Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Interpol Virus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 29.10.2013, 13:13   #1
Dennis_89
 
Interpol Virus - Standard

Interpol Virus



Hallo, habe auf einem meiner 2 Benutzer eine sperrung von "Interpol" drauf. Wie bekomme ich diesen Fake wieder runter? Wenn ich mich im Abgesicherten Modus anmelde fahrt der Rechner direkt neu hoch. Hatte wer eine idee? Betriebssystem ist Windows 7.

Den 2. Benutzer kann ich ohne Probleme benutzen...

danke im voraus Dennis

Alt 29.10.2013, 13:19   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Interpol Virus - Standard

Interpol Virus



hi,

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST Download FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Ja und klicke Untersuchen
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

__________________

__________________

Alt 29.10.2013, 15:19   #3
Dennis_89
 
Interpol Virus - Standard

Interpol Virus



FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-10-2013
Ran by SYSTEM on MININT-GC7GU8A on 29-10-2013 13:35:40
Running from I:\
Windows 7 Ultimate (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [614400 2009-08-14] ()
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [5529328 2013-02-27] (Logitech Inc.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1851192 2012-11-04] (Logitech, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKU\Haus\...\Run: [TBPanel] - C:\Program Files\Vtune\TBPANEL.exe [ 2011-08-02] ()
HKU\Haus\...\Winlogon: [Shell] explorer.exe,C:\Users\Haus\AppData\Roaming\cache.dat [ 2013-10-29] () <==== ATTENTION 
Startup: C:\Users\Doreen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Haus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

========================== Services (Whitelisted) =================

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
S2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2013-01-14] (Nitro PDF Software)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1\RpcAgentSrv.exe [68760 2008-12-27] (SiSoftware)

