] (Generic USB smartcard reader)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
S3 catchme; \??\C:\Users\HERMAN~1\AppData\Local\Temp\catchme.sys [X]
S3 cpuz134; \??\C:\Users\HERMAN~1\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-03 17:25 - 2015-03-03 17:25 - 00000776 _____ () C:\Users\Hermann-Lersch\Desktop\JRT.txt
2015-03-03 17:22 - 2015-03-03 17:22 - 01388333 _____ (Thisisu) C:\Users\Hermann-Lersch\Desktop\JRT.exe
2015-03-03 17:15 - 2015-03-03 17:18 - 00000000 ____D () C:\AdwCleaner
2015-03-03 17:13 - 2015-03-03 17:14 - 02126848 _____ () C:\Users\Hermann-Lersch\Downloads\AdwCleaner_4.111.exe
2015-03-03 16:33 - 2015-03-03 17:08 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-03 16:33 - 2015-03-03 16:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-03 16:32 - 2015-03-03 16:32 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-03 16:32 - 2015-03-03 16:32 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-03 16:31 - 2015-03-03 17:08 - 00000000 ____D () C:\Users\Hermann-Lersch\Desktop\mbar
2015-03-03 16:30 - 2015-03-03 16:30 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Hermann-Lersch\Desktop\mbar-1.09.1.1004.exe
2015-03-03 16:20 - 2015-03-03 16:20 - 00017457 _____ () C:\ComboFix.txt
2015-03-03 14:56 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-03 14:56 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-03 14:56 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-03 14:56 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-03 14:56 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-03 14:56 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-03 14:56 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-03 14:56 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-03 14:55 - 2015-03-03 16:20 - 00000000 ____D () C:\Qoobox
2015-03-03 14:55 - 2015-03-03 16:16 - 00000000 ____D () C:\Windows\erdnt
2015-03-03 14:54 - 2015-03-03 14:54 - 05612482 ____R (Swearware) C:\Users\Hermann-Lersch\Desktop\ComboFix.exe
2015-03-03 14:51 - 2015-03-03 14:51 - 00000000 ____D () C:\OETemp
2015-03-03 14:48 - 2015-03-03 17:19 - 00000224 _____ () C:\Windows\setupact.log
2015-03-03 14:48 - 2015-03-03 14:48 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-03 14:47 - 2015-03-03 16:15 - 00002054 _____ () C:\Windows\PFRO.log
2015-03-03 14:18 - 2015-03-03 14:19 - 00033858 _____ () C:\Users\Hermann-Lersch\Downloads\Addition.txt
2015-03-03 14:16 - 2015-03-03 17:28 - 00010445 _____ () C:\Users\Hermann-Lersch\Downloads\FRST.txt
2015-03-03 14:11 - 2015-03-03 14:11 - 00616022 _____ () C:\Users\Hermann-Lersch\Desktop\Ereignisse030315.txt
2015-03-03 14:08 - 2015-03-03 17:28 - 00000000 ____D () C:\FRST
2015-03-03 13:38 - 2015-03-03 13:39 - 01132032 _____ (Farbar) C:\Users\Hermann-Lersch\Downloads\FRST.exe
2015-02-28 18:03 - 2015-02-28 18:03 - 00000000 ____D () C:\Users\Hermann-Lersch\AppData\Local\Microsoft Help
2015-02-27 03:01 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-24 08:09 - 2015-03-03 13:37 - 00004244 _____ () C:\Windows\system32\ScanResults.xml
2015-02-24 08:03 - 2015-03-03 13:32 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2015-02-21 20:35 - 2015-02-21 20:36 - 00779656 _____ (Reimage®) C:\Users\Hermann-Lersch\Downloads\ReimageRepair.exe
2015-02-21 20:13 - 2015-02-21 20:13 - 01203488 _____ () C:\Users\Hermann-Lersch\Downloads\FreeMind - CHIP-Installer.exe
2015-02-21 17:06 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-21 17:06 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-21 17:01 - 2015-02-21 17:01 - 00000939 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-02-21 17:01 - 2015-02-21 17:01 - 00000927 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-02-11 23:16 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-02-11 23:16 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 23:14 - 2015-01-15 08:46 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 23:14 - 2015-01-15 08:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 23:14 - 2015-01-15 08:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 23:14 - 2015-01-15 08:43 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 23:14 - 2015-01-15 08:42 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 23:14 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 23:14 - 2015-01-15 08:42 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 23:14 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 23:14 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 23:14 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 23:14 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 23:14 - 2015-01-15 05:21 - 00369968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 23:14 - 2015-01-09 02:45 - 02380288 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 23:14 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 23:14 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 23:14 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 23:10 - 2015-02-04 03:54 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 23:10 - 2015-02-04 03:53 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 23:10 - 2015-02-04 03:53 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 23:10 - 2015-02-04 03:53 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 23:10 - 2015-02-04 03:53 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 23:10 - 2015-02-04 03:53 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 23:10 - 2015-02-04 03:49 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 23:10 - 2015-01-28 00:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 23:10 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 23:10 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 23:10 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 23:10 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 23:10 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 23:10 - 2015-01-12 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 23:10 - 2015-01-12 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 23:10 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 23:10 