Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Polizei Virus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 20.07.2013, 11:56   #1
Eaterjoe
 
Polizei Virus - Frage

Polizei Virus



Hallo,

nach 18 Jahren in der Edv-Branche habe ich erstmalig ein Trojaner Problem. ich habe mir das Polizei Virus eingetreten.

wie bekommt man das trotz Windows Defender und wie wird man das wieder los?
den bisher gelesenen Artikeln zur Folge gibt es da keine Standard Lösung, oder?

könnt Ihr mir bitte einige Tipps geben?
Danke und schönes Wochenende!
Eaterjoe

Alt 20.07.2013, 12:01   #2
DerJazzer
/// Malwareteam
 
Polizei Virus - Standard

Polizei Virus



Hallo und

Ich bin Christoph alias DerJazzer. Ich werde dich durch die Bereinigung begleiten und bin währenddessen dein Ansprechpartner für dieses Thema.

Je nach Art der vorliegenden Infektion kann viel Arbeit und ein großer Zeiteinsatz auf dich (und auf mich) zukommen. Ein Neuaufsetzen ist damit meist als der schnellere, aber immer als der sicherere Weg zu betrachten.

Für den Erfolg der Bereinigung gilt:
Ich kann dir zu keinem Zeitpunkt garantieren, dass der PC nach der Bereinigung auch wirklich frei von Malware ist!


Wenn du das akzeptierst, bitte ich dich, hier so lange mitzuarbeiten, bis ich dir sage, dass der PC aus meiner Sicht malwarefrei ist.

Um die Bereinigung so effektiv und nervenschonend wie möglich zu gestalten, bitte ich dich, folgende Punkte ebenfalls zu beachten:
  • Bitte arbeite alle Schritte in der von mir genannten Reihenfolge nacheinander ab.
  • Bitte lies dir meine Anleitungen einmal kurz durch, bevor du beginnst. Solltest du Fragen haben, stelle sie bitte hier im Thema.
  • Sollten während des Abarbeitens der Anleitungen und des Einsaztes der geforderten Tools Probleme auftauchen, stoppe bitte bei dem betreffenden Schritt und beschreibe dein Problem so genau wie möglich.
  • Bitte setze keine Tools auf eigene Faust ein, sondern benutze nur von mir ausdrücklich geforderte Tools. Ebenso bitte ich dich, während der Bereinigung keine neuen Programme ohne meine Aufforderung zu installieren.
  • Im Interesse der Höflichkeit (auch im "anonymen" Internet!) appelliere ich an dich, sog. Crossposting (Posten deines Problems in mehreren Foren) auch aus Wertschätzung meiner Arbeit zu unterlassen.

Um mir das Auswerten deiner Logs (Berichte der verwendeten Programme) zu erleichtern, bitte ich dich, diese zwischen Code-Tags zu posten. Dazu drückst du einfach den #-Button im Antwortfenster und fügst dort zwischen den eckigen Klammern dein Log ein. Das sieht dann so aus: [CODE] eingefügtes Log [/CODE]

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Welches Betriebssystem hast du? Kannst du noch in den Abgesicherten Modus starten?
__________________

__________________

Alt 20.07.2013, 12:30   #3
Eaterjoe
 
Polizei Virus - Standard

Polizei Virus



Hi, danke für deine rasche Rückmeldung und das du dir Zeit nimmst!
abgesicherter Modus: ja
Os: Windows 7 tagesaktuell gepachet
LG eaterjoe
__________________

Alt 20.07.2013, 12:33   #4
DerJazzer
/// Malwareteam
 
Polizei Virus - Standard

Polizei Virus



ok, los gehts: Starte in den Abgesicherten Modus.

Schritt 1

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
Keep Jazzing!

DerJazzer

Imperare sibi maximum imperium est. ©Seneca

Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/

Alt 20.07.2013, 12:49   #5
Eaterjoe
 
Polizei Virus - Standard

Polizei Virus



Zur Info: ich habe meinen Usernamen "<Name>Admin" durch "UserAdmin" und "<Vorname>" durch "User" ersetzt. ich möchte nicht, dass mein echter Name hier im Forum aufscheint...
sollte das ein Problem sein, kann ich Dir die Logs auch per PN zukommen lassen...
lg eaterjoe


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2013
Ran by User (administrator) on 20-07-2013 13:42:18
Running from C:\Users\User\Desktop
Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKCU\...\Run: [KeePass Password Safe 2] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [1733120 2011-04-10] (Dominik Reichl)
HKCU\...\Run: [GoogleContactSync] - C:\Program Files (x86)\WebGear\GO Contact Sync\GOContactSync.exe [902144 2013-01-08] (WebGear Ltd, New Zealand + Create Software + Stru.be + saller.NET)
HKCU\...\Run: [Free Download Manager] - C:\Program Files (x86)\Free Download Manager\fdm.exe [6860288 2013-01-17] (FreeDownloadManager.ORG)
HKCU\...\Run: [cam2pc] - C:\Program Files (x86)\cam2pc\cam2pc.exe [6639616 2007-10-27] (nabocorp. softwares)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [x]
HKCU\...\Run: [Google Update] - C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-02-18] (Google Inc.)
HKCU\...\Run: [ctfmon32.exe] - C:\PROGRA~3\rundll32.exe [44544 2013-07-20] (Microsoft Corporation) <===== ATTENTION
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: E - E:\setup.exe
MountPoints2: {2fb51d18-f5f6-11de-a3e9-005056c00008} - F:\AutoRun.exe
MountPoints2: {69a8e14d-1be5-11df-b339-005056c00008} - F:\NokiaPCIA_Autorun.exe
MountPoints2: {6dec7bb9-018e-11e1-b2b9-806e6f6e6963} - F:\start.exe
MountPoints2: {751b34f1-e5c6-11de-b70f-00199954ce99} - F:\AutoRun.exe
MountPoints2: {82ba376a-2148-11df-9b0e-005056c00008} - G:\AutoRun.exe
MountPoints2: {8b1ca203-db8b-11de-9b30-00199954ce99} - F:\AutoRun.exe
MountPoints2: {8b1ca20f-db8b-11de-9b30-00199954ce99} - F:\AutoRun.exe
MountPoints2: {aa7d38c2-f5f4-11de-ac35-005056c00008} - F:\AutoRun.exe
MountPoints2: {cb7b06a1-1bff-11df-96ac-005056c00008} - F:\AutoRun.exe
MountPoints2: {cfe21837-2141-11df-817b-005056c00008} - F:\AutoRun.exe
MountPoints2: {cfe21858-2141-11df-817b-005056c00008} - F:\AutoRun.exe
HKLM-x32\...\Run: [VirtualCloneDrive] - "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [MaxMenuMgr] - "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [185640 2009-05-01] (Seagate LLC)
HKLM-x32\...\Run: [KeePass 2 PreLoad] - "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload [1733120 2011-04-10] (Dominik Reichl)
HKLM-x32\...\Run: [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKU\UserAdmin\...\Policies\system: [LogonHoursAction] 2
HKU\UserAdmin\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Kinder\...\Policies\system: [LogonHoursAction] 2
HKU\Kinder\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.orf.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: HKLM-x32 {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.16.0.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome: 
=======
CHR HomePage: hxxp://www.orf.at/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\User\AppData\Local\Google\Chrome\Application\27.0.1453.110\gcswf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\User\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\User\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll No File
CHR Plugin: (K-iS MultiScan Endpoint Analysis Client Version 3.3.0) - C:\Users\User\AppData\Roaming\Mozilla\plugins\np83DB337F-50F6-4B55-BB98-70B0D2FE43B5.dll No File
CHR Plugin: (LOGIS Endpoint Analysis Plugin 1.0.0.0) - C:\Users\User\AppData\Roaming\Mozilla\plugins\np8C75C9E5-48C2-40C1-A9E1-62374B240637.dll (Citrix Systems, Inc.)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Users\User\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File

==================== Services (Whitelisted) =================

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S3 ufad-ws60; C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe [191024 2010-08-19] (VMware, Inc.)

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114560 2009-07-24] (Huawei Technologies Co., Ltd.)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation                           )
S2 VMparport; C:\Windows\system32\drivers\VMparport.sys [30768 2010-09-21] (VMware, Inc.)
S2 vstor2-ws60; C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys [32816 2010-08-19] (VMware, Inc.)
S2 vstor2-ws60; C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys [32816 2010-08-19] (VMware, Inc.)
S3 massfilter; system32\drivers\massfilter.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-20 13:41 - 2013-07-20 13:41 - 00000000 ____D C:\FRST
2013-07-20 13:40 - 2013-07-20 13:40 - 01779345 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2013-07-20 12:34 - 2013-07-20 13:22 - 95023320 ____T C:\ProgramData\orolo.pad
2013-07-20 12:34 - 2013-07-20 12:34 - 00196608 _____ (Microsoft Corporation) C:\ProgramData\oloro.dat
2013-07-20 12:34 - 2013-07-20 12:34 - 00044544 _____ (Microsoft Corporation) C:\ProgramData\rundll32.exe
2013-07-20 12:34 - 2013-07-20 12:34 - 00002656 _____ C:\ProgramData\orolo.js
2013-07-20 12:34 - 2013-07-20 12:34 - 00000151 _____ C:\ProgramData\orolo.reg
2013-07-20 12:34 - 2013-07-20 12:34 - 00000056 _____ C:\ProgramData\orolo.bat
2013-07-20 12:34 - 2013-07-20 12:34 - 00000000 _____ C:\ProgramData\g252qs.txt
2013-07-18 18:37 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-18 18:37 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-12 15:03 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-12 15:03 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-12 15:03 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-12 15:03 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-12 15:03 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-12 15:03 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-12 15:03 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-12 15:03 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-12 15:03 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-12 15:03 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-12 15:03 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-12 15:03 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-12 15:03 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-12 15:03 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-12 15:03 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-12 15:03 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-12 15:03 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-12 15:03 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-12 15:03 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-12 15:03 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-12 15:03 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-12 15:03 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-12 15:03 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-12 15:03 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-12 15:03 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-12 15:03 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-12 15:03 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-12 15:03 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-12 15:03 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-12 15:03 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-12 15:03 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-12 14:10 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-06-23 08:18 - 2013-06-23 08:27 - 00000000 ____D C:\Program Files (x86)\YRefresher
2013-06-23 08:05 - 2013-06-23 08:05 - 00000000 ____D C:\Users\User\AppData\Roaming\GrabPro
2013-06-20 21:05 - 2013-06-20 21:05 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2013-06-20 20:46 - 2013-06-20 20:46 - 00000000 ____D C:\Program Files\SAMSUNG
2013-06-20 20:33 - 2013-07-18 21:34 - 00000000 ____D C:\Samsung Galaxy S3 ToolKit
2013-06-20 20:33 - 2013-06-20 20:33 - 00001596 _____ C:\Users\User\Desktop\Samsung GS3 ToolKit.lnk
2013-06-20 20:01 - 2013-05-08 08:39 - 01910632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-06-20 18:19 - 2013-04-26 07:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-06-20 18:19 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-20 18:15 - 2013-06-20 18:15 - 00000000 ____D C:\Users\Public\Documents\CrashDump

