Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Windows7: Infektion mit Ihavenet

Windows7: Infektion mit Ihavenet


Plagegeister aller Art und deren Bekämpfung: Windows7: Infektion mit Ihavenet

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 29.09.2013, 18:10   #1
michasnet
 
Windows7: Infektion mit Ihavenet - Standard

Windows7: Infektion mit Ihavenet


Hallo ihr alle!

Ich hoffe, ich hab die Checkliste beachtet und das Thema hängt jetzt nicht irgendwo...bin nämlich neu hier. von daher nochmal Hallo an alle!
Nachdem es mich jetzt wirklich nervt und ich mich soweit informiert habe, dass das ganze ein Virus ist, wende ich mich mit der Bitte um Hilfe an euch:

Wie andere hier im Forum auch habe ich auf allen Browsern (Firefox und Internet explorer) das Problem, dass beim Anklicken der Suchergebnisse in allen Suchmaschinen meist auf ihavenet.com (Leerseite) umgeleitet wird, was ich bis jetzt ganz gut umgehen konnte, indem ich einfach direkt die URL in die Leiste eingefügt habe. (das ganze hat vor ner guten Woche angefangen). Seit jetzt aber mein Computer merklich langsamer geworden ist (seit 2 Tagen ungefähr), wollte ich mich doch mal bei euch melden, ob ihr mir nicht helfen könntet, den Virus vom Laptop zu werfen und ob das zusammenhängen kann?
Falls es euch was nützt, kann ich euch gleich auch das OTL-Scanergebnis schicken, das hab ich vorsichtshalber schon mal gemacht, kenn mich aber damit nicht aus, deshalb wollte ich auf keinen Fall ohne Experten da rangehen.

Viele Grüße und schon mal vielen Dank!
micha

Alt 29.09.2013, 18:39   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Windows7: Infektion mit Ihavenet - Standard

Windows7: Infektion mit Ihavenet


hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________
Alt 29.09.2013, 19:22   #3
michasnet
 
Windows7: Infektion mit Ihavenet - Standard

Windows7: Infektion mit Ihavenet


Hi und schon mal Vielen Dank!

hab jetzt genau deine Anweisungen befolgt, hab auch gesehen, dass ich mir vor ner woche schon mal FRST runtergeladen hatte und auch schon nen Scan gemacht hatte (hatte dann aber keine Folgen, weil ich ziemlich direkt danach gelesen habe, dass man die Ratschläge an die anderen User auf keinen Fall am eigenen Computer so nachmachen soll). Aber deshalb ist Addition.txt vom 15.9.
Hier FRST.txt:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02
Ran by Michael Schoenball (administrator) on MICHAELSCHOENBA on 29-09-2013 20:06:35
Running from C:\Users\Michael Schoenball\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Validity Sensors, Inc.) C:\Windows\system32\vcsFPService.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
(Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\CxUtilSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Whilokii) C:\Program Files (x86)\Whilokii\updateWhilokii.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DPAgent.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\SmartAudio3.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
() C:\Users\Michael Schoenball\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe
(Dropbox, Inc.) C:\Users\Michael Schoenball\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SA3\SACpl.exe [1573504 2011-06-24] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780968 2011-04-30] (Synaptics Incorporated)
HKLM\...\Run: [FreeFallProtection] - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [3668336 2011-03-24] (Dell Inc.)
HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-28] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [192520 2011-05-21] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1119392 2011-05-21] (Trend Micro Inc.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Udac] - rundll32 "C:\Users\Michael Schoenball\AppData\Roaming\msfeedsbsh.dll",Bwpybonxxw
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-26] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-16] (Adobe Systems Incorporated)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\Michael Schoenball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CNET TechTracker.lnk
ShortcutTarget: CNET TechTracker.lnk -> C:\Users\Michael Schoenball\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe ()
Startup: C:\Users\Michael Schoenball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Michael Schoenball\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Michael Schoenball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

ProxyServer: proxy.drsintra.de:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=TOSHIBAXMK5061GSYN_91QIT4V9TXX91QIT4V9T&ts=1380477115
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=TOSHIBAXMK5061GSYN_91QIT4V9TXX91QIT4V9T&ts=1380477115
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=TOSHIBAXMK5061GSYN_91QIT4V9TXX91QIT4V9T&ts=1380477115
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=TOSHIBAXMK5061GSYN_91QIT4V9TXX91QIT4V9T&ts=1380477115
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=TOSHIBAXMK5061GSYN_91QIT4V9TXX91QIT4V9T&ts=1380477115
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=TOSHIBAXMK5061GSYN_91QIT4V9TXX91QIT4V9T&ts=1380477115
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=TOSHIBAXMK5061GSYN_91QIT4V9TXX91QIT4V9T&ts=1380477115
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=TOSHIBAXMK5061GSYN_91QIT4V9TXX91QIT4V9T&ts=1380477115&type=default&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=TOSHIBAXMK5061GSYN_91QIT4V9TXX91QIT4V9T&ts=1380477115&type=default&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=TOSHIBAXMK5061GSYN_91QIT4V9TXX91QIT4V9T&ts=1380477115&type=default&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=TOSHIBAXMK5061GSYN_91QIT4V9TXX91QIT4V9T&ts=1380477115&type=default&q={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=TOSHIBAXMK5061GSYN_91QIT4V9TXX91QIT4V9T&ts=1380477115&type=default&q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=7C4EAC7289E1E5F2&affID=119357&tsp=5020
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=TOSHIBAXMK5061GSYN_91QIT4V9TXX91QIT4V9T&ts=1380477115&type=default&q={searchTerms}
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\TmIEPlg.dll (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: iminent Helper Object - {112BA211-334C-4A90-90EC-2AD1CDAB287C} - C:\Program Files (x86)\IminentToolbar\1.8.25.0\bh\iminent.dll No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Whilokii - {204df522-9a96-4a72-abb0-60f7a216d6d2} - C:\Program Files (x86)\Whilokii\Whilokiibho.dll (Whilokii)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll (Delta-search.com)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: BonanzaDeals - {fe063412-bea4-4d76-8ed3-183be6220d17} - C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll (BonanzaDeals)
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll (Delta-search.com)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\TmIEPlg32.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Michael Schoenball\AppData\Roaming\Mozilla\Firefox\Profiles\6z3bu6ez.default
FF user.js: detected! => C:\Users\Michael Schoenball\AppData\Roaming\Mozilla\Firefox\Profiles\6z3bu6ez.default\user.js
FF NewTab: hxxp://www.qvo6.com/newtab/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=nt&from=cor&uid=TOSHIBAXMK5061GSYN_91QIT4V9TXX91QIT4V9T&ts=1380477115
FF DefaultSearchEngine: qvo6
FF SearchEngineOrder.1: Google.at
FF SelectedSearchEngine: qvo6
FF Homepage: hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=TOSHIBAXMK5061GSYN_91QIT4V9TXX91QIT4V9T&ts=1380477115
FF NetworkProxy: "ftp", "proxy.drsintra.net"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "proxy.drsintra.net"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "socks", "proxy.drsintra.net"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "proxy.drsintra.net"
FF NetworkProxy: "ssl_port", 8080
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=3 - C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)
FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=9 - C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Users\Michael Schoenball\AppData\Roaming\Mozilla\Firefox\Profiles\6z3bu6ez.default\searchplugins\iminent.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\qvo6.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Delta Toolbar - C:\Users\Michael Schoenball\AppData\Roaming\Mozilla\Firefox\Profiles\6z3bu6ez.default\Extensions\ffxtlbr@delta.com
FF Extension: BonanzaDeals - C:\Users\Michael Schoenball\AppData\Roaming\Mozilla\Firefox\Profiles\6z3bu6ez.default\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}
FF Extension: firefox - C:\Users\Michael Schoenball\AppData\Roaming\Mozilla\Firefox\Profiles\6z3bu6ez.default\Extensions\firefox@whilokii.net.xpi
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\firefoxextension\
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\firefoxextension\
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=TOSHIBAXMK5061GSYN_91QIT4V9TXX91QIT4V9T&ts=1380477115

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (BonanzaDeals) - C:\Users\MICHAE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0
CHR Extension: (Iminent Chrome Toolbar) - C:\Users\MICHAE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Michael Schoenball\AppData\Roaming\BabSolution\CR\Delta.crx
CHR HKLM-x32\...\Chrome\Extension: [hpomcmndppalndoljdilmfkkjkcnongl] - C:\Program Files (x86)\1clickmoviedownloader.com\clickmoviedownloader10.crx
CHR HKLM-x32\...\Chrome\Extension: [pkhojieggfgllhllcegoffdcnmdeojgb] - C:\Program Files (x86)\IminentToolbar\1.8.25.0\iminent.crx

==================== Services (Whitelisted) =================

S2 bonanzadealslive; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-09-29] (BonanzaDeals)
S3 bonanzadealslivem; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-09-29] (BonanzaDeals)
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [28288 2011-06-24] (Conexant Systems, Inc.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-28] ()
R2 Update Whilokii; C:\Program Files (x86)\Whilokii\updateWhilokii.exe [206616 2013-09-26] (Whilokii)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]