==================== Drivers (Whitelisted) ====================

S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [38400 2009-02-16] (Samsung Electronics Co., Ltd.)
S3 LachesisFltr; C:\Windows\System32\drivers\Lachesis.sys [12032 2007-08-08] (Razer (Asia-Pacific) Pte Ltd)
S3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [43704 2012-09-18] (Logitech, Inc.)
S3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [19720 2009-11-23] (Logitech Inc.)
S3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [14856 2009-11-23] (Logitech Inc.)
S3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [12216 2012-09-18] (Logitech, Inc.)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [734208 2009-05-25] (Ralink Technology Corp.)
S3 Ph3xIB32; C:\Windows\System32\DRIVERS\Ph3xIB32.sys [1311232 2009-07-13] (NXP Semiconductors)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1\WNt500x86\Sandra.sys [23112 2009-08-07] (SiSoftware)
S2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-08-02] (Samsung Electronics)
S3 TBPanel; C:\Windows\System32\Drivers\TBPanel.sys [12256 2007-03-16] (Windows (R) 2000 DDK provider)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-29 04:44 - 2013-10-29 04:44 - 00078336 ____R C:\Users\Haus\AppData\Roaming\cache.dat
2013-10-29 03:52 - 2013-10-29 03:52 - 00000000 ____D C:\Users\Doreen\AppData\Local\Google
2013-10-29 03:52 - 2013-10-29 03:05 - 00018213 _____ C:\Users\Haus\Desktop\FRST.txt
2013-10-29 03:52 - 2013-10-29 03:04 - 01089183 _____ (Farbar) C:\Users\Haus\Desktop\FRST.exe
2013-10-29 03:42 - 2013-10-29 03:53 - 00000000 ____D C:\AdwCleaner
2013-10-29 03:42 - 2013-10-29 03:41 - 00460552 _____ C:\Users\Doreen\Downloads\AdwCleaner_Setup_Download(1).exe
2013-10-29 03:40 - 2013-10-29 03:51 - 00000132 _____ C:\Users\Doreen\Desktop\Amazon.url
2013-10-29 03:40 - 2013-10-29 03:40 - 00000000 ____D C:\Program Files\WinSecurity
2013-10-29 03:39 - 2013-10-29 03:39 - 00460552 _____ C:\Users\Doreen\Downloads\AdwCleaner_Setup_Download.exe
2013-10-29 03:21 - 2013-10-29 03:21 - 00002244 _____ C:\Users\Haus\Desktop\SpyHunter (2).lnk
2013-10-29 03:13 - 2013-10-29 03:48 - 00000000 ____D C:\Windows\0028CB34D5D3460FB308A39A095A5E01.TMP
2013-10-29 03:13 - 2013-10-29 03:13 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-10-29 03:13 - 2013-10-29 03:13 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-10-29 03:11 - 2013-10-29 03:11 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Doreen\Downloads\SpyHunter-Installer.exe
2013-10-29 03:05 - 2013-10-29 03:05 - 00021233 _____ C:\Users\Doreen\Downloads\Addition.txt
2013-10-29 03:05 - 2013-10-29 03:05 - 00018213 _____ C:\Users\Doreen\Downloads\FRST.txt
2013-10-29 03:04 - 2013-10-29 03:04 - 01089183 _____ (Farbar) C:\Users\Doreen\Downloads\FRST.exe
2013-10-29 03:04 - 2013-10-29 03:04 - 00000000 ____D C:\FRST
2013-10-29 02:46 - 2013-10-29 03:59 - 00000004 _____ C:\Users\Haus\AppData\Roaming\cache.ini
2013-10-09 17:07 - 2013-09-22 15:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-10-09 17:07 - 2013-09-22 15:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-10-09 17:07 - 2013-09-22 15:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-10-09 17:07 - 2013-09-22 15:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-10-09 17:07 - 2013-09-22 15:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-10-09 17:07 - 2013-09-22 15:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-10-09 17:07 - 2013-09-22 15:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-10-09 17:07 - 2013-09-22 15:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-10-09 17:07 - 2013-09-22 15:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-10-09 17:07 - 2013-09-22 15:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-10-09 17:07 - 2013-09-22 15:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-10-09 17:07 - 2013-09-22 15:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-10-09 17:07 - 2013-09-22 15:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-10-09 17:07 - 2013-09-22 15:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-10-09 17:07 - 2013-09-20 19:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-10-09 17:07 - 2013-09-20 18:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-09 14:45 - 2013-09-13 16:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2013-10-09 14:45 - 2013-09-07 18:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-10-09 14:45 - 2013-09-07 18:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\System32\mswsock.dll
2013-10-09 14:45 - 2013-08-28 17:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-10-09 14:45 - 2013-08-28 17:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-10-09 14:45 - 2013-08-28 17:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-10-09 14:45 - 2013-08-28 17:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\System32\tdh.dll
2013-10-09 14:45 - 2013-08-28 17:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll
2013-10-09 14:45 - 2013-08-27 16:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\System32\scavengeui.dll
2013-10-09 14:45 - 2013-07-04 03:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\System32\comctl32.dll
2013-10-09 14:45 - 2013-07-02 20:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbscan.sys