==================== One Month Modified Files and Folders =======

2013-07-20 13:41 - 2013-07-20 13:41 - 00000000 ____D C:\FRST
2013-07-20 13:40 - 2013-07-20 13:40 - 01779345 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2013-07-20 13:36 - 2009-11-30 22:27 - 00000000 ____D C:\Users\User\Documents\Outlook-Dateien
2013-07-20 13:35 - 2010-03-29 12:48 - 00000000 _____ C:\Windows\system32\Ikeext.etl
2013-07-20 13:24 - 2011-06-08 19:34 - 00000000 ____D C:\Users\User\AppData\Roaming\KeePass
2013-07-20 13:24 - 2009-11-26 19:24 - 02055102 _____ C:\Windows\WindowsUpdate.log
2013-07-20 13:22 - 2013-07-20 12:34 - 95023320 ____T C:\ProgramData\orolo.pad
2013-07-20 13:22 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing
2013-07-20 12:54 - 2011-02-18 21:17 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1923077133-656304762-555754502-1001UA.job
2013-07-20 12:47 - 2013-02-01 12:26 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-20 12:41 - 2012-07-20 20:07 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-20 12:37 - 2013-02-01 12:26 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-20 12:37 - 2009-11-26 20:22 - 00111560 _____ C:\Users\UserAdmin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-20 12:34 - 2013-07-20 12:34 - 00196608 _____ (Microsoft Corporation) C:\ProgramData\oloro.dat
2013-07-20 12:34 - 2013-07-20 12:34 - 00044544 _____ (Microsoft Corporation) C:\ProgramData\rundll32.exe
2013-07-20 12:34 - 2013-07-20 12:34 - 00002656 _____ C:\ProgramData\orolo.js
2013-07-20 12:34 - 2013-07-20 12:34 - 00000151 _____ C:\ProgramData\orolo.reg
2013-07-20 12:34 - 2013-07-20 12:34 - 00000056 _____ C:\ProgramData\orolo.bat
2013-07-20 12:34 - 2013-07-20 12:34 - 00000000 _____ C:\ProgramData\g252qs.txt
2013-07-20 11:35 - 2009-11-26 20:25 - 00000000 ____D C:\Users\User\Documents\Word
2013-07-20 11:08 - 2013-04-02 10:49 - 00000000 ___RD C:\Users\User\Documents\Dropbox
2013-07-20 11:08 - 2013-04-02 10:45 - 00000000 ____D C:\Users\User\AppData\Roaming\Dropbox
2013-07-20 11:07 - 2010-02-17 21:03 - 00000000 ____D C:\Users\User\AppData\Roaming\TeamViewer
2013-07-20 10:32 - 2009-07-14 06:45 - 00016464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-20 10:32 - 2009-07-14 06:45 - 00016464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-20 10:26 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-20 10:26 - 2009-07-14 06:51 - 00009618 _____ C:\Windows\setupact.log
2013-07-20 10:26 - 2009-07-14 06:45 - 02352680 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-20 10:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-07-18 21:34 - 2013-06-20 20:33 - 00000000 ____D C:\Samsung Galaxy S3 ToolKit
2013-07-18 20:17 - 2009-11-26 20:36 - 00111560 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-18 19:48 - 2010-02-17 21:02 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-07-18 18:54 - 2011-02-18 21:16 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1923077133-656304762-555754502-1001Core.job
2013-07-18 18:49 - 2011-02-18 21:17 - 00004090 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1923077133-656304762-555754502-1001UA
2013-07-18 18:49 - 2011-02-18 21:16 - 00003694 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1923077133-656304762-555754502-1001Core
2013-07-18 18:44 - 2009-11-30 22:55 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2013-07-18 18:43 - 2012-07-20 20:07 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-18 18:43 - 2012-04-04 18:24 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-18 18:43 - 2011-05-16 21:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-18 18:42 - 2013-02-01 12:26 - 00004104 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-18 18:42 - 2013-02-01 12:26 - 00003852 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-14 18:34 - 2008-11-13 19:25 - 00000000 ____D C:\Users\User\Documents\Excel
2013-07-14 18:00 - 2011-02-25 22:34 - 00000466 _____ C:\Windows\Tasks\ParetoLogic Registration.job
2013-07-12 15:13 - 2013-03-13 21:03 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 15:13 - 2013-03-13 21:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-12 15:12 - 2009-11-28 20:44 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-12 15:09 - 2009-11-26 19:35 - 00706022 _____ C:\Windows\system32\perfh007.dat
2013-07-12 15:09 - 2009-11-26 19:35 - 00152032 _____ C:\Windows\system32\perfc007.dat
2013-07-12 15:09 - 2009-07-14 07:13 - 01671384 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-12 15:04 - 2009-12-02 20:54 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-12 14:00 - 2009-12-23 21:43 - 01627286 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-29 22:51 - 2008-11-13 19:25 - 00000000 ____D C:\Users\User\Documents\Isabel
2013-06-23 08:27 - 2013-06-23 08:18 - 00000000 ____D C:\Program Files (x86)\YRefresher
2013-06-23 08:05 - 2013-06-23 08:05 - 00000000 ____D C:\Users\User\AppData\Roaming\GrabPro
2013-06-20 21:05 - 2013-06-20 21:05 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2013-06-20 20:46 - 2013-06-20 20:46 - 00000000 ____D C:\Program Files\SAMSUNG
2013-06-20 20:33 - 2013-06-20 20:33 - 00001596 _____ C:\Users\User\Desktop\Samsung GS3 ToolKit.lnk
2013-06-20 20:28 - 2013-01-29 20:42 - 00000000 ____D C:\Users\User\AppData\Roaming\Samsung
2013-06-20 20:28 - 2013-01-29 20:42 - 00000000 ____D C:\Users\User\AppData\Local\Samsung
2013-06-20 20:28 - 2013-01-29 19:30 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-06-20 20:26 - 2013-01-29 19:30 - 00000000 ____D C:\ProgramData\Samsung
2013-06-20 20:26 - 2009-12-18 14:28 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-20 18:15 - 2013-06-20 18:15 - 00000000 ____D C:\Users\Public\Documents\CrashDump

Files to move or delete:
====================
C:\ProgramData\rundll32.exe
C:\ProgramData\oloro.dat
C:\ProgramData\orolo.bat
C:\ProgramData\orolo.pad
C:\ProgramData\orolo.reg

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-14 12:35

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-07-2013
Ran by User at 2013-07-20 13:46:01
Running from C:\Users\User\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Installed Programs =======================