==================== Drivers (Whitelisted) ====================

S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90896 2011-05-21] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144656 2011-05-21] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [69392 2011-05-21] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2011-05-21] (Trend Micro Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-29 20:02 - 2013-09-29 20:02 - 01953880 _____ (Farbar) C:\Users\Michael Schoenball\Downloads\FRST64.exe
2013-09-29 19:47 - 2013-09-29 19:55 - 00000946 _____ C:\windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
2013-09-29 19:47 - 2013-09-29 19:52 - 00000950 _____ C:\windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
2013-09-29 19:47 - 2013-09-29 19:47 - 00003946 _____ C:\windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA
2013-09-29 19:47 - 2013-09-29 19:47 - 00003694 _____ C:\windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore
2013-09-29 19:47 - 2013-09-29 19:47 - 00003434 _____ C:\windows\System32\Tasks\EPUpdater
2013-09-29 19:47 - 2013-09-29 19:47 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\BabSolution
2013-09-29 19:47 - 2013-09-29 19:47 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Local\BonanzaDealsLive
2013-09-29 19:47 - 2013-09-29 19:47 - 00000000 ____D C:\ProgramData\DSearchLink
2013-09-29 19:47 - 2013-09-29 19:47 - 00000000 ____D C:\ProgramData\BonanzaDealsLive
2013-09-29 19:47 - 2013-09-29 19:47 - 00000000 ____D C:\Program Files (x86)\Delta
2013-09-29 19:47 - 2013-09-29 19:47 - 00000000 ____D C:\Program Files (x86)\BonanzaDealsLive
2013-09-29 19:46 - 2013-09-29 19:57 - 00003304 _____ C:\windows\System32\Tasks\DigitalSite
2013-09-29 19:46 - 2013-09-29 19:57 - 00000324 _____ C:\windows\Tasks\DigitalSite.job
2013-09-29 19:46 - 2013-09-29 19:47 - 00000000 ____D C:\Program Files (x86)\Whilokii
2013-09-29 19:46 - 2013-09-29 19:46 - 00749248 _____ C:\Users\Michael Schoenball\Downloads\ZipExtractorSetup.exe
2013-09-29 19:46 - 2013-09-29 19:46 - 00003412 _____ C:\windows\System32\Tasks\BonanzaDealsUpdate
2013-09-29 19:46 - 2013-09-29 19:46 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals
2013-09-29 19:46 - 2013-09-29 19:46 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\DigitalSite
2013-09-29 19:46 - 2013-09-29 19:46 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\Babylon
2013-09-29 19:46 - 2013-09-29 19:46 - 00000000 ____D C:\ProgramData\Babylon
2013-09-29 19:46 - 2013-09-29 19:46 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-09-29 19:46 - 2013-09-29 19:46 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-09-29 19:43 - 2013-09-29 19:43 - 00060510 _____ C:\Users\Michael Schoenball\Desktop\Extras.Txt
2013-09-29 19:41 - 2013-09-29 19:41 - 00112384 _____ C:\Users\Michael Schoenball\Desktop\OTL.Txt
2013-09-29 19:24 - 2013-09-29 19:43 - 00060510 _____ C:\Users\Michael Schoenball\Downloads\Extras.Txt
2013-09-29 19:23 - 2013-09-29 19:23 - 00112384 _____ C:\Users\Michael Schoenball\Downloads\OTL.Txt
2013-09-29 18:41 - 2013-09-29 18:41 - 00602112 _____ (OldTimer Tools) C:\Users\Michael Schoenball\Downloads\OTL.exe
2013-09-28 18:29 - 2013-09-28 18:30 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Local\{42CD3EEC-23F5-44FA-B066-5A3017DF5D98}
2013-09-28 18:29 - 2013-09-28 18:29 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\Windows Live Writer
2013-09-28 18:29 - 2013-09-28 18:29 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Local\Windows Live Writer
2013-09-27 20:20 - 2013-09-27 20:20 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2013-09-27 20:20 - 2013-09-27 20:20 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\OpenOffice
2013-09-27 20:19 - 2013-09-27 20:19 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-09-27 20:10 - 2013-09-27 20:13 - 163606685 _____ C:\Users\Michael Schoenball\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de.exe
2013-09-27 11:40 - 2013-09-27 13:22 - 00000000 ____D C:\Users\Michael Schoenball\Desktop\Lieder 30 WFD
2013-09-27 11:26 - 2013-09-19 22:09 - 16999796 ____C C:\Users\Michael Schoenball\Downloads\jens_kober1 - Kopie.jpg.tif
2013-09-26 09:56 - 2013-09-26 09:57 - 00000000 ____D C:\Users\Michael Schoenball\Downloads\Marie Kees fotos
2013-09-26 09:32 - 2013-09-26 09:32 - 02650026 _____ C:\Users\Michael Schoenball\Downloads\awfotos30jahrewfd.zip
2013-09-26 09:29 - 2013-09-26 09:29 - 00010460 _____ C:\Users\Michael Schoenball\Downloads\rooming list academic orchestra 2013.xlsx
2013-09-23 14:39 - 2013-09-29 19:51 - 00001445 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-19 22:07 - 2013-09-19 22:09 - 16999796 _____ C:\Users\Michael Schoenball\Downloads\jens_kober1.tif
2013-09-19 12:38 - 2013-09-23 14:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-17 15:06 - 2013-09-17 15:08 - 05216044 _____ C:\Users\Michael Schoenball\Downloads\cusanus2.wav
2013-09-17 00:23 - 2013-09-17 00:23 - 00827392 _____ () C:\Users\Michael Schoenball\Downloads\videoperformerSetup.exe
2013-09-17 00:20 - 2013-09-17 00:20 - 00575704 _____ C:\Users\Michael Schoenball\Downloads\Player_Setup.exe
2013-09-16 13:05 - 2013-09-16 13:05 - 00007898 _____ C:\Users\Michael Schoenball\Downloads\Raster Bühnenprogramm.odt
2013-09-16 01:18 - 2013-09-16 01:19 - 00000000 ____D C:\Users\Michael Schoenball\Documents\Initiativen, Kampagnen
2013-09-15 21:39 - 2013-09-15 21:39 - 97671483 _____ C:\windows\SysWOW64\Ꮆ㶊–
2013-09-15 15:40 - 2013-09-15 15:40 - 00000000 ____D C:\FRST
2013-09-15 15:30 - 2013-09-15 15:30 - 00000000 ____D C:\windows\ERUNT
2013-09-15 15:24 - 2013-09-16 14:16 - 00000000 ____D C:\AdwCleaner
2013-09-15 15:23 - 2013-09-15 15:23 - 01039554 _____ C:\Users\Michael Schoenball\Downloads\adwcleaner.exe
2013-09-14 01:52 - 2013-09-14 01:52 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Local\Google
2013-09-14 01:50 - 2013-09-14 01:50 - 00000000 ____D C:\Program Files (x86)\1clickmoviedownloader.com
2013-09-12 10:42 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-09-12 10:42 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-09-12 10:42 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-09-12 10:42 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-09-12 10:42 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-09-12 10:42 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-09-12 10:42 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-09-12 10:42 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-09-12 10:42 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-09-12 10:42 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-09-12 10:42 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-09-12 10:42 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-09-12 10:42 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-09-12 10:42 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-09-12 10:42 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-12 09:36 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-09-12 09:36 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-09-12 09:36 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-09-12 09:36 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-09-12 09:36 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-09-12 09:36 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-09-12 09:36 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-09-12 09:36 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-09-12 09:36 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-09-12 09:36 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-09-12 09:36 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-09-12 09:36 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-09-12 09:36 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-09-12 09:36 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-09-12 09:36 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-09-12 09:36 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-09-11 09:37 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-09-11 09:37 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys
2013-09-11 09:37 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-09-11 09:37 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2013-09-11 09:37 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2013-09-11 09:37 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2013-09-11 09:37 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2013-09-11 09:37 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2013-09-11 09:37 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2013-09-11 09:37 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2013-09-11 09:37 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2013-09-11 09:37 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2013-09-11 09:37 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2013-09-11 09:37 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2013-09-11 09:37 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2013-09-11 09:37 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2013-09-11 09:37 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2013-09-11 09:37 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2013-09-11 09:37 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2013-09-11 09:37 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2013-09-11 09:37 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2013-09-11 09:37 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-11 09:37 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2013-09-11 09:37 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2013-09-11 09:37 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2013-09-11 09:37 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll
2013-09-11 09:20 - 2013-09-12 00:12 - 97181529 _____ C:\windows\SysWOW64\䌾懚X
2013-09-10 23:54 - 2013-09-29 19:53 - 00000000 ____D C:\ProgramData\Avira
2013-09-10 23:51 - 2013-09-10 23:51 - 02092792 _____ C:\Users\Michael Schoenball\Downloads\avira_free_4052_antivirus.exe
2013-09-10 18:19 - 2013-09-10 18:19 - 00442368 __RSH C:\Users\Michael Schoenball\AppData\Roaming\msfeedsbsh.dll
2013-09-04 11:59 - 2013-09-04 11:59 - 00019212 _____ C:\Users\Michael Schoenball\Documents\Trinksprüche.odt

==================== One Month Modified Files and Folders =======

2013-09-29 20:03 - 2009-07-14 06:45 - 00020720 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-29 20:03 - 2009-07-14 06:45 - 00020720 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-29 20:02 - 2013-09-29 20:02 - 01953880 _____ (Farbar) C:\Users\Michael Schoenball\Downloads\FRST64.exe
2013-09-29 19:59 - 2011-10-22 22:33 - 01591942 _____ C:\windows\WindowsUpdate.log
2013-09-29 19:57 - 2013-09-29 19:46 - 00003304 _____ C:\windows\System32\Tasks\DigitalSite
2013-09-29 19:57 - 2013-09-29 19:46 - 00000324 _____ C:\windows\Tasks\DigitalSite.job
2013-09-29 19:57 - 2012-02-28 16:29 - 00000000 ___RD C:\Users\Michael Schoenball\Dropbox
2013-09-29 19:57 - 2012-02-28 16:26 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\Dropbox
2013-09-29 19:55 - 2013-09-29 19:47 - 00000946 _____ C:\windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
2013-09-29 19:55 - 2011-10-28 11:41 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Local\SoftThinks
2013-09-29 19:55 - 2011-10-22 23:53 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-09-29 19:55 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-09-29 19:55 - 2009-07-14 06:51 - 00091974 _____ C:\windows\setupact.log
2013-09-29 19:54 - 2010-11-21 05:47 - 00383690 _____ C:\windows\PFRO.log
2013-09-29 19:53 - 2013-09-10 23:54 - 00000000 ____D C:\ProgramData\Avira
2013-09-29 19:52 - 2013-09-29 19:47 - 00000950 _____ C:\windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
2013-09-29 19:51 - 2013-09-23 14:39 - 00001445 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-29 19:51 - 2011-10-28 11:45 - 00001731 _____ C:\Users\Michael Schoenball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-29 19:47 - 2013-09-29 19:47 - 00003946 _____ C:\windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA
2013-09-29 19:47 - 2013-09-29 19:47 - 00003694 _____ C:\windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore
2013-09-29 19:47 - 2013-09-29 19:47 - 00003434 _____ C:\windows\System32\Tasks\EPUpdater
2013-09-29 19:47 - 2013-09-29 19:47 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\BabSolution
2013-09-29 19:47 - 2013-09-29 19:47 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Local\BonanzaDealsLive
2013-09-29 19:47 - 2013-09-29 19:47 - 00000000 ____D C:\ProgramData\DSearchLink
2013-09-29 19:47 - 2013-09-29 19:47 - 00000000 ____D C:\ProgramData\BonanzaDealsLive
2013-09-29 19:47 - 2013-09-29 19:47 - 00000000 ____D C:\Program Files (x86)\Delta
2013-09-29 19:47 - 2013-09-29 19:47 - 00000000 ____D C:\Program Files (x86)\BonanzaDealsLive
2013-09-29 19:47 - 2013-09-29 19:46 - 00000000 ____D C:\Program Files (x86)\Whilokii
2013-09-29 19:46 - 2013-09-29 19:46 - 00749248 _____ C:\Users\Michael Schoenball\Downloads\ZipExtractorSetup.exe
2013-09-29 19:46 - 2013-09-29 19:46 - 00003412 _____ C:\windows\System32\Tasks\BonanzaDealsUpdate
2013-09-29 19:46 - 2013-09-29 19:46 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals
2013-09-29 19:46 - 2013-09-29 19:46 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\DigitalSite
2013-09-29 19:46 - 2013-09-29 19:46 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\Babylon
2013-09-29 19:46 - 2013-09-29 19:46 - 00000000 ____D C:\ProgramData\Babylon
2013-09-29 19:46 - 2013-09-29 19:46 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-09-29 19:46 - 2013-09-29 19:46 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-09-29 19:43 - 2013-09-29 19:43 - 00060510 _____ C:\Users\Michael Schoenball\Desktop\Extras.Txt
2013-09-29 19:43 - 2013-09-29 19:24 - 00060510 _____ C:\Users\Michael Schoenball\Downloads\Extras.Txt
2013-09-29 19:41 - 2013-09-29 19:41 - 00112384 _____ C:\Users\Michael Schoenball\Desktop\OTL.Txt
2013-09-29 19:28 - 2013-02-14 20:59 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-09-29 19:23 - 2013-09-29 19:23 - 00112384 _____ C:\Users\Michael Schoenball\Downloads\OTL.Txt
2013-09-29 18:41 - 2013-09-29 18:41 - 00602112 _____ (OldTimer Tools) C:\Users\Michael Schoenball\Downloads\OTL.exe
2013-09-29 17:52 - 2011-10-23 01:23 - 10897636 _____ C:\windows\system32\perfh007.dat
2013-09-29 17:52 - 2011-10-23 01:23 - 03442566 _____ C:\windows\system32\perfc007.dat
2013-09-29 17:52 - 2009-07-14 07:13 - 00006756 _____ C:\windows\system32\PerfStringBackup.INI
2013-09-28 18:30 - 2013-09-28 18:29 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Local\{42CD3EEC-23F5-44FA-B066-5A3017DF5D98}
2013-09-28 18:29 - 2013-09-28 18:29 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\Windows Live Writer
2013-09-28 18:29 - 2013-09-28 18:29 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Local\Windows Live Writer
2013-09-28 18:23 - 2011-10-28 11:41 - 00068552 _____ C:\Users\Michael Schoenball\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-28 18:22 - 2009-07-14 06:45 - 00303664 _____ C:\windows\system32\FNTCACHE.DAT
2013-09-28 00:39 - 2011-11-10 01:42 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\SoftGrid Client
2013-09-27 20:20 - 2013-09-27 20:20 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2013-09-27 20:20 - 2013-09-27 20:20 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\OpenOffice
2013-09-27 20:19 - 2013-09-27 20:19 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-09-27 20:18 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-09-27 20:13 - 2013-09-27 20:10 - 163606685 _____ C:\Users\Michael Schoenball\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de.exe
2013-09-27 13:22 - 2013-09-27 11:40 - 00000000 ____D C:\Users\Michael Schoenball\Desktop\Lieder 30 WFD
2013-09-26 09:57 - 2013-09-26 09:56 - 00000000 ____D C:\Users\Michael Schoenball\Downloads\Marie Kees fotos
2013-09-26 09:32 - 2013-09-26 09:32 - 02650026 _____ C:\Users\Michael Schoenball\Downloads\awfotos30jahrewfd.zip
2013-09-26 09:29 - 2013-09-26 09:29 - 00010460 _____ C:\Users\Michael Schoenball\Downloads\rooming list academic orchestra 2013.xlsx
2013-09-25 12:25 - 2013-06-03 23:22 - 00003440 _____ C:\windows\System32\Tasks\PCDEventLauncherTask
2013-09-23 14:39 - 2013-09-19 12:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-22 10:40 - 2012-06-10 19:28 - 00000000 ____D C:\Users\Michael Schoenball\Documents\Theologische Texte Impulse
2013-09-21 12:11 - 2013-06-03 23:22 - 00000000 ____D C:\Program Files\My Dell
2013-09-21 12:11 - 2012-03-06 16:00 - 00000000 ____D C:\ProgramData\PCDr
2013-09-20 11:28 - 2013-02-14 20:59 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-09-20 11:28 - 2013-02-14 20:59 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-20 11:28 - 2013-02-14 20:59 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-09-19 22:09 - 2013-09-27 11:26 - 16999796 ____C C:\Users\Michael Schoenball\Downloads\jens_kober1 - Kopie.jpg.tif
2013-09-19 22:09 - 2013-09-19 22:07 - 16999796 _____ C:\Users\Michael Schoenball\Downloads\jens_kober1.tif
2013-09-19 13:39 - 2011-10-28 16:49 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Local\Mozilla
2013-09-17 15:08 - 2013-09-17 15:06 - 05216044 _____ C:\Users\Michael Schoenball\Downloads\cusanus2.wav
2013-09-17 00:23 - 2013-09-17 00:23 - 00827392 _____ () C:\Users\Michael Schoenball\Downloads\videoperformerSetup.exe
2013-09-17 00:20 - 2013-09-17 00:20 - 00575704 _____ C:\Users\Michael Schoenball\Downloads\Player_Setup.exe
2013-09-16 14:16 - 2013-09-15 15:24 - 00000000 ____D C:\AdwCleaner
2013-09-16 13:05 - 2013-09-16 13:05 - 00007898 _____ C:\Users\Michael Schoenball\Downloads\Raster Bühnenprogramm.odt
2013-09-16 01:22 - 2012-09-26 22:29 - 00000000 ____D C:\Users\Michael Schoenball\Documents\Noten
2013-09-16 01:20 - 2013-04-19 16:51 - 00000000 ____D C:\Users\Michael Schoenball\Documents\Cusanuswerk
2013-09-16 01:19 - 2013-09-16 01:18 - 00000000 ____D C:\Users\Michael Schoenball\Documents\Initiativen, Kampagnen
2013-09-15 21:39 - 2013-09-15 21:39 - 97671483 _____ C:\windows\SysWOW64\Ꮆ㶊–
2013-09-15 15:40 - 2013-09-15 15:40 - 00000000 ____D C:\FRST
2013-09-15 15:30 - 2013-09-15 15:30 - 00000000 ____D C:\windows\ERUNT
2013-09-15 15:23 - 2013-09-15 15:23 - 01039554 _____ C:\Users\Michael Schoenball\Downloads\adwcleaner.exe
2013-09-14 10:11 - 2013-02-14 20:59 - 00002592 _____ C:\windows\SysWOW64\InstallUtil.InstallLog
2013-09-14 09:59 - 2011-10-28 11:45 - 00000000 ___RD C:\Users\Michael Schoenball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-14 09:59 - 2011-10-28 11:45 - 00000000 ___RD C:\Users\Michael Schoenball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-14 01:52 - 2013-09-14 01:52 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Local\Google
2013-09-14 01:50 - 2013-09-14 01:50 - 00000000 ____D C:\Program Files (x86)\1clickmoviedownloader.com
2013-09-12 09:36 - 2011-11-10 01:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-09-12 00:12 - 2013-09-11 09:20 - 97181529 _____ C:\windows\SysWOW64\䌾懚X
2013-09-10 23:51 - 2013-09-10 23:51 - 02092792 _____ C:\Users\Michael Schoenball\Downloads\avira_free_4052_antivirus.exe
2013-09-10 18:19 - 2013-09-10 18:19 - 00442368 __RSH C:\Users\Michael Schoenball\AppData\Roaming\msfeedsbsh.dll
2013-09-04 16:15 - 2012-11-05 00:12 - 00000000 ____D C:\Users\Michael Schoenball\Documents\Collegium musicum
2013-09-04 11:59 - 2013-09-04 11:59 - 00019212 _____ C:\Users\Michael Schoenball\Documents\Trinksprüche.odt