2013-10-09 14:45 - 2013-07-02 19:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2013-10-09 14:45 - 2013-07-02 19:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2013-10-09 14:44 - 2013-08-27 17:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-10-09 14:44 - 2013-08-01 03:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-10-09 14:44 - 2013-07-20 02:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 14:44 - 2013-07-12 02:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys
2013-10-09 14:44 - 2013-07-12 02:07 - 00080896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBAUDIO.sys
2013-10-09 14:44 - 2013-07-04 03:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\System32\WebClnt.dll
2013-10-09 14:44 - 2013-07-04 03:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\System32\davclnt.dll
2013-10-09 14:44 - 2013-07-04 01:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2013-10-09 14:44 - 2013-06-25 14:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-10-09 14:44 - 2013-06-05 20:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll
2013-10-09 14:44 - 2013-06-05 20:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2013-10-09 14:44 - 2013-06-05 20:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll
2013-10-09 14:44 - 2013-06-05 19:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-10-09 14:44 - 2013-06-05 19:01 - 00034304 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-10-01 08:04 - 2013-10-01 08:04 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-10-29 04:44 - 2013-10-29 04:44 - 00078336 ____R C:\Users\Haus\AppData\Roaming\cache.dat
2013-10-29 04:31 - 2013-01-18 10:41 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-29 04:31 - 2009-07-13 20:39 - 00068600 _____ C:\Windows\setupact.log
2013-10-29 04:23 - 2013-01-18 18:39 - 01480999 _____ C:\Windows\WindowsUpdate.log
2013-10-29 04:15 - 2009-07-13 20:34 - 00016944 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-29 04:15 - 2009-07-13 20:34 - 00016944 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-29 04:12 - 2013-01-18 09:48 - 01498506 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-29 03:59 - 2013-10-29 02:46 - 00000004 _____ C:\Users\Haus\AppData\Roaming\cache.ini
2013-10-29 03:59 - 2013-02-08 09:03 - 00000000 ____D C:\Users\Haus\AppData\Local\Deployment
2013-10-29 03:53 - 2013-10-29 03:42 - 00000000 ____D C:\AdwCleaner
2013-10-29 03:52 - 2013-10-29 03:52 - 00000000 ____D C:\Users\Doreen\AppData\Local\Google
2013-10-29 03:51 - 2013-10-29 03:40 - 00000132 _____ C:\Users\Doreen\Desktop\Amazon.url
2013-10-29 03:48 - 2013-10-29 03:13 - 00000000 ____D C:\Windows\0028CB34D5D3460FB308A39A095A5E01.TMP
2013-10-29 03:43 - 2013-02-07 10:11 - 00000000 ____D C:\Windows\System32\appmgmt
2013-10-29 03:41 - 2013-10-29 03:42 - 00460552 _____ C:\Users\Doreen\Downloads\AdwCleaner_Setup_Download(1).exe
2013-10-29 03:40 - 2013-10-29 03:40 - 00000000 ____D C:\Program Files\WinSecurity
2013-10-29 03:39 - 2013-10-29 03:39 - 00460552 _____ C:\Users\Doreen\Downloads\AdwCleaner_Setup_Download.exe
2013-10-29 03:21 - 2013-10-29 03:21 - 00002244 _____ C:\Users\Haus\Desktop\SpyHunter (2).lnk
2013-10-29 03:13 - 2013-10-29 03:13 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-10-29 03:13 - 2013-10-29 03:13 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-10-29 03:11 - 2013-10-29 03:11 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Doreen\Downloads\SpyHunter-Installer.exe
2013-10-29 03:05 - 2013-10-29 03:52 - 00018213 _____ C:\Users\Haus\Desktop\FRST.txt
2013-10-29 03:05 - 2013-10-29 03:05 - 00021233 _____ C:\Users\Doreen\Downloads\Addition.txt
2013-10-29 03:05 - 2013-10-29 03:05 - 00018213 _____ C:\Users\Doreen\Downloads\FRST.txt
2013-10-29 03:04 - 2013-10-29 03:52 - 01089183 _____ (Farbar) C:\Users\Haus\Desktop\FRST.exe
2013-10-29 03:04 - 2013-10-29 03:04 - 01089183 _____ (Farbar) C:\Users\Doreen\Downloads\FRST.exe
2013-10-29 03:04 - 2013-10-29 03:04 - 00000000 ____D C:\FRST
2013-10-29 02:54 - 2013-07-29 06:35 - 00000000 ____D C:\Users\Doreen\AppData\Local\Mozilla
2013-10-29 02:46 - 2013-09-11 00:24 - 00000000 ____D C:\Users\Haus\AppData\Local\Battle.net
2013-10-28 13:59 - 2013-02-09 12:09 - 00000000 ____D C:\Users\Haus\AppData\Roaming\TS3Client
2013-10-28 02:11 - 2013-01-18 09:40 - 00000000 ____D C:\users\Haus
2013-10-21 13:15 - 2013-09-04 07:01 - 00002012 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-10-21 13:15 - 2013-09-04 07:01 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-17 09:19 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
2013-10-16 04:30 - 2013-09-11 00:23 - 00000000 ____D C:\Program Files\Battle.net
2013-10-10 13:31 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-10 01:45 - 2013-07-11 06:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-10 01:45 - 2009-07-13 20:33 - 00409048 _____ C:\Windows\System32\FNTCACHE.DAT
2013-10-09 17:13 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-10-09 17:12 - 2013-02-08 10:46 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-09 17:11 - 2013-08-14 02:25 - 00000000 ____D C:\Windows\System32\MRT
2013-10-09 17:09 - 2013-01-18 10:32 - 78106760 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-10-08 15:17 - 2013-01-19 02:30 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-10-08 15:17 - 2013-01-19 02:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-10-02 04:33 - 2013-01-18 10:24 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-01 12:28 - 2013-01-18 10:24 - 00000000 ____D C:\Users\Haus\AppData\Local\Mozilla
2013-10-01 08:04 - 2013-10-01 08:04 - 00000000 ____D C:\Program Files\Mozilla Firefox