   
 Update for Microsoft Office 2007 (KB2508958) (x32)
Adobe AIR (x32 Version: 3.7.0.1530)
Adobe Anchor Service CS3 (x32 Version: 1.0)
Adobe Asset Services CS3 (x32 Version: 3)
Adobe Bridge CS3 (x32 Version: 2)
Adobe Bridge Start Meeting (x32 Version: 1.0)
Adobe Camera Raw 4.0 (x32 Version: 4.0)
Adobe CMaps (x32 Version: 1.0)
Adobe Color - Photoshop Specific (x32 Version: 1.0)
Adobe Color Common Settings (x32 Version: 1.0)
Adobe Color EU Recommended Settings (x32 Version: 1.0)
Adobe Color JA Extra Settings (x32 Version: 1.0)
Adobe Color NA Extra Settings (x32 Version: 1.0)
Adobe Default Language CS3 (x32 Version: 1.0)
Adobe Device Central CS3 (x32 Version: 1.0)
Adobe ExtendScript Toolkit 2 (x32 Version: 2.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Fonts All (x32 Version: 1.0)
Adobe Help Viewer CS3 (x32 Version: 1)
Adobe Linguistics CS3 (x32 Version: 3.0.0)
Adobe PDF Library Files (x32 Version: 8.0)
Adobe Photoshop CS3 (x32 Version: 10)
Adobe Photoshop CS3 (x32 Version: 10.0)
Adobe Premiere Elements 8.0 (x32 Version: 8.0)
Adobe Premiere Elements 8.0 (x32 Version: 8.0.1)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
Adobe Setup (x32 Version: 1.0)
Adobe Stock Photos CS3 (x32 Version: 1.5)
Adobe Type Support (x32 Version: 1.0)
Adobe Update Manager CS3 (x32 Version: 5.1.0)
Adobe Version Cue CS3 Client (x32 Version: 3)
Adobe WinSoft Linguistics Plugin (x32 Version: 1.0)
Adobe XMP Panels CS3 (x32 Version: 1.0)
AMR to MP3 Converter 1.4 (x32)
Apple Application Support (x32 Version: 1.4.1)
Apple Software Update (x32 Version: 2.1.1.116)
ATI Catalyst Install Manager (Version: 3.0.833.0)
cam2pc Freeware Edition (remove only) (x32)
CDBurnerXP (Version: 4.3.8.2631)
CDBurnerXP (x32 Version: 4.4.2.3442)
Citrix Endpoint Analysis Plug-in (x32 Version: 5.0.4063)
Citrix Online Plug-in - Web (x32 Version: 12.0.0.6410)
Citrix Online Plug-in (DV) (x32 Version: 12.0.0.6410)
Citrix Online Plug-in (HDX) (x32 Version: 12.0.0.6410)
Citrix Online Plug-in (USB) (x32 Version: 12.0.0.6410)
Citrix Online Plug-in (Web) (x32 Version: 12.0.0.6410)
Cool MP3 Splitter 2.2 (x32)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Dropbox (HKCU Version: 2.0.22)
EINS PLUS CD-ROM 1 für zu Hause (x32 Version: 1.03)
EINS PLUS CD-ROM 1 für zu Hause (x32 Version: V1.03-HL)
EINS PLUS CD-ROM 2 für zu Hause (x32 Version: 1.03)
EINS PLUS CD-ROM 2 für zu Hause (x32 Version: V1.03-HL)
EINS PLUS CD-ROM 3 für zu Hause (x32 Version: 1.00)
EINS PLUS CD-ROM 3 für zu Hause (x32 Version: V1.00-HL)
el(R) Graphics Media Accelerator Driver (Version: 8.15.10.1930)
Feedback Tool (x32 Version: 1.2.0)
FileZilla Client 3.5.3 (x32 Version: 3.5.3)
Fotostory 3 für Windows (x32 Version: 3.0.1115.15)
Free Download Manager 3.9.2 (x32)
FreshFTP (x32)
GO Contact Sync Mod (x32 Version: 3.5.21)
Google Chrome (HKCU Version: 28.0.1500.72)
Google Update Helper (x32 Version: 1.3.21.153)
Group Shot (x32 Version: 1.0.0)
HappyFoto Bestellsoftware (HKCU)
Hugin 2011.4.0 (x32 Version: 2011.4.0 hg_cf9be9344356)
Java 7 Update 9 (x32 Version: 7.0.90)
Java Auto Updater (x32 Version: 2.1.9.0)
Java(TM) 6 Update 37 (x32 Version: 6.0.370)
KeePass Password Safe 2.15 (x32)
LOGIS Endpoint Analysis Plugin (x32 Version: 1.0.0.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30320)
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office 2010 Language Pack Service Pack 1 (SP1) (x32)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (x32 Version: 14.0.6029.1000)
Microsoft Office O MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office SharePoint Designer 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (x32)
Microsoft Office SharePoint Designer MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office X MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft SharePoint Designer 2010 Service Pack 1 (SP1) (x32)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU (Version: 10.0.40303)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (Version: 10.0.40303)
Mobile Partner (x32 Version: 11.300.05.05.47)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MyFreeCodec (HKCU)
OpenAL (x32)
ParetoLogic Data Recovery (x32 Version: 1.1.0)
PDF Settings (x32 Version: 1.0)
Picasa 3 (x32 Version: 3.9)
PokerStars.net (x32)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.16.0)
Saturn Picture Center (x32)
Schachermayer Warenkorb 2.2 (x32)
Seagate Manager Installer (x32 Version: 2.02.0109)
Secunia PSI (1.9.0.3007) (x32)
SmartSound Quicktracks for Premiere Elements 8.0 (x32 Version: 3.11.3090)
System Requirements Lab for Intel (x32 Version: 4.4.16.0)
TeamViewer 8 (x32 Version: 8.0.19617)
tools-windows (x32 Version: 8.4.4.14247)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553092) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Designer 2010 (KB2553459) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
VirtualCloneDrive (x32)
VLC media player 2.0.2 (x32 Version: 2.0.2)
VMware Player (x32 Version: 3.1.2.14247)
WBFS Manager 3.0 (x32 Version: 3.0)
Windows Installer Clean Up (x32 Version: 3.00.00.0000)
WinRAR archiver (x32)
XING Connector 1.2 (x32 Version: 1.2)
Zahlenreise 3. Übungs-CD-ROM, V 1.0.3 (x32 Version: 1.0.3)

==================== Restore Points  =========================

14-07-2013 17:52:11 Windows Update
18-07-2013 16:38:53 Windows Update
18-07-2013 18:00:12 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2010-02-11 21:19 - 00001379 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate.adobe.com:443
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 192.150.18.108
127.0.0.1 adobeereg.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate.adobe.com


==================== Scheduled Tasks (whitelisted) =============

Task: {01C9612C-474F-4136-83F7-0F0E99FABCA5} - System32\Tasks\ParetoLogic Registration => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {139CF91A-A307-40B0-9D87-253C8C0599CB} - System32\Tasks\{B0265601-6FAD-46FA-BC83-37A98ACD4094} => C:\Windows\System32\msiexec.exe [2010-11-20] (Microsoft Corporation)
Task: {186A9F84-82DE-4B7D-92FE-1559FE9B1C12} - System32\Tasks\User_Feed_Synchronization-{0AA6255C-6C21-4D53-95AD-66206E3C4FB1} => C:\Windows\system32\msfeedssync.exe [2013-06-10] (Microsoft Corporation)
Task: {1E0AC40E-D8B7-46F3-AEA1-06DA725BA39E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-01] (Google Inc.)
Task: {91AB6EBB-B570-4AA1-AC8A-EBEDB8D1A61C} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {9DCCD739-53DF-467E-ABC8-4CE2C89692CF} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {9E4C4B7C-B953-4DA3-BB9F-D38BF674E5A2} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {CA1B02BC-E328-4ACC-9BF3-D7889354D93B} - System32\Tasks\Scandisk => C:\Windows\System32\regedt32.exe [2009-07-14] (Microsoft Corporation)
Task: {CCFDAE35-C5AD-4320-B160-1107B4C343EC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1923077133-656304762-555754502-1001Core => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-18] (Google Inc.)
Task: {E3A30AE4-3B24-435D-AEE9-461A1539A2B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-01] (Google Inc.)
Task: {E4F6D035-B510-4D5F-9515-1833E3138774} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1923077133-656304762-555754502-1001UA => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-18] (Google Inc.)
Task: {F502C622-AB76-4EE8-ADC8-8D8D12070A49} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-18] (Adobe Systems Incorporated)
Task: {FC37E26A-B772-4553-80C3-F657B1306E57} - System32\Tasks\ParetoLogic Update Version2 => C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22] ()
Task: {FF83A79D-EC52-485C-8C36-A262047703A2} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1923077133-656304762-555754502-1001Core.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1923077133-656304762-555754502-1001UA.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ParetoLogic Registration.job => C:\Windows\system32\rundll32.exe
Task: C:\Windows\Tasks\ParetoLogic Update Version2.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\Pareto_Update.exe

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/20/2013 01:38:58 PM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Beschreibung = Configured Microsoft Office Professional Plus 2010; Fehler = 0x8007043c).

Error: (07/20/2013 01:38:53 PM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Beschreibung = Configured Microsoft Office Professional Plus 2010; Fehler = 0x8007043c).

Error: (07/20/2013 01:36:47 PM) (Source: Outlook) (User: )
Description: Fehler beim Bestimmen, ob sich der Speicher im Durchforstungsbereich befindet (Fehler=0x8007043c).

Error: (07/20/2013 01:36:47 PM) (Source: Outlook) (User: )
Description: Fehler beim Abrufen des Durchforstungsbereichs-Managers. Fehler=0x8007043c.

Error: (07/20/2013 01:36:47 PM) (Source: Outlook) (User: )
Description: Fehler beim Bestimmen, ob sich der Speicher im Durchforstungsbereich befindet (Fehler=0x8007043c).

Error: (07/20/2013 01:36:47 PM) (Source: Outlook) (User: )
Description: Fehler beim Abrufen des Durchforstungsbereichs-Managers. Fehler=0x8007043c.

Error: (07/20/2013 10:57:43 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.OpenMP,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.OpenMP,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/20/2013 10:57:42 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.OpenMP,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.OpenMP,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/18/2013 10:06:03 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.OpenMP,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.OpenMP,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/18/2013 10:06:03 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.OpenMP,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.OpenMP,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (07/20/2013 01:45:09 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (07/20/2013 01:45:09 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (07/20/2013 01:45:09 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (07/20/2013 01:45:09 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (07/20/2013 01:44:15 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (07/20/2013 01:44:15 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (07/20/2013 01:43:45 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (07/20/2013 01:43:45 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (07/20/2013 01:43:45 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (07/20/2013 01:43:45 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068


Microsoft Office Sessions:
=========================
Error: (06/10/2012 00:28:00 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 7, Application Name: Microsoft Office SharePoint Designer, Application Version: 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1296 seconds with 360 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 20%
Total physical RAM: 4094.3 MB
Available physical RAM: 3243.9 MB
Total Pagefile: 8186.78 MB
Available Pagefile: 7390.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.43 GB) (Free:0.43 GB) NTFS (Disk=0 Partition=2)
Drive d: (Volume) (Fixed) (Total:465.76 GB) (Free:5.8 GB) NTFS (Disk=1 Partition=1)
Drive i: (1GB WII SD) (Removable) (Total:0.95 GB) (Free:0.11 GB) FAT (Disk=2 Partition=1)
Drive j: (CANON_DC) (Removable) (Total:0.95 GB) (Free:0.95 GB) FAT (Disk=3 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: 46F349D8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 1A0C1E37)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 969 MB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=969 MB) - (Type=06)

========================================================
Disk: 3 (Size: 978 MB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=976 MB) - (Type=06)

==================== End Of Log ============================
         


Geändert von Eaterjoe (20.07.2013 um 13:11 Uhr)

Alt 20.07.2013, 13:44   #6
DerJazzer
/// Malwareteam
 
Polizei Virus - Standard

Polizei Virus



Kein Problem, völlig legitim (musst bei Pfadangaben in meinen Fixes nur darauf achten, die Pfade entsprechend zurückzueditieren )

Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKCU\...\Run: [ctfmon32.exe] - C:\PROGRA~3\rundll32.exe [44544 2013-07-20] (Microsoft Corporation) <===== ATTENTION
C:\ProgramData\rundll32.exe
C:\ProgramData\oloro.dat
C:\ProgramData\orolo.bat
C:\ProgramData\orolo.pad
C:\ProgramData\orolo.reg
C:\ProgramData\g252qs.txt
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Schritt 2

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.