Some content of TEMP:
====================
C:\Users\Michael Schoenball\AppData\Local\Temp\GenericUninstall.exe
C:\Users\Michael Schoenball\AppData\Local\Temp\ICReinstall_ZipExtractorSetup.exe
C:\Users\Michael Schoenball\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Michael Schoenball\AppData\Local\Temp\MSN8CBE.exe
C:\Users\Michael Schoenball\AppData\Local\Temp\Player_Setup.exe
C:\Users\Michael Schoenball\AppData\Local\Temp\Quarantine.exe
C:\Users\Michael Schoenball\AppData\Local\Temp\Shortcut_BundleSweetIMSetup.exe
C:\Users\Michael Schoenball\AppData\Local\Temp\SHSetup.exe
C:\Users\Michael Schoenball\AppData\Local\Temp\SimboApp.exe
C:\Users\Michael Schoenball\AppData\Local\Temp\SIMEEIInstaller.exe
C:\Users\Michael Schoenball\AppData\Local\Temp\uninstaller.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-21 13:45

==================== End Of Log ============================
--- --- ---


Und noch Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-09-2013 04
Ran by Michael Schoenball at 2013-09-15 15:41:49
Running from C:\Users\Michael Schoenball\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

AccelerometerP11 (x32 Version: 2.00.11.22)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.174)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Reader X MUI (x32 Version: 10.0.0)
Advanced Audio FX Engine (x32 Version: 1.12.05)
ALDI Bestellsoftware 4.12.2 (x32 Version: 4.12.2)
Avira Free Antivirus (x32 Version: 13.0.0.4052)
CNET TechTracker (HKCU Version: 2.0.4)
Conexant SmartAudio HD (Version: 8.54.16.0)
D3DX10 (x32 Version: 15.4.2368.0902)
Dell DataSafe Local Backup - Support Software (x32 Version: 9.4.57)
Dell DataSafe Local Backup (x32 Version: 9.4.57)
Dell DataSafe Online (x32 Version: 2.1.19634)
Dell Edoc Viewer (Version: 1.0.0)
Dell Touchpad (Version: 15.3.5.0)
Dell Webcam Central (x32 Version: 2.00.44)
DigitalPersona Fingerprint Software 5.20 (Version: 5.20.230)
Dropbox (HKCU Version: 2.0.22)
ffdshow v1.2.4422 [2012-04-09] (x32 Version: 1.2.4422.0)
Intel PROSet Wireless
Intel PROSet Wireless (x32)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2418)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (Version: 1.2.0.0587)
Intel(R) PROSet/Wireless WiFi-Software (Version: 14.2.0000)
Intel(R) Rapid Storage Technology (x32 Version: 10.1.5.1001)
Intel(R) WiDi (x32 Version: 2.1.35.0)
Intel(R) Wireless Display
Java Auto Updater (x32 Version: 2.0.6.1)
Java(TM) 6 Update 22 (x32 Version: 6.0.220)
Java(TM) 6 Update 27 (64-bit) (Version: 6.0.270)
Java(TM) 6 Update 27 (x32 Version: 6.0.270)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Lidl-Druckservice (x32)
McAfee Security Scan Plus (x32 Version: 3.0.318.3)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
My Dell (Version: 3.3.6280.92)
Online Sheet Music Viewer 8.3.4.0 (x32 Version: 8.3.4.0)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
PDF-XChange Viewer (Version: 2.5.203.0)
Quickset64 (Version: 10.09.25)
Realtek Ethernet Controller Driver (x32 Version: 7.43.321.2011)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30127)
Skype Toolbars (x32 Version: 1.0.4051)
Skype™ 6.0 (x32 Version: 6.0.126)
SpyHunter (Version: 4.14.5.4268)
TI USB 3.0 Host Controller Driver (x32 Version: 1.12.14.0)
TI USB3 Host Driver (x32 Version: 1.12.14.0)
Trend Micro Titanium Internet Security (Version: 3.00)
Trend Micro Titanium Internet Security (Version: 3.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Validity Sensors DDK (Version: 4.3.108.0)
VLC media player 2.0.3 (x32 Version: 2.0.3)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)