Files to move or delete:
====================
C:\Users\Haus\AppData\Roaming\cache.dat
C:\Users\Haus\AppData\Roaming\cache.ini


Some content of TEMP:
====================
C:\Users\Doreen\AppData\Local\Temp\Quarantine.exe
C:\Users\Doreen\AppData\Local\Temp\SHSetup.exe
C:\Users\Haus\AppData\Local\Temp\install_reader11_de_mssa_aaa_aih.exe
C:\Users\Haus\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Haus\AppData\Local\Temp\nitro_reader3(1).exe
C:\Users\Haus\AppData\Local\Temp\nitro_reader3.exe
C:\Users\Haus\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Haus\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Haus\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Haus\AppData\Local\Temp\nvStInst.exe
C:\Users\Haus\AppData\Local\Temp\ose00000.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

13
Restore point made on: 2013-09-11 16:34:49
Restore point made on: 2013-09-17 04:43:04
Restore point made on: 2013-09-24 13:25:39
Restore point made on: 2013-09-29 05:20:30
Restore point made on: 2013-10-04 03:51:13
Restore point made on: 2013-10-09 14:39:44
Restore point made on: 2013-10-09 17:01:07
Restore point made on: 2013-10-15 07:21:09
Restore point made on: 2013-10-23 01:25:38
Restore point made on: 2013-10-29 01:25:09
Restore point made on: 2013-10-29 03:13:37
Restore point made on: 2013-10-29 03:43:24
Restore point made on: 2013-10-29 03:47:59