Schritt 4

Neues FRST-Log bitte.

Bitte poste in deiner nächsten Antwort
  • FRST-Fixlog
  • AdwCleaner-Log
  • JRT.txt
  • neues FRST-Log
__________________
--> Polizei Virus

Alt 20.07.2013, 14:00   #7
Eaterjoe
 
Polizei Virus - Standard

Polizei Virus



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-07-2013
Ran by User at 2013-07-20 14:58:09 Run:1
Running from C:\Users\User\Desktop
Boot Mode: Safe Mode (with Networking)
==============================================

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon32.exe => Value deleted successfully.
C:\ProgramData\rundll32.exe => Moved successfully.
C:\ProgramData\oloro.dat => Moved successfully.
C:\ProgramData\orolo.bat => Moved successfully.
C:\ProgramData\orolo.pad => Moved successfully.
C:\ProgramData\orolo.reg => Moved successfully.
C:\ProgramData\g252qs.txt => Moved successfully.

==== End of Fixlog ====
         
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.306 - Logfile created 07/20/2013 at 15:03:11
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Enterprise Service Pack 1 (64 bits)
# User : User - ARBEITSZIMMER
# Boot Mode : Safe mode with networking
# Running from : C:\Users\User\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Common Files\ParetoLogic
Folder Deleted : C:\Program Files (x86)\ParetoLogic
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ParetoLogic
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Users\User\AppData\Local\PackageAware
Folder Deleted : C:\Users\User\AppData\Local\Temp\OCS

***** [Registry] *****

Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Google Chrome v28.0.1500.72

File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1862 octets] - [20/07/2013 15:03:11]

########## EOF - C:\AdwCleaner[S1].txt - [1922 octets] ##########
         
--- --- ---


Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.1.6 (07.17.2013:4)
OS: Windows 7 Enterprise x64
Ran by User on 20.07.2013 at 15:16:10,86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\free download manager



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{E21AC7DB-5B57-408B-8D0E-5D1C12720D99}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.07.2013 at 15:17:44,32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2013
Ran by User (administrator) on 20-07-2013 15:22:48
Running from C:\Users\User\Desktop
Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKCU\...\Run: [KeePass Password Safe 2] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [1733120 2011-04-10] (Dominik Reichl)
HKCU\...\Run: [GoogleContactSync] - C:\Program Files (x86)\WebGear\GO Contact Sync\GOContactSync.exe [902144 2013-01-08] (WebGear Ltd, New Zealand + Create Software + Stru.be + saller.NET)
HKCU\...\Run: [cam2pc] - C:\Program Files (x86)\cam2pc\cam2pc.exe [6639616 2007-10-27] (nabocorp. softwares)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [x]
HKCU\...\Run: [Google Update] - C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-02-18] (Google Inc.)
HKCU\...\RunOnce: [Report] - C:\AdwCleaner[S1].txt [1987 2013-07-20] ()
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: E - E:\setup.exe
MountPoints2: {2fb51d18-f5f6-11de-a3e9-005056c00008} - F:\AutoRun.exe
MountPoints2: {69a8e14d-1be5-11df-b339-005056c00008} - F:\NokiaPCIA_Autorun.exe
MountPoints2: {6dec7bb9-018e-11e1-b2b9-806e6f6e6963} - F:\start.exe
MountPoints2: {751b34f1-e5c6-11de-b70f-00199954ce99} - F:\AutoRun.exe
MountPoints2: {82ba376a-2148-11df-9b0e-005056c00008} - G:\AutoRun.exe
MountPoints2: {8b1ca203-db8b-11de-9b30-00199954ce99} - F:\AutoRun.exe
MountPoints2: {8b1ca20f-db8b-11de-9b30-00199954ce99} - F:\AutoRun.exe
MountPoints2: {aa7d38c2-f5f4-11de-ac35-005056c00008} - F:\AutoRun.exe
MountPoints2: {cb7b06a1-1bff-11df-96ac-005056c00008} - F:\AutoRun.exe
MountPoints2: {cfe21837-2141-11df-817b-005056c00008} - F:\AutoRun.exe
MountPoints2: {cfe21858-2141-11df-817b-005056c00008} - F:\AutoRun.exe
HKLM-x32\...\Run: [VirtualCloneDrive] - "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [MaxMenuMgr] - "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [185640 2009-05-01] (Seagate LLC)
HKLM-x32\...\Run: [KeePass 2 PreLoad] - "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload [1733120 2011-04-10] (Dominik Reichl)
HKLM-x32\...\Run: [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKU\UserAdmin\...\Policies\system: [LogonHoursAction] 2
HKU\UserAdmin\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Kinder\...\Policies\system: [LogonHoursAction] 2
HKU\Kinder\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.orf.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: HKLM-x32 {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.16.0.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome: 
=======
CHR HomePage: hxxp://www.orf.at/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\User\AppData\Local\Google\Chrome\Application\27.0.1453.110\gcswf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\User\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\User\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll No File
CHR Plugin: (K-iS MultiScan Endpoint Analysis Client Version 3.3.0) - C:\Users\User\AppData\Roaming\Mozilla\plugins\np83DB337F-50F6-4B55-BB98-70B0D2FE43B5.dll No File
CHR Plugin: (LOGIS Endpoint Analysis Plugin 1.0.0.0) - C:\Users\User\AppData\Roaming\Mozilla\plugins\np8C75C9E5-48C2-40C1-A9E1-62374B240637.dll (Citrix Systems, Inc.)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Users\User\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File

==================== Services (Whitelisted) =================

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S3 ufad-ws60; C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe [191024 2010-08-19] (VMware, Inc.)

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114560 2009-07-24] (Huawei Technologies Co., Ltd.)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation                           )
S2 VMparport; C:\Windows\system32\drivers\VMparport.sys [30768 2010-09-21] (VMware, Inc.)
S2 vstor2-ws60; C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys [32816 2010-08-19] (VMware, Inc.)
S2 vstor2-ws60; C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys [32816 2010-08-19] (VMware, Inc.)
S3 massfilter; system32\drivers\massfilter.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-20 15:17 - 2013-07-20 15:17 - 00000860 _____ C:\Users\User\Desktop\JRT.txt
2013-07-20 15:16 - 2013-07-20 15:16 - 00000000 ____D C:\Windows\ERUNT
2013-07-20 15:03 - 2013-07-20 15:03 - 00001987 _____ C:\AdwCleaner[S1].txt
2013-07-20 14:59 - 2013-07-20 14:59 - 00666633 _____ C:\Users\User\Desktop\adwcleaner.exe
2013-07-20 13:46 - 2013-07-20 13:46 - 00026891 _____ C:\Users\User\Desktop\Addition.txt
2013-07-20 13:41 - 2013-07-20 13:41 - 00000000 ____D C:\FRST
2013-07-20 13:40 - 2013-07-20 13:40 - 01779345 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2013-07-20 12:34 - 2013-07-20 12:34 - 00002656 _____ C:\ProgramData\orolo.js
2013-07-18 18:37 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-18 18:37 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-12 15:03 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-12 15:03 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-12 15:03 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-12 15:03 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-12 15:03 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-12 15:03 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-12 15:03 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-12 15:03 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-12 15:03 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-12 15:03 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-12 15:03 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-12 15:03 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-12 15:03 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-12 15:03 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-12 15:03 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-12 15:03 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-12 15:03 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-12 15:03 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-12 15:03 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-12 15:03 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-12 15:03 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-12 15:03 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-12 15:03 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-12 15:03 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-12 15:03 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-12 15:03 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-12 15:03 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-12 15:03 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-12 15:03 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-12 15:03 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-12 15:03 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-12 14:10 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-06-23 08:18 - 2013-06-23 08:27 - 00000000 ____D C:\Program Files (x86)\YRefresher
2013-06-23 08:05 - 2013-06-23 08:05 - 00000000 ____D C:\Users\User\AppData\Roaming\GrabPro
2013-06-20 21:05 - 2013-06-20 21:05 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2013-06-20 20:46 - 2013-06-20 20:46 - 00000000 ____D C:\Program Files\SAMSUNG
2013-06-20 20:33 - 2013-07-18 21:34 - 00000000 ____D C:\Samsung Galaxy S3 ToolKit
2013-06-20 20:33 - 2013-06-20 20:33 - 00001596 _____ C:\Users\User\Desktop\Samsung GS3 ToolKit.lnk
2013-06-20 20:01 - 2013-05-08 08:39 - 01910632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-06-20 18:19 - 2013-04-26 07:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-06-20 18:19 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-20 18:15 - 2013-06-20 18:15 - 00000000 ____D C:\Users\Public\Documents\CrashDump