==================== Restore Points  =========================

17-08-2013 01:00:50 Windows Update
17-08-2013 21:25:50 Removed SpyHunter
17-08-2013 21:26:29 Removed SpyHunter
17-08-2013 21:27:15 Removed SpyHunter
17-08-2013 21:27:56 Removed SpyHunter
17-08-2013 21:28:25 Removed SpyHunter
01-09-2013 01:00:43 Windows Update
10-09-2013 11:25:19 Geplanter Prüfpunkt
11-09-2013 23:21:02 Windows Update
12-09-2013 07:28:51 Windows Update
14-09-2013 08:02:38 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {014BB435-4429-4308-A8DB-01D00A3CF27A} - \Plus-HD-2.2-enabler No Task File
Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {15B84A37-73AA-4869-A06D-E7AA88C6D47B} - \Plus-HD-2.2-codedownloader No Task File
Task: {2CEC6748-7224-4E2B-85AC-024798B46651} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1894675805-202365497-958786631-1000
Task: {2E19A77F-AED3-4314-AE61-B2DC582AAE87} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2013-06-27] (Enigma Software Group USA, LLC.)
Task: {3181EBD2-583D-4DB6-9F96-EFFD47F1FB1E} - \Plus-HD-2.2-firefoxinstaller No Task File
Task: {4555AB94-DFF8-4A1F-BF68-0D0553D8055F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-14] (Adobe Systems Incorporated)
Task: {51D4C549-BA97-4F67-814E-495B7373F6E1} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {59757BBF-ECEB-4B65-8EC6-49B33C1BCBE1} - \Plus-HD-2.2-updater No Task File
Task: {8661A60D-040C-4BE9-AC93-9CF122458CA1} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-21] (Microsoft Corporation)
Task: {89A46F7C-B61F-441E-856C-FF6FF96CF401} - System32\Tasks\SystemToolsDailyTest => C:\Windows\System32\uaclauncher.exe
Task: {9A8F6E69-17A1-4339-9826-EC467D275E7A} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {AA758349-3C25-4FA7-9648-32663E049FBB} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-05-07] (PC-Doctor, Inc.)
Task: {C94F73EB-1379-48A1-8757-BED7BE825626} - System32\Tasks\JavaUpdateSched => %COMMONPROGRAMFILES(x86)%\Java\Java Update\jusched.exe
Task: {E40C5598-2CD6-4BEE-A5F6-03F1157A20B0} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-07-18] (PC-Doctor, Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-01-09 17:38 - 2012-11-23 05:13 - 00068608 _____ (Microsoft Corporation) C:\windows\system32\taskhost.exe
2010-12-29 20:53 - 2010-12-29 20:53 - 00931664 _____ (DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpoFeedb.dll
2009-07-14 02:18 - 2009-07-14 03:38 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\imaadp32.acm
2009-07-14 02:18 - 2009-07-14 03:38 - 00014848 _____ (Microsoft Corporation) C:\windows\system32\msg711.acm
2009-07-14 02:18 - 2009-07-14 03:38 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\msgsm32.acm
2009-07-14 02:18 - 2009-07-14 03:38 - 00024064 _____ (Microsoft Corporation) C:\windows\system32\msadp32.acm
2009-07-14 02:22 - 2009-07-14 03:38 - 00081408 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm
2010-12-29 19:45 - 2010-12-29 19:45 - 00178512 _____ (DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpoSet.dll
2010-12-29 20:54 - 2010-12-29 20:54 - 00740688 _____ (DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
2009-07-14 01:37 - 2009-07-14 03:39 - 00120320 _____ (Microsoft Corporation) C:\windows\system32\Dwm.exe
2011-10-23 01:04 - 2011-06-20 09:16 - 00167704 _____ (Intel Corporation) C:\Windows\System32\igfxtray.exe
2011-10-23 01:04 - 2011-06-10 20:45 - 00286720 _____ (Intel Corporation) C:\windows\system32\igfxrDEU.lrc
2011-10-23 01:04 - 2011-06-20 09:16 - 00392472 _____ (Intel Corporation) C:\Windows\System32\hkcmd.exe
2011-10-23 01:04 - 2011-06-20 09:16 - 00416024 _____ (Intel Corporation) C:\Windows\System32\igfxpers.exe
2011-10-23 01:04 - 2011-06-10 20:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-10-23 01:04 - 2011-04-30 04:00 - 02780968 _____ (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2011-10-23 01:04 - 2011-04-30 04:00 - 00411432 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2011-10-23 01:04 - 2011-04-30 04:00 - 00226088 _____ (Synaptics Incorporated) C:\windows\system32\SynTPAPI.dll
2011-10-22 22:56 - 2010-12-17 17:25 - 00686704 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2011-03-24 21:13 - 2011-03-24 21:13 - 03668336 _____ (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
2011-07-28 03:51 - 2011-07-28 03:51 - 01935120 _____ (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
2011-07-28 03:44 - 2011-07-28 03:44 - 01077248 _____ (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\PsRegApi.dll
2011-07-28 03:07 - 2011-07-28 03:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-07-28 04:20 - 2011-07-28 04:20 - 00045568 _____ (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\LangResources\DEU\FrWrkDEU.dll
2011-07-28 03:55 - 2011-07-28 03:55 - 01746432 _____ (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\FrameworkPlugins\PanTray.dll
2011-07-28 03:46 - 2011-07-28 03:46 - 01045504 _____ (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\TraceAPI.DLL
2011-07-28 03:44 - 2011-07-28 03:44 - 00234496 _____ (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\WiMAXCoEx.dll
2011-07-28 03:50 - 2011-07-28 03:50 - 02072576 _____ (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\PfMgrApi.dll
2011-07-28 03:51 - 2011-07-28 03:51 - 01278976 _____ (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\MurocApi.dll
2011-07-28 03:46 - 2011-07-28 03:46 - 00841728 _____ (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\IntStngs.dll
2011-07-28 03:53 - 2011-07-28 03:53 - 00570368 _____ (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\PanApi.dll
2011-07-28 03:44 - 2011-07-28 03:44 - 00177152 _____ (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\S24MUDLL.dll
2011-07-28 04:24 - 2011-07-28 04:24 - 00097280 _____ (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\LangResources\DEU\PanTrDEU.dll
2011-10-23 01:15 - 2011-05-21 09:45 - 01410504 _____ (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
2011-10-22 23:36 - 2011-05-21 10:01 - 00059168 _____ (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\utilDebugLog.dll
2011-10-22 23:36 - 2011-05-21 10:01 - 00047104 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll
2011-10-22 23:36 - 2011-05-21 10:01 - 00042496 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll
2011-10-22 23:36 - 2011-05-21 10:01 - 00091104 _____ (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\utilMsgBuffer.dll
2011-10-22 23:37 - 2011-05-21 10:01 - 00144640 _____ (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\utilJsonHandle.dll
2011-10-22 23:36 - 2011-05-21 10:01 - 00376408 _____ (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\outer_AMSP_ClientLibrary.dll
2011-10-22 23:36 - 2011-05-21 10:01 - 00107584 _____ (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\utilIPC.dll
2011-10-22 23:36 - 2011-05-21 10:01 - 00024672 _____ (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\utilThread.dll
2011-10-22 23:36 - 2011-05-21 10:01 - 00137448 _____ (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\utilRPC.dll
2011-10-22 23:36 - 2011-05-21 10:01 - 00032912 _____ (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\utilAccessControl.dll
2011-10-22 23:36 - 2011-05-21 10:01 - 00528336 _____ (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\utilInstallation.dll
2011-10-22 23:36 - 2011-05-21 10:01 - 00095224 _____ (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\utilComponentInfo.dll
2011-10-22 23:36 - 2011-05-21 10:01 - 00030864 _____ (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\utilGenericLoader.dll
2011-10-22 22:40 - 2011-04-13 17:39 - 00503942 ____N (Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
2010-11-21 05:24 - 2010-11-21 05:24 - 00464384 _____ (Microsoft Corporation) C:\windows\system32\taskeng.exe
2013-06-27 23:46 - 2013-06-27 23:46 - 07529344 _____ (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
2013-06-27 23:46 - 2013-06-27 23:46 - 00721792 _____ (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\ExecutionGuard.dll
2013-06-27 23:46 - 2013-06-27 23:46 - 03017088 _____ (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\ShScanner.dll
2013-06-27 23:46 - 2013-06-27 23:46 - 01190272 _____ (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\Defman.dll
2013-06-27 23:46 - 2013-06-27 23:46 - 00546688 _____ (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\Common.dll
2011-12-01 22:24 - 2011-12-01 22:24 - 02624512 _____ () C:\Users\Michael Schoenball\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe
2013-05-25 02:47 - 2013-05-25 02:47 - 27776968 _____ (Dropbox, Inc.) C:\Users\Michael Schoenball\AppData\Roaming\Dropbox\bin\Dropbox.exe
2009-07-14 01:56 - 2009-07-14 03:39 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\NOTEPAD.EXE
2011-10-22 22:53 - 2011-06-24 05:36 - 00417408 _____ (Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\SmartAudio3.exe
2011-10-22 22:53 - 2011-06-24 05:36 - 00212096 _____ (Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\SmartAudio.Core.dll
2011-10-22 22:53 - 2011-05-23 21:43 - 00114688 _____ ( ) C:\Program Files\Conexant\SA3\Interop.CxHDAudioAPILib.dll
2011-10-22 22:53 - 2011-05-23 21:43 - 01233408 _____ (Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\CxHDAudioAPI.dll
2011-10-22 22:53 - 2011-05-26 01:53 - 00014848 _____ ( ) C:\Program Files\Conexant\SA3\Interop.SRSAPOInterface.dll
2011-10-22 22:53 - 2011-06-24 05:36 - 00030208 _____ (Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\SmartAudio.Creative.dll
2011-10-22 22:53 - 2011-06-24 05:36 - 02534016 _____ (Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\SmartAudio.Dell.dll
2011-10-22 22:53 - 2011-06-24 05:36 - 00414848 _____ (Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\SmartAudio.Localization.dll
2011-10-22 22:53 - 2011-06-24 05:36 - 00098304 _____ (Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\SmartAudio.SRS.dll
2011-10-22 22:53 - 2011-06-24 03:48 - 00356352 _____ (Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\Languages\de-DE\SmartAudio.resources.dll
2011-10-22 22:53 - 2011-06-08 01:32 - 00464384 _____ (SRS Labs, Inc.) C:\Program Files\Conexant\SA3\slapoi64.dll
2010-12-29 20:54 - 2010-12-29 20:54 - 00386416 _____ (DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DPAgent.exe
2009-07-14 01:47 - 2009-07-14 03:39 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\wbem\unsecapp.exe
2011-10-22 23:53 - 2011-07-08 17:12 - 02749248 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2011-10-23 01:04 - 2011-04-30 04:00 - 00121640 _____ (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
2010-11-21 05:24 - 2010-11-21 05:24 - 00302592 _____ (Microsoft Corporation) C:\windows\SysWOW64\cmd.exe
2013-09-11 09:37 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2012-07-12 14:09 - 2012-06-03 00:19 - 00057880 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2011-07-29 10:49 - 2011-02-25 08:19 - 02871808 _____ (Microsoft Corporation) C:\windows\explorer.exe
2013-09-12 00:13 - 2013-09-12 00:13 - 01862024 _____ (Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
2011-10-22 23:30 - 2011-05-04 07:19 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\SearchFilterHost.exe
2013-09-15 15:40 - 2013-09-15 15:40 - 01951102 _____ (Farbar) C:\Users\Michael Schoenball\Downloads\FRST64.exe
2010-12-29 19:45 - 2010-12-29 19:45 - 00212304 _____ (DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpOSet.dll
2010-12-29 20:54 - 2010-12-29 20:54 - 00649552 _____ (DigitalPersona, Inc.) C:\windows\system32\DPFPApi.DLL
2010-12-29 20:54 - 2010-12-29 20:54 - 00376656 _____ (DigitalPersona, Inc.) C:\windows\system32\DPCLBACK.dll
2010-12-29 20:52 - 2010-12-29 20:52 - 00619856 _____ (DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DPAgentOtsPlugin.dll
2010-12-29 20:53 - 2010-12-29 20:53 - 01324368 _____ (DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpFillin.dll
2010-12-29 19:45 - 2010-12-29 19:45 - 00248144 _____ (DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpoPS.dll
2010-12-29 20:53 - 2010-12-29 20:53 - 00685392 _____ (DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpOCache.dll
2010-12-29 20:53 - 2010-12-29 20:53 - 00644432 _____ (DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpoFeedb.dll
2011-10-22 22:40 - 2009-09-08 17:01 - 00237056 ____N (Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\CTLoadRs.dll
2011-10-22 22:40 - 2010-07-22 20:01 - 00065536 ____N (Creative Technology Ltd.) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\CtPinMgr.dll
2010-12-29 19:45 - 2010-12-29 19:45 - 00212304 _____ (DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpoSet.dll
2013-08-17 03:36 - 2013-08-17 03:36 - 00475648 _____ (Intel Corporation) C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\aabbed019df19cbda3b3dfb80fa98bf0\IAStorUtil.ni.dll
2013-07-15 04:04 - 2013-07-15 04:04 - 00014336 _____ (Intel Corp.) C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\8fae59a3cc25d36da6f7f85ef16e441c\IAStorCommon.ni.dll
2010-07-15 04:08 - 2010-07-15 04:08 - 00063827 _____ (Zlib) C:\Users\Michael Schoenball\AppData\Roaming\CBS Interactive\CNET TechTracker\zlib.dll
2012-11-14 01:32 - 2012-11-14 01:32 - 03558400 _____ (wxWidgets development team) C:\Users\Michael Schoenball\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
2013-03-13 22:48 - 2013-03-13 22:48 - 24978944 _____ () C:\Users\Michael Schoenball\AppData\Roaming\Dropbox\bin\libcef.dll
2013-03-13 22:48 - 2013-03-13 22:48 - 09956864 _____ (The ICU Project) C:\Users\Michael Schoenball\AppData\Roaming\Dropbox\bin\icudt.dll
2011-01-17 16:19 - 2011-10-28 16:59 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll

==================== Alternate Data Streams (whitelisted) ==========



==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/15/2013 03:34:07 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (09/15/2013 03:34:07 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (09/15/2013 03:34:06 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (09/15/2013 03:28:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/15/2013 09:21:35 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (09/15/2013 09:21:35 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (09/15/2013 09:21:35 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (09/15/2013 09:01:48 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (09/15/2013 09:01:48 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (09/15/2013 09:01:48 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.


System errors:
=============
Error: (09/15/2013 03:27:50 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\windows\System32\IWMSSvc.dll
Fehlercode: 258

Error: (09/15/2013 00:17:28 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (09/15/2013 00:16:23 AM) (Source: DCOM) (User: )
Description: 1053Bluetooth Media Service{9AC233E9-AC75-4DB5-85C4-DAB13A484FEA}

Error: (09/15/2013 00:16:24 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.

Error: (09/15/2013 00:16:23 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Bluetooth Media Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (09/15/2013 00:16:23 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth Media Service erreicht.

Error: (09/15/2013 00:15:54 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.

Error: (09/14/2013 10:02:04 AM) (Source: Service Control Manager) (User: )
Description: Dienst "SProtection" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/14/2013 09:58:51 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.

Error: (09/14/2013 02:16:04 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (09/15/2013 03:34:07 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (09/15/2013 03:34:07 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (09/15/2013 03:34:06 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (09/15/2013 03:28:21 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/15/2013 09:21:35 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (09/15/2013 09:21:35 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (09/15/2013 09:21:35 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (09/15/2013 09:01:48 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (09/15/2013 09:01:48 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (09/15/2013 09:01:48 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
__________________
Alt 30.09.2013, 08:54   #4
schrauber
/// the machine
/// TB-Ausbilder
 
Windows7: Infektion mit Ihavenet - Standard

Windows7: Infektion mit Ihavenet


hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 30.09.2013, 09:48   #5
michasnet
 
Windows7: Infektion mit Ihavenet - Standard

Windows7: Infektion mit Ihavenet


Morgen!