==================== Memory info =========================== 

Percentage of memory in use: 15%
Total physical RAM: 3198.18 MB
Available physical RAM: 2710.62 MB
Total Pagefile: 3196.45 MB
Available Pagefile: 2715.58 MB
Total Virtual: 2047.88 MB
Available Virtual: 1943.12 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:416.83 GB) (Free:276.56 GB) NTFS
Drive e: () (Fixed) (Total:48.83 GB) (Free:48.74 GB) NTFS
Drive i: (DOREEN) (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 2BAB359D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=417 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=49 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 968 MB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=967 MB) - (Type=06)


LastRegBack: 2013-10-28 06:46

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---


so richtig?

Nachdem ich nun irgendwie wieder zugriff auf den Benutzer habe ihr paar logs ^^
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.10.29.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16721
Haus :: DENNIS-MEYER [Administrator]

Schutz: Aktiviert

29-Oct-13 2:56:52 PM
mbam-log-2013-10-29 (14-56-52).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 249544
Laufzeit: 6 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\Users\Haus\AppData\Roaming\cache.dat (Trojan.Kelihos.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-21-2294712060-3132743783-407994791-1004\$RT7XB44.zip (Trojan.Kelihos.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Haus\AppData\Local\Temp\0D_TN7cK.zip.part (Trojan.Kelihos.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Haus\AppData\Local\Temp\NE5Wvsqh.zip.part (Trojan.Kelihos.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Haus\Downloads\iLividSetup.exe (PUP.Optional.Bandoo) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Haus\Downloads\SoftonicDownloader_fuer_vlc-media-player.exe (PUP.Optional.Softonic) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.010 - Report created 29/10/2013 at 12:53:21
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Doreen - DENNIS-MEYER
# Running from : C:\Users\Doreen\AppData\Local\DownloadGuide\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
Folder Deleted : C:\Program Files\Iminent
Folder Deleted : C:\Program Files\Plus-HD-3.8
Folder Deleted : C:\Program Files\Common Files\Umbrella
Folder Deleted : C:\Users\Doreen\AppData\Local\DownloadGuide
Folder Deleted : C:\Users\Doreen\AppData\Local\Temp\Iminent
Folder Deleted : C:\Users\Doreen\AppData\Local\Temp\CT3317893
Folder Deleted : C:\Users\Doreen\AppData\Roaming\Windows Net Data
Folder Deleted : C:\Users\Doreen\AppData\Roaming\Mozilla\Firefox\Profiles\h93wza6j.default\CT3317893
Folder Deleted : C:\Users\Haus\AppData\Roaming\Mozilla\Firefox\Profiles\7ftt4tsg.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com
Folder Deleted : C:\Users\Doreen\AppData\Roaming\Mozilla\Firefox\Profiles\h93wza6j.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com
Folder Deleted : C:\Users\Doreen\AppData\Roaming\Mozilla\Firefox\Profiles\h93wza6j.default\Extensions\{61f0d019-b016-4d56-9dae-7b7706cd6755}
File Deleted : C:\END
File Deleted : C:\Users\Doreen\AppData\Roaming\Mozilla\Firefox\Profiles\h93wza6j.default\searchplugins\Conduit.xml
File Deleted : C:\Windows\Tasks\Plus-HD-3.8-codedownloader.job
File Deleted : C:\Windows\System32\Tasks\Plus-HD-3.8-codedownloader
File Deleted : C:\Windows\Tasks\Plus-HD-3.8-enabler.job
File Deleted : C:\Windows\System32\Tasks\Plus-HD-3.8-enabler
File Deleted : C:\Windows\Tasks\Plus-HD-3.8-firefoxinstaller.job
File Deleted : C:\Windows\System32\Tasks\Plus-HD-3.8-firefoxinstaller
File Deleted : C:\Windows\Tasks\Plus-HD-3.8-updater.job
File Deleted : C:\Windows\System32\Tasks\Plus-HD-3.8-updater

***** [ Shortcuts ] *****


***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-3.8-codedownloader
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F3267FF-647C-4929-A7A2-D3A7CD12AB48}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6F3267FF-647C-4929-A7A2-D3A7CD12AB48}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-3.8-enabler
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C1A74B0-6462-4927-A02C-FDE9351EC6CD}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4C1A74B0-6462-4927-A02C-FDE9351EC6CD}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-3.8-firefoxinstaller
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10D784A5-3CFF-4BCB-A3A3-7431BD3AA635}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{10D784A5-3CFF-4BCB-A3A3-7431BD3AA635}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-3.8-updater
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E91EEEC5-8BF2-46E8-915D-53ABD2EF2936}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E91EEEC5-8BF2-46E8-915D-53ABD2EF2936}
Key Deleted : HKLM\SOFTWARE\Classes\Iminent
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Iminent]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [IminentMessenger]
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0039030.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0039030.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0039030.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0039030.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311901130}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355905530}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366906630}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344904430}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311901130}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311901130}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKCU\Software\AppDataLow\Software\Plus-HD-3.8
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\Plus-HD-3.8
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-3.8