==================== One Month Modified Files and Folders =======

2013-07-20 15:17 - 2013-07-20 15:17 - 00000860 _____ C:\Users\User\Desktop\JRT.txt
2013-07-20 15:16 - 2013-07-20 15:16 - 00000000 ____D C:\Windows\ERUNT
2013-07-20 15:07 - 2010-03-29 12:48 - 00000000 _____ C:\Windows\system32\Ikeext.etl
2013-07-20 15:06 - 2009-07-14 06:45 - 00016464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-20 15:06 - 2009-07-14 06:45 - 00016464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-20 15:05 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-20 15:05 - 2009-07-14 06:51 - 00009674 _____ C:\Windows\setupact.log
2013-07-20 15:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing
2013-07-20 15:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-07-20 15:03 - 2013-07-20 15:03 - 00001987 _____ C:\AdwCleaner[S1].txt
2013-07-20 14:59 - 2013-07-20 14:59 - 00666633 _____ C:\Users\User\Desktop\adwcleaner.exe
2013-07-20 13:46 - 2013-07-20 13:46 - 00026891 _____ C:\Users\User\Desktop\Addition.txt
2013-07-20 13:41 - 2013-07-20 13:41 - 00000000 ____D C:\FRST
2013-07-20 13:40 - 2013-07-20 13:40 - 01779345 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2013-07-20 13:36 - 2009-11-30 22:27 - 00000000 ____D C:\Users\User\Documents\Outlook-Dateien
2013-07-20 13:24 - 2011-06-08 19:34 - 00000000 ____D C:\Users\User\AppData\Roaming\KeePass
2013-07-20 13:24 - 2009-11-26 19:24 - 02055102 _____ C:\Windows\WindowsUpdate.log
2013-07-20 12:54 - 2011-02-18 21:17 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1923077133-656304762-555754502-1001UA.job
2013-07-20 12:47 - 2013-02-01 12:26 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-20 12:41 - 2012-07-20 20:07 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-20 12:37 - 2013-02-01 12:26 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-20 12:37 - 2009-11-26 20:22 - 00111560 _____ C:\Users\UserAdmin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-20 12:34 - 2013-07-20 12:34 - 00002656 _____ C:\ProgramData\orolo.js
2013-07-20 11:35 - 2009-11-26 20:25 - 00000000 ____D C:\Users\User\Documents\Word
2013-07-20 11:08 - 2013-04-02 10:49 - 00000000 ___RD C:\Users\User\Documents\Dropbox
2013-07-20 11:08 - 2013-04-02 10:45 - 00000000 ____D C:\Users\User\AppData\Roaming\Dropbox
2013-07-20 11:07 - 2010-02-17 21:03 - 00000000 ____D C:\Users\User\AppData\Roaming\TeamViewer
2013-07-20 10:26 - 2009-07-14 06:45 - 02352680 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-18 21:34 - 2013-06-20 20:33 - 00000000 ____D C:\Samsung Galaxy S3 ToolKit
2013-07-18 20:17 - 2009-11-26 20:36 - 00111560 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-18 19:48 - 2010-02-17 21:02 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-07-18 18:54 - 2011-02-18 21:16 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1923077133-656304762-555754502-1001Core.job
2013-07-18 18:49 - 2011-02-18 21:17 - 00004090 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1923077133-656304762-555754502-1001UA
2013-07-18 18:49 - 2011-02-18 21:16 - 00003694 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1923077133-656304762-555754502-1001Core
2013-07-18 18:44 - 2009-11-30 22:55 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2013-07-18 18:43 - 2012-07-20 20:07 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-18 18:43 - 2012-04-04 18:24 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-18 18:43 - 2011-05-16 21:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-18 18:42 - 2013-02-01 12:26 - 00004104 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-18 18:42 - 2013-02-01 12:26 - 00003852 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-14 18:34 - 2008-11-13 19:25 - 00000000 ____D C:\Users\User\Documents\Excel
2013-07-14 18:00 - 2011-02-25 22:34 - 00000466 _____ C:\Windows\Tasks\ParetoLogic Registration.job
2013-07-12 15:13 - 2013-03-13 21:03 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 15:13 - 2013-03-13 21:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-12 15:12 - 2009-11-28 20:44 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-12 15:09 - 2009-11-26 19:35 - 00706022 _____ C:\Windows\system32\perfh007.dat
2013-07-12 15:09 - 2009-11-26 19:35 - 00152032 _____ C:\Windows\system32\perfc007.dat
2013-07-12 15:09 - 2009-07-14 07:13 - 01671384 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-12 15:04 - 2009-12-02 20:54 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-12 14:00 - 2009-12-23 21:43 - 01627286 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-29 22:51 - 2008-11-13 19:25 - 00000000 ____D C:\Users\User\Documents\Isabel
2013-06-23 08:27 - 2013-06-23 08:18 - 00000000 ____D C:\Program Files (x86)\YRefresher
2013-06-23 08:05 - 2013-06-23 08:05 - 00000000 ____D C:\Users\User\AppData\Roaming\GrabPro
2013-06-20 21:05 - 2013-06-20 21:05 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2013-06-20 20:46 - 2013-06-20 20:46 - 00000000 ____D C:\Program Files\SAMSUNG
2013-06-20 20:33 - 2013-06-20 20:33 - 00001596 _____ C:\Users\User\Desktop\Samsung GS3 ToolKit.lnk
2013-06-20 20:28 - 2013-01-29 20:42 - 00000000 ____D C:\Users\User\AppData\Roaming\Samsung
2013-06-20 20:28 - 2013-01-29 20:42 - 00000000 ____D C:\Users\User\AppData\Local\Samsung
2013-06-20 20:28 - 2013-01-29 19:30 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-06-20 20:26 - 2013-01-29 19:30 - 00000000 ____D C:\ProgramData\Samsung
2013-06-20 20:26 - 2009-12-18 14:28 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-20 18:15 - 2013-06-20 18:15 - 00000000 ____D C:\Users\Public\Documents\CrashDump

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-14 12:35

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Geändert von Eaterjoe (20.07.2013 um 14:38 Uhr)

Alt 21.07.2013, 21:30   #8
DerJazzer
/// Malwareteam
 
Polizei Virus - Standard

Polizei Virus



Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\ProgramData\orolo.js
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Ok, dann kontrollieren wir nochmal:

Schritt 1

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



Schritt 2


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Schritt 3

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.


Schritt 4

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Bitte poste in deiner nächsten Antwort
  • FRST-Fixlog
  • Malwarebytes-Log
  • Eset-Log
  • checkup.txt
  • FRST.txt & Addition.txt
__________________
Keep Jazzing!

DerJazzer

Imperare sibi maximum imperium est. ©Seneca

Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/

Alt 22.07.2013, 21:05   #9
Eaterjoe
 
Polizei Virus - Standard

Polizei Virus



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-07-2013
Ran by Armin at 2013-07-22 17:59:31 Run:2
Running from C:\Users\User\Desktop
Boot Mode: Safe Mode (with Networking)
==============================================

C:\ProgramData\orolo.js => Moved successfully.

==== End of Fixlog ====
         
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.22.06

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 10.0.9200.16635
User :: ARBEITSZIMMER [Administrator]

Schutz: Deaktiviert

22.07.2013 18:03:08
mbam-log-2013-07-22 (18-03-08).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 288505
Laufzeit: 13 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\User\AppData\Local\Temp\CSM3FAC.tmp (PUP.Adware.RelevantKnowledge) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\User\AppData\Local\Temp\hnalnsbhdkvyvdhlsjc.bfg (Trojan.Ransom.FMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\User\AppData\Local\Temp\roy7F0E.tmp (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Rest folgt in Kürze