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 23:10 - 2015-01-12 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 23:10 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 23:10 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 23:10 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 23:10 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 23:10 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 23:10 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 23:10 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 23:10 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 23:10 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 23:10 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 23:09 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 23:09 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 23:09 - 2015-01-12 03:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 23:09 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 23:09 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 23:09 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 23:09 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 23:09 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 23:09 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 23:09 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 23:09 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 23:09 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 23:09 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 23:09 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 23:09 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 23:09 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 23:08 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 23:07 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-07 17:53 - 2015-02-07 17:54 - 04515896 _____ (Avira Operations & Co. KG) C:\Users\Hermann-Lersch\Downloads\avira_de_avpro_3007328054_46ofng6vt6hmdhn5jyc2_wd(1).exe
2015-02-07 17:52 - 2015-02-07 17:53 - 04515896 _____ (Avira Operations & Co. KG) C:\Users\Hermann-Lersch\Downloads\avira_de_avpro_3007328054_46ofng6vt6hmdhn5jyc2_wd.exe
2015-02-07 17:48 - 2015-02-07 17:49 - 04515896 _____ (Avira Operations & Co. KG) C:\Users\Hermann-Lersch\Downloads\avira_de_av_5835134066__ws.exe
2015-02-07 17:45 - 2015-02-07 17:45 - 00016896 _____ () C:\Users\Hermann-Lersch\Documents\Mappe1.xls
2015-02-07 17:34 - 2015-02-07 17:35 - 00790952 _____ (%PROD_NAME%) C:\Users\Hermann-Lersch\Downloads\microsoft_excel(1).exe
2015-02-07 17:33 - 2015-03-03 13:31 - 00000000 ____D () C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce
2015-02-07 17:33 - 2015-03-03 13:31 - 00000000 ____D () C:\Program Files\Common Files\0780f478-67ce-4ec3-98db-39a65f4618ce
2015-02-07 17:33 - 2015-03-01 10:40 - 00000000 __SHD () C:\Users\Hermann-Lersch\AppData\Local\EmieBrowserModeList
2015-02-06 20:18 - 2015-03-03 17:22 - 01476698 _____ () C:\Windows\WindowsUpdate.log
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-03 17:26 - 2009-07-14 05:34 - 00029536 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-03 17:26 - 2009-07-14 05:34 - 00029536 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-03 17:19 - 2015-01-04 08:33 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-03 17:19 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-03 16:50 - 2015-01-04 08:33 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-03 16:16 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-03-03 15:11 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2015-03-03 15:11 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-03-01 10:40 - 2014-05-11 20:38 - 00000000 __SHD () C:\Users\Hermann-Lersch\AppData\Local\EmieUserList
2015-03-01 10:40 - 2014-05-11 20:38 - 00000000 __SHD () C:\Users\Hermann-Lersch\AppData\Local\EmieSiteList
2015-02-24 08:27 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-24 08:16 - 2014-09-30 22:20 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-23 08:24 - 2011-11-21 20:36 - 01594028 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-22 11:44 - 2012-06-01 22:30 - 00000000 ____D () C:\Program Files\Free FLV Converter
2015-02-22 11:26 - 2012-04-09 07:58 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-21 23:27 - 2012-04-09 07:58 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-21 23:27 - 2011-12-22 21:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-21 22:30 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-02-21 17:04 - 2011-11-22 11:26 - 00000000 ____D () C:\Program Files\TeamViewer
2015-02-12 03:33 - 2009-07-14 05:33 - 00430112 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 03:30 - 2014-12-12 03:21 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 03:30 - 2014-05-09 02:19 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 03:30 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-02-12 03:14 - 2013-07-18 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 03:08 - 2011-11-22 09:26 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-12 03:04 - 2012-05-01 11:07 - 00002127 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-12 03:04 - 2011-11-22 11:15 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-02-12 03:04 - 2011-11-22 11:13 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-07 17:57 - 2011-12-08 07:37 - 00000000 ____D () C:\Users\Hermann-Lersch\AppData\Local\Google
2015-02-07 17:33 - 2012-03-25 22:28 - 00001102 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
==================== Files in the root of some directories =======
2012-04-26 11:57 - 2014-01-13 20:31 - 0018292 _____ () C:\ProgramData\hpzinstall.log
Some content of TEMP:
====================
C:\Users\Hermann-Lersch\AppData\Local\temp\Quarantine.exe
C:\Users\Hermann-Lersch\AppData\Local\temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-24 08:44
==================== End Of Log ============================
--- --- ---
--- --- --- |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 21:43 Uhr. | |
Copyright ©2000-2025, Trojaner-Board
Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.