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v24.0 (de)

[ File : C:\Users\Haus\AppData\Roaming\Mozilla\Firefox\Profiles\7ftt4tsg.default\prefs.js ]


[ File : C:\Users\Doreen\AppData\Roaming\Mozilla\Firefox\Profiles\h93wza6j.default\prefs.js ]

Line Deleted : user_pref("CT3317893.FF19Solved", "true");
Line Deleted : user_pref("CT3317893.UserID", "UN51396801516972073");
Line Deleted : user_pref("CT3317893.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3317893.fullUserID", "UN51396801516972073.IN.20131029125129");
Line Deleted : user_pref("CT3317893.installDate", "29/10/2013 12:51:30");
Line Deleted : user_pref("CT3317893.installSessionId", "{D6334BA9-CEC0-46D0-88CD-65330023B73A}");
Line Deleted : user_pref("CT3317893.installSp", "FALSE");
Line Deleted : user_pref("CT3317893.installerVersion", "1.8.0.14");
Line Deleted : user_pref("CT3317893.keyword", "true");
Line Deleted : user_pref("CT3317893.originalHomepage", "about:home");
Line Deleted : user_pref("CT3317893.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3317893.originalSearchEngine", "");
Line Deleted : user_pref("CT3317893.originalSearchEngineName", "");
Line Deleted : user_pref("CT3317893.searchRevert", "false");
Line Deleted : user_pref("CT3317893.searchUserMode", "1");
Line Deleted : user_pref("CT3317893.smartbar.homepage", "true");
Line Deleted : user_pref("CT3317893.toolbarInstallDate", "29-10-2013 12:51:29");
Line Deleted : user_pref("CT3317893.versionFromInstaller", "10.21.1.7");
Line Deleted : user_pref("CT3317893.xpeMode", "0");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("browser.search.defaultenginename", "RadioTotal4 Customized Web Search");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "RadioTotal4 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3317893&CUI=UN51396801516972073&UM=1&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.selectedEngine", "RadioTotal4 Customized Web Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3317893&CUI=UN51396801516972073&UM=1&SearchSource=13");
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3317893&SearchSource=2&CUI=UN51396801516972073&UM=1&q=");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3317893");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3317893&CUI=UN51396801516972073&UM=1&SearchSource=13");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3317893&SearchSource=2&CUI=UN51396801516972073&UM=1&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3317893");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3317893");
Line Deleted : user_pref("smartbar.machineId", "QMWQ4XBX9CTYCG90CGQJUZGOD0AWP69FXICV6VPMDLSWTAQJ5W6TKTJBAEDKOVEZDFQV+BTOTXZNEYIBEAT13G");

*************************

AdwCleaner[R0].txt - [9089 octets] - [29/10/2013 12:42:44]
AdwCleaner[R1].txt - [8784 octets] - [29/10/2013 12:52:46]
AdwCleaner[S0].txt - [9457 octets] - [29/10/2013 12:43:38]
AdwCleaner[S1].txt - [9000 octets] - [29/10/2013 12:53:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [9060 octets] ##########
         
--- --- ---
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.010 - Report created 29/10/2013 at 15:10:02
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Haus - DENNIS-MEYER
# Running from : C:\Users\Haus\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v24.0 (de)

[ File : C:\Users\Haus\AppData\Roaming\Mozilla\Firefox\Profiles\7ftt4tsg.default\prefs.js ]


[ File : C:\Users\Doreen\AppData\Roaming\Mozilla\Firefox\Profiles\h93wza6j.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [10624 octets] - [29/10/2013 12:42:44]
AdwCleaner[R1].txt - [9832 octets] - [29/10/2013 12:52:46]
AdwCleaner[S0].txt - [11008 octets] - [29/10/2013 12:43:38]
AdwCleaner[S1].txt - [10049 octets] - [29/10/2013 12:53:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [10110 octets] ##########
         
--- --- ---


Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Ultimate x86
Ran by Haus on 29-Oct-13 at 15:11:58.28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Haus\AppData\Roaming\mozilla\firefox\profiles\7ftt4tsg.default\minidumps [154 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29-Oct-13 at 15:15:03.32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

ist das alles okay? viel danke


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-10-2013
Ran by Haus (administrator) on DENNIS-MEYER on 29-10-2013 15:19:05
Running from C:\Users\Haus\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Nitro PDF Software) C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\Vtune\TBPANEL.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Curse) C:\Users\Haus\AppData\Local\Apps\2.0\488QT5W3.MLN\92MM3JLG.ND3\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [614400 2009-08-14] ()
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [5529328 2013-02-28] (Logitech Inc.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1851192 2012-11-04] (Logitech, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKCU\...\Run: [TBPanel] - C:\Program Files\Vtune\TBPANEL.exe [2248704 2011-08-02] ()
Startup: C:\Users\Doreen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Haus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