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=575958a4486c4a40b5fce8dd825a68de
# engine=14494
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-22 07:26:50
# local_time=2013-07-22 09:26:50 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 67056133 126151060 0 0
# scanned=362463
# found=16
# cleaned=0
# scan_time=10053
sh=3253C65A3C1BC4774FF4BDCDA4EE1084F75E17CB ft=0 fh=0000000000000000 vn="Win32/RiskWare.HackAV.CV application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1923077133-656304762-555754502-1001\$RJHD1YU.rar"
sh=3E70E5A73C7C1F7C11FD6E83B8C76716D0F37C6F ft=1 fh=f8c3af24c35cee27 vn="Win32/RiskWare.HackAV.CV application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1923077133-656304762-555754502-1001\$RTULKLK.exe"
sh=018623E1E6F827433A74BCF6586CED634D573517 ft=1 fh=8de4dcda9b38748d vn="Win32/Reveton.U trojan" ac=I fn="C:\FRST\Quarantine\oloro.dat"
sh=E0F957AEF345D7108E94D2BDD61458ED7936B340 ft=0 fh=0000000000000000 vn="Win32/Reveton.M trojan" ac=I fn="C:\FRST\Quarantine\orolo.bat"
sh=9F15455546989CB9D0A64A75C885D0ED3919FEA4 ft=0 fh=0000000000000000 vn="Win32/Reveton.R trojan" ac=I fn="C:\FRST\Quarantine\orolo.js"
sh=D8895DBEFE355D9C8CFD03BA048A6CFF931468EC ft=0 fh=0000000000000000 vn="Win32/Reveton.M trojan" ac=I fn="C:\Users\User\AppData\Local\Temp\tratra.lnk"
sh=018623E1E6F827433A74BCF6586CED634D573517 ft=1 fh=8de4dcda9b38748d vn="Win32/Reveton.U trojan" ac=I fn="C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\34427f2-39005d8c"
sh=70C62BB12C57399BDA2357FAFBB96363A5C8CC78 ft=1 fh=62ccc0deeb00bad0 vn="multiple threats" ac=I fn="D:\Downloads\MP3Cutter.exe"
sh=D38B3475E7CECF0BC54F674595431B3E3932D4CE ft=0 fh=0000000000000000 vn="probably a variant of Win32/Agent.IZMGJFI trojan" ac=I fn="D:\Programm-Source\Installierbare Versionen\Multimedia\_Sound\AudioConverter\MP3 Splitter\2.2\Cool.MP3.Splitter.v2.2-RES-crk.zip"
sh=76298953FFE68660CA759095319526DD9739139B ft=0 fh=0000000000000000 vn="probably a variant of Win32/Agent.IZMGJFI trojan" ac=I fn="D:\Programm-Source\Installierbare Versionen\Multimedia\_Sound\AudioConverter\MP3 Splitter\2.2\Cool_MP3_Splitter_2.2.zip"
sh=7F59A4C55CACC1FAB1A5F3032631CD141E66DCAC ft=1 fh=291521db93c988f0 vn="probably a variant of Win32/Agent.IZMGJFI trojan" ac=I fn="D:\Programm-Source\Installierbare Versionen\Multimedia\_Sound\AudioConverter\MP3 Splitter\2.2\splitter.exe"
sh=D38B3475E7CECF0BC54F674595431B3E3932D4CE ft=0 fh=0000000000000000 vn="probably a variant of Win32/Agent.IZMGJFI trojan" ac=I fn="M:\Seagate Backup\ARBEITSZIMMER\D\Programm-Source\Installierbare Versionen\Multimedia\_Sound\AudioConverter\MP3 Splitter\2.2\Cool.MP3.Splitter.v2.2-RES-crk.zip"
sh=76298953FFE68660CA759095319526DD9739139B ft=0 fh=0000000000000000 vn="probably a variant of Win32/Agent.IZMGJFI trojan" ac=I fn="M:\Seagate Backup\ARBEITSZIMMER\D\Programm-Source\Installierbare Versionen\Multimedia\_Sound\AudioConverter\MP3 Splitter\2.2\Cool_MP3_Splitter_2.2.zip"
sh=7F59A4C55CACC1FAB1A5F3032631CD141E66DCAC ft=1 fh=291521db93c988f0 vn="probably a variant of Win32/Agent.IZMGJFI trojan" ac=I fn="M:\Seagate Backup\ARBEITSZIMMER\D\Programm-Source\Installierbare Versionen\Multimedia\_Sound\AudioConverter\MP3 Splitter\2.2\splitter.exe"
sh=69DA70D91E7C35257A6CB83173336E1EC520A0A4 ft=1 fh=c7d49becdbd43157 vn="MSIL/Kujnalod.A trojan" ac=I fn="M:\Seagate Backup\ARBEITSZIMMER\History\Level2\D\Programm-Source\Installierbare Versionen\Multimedia\_Foto, Video\Adobe Premiere Elements 9\_keygen\Adobe Premiere Elements 9.0 __ KeyGen _.exe"
sh=8C26DD5F7DE928AD11650E405A99D5DF85FFD179 ft=0 fh=0000000000000000 vn="MSIL/Kujnalod.A trojan" ac=I fn="M:\Seagate Backup\ARBEITSZIMMER\History\Level2\D\Programm-Source\Installierbare Versionen\Multimedia\_Foto, Video\Adobe Premiere Elements 9\_keygen\Adobe_Premiere_Elements_9.0_KeyGen_.rar"
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.70  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Secunia PSI (1.9.0.3007)   
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java(TM) 6 Update 37  
 Java 7 Update 9  
 Java version out of Date! 
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Google Chrome 28.0.1500.71  
 Google Chrome 28.0.1500.72  
 Google Chrome Plugins...  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2013
Ran by User (administrator) on 22-07-2013 22:10:51
Running from C:\Users\User\Desktop
Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Runonce: [ Malwarebytes Anti-Malware  (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x]
HKCU\...\Run: [KeePass Password Safe 2] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [1733120 2011-04-10] (Dominik Reichl)
HKCU\...\Run: [GoogleContactSync] - C:\Program Files (x86)\WebGear\GO Contact Sync\GOContactSync.exe [902144 2013-01-08] (WebGear Ltd, New Zealand + Create Software + Stru.be + saller.NET)
HKCU\...\Run: [cam2pc] - C:\Program Files (x86)\cam2pc\cam2pc.exe [6639616 2007-10-27] (nabocorp. softwares)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [x]
HKCU\...\Run: [Google Update] - C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-02-18] (Google Inc.)
HKCU\...\RunOnce: [Report] - C:\AdwCleaner[S1].txt [1987 2013-07-20] ()
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: E - E:\setup.exe
MountPoints2: {2fb51d18-f5f6-11de-a3e9-005056c00008} - F:\AutoRun.exe
MountPoints2: {69a8e14d-1be5-11df-b339-005056c00008} - F:\NokiaPCIA_Autorun.exe
MountPoints2: {6dec7bb9-018e-11e1-b2b9-806e6f6e6963} - F:\start.exe
MountPoints2: {751b34f1-e5c6-11de-b70f-00199954ce99} - F:\AutoRun.exe
MountPoints2: {82ba376a-2148-11df-9b0e-005056c00008} - G:\AutoRun.exe
MountPoints2: {8b1ca203-db8b-11de-9b30-00199954ce99} - F:\AutoRun.exe
MountPoints2: {8b1ca20f-db8b-11de-9b30-00199954ce99} - F:\AutoRun.exe
MountPoints2: {aa7d38c2-f5f4-11de-ac35-005056c00008} - F:\AutoRun.exe
MountPoints2: {cb7b06a1-1bff-11df-96ac-005056c00008} - F:\AutoRun.exe
MountPoints2: {cfe21837-2141-11df-817b-005056c00008} - F:\AutoRun.exe
MountPoints2: {cfe21858-2141-11df-817b-005056c00008} - F:\AutoRun.exe
HKLM-x32\...\Run: [VirtualCloneDrive] - "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [MaxMenuMgr] - "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [185640 2009-05-01] (Seagate LLC)
HKLM-x32\...\Run: [KeePass 2 PreLoad] - "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload [1733120 2011-04-10] (Dominik Reichl)
HKLM-x32\...\Run: [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [HOSTS Anti-Adware_PUPs] - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe [302961 2013-07-20] ()
HKU\UserAdmin\...\Policies\system: [LogonHoursAction] 2
HKU\UserAdmin\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Kinder\...\Policies\system: [LogonHoursAction] 2
HKU\Kinder\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.orf.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: HKLM-x32 {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.16.0.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome: 
=======
CHR HomePage: hxxp://www.orf.at/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\User\AppData\Local\Google\Chrome\Application\27.0.1453.110\gcswf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\User\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\User\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll No File
CHR Plugin: (K-iS MultiScan Endpoint Analysis Client Version 3.3.0) - C:\Users\User\AppData\Roaming\Mozilla\plugins\np83DB337F-50F6-4B55-BB98-70B0D2FE43B5.dll No File
CHR Plugin: (LOGIS Endpoint Analysis Plugin 1.0.0.0) - C:\Users\User\AppData\Roaming\Mozilla\plugins\np8C75C9E5-48C2-40C1-A9E1-62374B240637.dll (Citrix Systems, Inc.)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Users\User\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File

==================== Services (Whitelisted) =================

S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2013-07-20] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S3 ufad-ws60; C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe [191024 2010-08-19] (VMware, Inc.)

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114560 2009-07-24] (Huawei Technologies Co., Ltd.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation                           )
S2 VMparport; C:\Windows\system32\drivers\VMparport.sys [30768 2010-09-21] (VMware, Inc.)
S2 vstor2-ws60; C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys [32816 2010-08-19] (VMware, Inc.)
S2 vstor2-ws60; C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys [32816 2010-08-19] (VMware, Inc.)
S3 massfilter; system32\drivers\massfilter.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-22 18:01 - 2013-07-22 18:01 - 00000000 ____D C:\Users\User\AppData\Roaming\Malwarebytes
2013-07-22 18:01 - 2013-07-22 18:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-22 18:01 - 2013-07-22 18:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-22 18:01 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-20 18:48 - 2013-07-20 18:48 - 00000866 _____ C:\AdwCleaner[R1].txt
2013-07-20 18:36 - 2013-07-20 18:36 - 00001141 _____ C:\Users\User\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
2013-07-20 18:36 - 2013-07-20 18:36 - 00000000 ____D C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2013-07-20 15:17 - 2013-07-20 15:17 - 00000860 _____ C:\Users\User\Desktop\JRT.txt
2013-07-20 15:16 - 2013-07-20 15:16 - 00000000 ____D C:\Windows\ERUNT
2013-07-20 15:03 - 2013-07-20 15:03 - 00001987 _____ C:\AdwCleaner[S1].txt
2013-07-20 14:59 - 2013-07-20 14:59 - 00666633 _____ C:\Users\User\Desktop\adwcleaner.exe
2013-07-20 13:46 - 2013-07-20 13:46 - 00026891 _____ C:\Users\User\Desktop\Addition.txt
2013-07-20 13:41 - 2013-07-20 13:41 - 00000000 ____D C:\FRST
2013-07-20 13:40 - 2013-07-20 13:40 - 01779345 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2013-07-18 18:37 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-18 18:37 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-12 15:03 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-12 15:03 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-12 15:03 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-12 15:03 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-12 15:03 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-12 15:03 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-12 15:03 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-12 15:03 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-12 15:03 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-12 15:03 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-12 15:03 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-12 15:03 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-12 15:03 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-12 15:03 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-12 15:03 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-12 15:03 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-12 15:03 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-12 15:03 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-12 15:03 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-12 15:03 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-12 15:03 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-12 15:03 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-12 15:03 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-12 15:03 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-12 15:03 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-12 15:03 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-12 15:03 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-12 15:03 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-12 15:03 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-12 15:03 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-12 15:03 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-12 14:10 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-06-23 08:18 - 2013-06-23 08:27 - 00000000 ____D C:\Program Files (x86)\YRefresher
2013-06-23 08:05 - 2013-06-23 08:05 - 00000000 ____D C:\Users\User\AppData\Roaming\GrabPro