Danke schon mal!
Hab grad die Schritte durchgemacht - keine besonderen Auffälligkeiten.
Hier der Text:
Code:
ATTFilter
ComboFix 13-09-30.02 - Michael Schoenball 30.09.2013  10:09:46.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4002.2755 [GMT 2:00]
ausgeführt von:: c:\users\Michael Schoenball\Desktop\ComboFix.exe
AV: Trend Micro Titanium Internet Security *Disabled/Outdated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Internet Security *Disabled/Outdated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Delta\delta\1.8.24.6\bh\delta.dll
c:\program files (x86)\Delta\delta\1.8.24.6\deltaApp.dll
c:\program files (x86)\Delta\delta\1.8.24.6\deltaEng.dll
c:\program files (x86)\Delta\delta\1.8.24.6\deltasrv.exe
c:\program files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll
c:\programdata\DSearchLink
c:\programdata\DSearchLink\DSearchLink.exe
c:\programdata\PCDr\6308\AddOnDownloaded\244ec244-34e7-4b04-85aa-c16ea08f2533.dll
c:\programdata\PCDr\6308\AddOnDownloaded\31d5a116-b563-4195-8dbd-1798d14bfacd.dll
c:\programdata\PCDr\6308\AddOnDownloaded\3265cc37-1ae8-4a1d-b93a-d8a0d09ba823.dll
c:\programdata\PCDr\6308\AddOnDownloaded\357a8a4f-74a2-42f1-aed0-bea5984fd709.dll
c:\programdata\PCDr\6308\AddOnDownloaded\393c4795-5a95-448d-89c3-2d1321ae7575.dll
c:\programdata\PCDr\6308\AddOnDownloaded\394b144a-f70e-44ff-a1ce-7fed69d15b12.dll
c:\programdata\PCDr\6308\AddOnDownloaded\50441041-9037-4c34-842c-4a8523e700da.dll
c:\programdata\PCDr\6308\AddOnDownloaded\5737a9df-39af-4df3-b97d-07f556d679c5.dll
c:\programdata\PCDr\6308\AddOnDownloaded\5ec8c7eb-8ac7-4252-bb47-87f22e27e4a9.dll
c:\programdata\PCDr\6308\AddOnDownloaded\646d4422-eb1f-4e32-8b16-f32fc711fbc0.dll
c:\programdata\PCDr\6308\AddOnDownloaded\751275e0-9b7c-49a7-b6d8-eaf73a4eac58.dll
c:\programdata\PCDr\6308\AddOnDownloaded\7ec00d71-b236-42d5-b7d2-aab97a4a1f3d.dll
c:\programdata\PCDr\6308\AddOnDownloaded\840b04b8-fb1e-4492-9645-97c163fb4348.dll
c:\programdata\PCDr\6308\AddOnDownloaded\8658165e-a29d-4eca-a939-35aff3e05f62.dll
c:\programdata\PCDr\6308\AddOnDownloaded\8aa95cb2-816d-4a9a-a370-962b815a3013.dll
c:\programdata\PCDr\6308\AddOnDownloaded\9a29e1fb-664e-4651-a32c-e1ab34198ded.dll
c:\programdata\PCDr\6308\AddOnDownloaded\a7c185b3-39a9-4aaf-9506-7726c68d6350.dll
c:\programdata\PCDr\6308\AddOnDownloaded\ad245130-e9e2-4a7e-8912-a540560daf66.dll
c:\programdata\PCDr\6308\AddOnDownloaded\ad3867bf-de78-4ebd-93f2-0811b275b627.dll
c:\programdata\PCDr\6308\AddOnDownloaded\be543d7a-9241-474e-9567-a20b994760c0.dll
c:\programdata\PCDr\6308\AddOnDownloaded\c0c54ea3-e58e-438a-9c4c-778b0979180a.dll
c:\programdata\PCDr\6308\AddOnDownloaded\e2989224-3347-43ce-b7a2-533339a265b0.dll
c:\programdata\Roaming
c:\users\Michael Schoenball\AppData\Roaming\msfeedsbsh.dll
c:\windows\RPSETUP.EXE.LOG
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-08-28 bis 2013-09-30  ))))))))))))))))))))))))))))))
.
.
2013-09-30 08:16 . 2013-09-30 08:16	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-09-29 17:47 . 2013-09-29 17:47	--------	d-----w-	c:\program files (x86)\Delta
2013-09-29 17:47 . 2013-09-29 17:47	--------	d-----w-	c:\users\Michael Schoenball\AppData\Roaming\BabSolution
2013-09-29 17:47 . 2013-09-29 17:47	--------	d-----w-	c:\users\Michael Schoenball\AppData\Local\BonanzaDealsLive
2013-09-29 17:47 . 2013-09-29 17:47	--------	d-----w-	c:\programdata\BonanzaDealsLive
2013-09-29 17:46 . 2013-09-29 17:46	--------	d-----w-	c:\program files (x86)\BonanzaDeals
2013-09-29 17:46 . 2013-09-29 17:47	--------	d-----w-	c:\program files (x86)\Whilokii
2013-09-29 17:46 . 2013-09-29 17:46	--------	d-----w-	c:\programdata\Babylon
2013-09-29 17:46 . 2013-09-29 17:46	--------	d-----w-	c:\users\Michael Schoenball\AppData\Roaming\Babylon
2013-09-29 17:46 . 2013-09-29 17:46	--------	d-----w-	c:\program files (x86)\OpenIt
2013-09-29 17:46 . 2013-09-29 17:46	--------	d-----w-	c:\users\Michael Schoenball\AppData\Roaming\DigitalSite
2013-09-28 16:29 . 2013-09-28 16:29	--------	d-----w-	c:\users\Michael Schoenball\AppData\Local\Windows Live Writer
2013-09-28 16:29 . 2013-09-28 16:29	--------	d-----w-	c:\users\Michael Schoenball\AppData\Roaming\Windows Live Writer
2013-09-27 18:20 . 2013-09-27 18:20	--------	d-----w-	c:\users\Michael Schoenball\AppData\Roaming\OpenOffice
2013-09-27 18:19 . 2013-09-27 18:19	--------	d-----w-	c:\program files (x86)\OpenOffice 4
2013-09-15 13:40 . 2013-09-15 13:40	--------	d-----w-	C:\FRST
2013-09-15 13:30 . 2013-09-15 13:30	--------	d-----w-	c:\windows\ERUNT
2013-09-15 13:24 . 2013-09-16 12:16	--------	d-----w-	C:\AdwCleaner
2013-09-13 23:52 . 2013-09-13 23:52	--------	d-----w-	c:\users\Michael Schoenball\AppData\Local\Google
2013-09-13 23:50 . 2013-09-13 23:50	--------	d-----w-	c:\program files (x86)\1clickmoviedownloader.com
2013-09-12 07:36 . 2013-08-10 06:10	775256	----a-w-	c:\program files\Internet Explorer\iexplore.exe
2013-09-11 07:37 . 2013-08-05 02:25	155584	----a-w-	c:\windows\system32\drivers\ataport.sys
2013-09-10 21:54 . 2013-09-29 17:53	--------	d-----w-	c:\programdata\Avira
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-20 09:28 . 2013-02-14 18:59	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-20 09:28 . 2013-02-14 18:59	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-02 01:48 . 2013-09-11 07:37	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2013-07-25 09:25 . 2013-08-15 22:23	1888768	----a-w-	c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-15 22:23	1620992	----a-w-	c:\windows\SysWow64\WMVDECOD.DLL
2013-07-20 10:28 . 2013-07-20 10:28	110080	----a-r-	c:\users\Michael Schoenball\AppData\Roaming\Microsoft\Installer\{8AE3CFB6-78B2-4F55-A7BE-618FCFF43A03}\IconF7A21AF7.exe
2013-07-20 10:28 . 2013-07-20 10:28	110080	----a-r-	c:\users\Michael Schoenball\AppData\Roaming\Microsoft\Installer\{8AE3CFB6-78B2-4F55-A7BE-618FCFF43A03}\IconD7F16134.exe
2013-07-20 10:28 . 2013-07-20 10:28	110080	----a-r-	c:\users\Michael Schoenball\AppData\Roaming\Microsoft\Installer\{8AE3CFB6-78B2-4F55-A7BE-618FCFF43A03}\Icon1226A4C5.exe
2013-07-19 01:58 . 2013-08-15 22:23	2048	----a-w-	c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-15 22:23	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2013-07-09 05:52 . 2013-08-15 22:25	224256	----a-w-	c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-15 22:23	1217024	----a-w-	c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-15 22:25	1472512	----a-w-	c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-15 22:25	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-15 22:25	139776	----a-w-	c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-15 22:23	663552	----a-w-	c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-15 22:25	175104	----a-w-	c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-15 22:25	1166848	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-15 22:25	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-15 22:25	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2013-07-06 06:03 . 2013-08-15 22:23	1910208	----a-w-	c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{204df522-9a96-4a72-abb0-60f7a216d6d2}]
2013-09-26 20:44	249624	----a-w-	c:\program files (x86)\Whilokii\WhilokiiBHO.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{fe063412-bea4-4d76-8ed3-183be6220d17}]
2013-08-21 17:36	100336	----a-w-	c:\program files (x86)\BonanzaDeals\BonanzaDealsIE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Michael Schoenball\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Michael Schoenball\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Michael Schoenball\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-02-18 283160]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
.
c:\users\Michael Schoenball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CNET TechTracker.lnk - c:\users\Michael Schoenball\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe [2011-12-1 2624512]
Dropbox.lnk - c:\users\Michael Schoenball\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	DPPassFilter scecli
.
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
R2 bonanzadealslive;BonanzaDealsLive-Dienst (bonanzadealslive);c:\program files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe;c:\program files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R3 bonanzadealslivem;BonanzaDealsLive-Dienst (bonanzadealslivem);c:\program files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe;c:\program files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 CxUtilSvc;Conexant Utility Service;c:\program files\Conexant\SA3\CxUtilSvc.exe;c:\program files\Conexant\SA3\CxUtilSvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Update Whilokii;Update Whilokii;c:\program files (x86)\Whilokii\updateWhilokii.exe;c:\program files (x86)\Whilokii\updateWhilokii.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\DRIVERS\tihub3.sys;c:\windows\SYSNATIVE\DRIVERS\tihub3.sys [x]
S3 tixhci;TI XHCI Service;c:\windows\system32\DRIVERS\tixhci.sys;c:\windows\SYSNATIVE\DRIVERS\tixhci.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-09-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-14 09:28]
.
2013-09-29 c:\windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
- c:\program files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-09-29 17:46]
.
2013-09-30 c:\windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
- c:\program files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-09-29 17:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Michael Schoenball\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Michael Schoenball\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Michael Schoenball\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Michael Schoenball\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-20 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-20 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-20 416024]
"SmartAudio"="c:\program files\CONEXANT\SA3\SACpl.exe" [2011-06-24 1573504]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-05-19 10365952]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-05-21 192520]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-05-21 1119392]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=TOSHIBAXMK5061GSYN_91QIT4V9TXX91QIT4V9T&ts=1380477115
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=TOSHIBAXMK5061GSYN_91QIT4V9TXX91QIT4V9T&ts=1380477115
mStart Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=TOSHIBAXMK5061GSYN_91QIT4V9TXX91QIT4V9T&ts=1380477115
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = proxy.drsintra.de:8080
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Michael Schoenball\AppData\Roaming\Mozilla\Firefox\Profiles\6z3bu6ez.default\
FF - prefs.js: browser.search.selectedEngine - qvo6
FF - prefs.js: browser.startup.homepage - hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=TOSHIBAXMK5061GSYN_91QIT4V9TXX91QIT4V9T&ts=1380477115
FF - ExtSQL: 2013-09-26 22:44; firefox@whilokii.net; c:\users\Michael Schoenball\AppData\Roaming\Mozilla\Firefox\Profiles\6z3bu6ez.default\extensions\firefox@whilokii.net.xpi
FF - ExtSQL: 2013-09-29 19:46; {f9d03c26-0575-497e-821d-f7956d23e0ca}; c:\users\Michael Schoenball\AppData\Roaming\Mozilla\Firefox\Profiles\6z3bu6ez.default\extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}
FF - ExtSQL: 2013-09-29 19:47; ffxtlbr@delta.com; c:\users\Michael Schoenball\AppData\Roaming\Mozilla\Firefox\Profiles\6z3bu6ez.default\extensions\ffxtlbr@delta.com
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - 7c4e86d4000000000000ac7289e1e5f2
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15977
FF - user.js: extensions.delta.vrsn - 1.8.24.6
FF - user.js: extensions.delta.vrsni - 1.8.24.6
FF - user.js: extensions.delta.vrsnTs - 1.8.24.619:47
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - de
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119357&tsp=5020
FF - user.js: extensions.delta_i.babExt - 
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{112BA211-334C-4A90-90EC-2AD1CDAB287C} - c:\program files (x86)\IminentToolbar\1.8.25.0\bh\iminent.dll
BHO-{C1AF5FA5-852C-4C90-812E-A7F75E011D87} - c:\program files (x86)\Delta\delta\1.8.24.6\bh\delta.dll
Toolbar-{82E1477C-B154-48D3-9891-33D83C26BCD3} - c:\program files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll
Wow6432Node-HKCU-Run-Udac - c:\users\Michael Schoenball\AppData\Roaming\msfeedsbsh.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-09-30  10:19:04
ComboFix-quarantined-files.txt  2013-09-30 08:19
.
Vor Suchlauf: 19 Verzeichnis(se), 220.712.005.632 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 222.344.429.568 Bytes frei
.
- - End Of File - - 2A871C372C35790E75BA625583508394
bis bald
micha


Alt 30.09.2013, 16:54   #6
schrauber
/// the machine
/// TB-Ausbilder
 
Windows7: Infektion mit Ihavenet - Standard

Windows7: Infektion mit Ihavenet


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Windows7: Infektion mit Ihavenet

Alt 30.09.2013, 20:11   #7
michasnet
 
Windows7: Infektion mit Ihavenet - Standard

Windows7: Infektion mit Ihavenet


Hello again!

So, alle Arbeitsaufräge geschafft - vielen Dank! der Computer läuft schon viel besser - vor allem die Weiterleitung auf andere Seiten ist komplett weg.