==================== Internet (Whitelisted) ====================

SearchScopes: HKLM - DefaultScope value is missing.
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Haus\AppData\Roaming\Mozilla\Firefox\Profiles\7ftt4tsg.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF - C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

========================== Services (Whitelisted) =================

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2013-01-14] (Nitro PDF Software)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1\RpcAgentSrv.exe [68760 2008-12-27] (SiSoftware)

==================== Drivers (Whitelisted) ====================

S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [38400 2009-02-16] (Samsung Electronics Co., Ltd.)
S3 LachesisFltr; C:\Windows\System32\drivers\Lachesis.sys [12032 2007-08-08] (Razer (Asia-Pacific) Pte Ltd)
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [43704 2012-09-18] (Logitech, Inc.)
R3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [19720 2009-11-24] (Logitech Inc.)
R3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [14856 2009-11-24] (Logitech Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [12216 2012-09-18] (Logitech, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [734208 2009-05-25] (Ralink Technology Corp.)
R3 Ph3xIB32; C:\Windows\System32\DRIVERS\Ph3xIB32.sys [1311232 2009-07-13] (NXP Semiconductors)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1\WNt500x86\Sandra.sys [23112 2009-08-08] (SiSoftware)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-08-03] (Samsung Electronics)
S3 TBPanel; C:\Windows\System32\Drivers\TBPanel.sys [12256 2007-03-16] (Windows (R) 2000 DDK provider)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-12-01] (X10 Wireless Technology, Inc.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-29 15:18 - 2013-10-29 13:27 - 01089183 _____ (Farbar) C:\Users\Haus\Desktop\FRST.exe
2013-10-29 15:15 - 2013-10-29 15:15 - 00000750 _____ C:\Users\Haus\Desktop\JRT.txt
2013-10-29 15:11 - 2013-10-29 15:11 - 00010191 _____ C:\Users\Haus\Desktop\2.txt
2013-10-29 15:11 - 2013-10-29 15:11 - 00000000 ____D C:\Windows\ERUNT
2013-10-29 15:07 - 2013-10-29 15:07 - 00003654 _____ C:\Users\Haus\Desktop\1.txt
2013-10-29 14:53 - 2013-10-29 14:53 - 00001067 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-29 14:53 - 2013-10-29 14:53 - 00000000 ____D C:\Users\Haus\AppData\Roaming\Malwarebytes
2013-10-29 14:53 - 2013-10-29 14:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-29 14:53 - 2013-10-29 14:53 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-29 14:53 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-29 14:50 - 2013-10-29 14:49 - 01060070 _____ C:\Users\Haus\Desktop\adwcleaner.exe
2013-10-29 12:52 - 2013-10-29 12:52 - 00000000 ____D C:\Users\Doreen\AppData\Local\Google
2013-10-29 12:42 - 2013-10-29 15:10 - 00000000 ____D C:\AdwCleaner
2013-10-29 12:40 - 2013-10-29 23:43 - 00000000 ____D C:\Program Files\WinSecurity
2013-10-29 12:40 - 2013-10-29 12:51 - 00000132 _____ C:\Users\Doreen\Desktop\Amazon.url
2013-10-29 12:13 - 2013-10-29 12:13 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-10-29 12:05 - 2013-10-29 12:05 - 00021233 _____ C:\Users\Doreen\Downloads\Addition.txt
2013-10-29 12:05 - 2013-10-29 12:05 - 00018213 _____ C:\Users\Doreen\Downloads\FRST.txt
2013-10-29 12:04 - 2013-10-29 12:04 - 00000000 ____D C:\FRST
2013-10-20 12:19 - 2013-10-29 23:43 - 00000000 ____D C:\Users\Haus\Downloads\oqueue_1.6.0
2013-10-10 02:07 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-10 02:07 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-10 02:07 - 2013-09-23 00:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-10 02:07 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-10 02:07 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 02:07 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-10 02:07 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-10 02:07 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-10 02:07 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-10 02:07 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-10 02:07 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-10 02:07 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-10 02:07 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-10 02:07 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-10 02:07 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-10 02:07 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-09 23:45 - 2013-09-14 01:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-09 23:45 - 2013-09-08 03:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-09 23:45 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-09 23:45 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-10-09 23:45 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-09 23:45 - 2013-08-29 02:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-09 23:45 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-09 23:45 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-09 23:45 - 2013-08-28 01:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-09 23:45 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 23:45 - 2013-07-03 05:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-09 23:45 - 2013-07-03 04:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 23:45 - 2013-07-03 04:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 23:44 - 2013-08-28 02:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 23:44 - 2013-08-01 12:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 23:44 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 23:44 - 2013-07-12 11:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 23:44 - 2013-07-12 11:07 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-09 23:44 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 23:44 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 23:44 - 2013-07-04 10:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 23:44 - 2013-06-25 23:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 23:44 - 2013-06-06 05:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 23:44 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 23:44 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 23:44 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 23:44 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-01 17:04 - 2013-10-01 17:04 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-10-29 23:43 - 2013-10-29 12:40 - 00000000 ____D C:\Program Files\WinSecurity
2013-10-29 23:43 - 2013-10-20 12:19 - 00000000 ____D C:\Users\Haus\Downloads\oqueue_1.6.0
2013-10-29 23:43 - 2013-09-10 09:06 - 00000000 ____D C:\Users\Haus\Downloads\simc-530-7-win32
2013-10-29 23:43 - 2013-09-04 16:01 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-10-29 23:43 - 2013-02-10 10:26 - 00000000 ____D C:\Users\Haus\Documents\StarCraft II
2013-10-29 23:43 - 2009-07-14 08:48 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-10-29 23:43 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\wfp
2013-10-29 23:43 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\registration
2013-10-29 23:42 - 2013-07-29 15:35 - 00000000 ____D C:\Users\Doreen\AppData\Local\Mozilla
2013-10-29 15:18 - 2009-07-14 05:34 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-29 15:18 - 2009-07-14 05:34 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-29 15:17 - 2013-01-19 11:30 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-29 15:17 - 2013-01-18 18:48 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-29 15:15 - 2013-10-29 15:15 - 00000750 _____ C:\Users\Haus\Desktop\JRT.txt
2013-10-29 15:11 - 2013-10-29 15:11 - 00010191 _____ C:\Users\Haus\Desktop\2.txt
2013-10-29 15:11 - 2013-10-29 15:11 - 00000000 ____D C:\Windows\ERUNT
2013-10-29 15:11 - 2013-02-08 18:03 - 00000000 ____D C:\Users\Haus\AppData\Local\Deployment
2013-10-29 15:10 - 2013-10-29 12:42 - 00000000 ____D C:\AdwCleaner
2013-10-29 15:10 - 2013-01-18 19:41 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-29 15:10 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-29 15:10 - 2009-07-14 05:39 - 00067760 _____ C:\Windows\setupact.log
2013-10-29 15:08 - 2013-01-21 12:29 - 00010760 _____ C:\Windows\PFRO.log
2013-10-29 15:08 - 2013-01-19 03:39 - 01473146 _____ C:\Windows\WindowsUpdate.log
2013-10-29 15:08 - 2009-07-14 05:52 - 00000000 ____D C:\Windows\Performance
2013-10-29 15:07 - 2013-10-29 15:07 - 00003654 _____ C:\Users\Haus\Desktop\1.txt
2013-10-29 14:53 - 2013-10-29 14:53 - 00001067 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-29 14:53 - 2013-10-29 14:53 - 00000000 ____D C:\Users\Haus\AppData\Roaming\Malwarebytes
2013-10-29 14:53 - 2013-10-29 14:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-29 14:53 - 2013-10-29 14:53 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-29 14:49 - 2013-10-29 14:50 - 01060070 _____ C:\Users\Haus\Desktop\adwcleaner.exe
2013-10-29 14:44 - 2013-01-18 18:40 - 00000000 ____D C:\Users\Haus
2013-10-29 13:27 - 2013-10-29 15:18 - 01089183 _____ (Farbar) C:\Users\Haus\Desktop\FRST.exe
2013-10-29 12:52 - 2013-10-29 12:52 - 00000000 ____D C:\Users\Doreen\AppData\Local\Google
2013-10-29 12:51 - 2013-10-29 12:40 - 00000132 _____ C:\Users\Doreen\Desktop\Amazon.url
2013-10-29 12:43 - 2013-02-07 19:11 - 00000000 ____D C:\Windows\system32\appmgmt
2013-10-29 12:13 - 2013-10-29 12:13 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-10-29 12:05 - 2013-10-29 12:05 - 00021233 _____ C:\Users\Doreen\Downloads\Addition.txt
2013-10-29 12:05 - 2013-10-29 12:05 - 00018213 _____ C:\Users\Doreen\Downloads\FRST.txt
2013-10-29 12:04 - 2013-10-29 12:04 - 00000000 ____D C:\FRST
2013-10-29 11:46 - 2013-09-11 09:24 - 00000000 ____D C:\Users\Haus\AppData\Local\Battle.net
2013-10-28 22:59 - 2013-02-09 21:09 - 00000000 ____D C:\Users\Haus\AppData\Roaming\TS3Client
2013-10-21 22:15 - 2013-09-04 16:01 - 00002012 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-10-21 22:15 - 2013-09-04 16:01 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-17 18:19 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-10-16 13:30 - 2013-09-11 09:23 - 00000000 ____D C:\Program Files\Battle.net
2013-10-10 22:31 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-10 10:45 - 2013-07-11 15:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-10 10:45 - 2009-07-14 05:33 - 00409048 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-10 02:13 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-10-10 02:12 - 2013-02-08 19:46 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-10 02:11 - 2013-08-14 11:25 - 00000000 ____D C:\Windows\system32\MRT
2013-10-10 02:09 - 2013-01-18 19:32 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-09 00:17 - 2013-01-19 11:30 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-09 00:17 - 2013-01-19 11:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-02 13:33 - 2013-01-18 19:24 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-01 21:28 - 2013-01-18 19:24 - 00000000 ____D C:\Users\Haus\AppData\Local\Mozilla
2013-10-01 17:04 - 2013-10-01 17:04 - 00000000 ____D C:\Program Files\Mozilla Firefox