==================== One Month Modified Files and Folders =======

2013-07-22 18:40 - 2009-11-26 19:24 - 02057798 _____ C:\Windows\WindowsUpdate.log
2013-07-22 18:36 - 2009-11-26 19:35 - 00706022 _____ C:\Windows\system32\perfh007.dat
2013-07-22 18:36 - 2009-11-26 19:35 - 00152032 _____ C:\Windows\system32\perfc007.dat
2013-07-22 18:36 - 2009-07-14 07:13 - 01639668 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-22 18:30 - 2010-03-29 12:48 - 00000000 _____ C:\Windows\system32\Ikeext.etl
2013-07-22 18:29 - 2009-11-28 20:55 - 00104204 _____ C:\Windows\PFRO.log
2013-07-22 18:01 - 2013-07-22 18:01 - 00000000 ____D C:\Users\User\AppData\Roaming\Malwarebytes
2013-07-22 18:01 - 2013-07-22 18:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-22 18:01 - 2013-07-22 18:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-20 18:48 - 2013-07-20 18:48 - 00000866 _____ C:\AdwCleaner[R1].txt
2013-07-20 18:36 - 2013-07-20 18:36 - 00001141 _____ C:\Users\User\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
2013-07-20 18:36 - 2013-07-20 18:36 - 00000000 ____D C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2013-07-20 18:35 - 2009-11-30 22:27 - 00000000 ____D C:\Users\User\Documents\Outlook-Dateien
2013-07-20 15:17 - 2013-07-20 15:17 - 00000860 _____ C:\Users\User\Desktop\JRT.txt
2013-07-20 15:16 - 2013-07-20 15:16 - 00000000 ____D C:\Windows\ERUNT
2013-07-20 15:06 - 2009-07-14 06:45 - 00016464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-20 15:06 - 2009-07-14 06:45 - 00016464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-20 15:05 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-20 15:05 - 2009-07-14 06:51 - 00009674 _____ C:\Windows\setupact.log
2013-07-20 15:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing
2013-07-20 15:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-07-20 15:03 - 2013-07-20 15:03 - 00001987 _____ C:\AdwCleaner[S1].txt
2013-07-20 14:59 - 2013-07-20 14:59 - 00666633 _____ C:\Users\User\Desktop\adwcleaner.exe
2013-07-20 13:46 - 2013-07-20 13:46 - 00026891 _____ C:\Users\User\Desktop\Addition.txt
2013-07-20 13:41 - 2013-07-20 13:41 - 00000000 ____D C:\FRST
2013-07-20 13:40 - 2013-07-20 13:40 - 01779345 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2013-07-20 13:24 - 2011-06-08 19:34 - 00000000 ____D C:\Users\User\AppData\Roaming\KeePass
2013-07-20 12:54 - 2011-02-18 21:17 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1923077133-656304762-555754502-1001UA.job
2013-07-20 12:47 - 2013-02-01 12:26 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-20 12:41 - 2012-07-20 20:07 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-20 12:37 - 2013-02-01 12:26 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-20 12:37 - 2009-11-26 20:22 - 00111560 _____ C:\Users\UserAdmin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-20 11:35 - 2009-11-26 20:25 - 00000000 ____D C:\Users\User\Documents\Word
2013-07-20 11:08 - 2013-04-02 10:49 - 00000000 ___RD C:\Users\User\Documents\Dropbox
2013-07-20 11:08 - 2013-04-02 10:45 - 00000000 ____D C:\Users\User\AppData\Roaming\Dropbox
2013-07-20 11:07 - 2010-02-17 21:03 - 00000000 ____D C:\Users\User\AppData\Roaming\TeamViewer
2013-07-20 10:26 - 2009-07-14 06:45 - 02352680 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-18 21:34 - 2013-06-20 20:33 - 00000000 ____D C:\Samsung Galaxy S3 ToolKit
2013-07-18 20:17 - 2009-11-26 20:36 - 00111560 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-18 19:48 - 2010-02-17 21:02 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-07-18 18:54 - 2011-02-18 21:16 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1923077133-656304762-555754502-1001Core.job
2013-07-18 18:49 - 2011-02-18 21:17 - 00004090 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1923077133-656304762-555754502-1001UA
2013-07-18 18:49 - 2011-02-18 21:16 - 00003694 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1923077133-656304762-555754502-1001Core
2013-07-18 18:44 - 2009-11-30 22:55 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2013-07-18 18:43 - 2012-07-20 20:07 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-18 18:43 - 2012-04-04 18:24 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-18 18:43 - 2011-05-16 21:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-18 18:42 - 2013-02-01 12:26 - 00004104 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-18 18:42 - 2013-02-01 12:26 - 00003852 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-14 18:34 - 2008-11-13 19:25 - 00000000 ____D C:\Users\User\Documents\Excel
2013-07-14 18:00 - 2011-02-25 22:34 - 00000466 _____ C:\Windows\Tasks\ParetoLogic Registration.job
2013-07-12 15:13 - 2013-03-13 21:03 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 15:13 - 2013-03-13 21:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-12 15:12 - 2009-11-28 20:44 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-12 15:04 - 2009-12-02 20:54 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-12 14:00 - 2009-12-23 21:43 - 01627286 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-29 22:51 - 2008-11-13 19:25 - 00000000 ____D C:\Users\User\Documents\Isabel
2013-06-23 08:27 - 2013-06-23 08:18 - 00000000 ____D C:\Program Files (x86)\YRefresher
2013-06-23 08:05 - 2013-06-23 08:05 - 00000000 ____D C:\Users\User\AppData\Roaming\GrabPro

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-14 12:35

==================== End Of Log ============================
         
--- --- ---

Geändert von Eaterjoe (22.07.2013 um 21:14 Uhr)

Alt 22.07.2013, 21:31   #10
DerJazzer
/// Malwareteam
 
Polizei Virus - Standard

Polizei Virus



Lass die Finger von Cracks & Keygens, sie sind zu 99,9% Schädlinge!

Schritt 1

Bitte vorher wieder alle Festplatten etc. anstecken.
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\$Recycle.Bin\S-1-5-21-1923077133-656304762-555754502-1001\$RJHD1YU.rar
C:\$Recycle.Bin\S-1-5-21-1923077133-656304762-555754502-1001\$RTULKLK.exe
C:\Users\User\AppData\Local\Temp\tratra.lnk
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\34427f2-39005d8c
D:\Downloads\MP3Cutter.exe
D:\Programm-Source\Installierbare Versionen\Multimedia\_Sound\AudioConverter\MP3 Splitter\2.2\Cool.MP3.Splitter.v2.2-RES-crk.zip
D:\Programm-Source\Installierbare Versionen\Multimedia\_Sound\AudioConverter\MP3 Splitter\2.2\Cool_MP3_Splitter_2.2.zip
D:\Programm-Source\Installierbare Versionen\Multimedia\_Sound\AudioConverter\MP3 Splitter\2.2\splitter.exe
M:\Seagate Backup\ARBEITSZIMMER\D\Programm-Source\Installierbare Versionen\Multimedia\_Sound\AudioConverter\MP3 Splitter\2.2\Cool.MP3.Splitter.v2.2-RES-crk.zip
M:\Seagate Backup\ARBEITSZIMMER\D\Programm-Source\Installierbare Versionen\Multimedia\_Sound\AudioConverter\MP3 Splitter\2.2\Cool_MP3_Splitter_2.2.zip
M:\Seagate Backup\ARBEITSZIMMER\D\Programm-Source\Installierbare Versionen\Multimedia\_Sound\AudioConverter\MP3 Splitter\2.2\splitter.exe
M:\Seagate Backup\ARBEITSZIMMER\History\Level2\D\Programm-Source\Installierbare Versionen\Multimedia\_Foto, Video\Adobe Premiere Elements 9\_keygen\Adobe Premiere Elements 9.0 __ KeyGen _.exe
M:\Seagate Backup\ARBEITSZIMMER\History\Level2\D\Programm-Source\Installierbare Versionen\Multimedia\_Foto, Video\Adobe Premiere Elements 9\_keygen\Adobe_Premiere_Elements_9.0_KeyGen_.rar
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Schritt 2

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Schritt 3

Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.


__________________
Keep Jazzing!

DerJazzer

Imperare sibi maximum imperium est. ©Seneca

Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/

Alt 22.07.2013, 22:31   #11
Eaterjoe
 
Polizei Virus - Standard

Polizei Virus



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-07-2013
Ran by User at 2013-07-22 23:09:09 Run:3
Running from C:\Users\User\Desktop
Boot Mode: Safe Mode (with Networking)
==============================================

"C:\$Recycle.Bin\S-1-5-21-1923077133-656304762-555754502-1001\$RJHD1YU.rar" => File/Directory not found.
"C:\$Recycle.Bin\S-1-5-21-1923077133-656304762-555754502-1001\$RTULKLK.exe" => File/Directory not found.
C:\UsersUser\AppData\Local\Temp\tratra.lnk => Moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\34427f2-39005d8c => Moved successfully.
D:\Downloads\MP3Cutter.exe => Moved successfully.
D:\Programm-Source\Installierbare Versionen\Multimedia\_Sound\AudioConverter\MP3 Splitter\2.2\Cool.MP3.Splitter.v2.2-RES-crk.zip => Moved successfully.
D:\Programm-Source\Installierbare Versionen\Multimedia\_Sound\AudioConverter\MP3 Splitter\2.2\Cool_MP3_Splitter_2.2.zip => Moved successfully.
D:\Programm-Source\Installierbare Versionen\Multimedia\_Sound\AudioConverter\MP3 Splitter\2.2\splitter.exe => Moved successfully.
M:\Seagate Backup\ARBEITSZIMMER\D\Programm-Source\Installierbare Versionen\Multimedia\_Sound\AudioConverter\MP3 Splitter\2.2\Cool.MP3.Splitter.v2.2-RES-crk.zip => Moved successfully.
M:\Seagate Backup\ARBEITSZIMMER\D\Programm-Source\Installierbare Versionen\Multimedia\_Sound\AudioConverter\MP3 Splitter\2.2\Cool_MP3_Splitter_2.2.zip => Moved successfully.
M:\Seagate Backup\ARBEITSZIMMER\D\Programm-Source\Installierbare Versionen\Multimedia\_Sound\AudioConverter\MP3 Splitter\2.2\splitter.exe => Moved successfully.
M:\Seagate Backup\ARBEITSZIMMER\History\Level2\D\Programm-Source\Installierbare Versionen\Multimedia\_Foto, Video\Adobe Premiere Elements 9\_keygen\Adobe Premiere Elements 9.0 __ KeyGen _.exe => Moved successfully.
M:\Seagate Backup\ARBEITSZIMMER\History\Level2\D\Programm-Source\Installierbare Versionen\Multimedia\_Foto, Video\Adobe Premiere Elements 9\_keygen\Adobe_Premiere_Elements_9.0_KeyGen_.rar => Moved successfully.