Hier die Textdateien:
1. Malwarebytes Anti-Malware :
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.30.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Michael Schoenball :: MICHAELSCHOENBA [Administrator]

30.09.2013 20:19:55
mbam-log-2013-09-30 (20-19-55).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 201505
Laufzeit: 3 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 10
HKCR\CLSID\{112BA211-334C-4A90-90EC-2AD1CDAB287C} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{112BA211-334C-4A90-90EC-2AD1CDAB287C} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{112BA211-334C-4A90-90EC-2AD1CDAB287C} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{112BA211-334C-4A90-90EC-2AD1CDAB287C} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{1FAFD711-ABF9-4F6A-8130-5166C7371427} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\iminent.iminentdskBnd.1 (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\iminent.iminentdskBnd (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{204DF522-9A96-4A72-ABB0-60F7A216D6D2} (Adware.Whilokii) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{204DF522-9A96-4A72-ABB0-60F7A216D6D2} (Adware.Whilokii) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{204DF522-9A96-4A72-ABB0-60F7A216D6D2} (Adware.Whilokii) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 2
C:\Users\Michael Schoenball\AppData\Local\Google\Chrome\User Data\default\extensions\pkhojieggfgllhllcegoffdcnmdeojgb (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Michael Schoenball\AppData\Local\Google\Chrome\User Data\default\extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0 (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 16
C:\Users\Michael Schoenball\Downloads\Player_Setup.exe (PUP.OptionalBundleInstaller.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Michael Schoenball\Downloads\videoperformerSetup.exe (Adware.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\qvo6.xml (PUP.Optional.qvo6.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Michael Schoenball\AppData\Local\Google\Chrome\User Data\default\extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\appCntrl.js (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Michael Schoenball\AppData\Local\Google\Chrome\User Data\default\extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\bg.html (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Michael Schoenball\AppData\Local\Google\Chrome\User Data\default\extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\bg.js (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Michael Schoenball\AppData\Local\Google\Chrome\User Data\default\extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\CrmAdpt.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Michael Schoenball\AppData\Local\Google\Chrome\User Data\default\extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\ct.js (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Michael Schoenball\AppData\Local\Google\Chrome\User Data\default\extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\CTB.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Michael Schoenball\AppData\Local\Google\Chrome\User Data\default\extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\dpk.js (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Michael Schoenball\AppData\Local\Google\Chrome\User Data\default\extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\hprtkMsg.htm (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Michael Schoenball\AppData\Local\Google\Chrome\User Data\default\extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\hprtkMsg.js (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Michael Schoenball\AppData\Local\Google\Chrome\User Data\default\extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\json2.min.js (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Michael Schoenball\AppData\Local\Google\Chrome\User Data\default\extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\logo.png (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Michael Schoenball\AppData\Local\Google\Chrome\User Data\default\extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\manifest.json (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Michael Schoenball\AppData\Local\Google\Chrome\User Data\default\extensions\pkhojieggfgllhllcegoffdcnmdeojgb\2.0_0\pref.json (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
2. ADW Cleaner:
Code:
ATTFilter
# AdwCleaner v3.005 - Bericht erstellt am 30/09/2013 um 20:35:48
# Updated 22/09/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Michael Schoenball - MICHAELSCHOENBA
# Gestartet von : C:\Users\Michael Schoenball\Desktop\adwcleaner_3.0.0.5.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v24.0 (de)

[ Datei : C:\Users\Michael Schoenball\AppData\Roaming\Mozilla\Firefox\Profiles\8h0eeyhr.default-1380534715240\prefs.js ]


*************************

AdwCleaner[R0].txt - [15957 octets] - [15/09/2013 15:24:57]
AdwCleaner[R1].txt - [970 octets] - [16/09/2013 14:15:03]
AdwCleaner[R2].txt - [10167 octets] - [30/09/2013 11:57:11]
AdwCleaner[R3].txt - [1229 octets] - [30/09/2013 20:35:28]
AdwCleaner[S0].txt - [15749 octets] - [15/09/2013 15:25:27]
AdwCleaner[S1].txt - [1030 octets] - [16/09/2013 14:15:55]
AdwCleaner[S2].txt - [8086 octets] - [30/09/2013 11:57:34]
AdwCleaner[S3].txt - [1151 octets] - [30/09/2013 20:35:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1211 octets] ##########
3. JRT:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.3 (09.27.2013:1)
OS: Windows 7 Professional x64
Ran by Michael Schoenball on 30.09.2013 at 20:44:58,08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!"
Successfully deleted: [Empty Folder] C:\Users\Michael Schoenball\appdata\local\{42CD3EEC-23F5-44FA-B066-5A3017DF5D98}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.09.2013 at 20:58:47,82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
und noch zu guter Letzt: FRST

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02
Ran by Michael Schoenball (administrator) on MICHAELSCHOENBA on 30-09-2013 21:01:08
Running from C:\Users\Michael Schoenball\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Validity Sensors, Inc.) C:\Windows\system32\vcsFPService.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
(Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\CxUtilSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\SmartAudio3.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Users\Michael Schoenball\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Dropbox, Inc.) C:\Users\Michael Schoenball\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SA3\SACpl.exe [1573504 2011-06-24] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780968 2011-04-30] (Synaptics Incorporated)
HKLM\...\Run: [FreeFallProtection] - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-28] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [192520 2011-05-21] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1119392 2011-05-21] (Trend Micro Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-26] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-16] (Adobe Systems Incorporated)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\Michael Schoenball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CNET TechTracker.lnk
ShortcutTarget: CNET TechTracker.lnk -> C:\Users\Michael Schoenball\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe ()
Startup: C:\Users\Michael Schoenball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Michael Schoenball\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Michael Schoenball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

ProxyServer: proxy.drsintra.de:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\TmIEPlg.dll (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\TmIEPlg32.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Michael Schoenball\AppData\Roaming\Mozilla\Firefox\Profiles\8h0eeyhr.default-1380534715240
FF Homepage: hxxp://www.ecosia.org
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\firefoxextension\
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\firefoxextension\
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [hpomcmndppalndoljdilmfkkjkcnongl] - C:\Program Files (x86)\1clickmoviedownloader.com\clickmoviedownloader10.crx
CHR HKLM-x32\...\Chrome\Extension: [pkhojieggfgllhllcegoffdcnmdeojgb] - C:\Program Files (x86)\IminentToolbar\1.8.25.0\iminent.crx

==================== Services (Whitelisted) =================

R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [28288 2011-06-24] (Conexant Systems, Inc.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-28] ()
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]

==================== Drivers (Whitelisted) ====================

R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90896 2011-05-21] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144656 2011-05-21] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [69392 2011-05-21] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2011-05-21] (Trend Micro Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-30 20:58 - 2013-09-30 20:58 - 00000855 _____ C:\Users\Michael Schoenball\Desktop\JRT.txt
2013-09-30 20:43 - 2013-09-30 20:43 - 01030305 _____ (Thisisu) C:\Users\Michael Schoenball\Desktop\JRT.exe
2013-09-30 20:37 - 2013-09-30 20:37 - 00001291 _____ C:\Users\Michael Schoenball\Desktop\AdwCleaner[S3].txt
2013-09-30 20:30 - 2013-09-30 20:30 - 00003288 ____N C:\bootsqm.dat
2013-09-30 20:29 - 2013-09-30 20:29 - 00000000 __SHD C:\found.000
2013-09-30 20:15 - 2013-09-30 20:15 - 00001111 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-30 20:15 - 2013-09-30 20:15 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\Malwarebytes
2013-09-30 20:15 - 2013-09-30 20:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-30 20:15 - 2013-09-30 20:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-30 20:15 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-09-30 20:14 - 2013-09-30 20:15 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Michael Schoenball\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-30 11:56 - 2013-09-30 11:56 - 01042066 _____ C:\Users\Michael Schoenball\Desktop\adwcleaner_3.0.0.5.exe
2013-09-30 10:19 - 2013-09-30 10:19 - 00030022 _____ C:\ComboFix.txt
2013-09-30 10:07 - 2013-09-30 10:19 - 00000000 ____D C:\Qoobox
2013-09-30 10:07 - 2013-09-30 10:17 - 00000000 ____D C:\windows\erdnt
2013-09-30 10:07 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2013-09-30 10:07 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2013-09-30 10:07 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-09-30 10:07 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-09-30 10:07 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-09-30 10:07 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2013-09-30 10:07 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2013-09-30 10:07 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2013-09-30 10:06 - 2013-09-30 10:06 - 00009719 _____ C:\Users\Michael Schoenball\Desktop\ESTAScan druckvorlage.odt
2013-09-30 10:00 - 2013-09-30 10:00 - 05131234 ____R (Swearware) C:\Users\Michael Schoenball\Desktop\ComboFix.exe
2013-09-29 20:57 - 2013-09-30 09:58 - 00000095 _____ C:\Users\Michael Schoenball\AppData\Roaming\WB.CFG
2013-09-29 20:57 - 2013-09-30 09:58 - 00000005 _____ C:\Users\Michael Schoenball\AppData\Roaming\WBPU-TTL.DAT
2013-09-29 20:06 - 2013-09-29 20:07 - 00053591 _____ C:\Users\Michael Schoenball\Downloads\FRST.txt
2013-09-29 20:02 - 2013-09-29 20:02 - 01953880 _____ (Farbar) C:\Users\Michael Schoenball\Desktop\FRST64.exe
2013-09-29 19:46 - 2013-09-30 11:33 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-09-29 19:46 - 2013-09-29 19:46 - 00749248 _____ C:\Users\Michael Schoenball\Downloads\ZipExtractorSetup.exe
2013-09-29 19:24 - 2013-09-29 19:43 - 00060510 _____ C:\Users\Michael Schoenball\Downloads\Extras.Txt
2013-09-29 19:23 - 2013-09-29 19:23 - 00112384 _____ C:\Users\Michael Schoenball\Downloads\OTL.Txt
2013-09-29 18:41 - 2013-09-29 18:41 - 00602112 _____ (OldTimer Tools) C:\Users\Michael Schoenball\Downloads\OTL.exe
2013-09-28 18:29 - 2013-09-28 18:29 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\Windows Live Writer
2013-09-28 18:29 - 2013-09-28 18:29 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Local\Windows Live Writer
2013-09-27 20:20 - 2013-09-27 20:20 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2013-09-27 20:20 - 2013-09-27 20:20 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\OpenOffice
2013-09-27 20:19 - 2013-09-27 20:19 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-09-27 20:10 - 2013-09-27 20:13 - 163606685 _____ C:\Users\Michael Schoenball\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de.exe
2013-09-27 11:40 - 2013-09-27 13:22 - 00000000 ____D C:\Users\Michael Schoenball\Desktop\Lieder 30 WFD
2013-09-27 11:26 - 2013-09-19 22:09 - 16999796 ____C C:\Users\Michael Schoenball\Downloads\jens_kober1 - Kopie.jpg.tif
2013-09-26 09:56 - 2013-09-26 09:57 - 00000000 ____D C:\Users\Michael Schoenball\Downloads\Marie Kees fotos
2013-09-26 09:32 - 2013-09-26 09:32 - 02650026 _____ C:\Users\Michael Schoenball\Downloads\awfotos30jahrewfd.zip
2013-09-26 09:29 - 2013-09-26 09:29 - 00010460 _____ C:\Users\Michael Schoenball\Downloads\rooming list academic orchestra 2013.xlsx
2013-09-23 14:39 - 2013-09-30 11:57 - 00001051 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-19 22:07 - 2013-09-19 22:09 - 16999796 _____ C:\Users\Michael Schoenball\Downloads\jens_kober1.tif
2013-09-19 12:38 - 2013-09-23 14:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-17 15:06 - 2013-09-17 15:08 - 05216044 _____ C:\Users\Michael Schoenball\Downloads\cusanus2.wav
2013-09-16 13:05 - 2013-09-16 13:05 - 00007898 _____ C:\Users\Michael Schoenball\Downloads\Raster Bühnenprogramm.odt
2013-09-16 01:18 - 2013-09-16 01:19 - 00000000 ____D C:\Users\Michael Schoenball\Documents\Initiativen, Kampagnen
2013-09-15 21:39 - 2013-09-15 21:39 - 97671483 _____ C:\windows\SysWOW64\Ꮆ㶊–
2013-09-15 15:40 - 2013-09-15 15:40 - 00000000 ____D C:\FRST
2013-09-15 15:30 - 2013-09-15 15:30 - 00000000 ____D C:\windows\ERUNT
2013-09-15 15:24 - 2013-09-30 20:35 - 00000000 ____D C:\AdwCleaner
2013-09-14 01:52 - 2013-09-14 01:52 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Local\Google
2013-09-14 01:50 - 2013-09-14 01:50 - 00000000 ____D C:\Program Files (x86)\1clickmoviedownloader.com
2013-09-12 10:42 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-09-12 10:42 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-09-12 10:42 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-09-12 10:42 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-09-12 10:42 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-09-12 10:42 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-09-12 10:42 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-09-12 10:42 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-09-12 10:42 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-09-12 10:42 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-09-12 10:42 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-09-12 10:42 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-09-12 10:42 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-09-12 10:42 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-09-12 10:42 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-12 09:36 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-09-12 09:36 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-09-12 09:36 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-09-12 09:36 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-09-12 09:36 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-09-12 09:36 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-09-12 09:36 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-09-12 09:36 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-09-12 09:36 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-09-12 09:36 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-09-12 09:36 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-09-12 09:36 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-09-12 09:36 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-09-12 09:36 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-09-12 09:36 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-09-12 09:36 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-09-11 09:37 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-09-11 09:37 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys
2013-09-11 09:37 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-09-11 09:37 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2013-09-11 09:37 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2013-09-11 09:37 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2013-09-11 09:37 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2013-09-11 09:37 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2013-09-11 09:37 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2013-09-11 09:37 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2013-09-11 09:37 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2013-09-11 09:37 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2013-09-11 09:37 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2013-09-11 09:37 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2013-09-11 09:37 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2013-09-11 09:37 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2013-09-11 09:37 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2013-09-11 09:37 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2013-09-11 09:37 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2013-09-11 09:37 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2013-09-11 09:37 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2013-09-11 09:37 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-11 09:37 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2013-09-11 09:37 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2013-09-11 09:37 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2013-09-11 09:37 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll
2013-09-11 09:20 - 2013-09-12 00:12 - 97181529 _____ C:\windows\SysWOW64\䌾懚X
2013-09-10 23:54 - 2013-09-29 19:53 - 00000000 ____D C:\ProgramData\Avira
2013-09-10 23:51 - 2013-09-10 23:51 - 02092792 _____ C:\Users\Michael Schoenball\Downloads\avira_free_4052_antivirus.exe
2013-09-04 11:59 - 2013-09-04 11:59 - 00019212 _____ C:\Users\Michael Schoenball\Documents\Trinksprüche.odt