Some content of TEMP:
====================
C:\Users\Haus\AppData\Local\Temp\install_reader11_de_mssa_aaa_aih.exe
C:\Users\Haus\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Haus\AppData\Local\Temp\nitro_reader3(1).exe
C:\Users\Haus\AppData\Local\Temp\nitro_reader3.exe
C:\Users\Haus\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Haus\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Haus\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Haus\AppData\Local\Temp\nvStInst.exe
C:\Users\Haus\AppData\Local\Temp\ose00000.exe
C:\Users\Haus\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-28 15:46

==================== End Of Log ============================
         
--- --- ---

--- --- ---
__________________

Alt 30.10.2013, 09:55   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Interpol Virus - Standard

Interpol Virus




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.11.2013, 11:14   #5
Dennis_89
 
Interpol Virus - Standard

Interpol Virus



ne danke alles wieder super


Alt 08.11.2013, 12:47   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Interpol Virus - Standard

Interpol Virus



Mach den Rest trotzdem zur Kontrolle
__________________
--> Interpol Virus

Antwort

Themen zu Interpol Virus
abgesicherte, abgesicherten, abgesicherten modus, anmelde, benutzer, betriebssystem, direkt, fahrt, fake, interpol, interpol trojaner hat pc gesperrt, interpol virus, melde, modus, neu, probleme, pup.optional.bandoo, pup.optional.softonic, rechner, runter, sperrung, trojan.kelihos.ed, virus, windows




Ähnliche Themen: Interpol Virus


  1. Interpol Virus
    Log-Analyse und Auswertung - 02.03.2015 (22)
  2. Interpol Virus
    Plagegeister aller Art und deren Bekämpfung - 25.01.2015 (3)
  3. Interpol Virus
    Plagegeister aller Art und deren Bekämpfung - 09.01.2015 (11)
  4. Interpol Virus
    Log-Analyse und Auswertung - 17.12.2014 (9)
  5. Interpol Virus
    Log-Analyse und Auswertung - 02.11.2014 (51)
  6. Interpol Virus / Bin ich infiziert?
    Plagegeister aller Art und deren Bekämpfung - 11.04.2014 (7)
  7. Interpol hat zugeschlagen! Interpol Troyaner/Virus legt Rechner Lahm!
    Log-Analyse und Auswertung - 30.03.2014 (7)
  8. Interpol Virus
    Plagegeister aller Art und deren Bekämpfung - 21.02.2014 (18)
  9. Interpol Virus
    Plagegeister aller Art und deren Bekämpfung - 08.02.2014 (3)
  10. Bundespolizei-GVU-Interpol Virus
    Log-Analyse und Auswertung - 23.12.2013 (7)
  11. Interpol Virus eingefangen
    Log-Analyse und Auswertung - 17.12.2013 (11)
  12. Interpol BKA virus Win 7
    Log-Analyse und Auswertung - 03.11.2013 (3)
  13. Interpol Virus
    Log-Analyse und Auswertung - 22.10.2013 (3)
  14. Interpol-Virus
    Log-Analyse und Auswertung - 10.10.2013 (9)
  15. Interpol Virus
    Plagegeister aller Art und deren Bekämpfung - 26.09.2013 (16)
  16. Interpol Computersperre Virus
    Plagegeister aller Art und deren Bekämpfung - 12.09.2013 (3)
  17. Interpol Virus eingefangen
    Log-Analyse und Auswertung - 08.09.2013 (27)

Zum Thema Interpol Virus - Hallo, habe auf einem meiner 2 Benutzer eine sperrung von "Interpol" drauf. Wie bekomme ich diesen Fake wieder runter? Wenn ich mich im Abgesicherten Modus anmelde fahrt der Rechner direkt - Interpol Virus...
Archiv
Du betrachtest: Interpol Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.