==== End of Fixlog ====
         
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-07-2013
Ran by User at 2013-07-22 23:09:09 Run:3
Running from C:\Users\User\Desktop
Boot Mode: Safe Mode (with Networking)
==============================================

"C:\$Recycle.Bin\S-1-5-21-1923077133-656304762-555754502-1001\$RJHD1YU.rar" => File/Directory not found.
"C:\$Recycle.Bin\S-1-5-21-1923077133-656304762-555754502-1001\$RTULKLK.exe" => File/Directory not found.
C:\Users\User\AppData\Local\Temp\tratra.lnk => Moved successfully.
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\34427f2-39005d8c => Moved successfully.
"C:\Users\User\AppData\Local\Temp\tratra.lnk" => File/Directory not found.
"C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\34427f2-39005d8c" => File/Directory not found.
D:\Downloads\MP3Cutter.exe => Moved successfully.
D:\Programm-Source\Installierbare Versionen\Multimedia\_Sound\AudioConverter\MP3 Splitter\2.2\Cool.MP3.Splitter.v2.2-RES-crk.zip => Moved successfully.
D:\Programm-Source\Installierbare Versionen\Multimedia\_Sound\AudioConverter\MP3 Splitter\2.2\Cool_MP3_Splitter_2.2.zip => Moved successfully.
D:\Programm-Source\Installierbare Versionen\Multimedia\_Sound\AudioConverter\MP3 Splitter\2.2\splitter.exe => Moved successfully.
M:\Seagate Backup\ARBEITSZIMMER\D\Programm-Source\Installierbare Versionen\Multimedia\_Sound\AudioConverter\MP3 Splitter\2.2\Cool.MP3.Splitter.v2.2-RES-crk.zip => Moved successfully.
M:\Seagate Backup\ARBEITSZIMMER\D\Programm-Source\Installierbare Versionen\Multimedia\_Sound\AudioConverter\MP3 Splitter\2.2\Cool_MP3_Splitter_2.2.zip => Moved successfully.
M:\Seagate Backup\ARBEITSZIMMER\D\Programm-Source\Installierbare Versionen\Multimedia\_Sound\AudioConverter\MP3 Splitter\2.2\splitter.exe => Moved successfully.
M:\Seagate Backup\ARBEITSZIMMER\History\Level2\D\Programm-Source\Installierbare Versionen\Multimedia\_Foto, Video\Adobe Premiere Elements 9\_keygen\Adobe Premiere Elements 9.0 __ KeyGen _.exe => Moved successfully.
M:\Seagate Backup\ARBEITSZIMMER\History\Level2\D\Programm-Source\Installierbare Versionen\Multimedia\_Foto, Video\Adobe Premiere Elements 9\_keygen\Adobe_Premiere_Elements_9.0_KeyGen_.rar => Moved successfully.

==== End of Fixlog ====
         
Code:
ATTFilter
Getting user folders.
 
Stopping running processes.
 
Emptying Temp folders.
 
 
User: All Users
 
User: User
->Temp folder emptied: 2870148549 bytes
->Temporary Internet Files folder emptied: 1542958729 bytes
->Java cache emptied: 4930785 bytes
->Google Chrome cache emptied: 152119591 bytes
->Flash cache emptied: 58183 bytes
 
User: UserAdmin
->Temp folder emptied: 373415 bytes
->Temporary Internet Files folder emptied: 6524255 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 57472 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Kinder
->Temp folder emptied: 23548000 bytes
->Temporary Internet Files folder emptied: 155228774 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 58344 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 836877287 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36678 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 755 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42321311 bytes
 
Emptying RecycleBin. Do not interrupt.
 
RecycleBin emptied: 0 bytes
Process complete!
 
Total Files Cleaned = 5.374,00 mb
         
Code:
ATTFilter
Farbar Service Scanner Version: 13-07-2013
Ran by User (administrator) on 22-07-2013 at 23:28:20
Running from "C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WU2LRAFO"
Microsoft Windows 7 Enterprise  Service Pack 1 (X64)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is set to Auto. The default start type is 3.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is set to Auto. The default start type is 3.
The ImagePath of VSS service is OK.


System Restore Disabled Policy: 
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
         

Alt 23.07.2013, 11:53   #12
DerJazzer
/// Malwareteam
 
Polizei Virus - Standard

Polizei Virus



Schritt 1

Downloade dir bitte Windows Repair (All In One) von hier.
  • Installiere das Programm. Starte es, nachdem die Installation abgeschlossen wurde.
  • Klicke auf Step 2 und drücke unter Check Disk auf Do It.
  • Wenn der Vorgang abgeschlossen ist, klicke auf Step 3 und drücke unter System File Check auf Do It.
  • Nachdem der Vorgang abgeschlossen ist, klicke auf Start Repairs, wähle den Advanced Mode und drücke Start.
  • Gehe bitte sicher, dass die Kästchen wie unten zu sehen angehakt sind. Bitte hake zusätzlich noch Set Windows Services to Default Startup an.
  • Hake Restart System when Finished an.
  • Drücke Start.

Schritt 2

neues FSS-Log bitte
__________________
Keep Jazzing!

DerJazzer

Imperare sibi maximum imperium est. ©Seneca

Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/

Alt 23.07.2013, 19:11   #13
Eaterjoe
 
Polizei Virus - Standard

Polizei Virus



beim Windows repair wurde gemeldet, dass im abgesicherten Modus nicht alles funktionieren würde, daraufhin bin ich nach dem filesystemcheck im normalen Modus gestartet. es wurde nur ein leerer schwarzer Bildschirm angezeigt. das war mir nicht ganz geheuer. daher habe ich den pc sofort ausgeschaltet und bin wieder im abgesicherten Modus gestartet.
der von dir beigefügte screenshot ist schon etwas veraltet. ich habe dennoch nur das angewählt, dass du im screenshot angewählt hast...


Code:
ATTFilter
Farbar Service Scanner Version: 13-07-2013
Ran by User (administrator) on 23-07-2013 at 20:11:19
Running from "C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IX6TSN3V"
Microsoft Windows 7 Enterprise  Service Pack 1 (X64)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy: 
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
         

Geändert von Eaterjoe (23.07.2013 um 18:20 Uhr)

Alt 23.07.2013, 21:21   #14
DerJazzer
/// Malwareteam
 
Polizei Virus - Standard

Polizei Virus



Warum startest du eigentlich die ganze Zeit im Abgesicherten Modus? Der Normale Modus sollte doch wieder gehen?!? Oder gibt es da noch Probleme?
__________________
Keep Jazzing!

DerJazzer

Imperare sibi maximum imperium est. ©Seneca

Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/

Alt 23.07.2013, 22:12   #15
Eaterjoe
 
Polizei Virus - Standard

Polizei Virus



Nadja am Anfang stellst du die Frage, ob das ginge und ich habe impliziert, dass ich das machen soll. Schlecht?

Antwort

Themen zu Polizei Virus
artikel, defender, folge, lösung, msil/kujnalod.a, polizei, polizei virus, pum.hijack.startmenu, pup.adware.relevantknowledge, pup.casino, standard, tipps, trojan.ransom.fms, trojaner, trotz, virus, win32/agent.izmgjfi, win32/reveton.m, win32/reveton.r, win32/reveton.u, win32/riskware.hackav.cv, windows, windows defender



Ähnliche Themen: Polizei Virus


  1. Polizei virus
    Plagegeister aller Art und deren Bekämpfung - 21.08.2013 (9)
  2. Polizei Virus
    Plagegeister aller Art und deren Bekämpfung - 08.06.2013 (23)
  3. Polizei Virus
    Plagegeister aller Art und deren Bekämpfung - 24.03.2013 (34)
  4. Polizei-Virus Win XP
    Plagegeister aller Art und deren Bekämpfung - 13.03.2013 (20)
  5. Polizei Virus
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (10)
  6. Polizei Virus
    Plagegeister aller Art und deren Bekämpfung - 20.10.2012 (28)
  7. Polizei Virus 5.2
    Plagegeister aller Art und deren Bekämpfung - 20.10.2012 (4)
  8. Polizei Virus
    Plagegeister aller Art und deren Bekämpfung - 18.10.2012 (4)
  9. Polizei Virus
    Plagegeister aller Art und deren Bekämpfung - 29.09.2012 (14)
  10. Polizei Virus
    Log-Analyse und Auswertung - 27.09.2012 (3)
  11. Polizei Virus
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (13)
  12. Polizei Virus Neu?
    Plagegeister aller Art und deren Bekämpfung - 05.09.2012 (1)
  13. Polizei Virus 5.2
    Plagegeister aller Art und deren Bekämpfung - 23.08.2012 (11)
  14. Polizei Einheit 5.2 Virus Österreich Virus
    Log-Analyse und Auswertung - 05.08.2012 (14)
  15. Polizei Virus 5.2
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (1)
  16. Task-manager durch virus blockiert, Polizei-virus
    Log-Analyse und Auswertung - 02.04.2012 (1)
  17. Polizei virus
    Log-Analyse und Auswertung - 18.04.2011 (1)

Zum Thema Polizei Virus - Hallo, nach 18 Jahren in der Edv-Branche habe ich erstmalig ein Trojaner Problem. ich habe mir das Polizei Virus eingetreten. wie bekommt man das trotz Windows Defender und wie wird - Polizei Virus...
Archiv
Du betrachtest: Polizei Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.