==================== One Month Modified Files and Folders =======

2013-09-30 20:58 - 2013-09-30 20:58 - 00000855 _____ C:\Users\Michael Schoenball\Desktop\JRT.txt
2013-09-30 20:48 - 2009-07-14 06:45 - 00020720 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-30 20:48 - 2009-07-14 06:45 - 00020720 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-30 20:43 - 2013-09-30 20:43 - 01030305 _____ (Thisisu) C:\Users\Michael Schoenball\Desktop\JRT.exe
2013-09-30 20:38 - 2012-02-28 16:29 - 00000000 ___RD C:\Users\Michael Schoenball\Dropbox
2013-09-30 20:38 - 2012-02-28 16:26 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\Dropbox
2013-09-30 20:37 - 2013-09-30 20:37 - 00001291 _____ C:\Users\Michael Schoenball\Desktop\AdwCleaner[S3].txt
2013-09-30 20:37 - 2011-10-28 11:41 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Local\SoftThinks
2013-09-30 20:37 - 2011-10-22 23:53 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-09-30 20:36 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-09-30 20:36 - 2009-07-14 06:51 - 00092198 _____ C:\windows\setupact.log
2013-09-30 20:35 - 2013-09-15 15:24 - 00000000 ____D C:\AdwCleaner
2013-09-30 20:35 - 2011-10-22 22:33 - 01632784 _____ C:\windows\WindowsUpdate.log
2013-09-30 20:30 - 2013-09-30 20:30 - 00003288 ____N C:\bootsqm.dat
2013-09-30 20:30 - 2010-11-21 05:47 - 00391790 _____ C:\windows\PFRO.log
2013-09-30 20:29 - 2013-09-30 20:29 - 00000000 __SHD C:\found.000
2013-09-30 20:15 - 2013-09-30 20:15 - 00001111 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-30 20:15 - 2013-09-30 20:15 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\Malwarebytes
2013-09-30 20:15 - 2013-09-30 20:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-30 20:15 - 2013-09-30 20:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-30 20:15 - 2013-09-30 20:14 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Michael Schoenball\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-30 20:12 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF
2013-09-30 19:28 - 2013-02-14 20:59 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-09-30 12:35 - 2011-12-23 22:59 - 00000000 ____D C:\windows\System32\Tasks\Games
2013-09-30 12:35 - 2009-07-14 05:20 - 00000000 ____D C:\windows\rescache
2013-09-30 12:04 - 2013-06-03 23:22 - 00003440 _____ C:\windows\System32\Tasks\PCDEventLauncherTask
2013-09-30 11:57 - 2013-09-23 14:39 - 00001051 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-30 11:57 - 2011-10-28 11:45 - 00001023 _____ C:\Users\Michael Schoenball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-30 11:56 - 2013-09-30 11:56 - 01042066 _____ C:\Users\Michael Schoenball\Desktop\adwcleaner_3.0.0.5.exe
2013-09-30 11:33 - 2013-09-29 19:46 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-09-30 11:24 - 2013-07-20 12:26 - 00000000 ____D C:\windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-09-30 10:19 - 2013-09-30 10:19 - 00030022 _____ C:\ComboFix.txt
2013-09-30 10:19 - 2013-09-30 10:07 - 00000000 ____D C:\Qoobox
2013-09-30 10:19 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-09-30 10:17 - 2013-09-30 10:07 - 00000000 ____D C:\windows\erdnt
2013-09-30 10:16 - 2009-07-14 04:34 - 00000215 _____ C:\windows\system.ini
2013-09-30 10:06 - 2013-09-30 10:06 - 00009719 _____ C:\Users\Michael Schoenball\Desktop\ESTAScan druckvorlage.odt
2013-09-30 10:01 - 2011-10-23 01:23 - 10912608 _____ C:\windows\system32\perfh007.dat
2013-09-30 10:01 - 2011-10-23 01:23 - 03447482 _____ C:\windows\system32\perfc007.dat
2013-09-30 10:01 - 2009-07-14 07:13 - 00006756 _____ C:\windows\system32\PerfStringBackup.INI
2013-09-30 10:00 - 2013-09-30 10:00 - 05131234 ____R (Swearware) C:\Users\Michael Schoenball\Desktop\ComboFix.exe
2013-09-30 09:58 - 2013-09-29 20:57 - 00000095 _____ C:\Users\Michael Schoenball\AppData\Roaming\WB.CFG
2013-09-30 09:58 - 2013-09-29 20:57 - 00000005 _____ C:\Users\Michael Schoenball\AppData\Roaming\WBPU-TTL.DAT
2013-09-29 20:07 - 2013-09-29 20:06 - 00053591 _____ C:\Users\Michael Schoenball\Downloads\FRST.txt
2013-09-29 20:02 - 2013-09-29 20:02 - 01953880 _____ (Farbar) C:\Users\Michael Schoenball\Desktop\FRST64.exe
2013-09-29 19:53 - 2013-09-10 23:54 - 00000000 ____D C:\ProgramData\Avira
2013-09-29 19:46 - 2013-09-29 19:46 - 00749248 _____ C:\Users\Michael Schoenball\Downloads\ZipExtractorSetup.exe
2013-09-29 19:43 - 2013-09-29 19:24 - 00060510 _____ C:\Users\Michael Schoenball\Downloads\Extras.Txt
2013-09-29 19:23 - 2013-09-29 19:23 - 00112384 _____ C:\Users\Michael Schoenball\Downloads\OTL.Txt
2013-09-29 18:41 - 2013-09-29 18:41 - 00602112 _____ (OldTimer Tools) C:\Users\Michael Schoenball\Downloads\OTL.exe
2013-09-28 18:29 - 2013-09-28 18:29 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\Windows Live Writer
2013-09-28 18:29 - 2013-09-28 18:29 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Local\Windows Live Writer
2013-09-28 18:23 - 2011-10-28 11:41 - 00068552 _____ C:\Users\Michael Schoenball\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-28 18:22 - 2009-07-14 06:45 - 00303664 _____ C:\windows\system32\FNTCACHE.DAT
2013-09-28 00:39 - 2011-11-10 01:42 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\SoftGrid Client
2013-09-27 20:20 - 2013-09-27 20:20 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2013-09-27 20:20 - 2013-09-27 20:20 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\OpenOffice
2013-09-27 20:19 - 2013-09-27 20:19 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-09-27 20:18 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-09-27 20:13 - 2013-09-27 20:10 - 163606685 _____ C:\Users\Michael Schoenball\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de.exe
2013-09-27 13:22 - 2013-09-27 11:40 - 00000000 ____D C:\Users\Michael Schoenball\Desktop\Lieder 30 WFD
2013-09-26 09:57 - 2013-09-26 09:56 - 00000000 ____D C:\Users\Michael Schoenball\Downloads\Marie Kees fotos
2013-09-26 09:32 - 2013-09-26 09:32 - 02650026 _____ C:\Users\Michael Schoenball\Downloads\awfotos30jahrewfd.zip
2013-09-26 09:29 - 2013-09-26 09:29 - 00010460 _____ C:\Users\Michael Schoenball\Downloads\rooming list academic orchestra 2013.xlsx
2013-09-23 14:39 - 2013-09-19 12:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-22 10:40 - 2012-06-10 19:28 - 00000000 ____D C:\Users\Michael Schoenball\Documents\Theologische Texte Impulse
2013-09-21 12:11 - 2013-06-03 23:22 - 00000000 ____D C:\Program Files\My Dell
2013-09-21 12:11 - 2012-03-06 16:00 - 00000000 ____D C:\ProgramData\PCDr
2013-09-20 11:28 - 2013-02-14 20:59 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-09-20 11:28 - 2013-02-14 20:59 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-20 11:28 - 2013-02-14 20:59 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-09-19 22:09 - 2013-09-27 11:26 - 16999796 ____C C:\Users\Michael Schoenball\Downloads\jens_kober1 - Kopie.jpg.tif
2013-09-19 22:09 - 2013-09-19 22:07 - 16999796 _____ C:\Users\Michael Schoenball\Downloads\jens_kober1.tif
2013-09-19 13:39 - 2011-10-28 16:49 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Local\Mozilla
2013-09-17 15:08 - 2013-09-17 15:06 - 05216044 _____ C:\Users\Michael Schoenball\Downloads\cusanus2.wav
2013-09-16 13:05 - 2013-09-16 13:05 - 00007898 _____ C:\Users\Michael Schoenball\Downloads\Raster Bühnenprogramm.odt
2013-09-16 01:22 - 2012-09-26 22:29 - 00000000 ____D C:\Users\Michael Schoenball\Documents\Noten
2013-09-16 01:20 - 2013-04-19 16:51 - 00000000 ____D C:\Users\Michael Schoenball\Documents\Cusanuswerk
2013-09-16 01:19 - 2013-09-16 01:18 - 00000000 ____D C:\Users\Michael Schoenball\Documents\Initiativen, Kampagnen
2013-09-15 21:39 - 2013-09-15 21:39 - 97671483 _____ C:\windows\SysWOW64\Ꮆ㶊–
2013-09-15 15:40 - 2013-09-15 15:40 - 00000000 ____D C:\FRST
2013-09-15 15:30 - 2013-09-15 15:30 - 00000000 ____D C:\windows\ERUNT
2013-09-14 10:11 - 2013-02-14 20:59 - 00002592 _____ C:\windows\SysWOW64\InstallUtil.InstallLog
2013-09-14 09:59 - 2011-10-28 11:45 - 00000000 ___RD C:\Users\Michael Schoenball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-14 09:59 - 2011-10-28 11:45 - 00000000 ___RD C:\Users\Michael Schoenball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-14 01:52 - 2013-09-14 01:52 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Local\Google
2013-09-14 01:50 - 2013-09-14 01:50 - 00000000 ____D C:\Program Files (x86)\1clickmoviedownloader.com
2013-09-12 09:36 - 2011-11-10 01:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-09-12 00:12 - 2013-09-11 09:20 - 97181529 _____ C:\windows\SysWOW64\䌾懚X
2013-09-10 23:51 - 2013-09-10 23:51 - 02092792 _____ C:\Users\Michael Schoenball\Downloads\avira_free_4052_antivirus.exe
2013-09-04 16:15 - 2012-11-05 00:12 - 00000000 ____D C:\Users\Michael Schoenball\Documents\Collegium musicum
2013-09-04 11:59 - 2013-09-04 11:59 - 00019212 _____ C:\Users\Michael Schoenball\Documents\Trinksprüche.odt

Some content of TEMP:
====================
C:\Users\Michael Schoenball\AppData\Local\Temp\Quarantine.exe
C:\Users\Michael Schoenball\AppData\Local\Temp\uninst1.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-21 13:45

==================== End Of Log ============================
--- --- ---


bis bald
micha

Alt 01.10.2013, 16:24   #8
schrauber
/// the machine
/// TB-Ausbilder
 
Windows7: Infektion mit Ihavenet - Standard

Windows7: Infektion mit Ihavenet



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.10.2013, 07:03   #9
michasnet
 
Windows7: Infektion mit Ihavenet - Standard

Windows7: Infektion mit Ihavenet


Morgen Schrauber,

hier die gewünschten Dokumente:
1. Eset Scan:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=2ff1b64f210ea540a9aa5c3101c7b9e0
# engine=15326
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-02 12:13:12
# local_time=2013-10-02 02:13:12 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 5985677 132302642 0 0
# scanned=237403
# found=2
# cleaned=0
# scan_time=8382
sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir"
sh=87F8768AB4E6928E8309BB01EB309EFBF197DF1C ft=1 fh=c71c0011f7276225 vn="a variant of Win32/Kryptik.BKJD trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Michael Schoenball\AppData\Roaming\msfeedsbsh.dll.vir"
2. Checkup:
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.73  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Trend Micro Titanium Internet Security   
 Antivirus out of date! (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java(TM) 6 Update 22  
 Java(TM) 6 Update 27  
 Java version out of Date! 
 Adobe Flash Player 11.8.800.168  
 Mozilla Firefox (24.0) 
````````Process Check: objlist.exe by Laurent````````  
 Trend Micro AMSP coreServiceShell.exe  
 Trend Micro UniClient UiFrmWrk uiWatchDog.exe 
 Trend Micro AMSP coreFrameworkHost.exe  
 Trend Micro UniClient UiFrmWrk uiSeAgnt.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
und noch der Standart:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02
Ran by Michael Schoenball (administrator) on MICHAELSCHOENBA on 02-10-2013 07:58:45
Running from C:\Users\Michael Schoenball\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Validity Sensors, Inc.) C:\Windows\system32\vcsFPService.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
(Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\CxUtilSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
(Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\SmartAudio3.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
() C:\Users\Michael Schoenball\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe
(Dropbox, Inc.) C:\Users\Michael Schoenball\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SA3\SACpl.exe [1573504 2011-06-24] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780968 2011-04-30] (Synaptics Incorporated)
HKLM\...\Run: [FreeFallProtection] - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-28] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [192520 2011-05-21] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1119392 2011-05-21] (Trend Micro Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-26] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-16] (Adobe Systems Incorporated)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\Michael Schoenball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CNET TechTracker.lnk
ShortcutTarget: CNET TechTracker.lnk -> C:\Users\Michael Schoenball\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe ()
Startup: C:\Users\Michael Schoenball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Michael Schoenball\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Michael Schoenball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

ProxyServer: proxy.drsintra.de:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\TmIEPlg.dll (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\TmIEPlg32.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Michael Schoenball\AppData\Roaming\Mozilla\Firefox\Profiles\8h0eeyhr.default-1380534715240
FF Homepage: hxxp://www.ecosia.org
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\firefoxextension\
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\firefoxextension\
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [hpomcmndppalndoljdilmfkkjkcnongl] - C:\Program Files (x86)\1clickmoviedownloader.com\clickmoviedownloader10.crx
CHR HKLM-x32\...\Chrome\Extension: [pkhojieggfgllhllcegoffdcnmdeojgb] - C:\Program Files (x86)\IminentToolbar\1.8.25.0\iminent.crx

==================== Services (Whitelisted) =================

R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [28288 2011-06-24] (Conexant Systems, Inc.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-28] ()
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]

==================== Drivers (Whitelisted) ====================

R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90896 2011-05-21] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144656 2011-05-21] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [69392 2011-05-21] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2011-05-21] (Trend Micro Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-02 07:58 - 2013-10-02 07:58 - 00001050 _____ C:\Users\Michael Schoenball\Desktop\checkup.txt
2013-10-02 07:55 - 2013-10-02 07:55 - 00891144 _____ C:\Users\Michael Schoenball\Desktop\SecurityCheck.exe
2013-10-01 23:46 - 2013-10-01 23:46 - 02347384 _____ (ESET) C:\Users\Michael Schoenball\Downloads\esetsmartinstaller_enu.exe
2013-09-30 20:43 - 2013-09-30 20:43 - 01030305 _____ (Thisisu) C:\Users\Michael Schoenball\Desktop\JRT.exe
2013-09-30 20:29 - 2013-09-30 20:29 - 00000000 __SHD C:\found.000
2013-09-30 20:15 - 2013-09-30 20:15 - 00001111 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-30 20:15 - 2013-09-30 20:15 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\Malwarebytes
2013-09-30 20:15 - 2013-09-30 20:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-30 20:15 - 2013-09-30 20:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-30 20:15 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-09-30 20:14 - 2013-09-30 20:15 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Michael Schoenball\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-30 11:56 - 2013-09-30 11:56 - 01042066 _____ C:\Users\Michael Schoenball\Desktop\adwcleaner_3.0.0.5.exe
2013-09-30 10:19 - 2013-09-30 10:19 - 00030022 _____ C:\ComboFix.txt
2013-09-30 10:07 - 2013-09-30 10:19 - 00000000 ____D C:\Qoobox
2013-09-30 10:07 - 2013-09-30 10:17 - 00000000 ____D C:\windows\erdnt
2013-09-30 10:07 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2013-09-30 10:07 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2013-09-30 10:07 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-09-30 10:07 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-09-30 10:07 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-09-30 10:07 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2013-09-30 10:07 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2013-09-30 10:07 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2013-09-30 10:06 - 2013-09-30 10:06 - 00009719 _____ C:\Users\Michael Schoenball\Desktop\ESTAScan druckvorlage.odt
2013-09-30 10:00 - 2013-09-30 10:00 - 05131234 ____R (Swearware) C:\Users\Michael Schoenball\Desktop\ComboFix.exe
2013-09-29 20:57 - 2013-09-30 09:58 - 00000095 _____ C:\Users\Michael Schoenball\AppData\Roaming\WB.CFG
2013-09-29 20:57 - 2013-09-30 09:58 - 00000005 _____ C:\Users\Michael Schoenball\AppData\Roaming\WBPU-TTL.DAT
2013-09-29 20:06 - 2013-09-29 20:07 - 00053591 _____ C:\Users\Michael Schoenball\Downloads\FRST.txt
2013-09-29 20:02 - 2013-09-29 20:02 - 01953880 _____ (Farbar) C:\Users\Michael Schoenball\Desktop\FRST64.exe
2013-09-29 19:46 - 2013-09-30 11:33 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-09-29 19:46 - 2013-09-29 19:46 - 00749248 _____ C:\Users\Michael Schoenball\Downloads\ZipExtractorSetup.exe
2013-09-29 19:24 - 2013-09-29 19:43 - 00060510 _____ C:\Users\Michael Schoenball\Downloads\Extras.Txt
2013-09-29 19:23 - 2013-09-29 19:23 - 00112384 _____ C:\Users\Michael Schoenball\Downloads\OTL.Txt
2013-09-29 18:41 - 2013-09-29 18:41 - 00602112 _____ (OldTimer Tools) C:\Users\Michael Schoenball\Downloads\OTL.exe
2013-09-28 18:29 - 2013-09-28 18:29 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\Windows Live Writer
2013-09-28 18:29 - 2013-09-28 18:29 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Local\Windows Live Writer
2013-09-27 20:20 - 2013-09-27 20:20 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2013-09-27 20:20 - 2013-09-27 20:20 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\OpenOffice
2013-09-27 20:19 - 2013-09-27 20:19 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-09-27 20:10 - 2013-09-27 20:13 - 163606685 _____ C:\Users\Michael Schoenball\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de.exe
2013-09-27 11:40 - 2013-09-27 13:22 - 00000000 ____D C:\Users\Michael Schoenball\Desktop\Lieder 30 WFD
2013-09-27 11:26 - 2013-09-19 22:09 - 16999796 ____C C:\Users\Michael Schoenball\Downloads\jens_kober1 - Kopie.jpg.tif
2013-09-26 09:56 - 2013-09-26 09:57 - 00000000 ____D C:\Users\Michael Schoenball\Downloads\Marie Kees fotos
2013-09-26 09:32 - 2013-09-26 09:32 - 02650026 _____ C:\Users\Michael Schoenball\Downloads\awfotos30jahrewfd.zip
2013-09-26 09:29 - 2013-09-26 09:29 - 00010460 _____ C:\Users\Michael Schoenball\Downloads\rooming list academic orchestra 2013.xlsx
2013-09-23 14:39 - 2013-09-30 11:57 - 00001051 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-19 22:07 - 2013-09-19 22:09 - 16999796 _____ C:\Users\Michael Schoenball\Downloads\jens_kober1.tif
2013-09-19 12:38 - 2013-09-23 14:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-17 15:06 - 2013-09-17 15:08 - 05216044 _____ C:\Users\Michael Schoenball\Downloads\cusanus2.wav
2013-09-16 13:05 - 2013-09-16 13:05 - 00007898 _____ C:\Users\Michael Schoenball\Downloads\Raster Bühnenprogramm.odt
2013-09-16 01:18 - 2013-09-16 01:19 - 00000000 ____D C:\Users\Michael Schoenball\Documents\Initiativen, Kampagnen
2013-09-15 21:39 - 2013-09-15 21:39 - 97671483 _____ C:\windows\SysWOW64\Ꮆ㶊–
2013-09-15 15:40 - 2013-09-15 15:40 - 00000000 ____D C:\FRST
2013-09-15 15:30 - 2013-09-15 15:30 - 00000000 ____D C:\windows\ERUNT
2013-09-15 15:24 - 2013-09-30 20:35 - 00000000 ____D C:\AdwCleaner
2013-09-14 01:52 - 2013-09-14 01:52 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Local\Google
2013-09-14 01:50 - 2013-09-14 01:50 - 00000000 ____D C:\Program Files (x86)\1clickmoviedownloader.com
2013-09-12 10:42 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-09-12 10:42 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-09-12 10:42 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-09-12 10:42 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-09-12 10:42 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-09-12 10:42 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-09-12 10:42 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-09-12 10:42 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-09-12 10:42 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-09-12 10:42 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-09-12 10:42 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-09-12 10:42 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-09-12 10:42 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-09-12 10:42 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-09-12 10:42 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-12 09:36 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-09-12 09:36 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-09-12 09:36 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-09-12 09:36 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-09-12 09:36 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-09-12 09:36 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-09-12 09:36 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-09-12 09:36 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-09-12 09:36 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-09-12 09:36 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-09-12 09:36 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-09-12 09:36 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-09-12 09:36 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-09-12 09:36 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-09-12 09:36 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-09-12 09:36 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-09-11 09:37 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-09-11 09:37 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys
2013-09-11 09:37 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-09-11 09:37 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2013-09-11 09:37 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2013-09-11 09:37 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2013-09-11 09:37 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2013-09-11 09:37 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2013-09-11 09:37 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2013-09-11 09:37 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2013-09-11 09:37 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2013-09-11 09:37 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2013-09-11 09:37 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2013-09-11 09:37 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2013-09-11 09:37 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2013-09-11 09:37 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2013-09-11 09:37 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2013-09-11 09:37 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2013-09-11 09:37 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2013-09-11 09:37 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2013-09-11 09:37 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2013-09-11 09:37 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 09:37 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-11 09:37 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2013-09-11 09:37 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2013-09-11 09:37 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2013-09-11 09:37 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll
2013-09-11 09:20 - 2013-09-12 00:12 - 97181529 _____ C:\windows\SysWOW64\䌾懚X
2013-09-10 23:54 - 2013-09-29 19:53 - 00000000 ____D C:\ProgramData\Avira
2013-09-10 23:51 - 2013-09-10 23:51 - 02092792 _____ C:\Users\Michael Schoenball\Downloads\avira_free_4052_antivirus.exe
2013-09-04 11:59 - 2013-09-04 11:59 - 00019212 _____ C:\Users\Michael Schoenball\Documents\Trinksprüche.odt

==================== One Month Modified Files and Folders =======

2013-10-02 07:58 - 2013-10-02 07:58 - 00001050 _____ C:\Users\Michael Schoenball\Desktop\checkup.txt
2013-10-02 07:56 - 2011-10-22 22:33 - 01659949 _____ C:\windows\WindowsUpdate.log
2013-10-02 07:55 - 2013-10-02 07:55 - 00891144 _____ C:\Users\Michael Schoenball\Desktop\SecurityCheck.exe
2013-10-02 07:49 - 2013-02-14 20:59 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-10-01 23:49 - 2011-10-23 01:23 - 10972496 _____ C:\windows\system32\perfh007.dat
2013-10-01 23:49 - 2011-10-23 01:23 - 03467146 _____ C:\windows\system32\perfc007.dat
2013-10-01 23:49 - 2009-07-14 07:13 - 00006756 _____ C:\windows\system32\PerfStringBackup.INI
2013-10-01 23:46 - 2013-10-01 23:46 - 02347384 _____ (ESET) C:\Users\Michael Schoenball\Downloads\esetsmartinstaller_enu.exe
2013-10-01 23:42 - 2012-06-10 19:28 - 00000000 ____D C:\Users\Michael Schoenball\Documents\Theologische Texte Impulse
2013-10-01 10:40 - 2009-07-14 06:45 - 00020720 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-01 10:40 - 2009-07-14 06:45 - 00020720 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-01 10:32 - 2012-02-28 16:29 - 00000000 ___RD C:\Users\Michael Schoenball\Dropbox
2013-10-01 10:32 - 2012-02-28 16:26 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\Dropbox
2013-10-01 10:31 - 2011-10-28 11:41 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Local\SoftThinks
2013-10-01 10:31 - 2011-10-22 23:53 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-10-01 10:30 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-10-01 10:30 - 2009-07-14 06:51 - 00092254 _____ C:\windows\setupact.log
2013-09-30 20:43 - 2013-09-30 20:43 - 01030305 _____ (Thisisu) C:\Users\Michael Schoenball\Desktop\JRT.exe
2013-09-30 20:35 - 2013-09-15 15:24 - 00000000 ____D C:\AdwCleaner
2013-09-30 20:30 - 2010-11-21 05:47 - 00391790 _____ C:\windows\PFRO.log
2013-09-30 20:29 - 2013-09-30 20:29 - 00000000 __SHD C:\found.000
2013-09-30 20:15 - 2013-09-30 20:15 - 00001111 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-30 20:15 - 2013-09-30 20:15 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\Malwarebytes
2013-09-30 20:15 - 2013-09-30 20:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-30 20:15 - 2013-09-30 20:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-30 20:15 - 2013-09-30 20:14 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Michael Schoenball\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-30 20:12 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF
2013-09-30 12:35 - 2011-12-23 22:59 - 00000000 ____D C:\windows\System32\Tasks\Games
2013-09-30 12:35 - 2009-07-14 05:20 - 00000000 ____D C:\windows\rescache
2013-09-30 12:04 - 2013-06-03 23:22 - 00003440 _____ C:\windows\System32\Tasks\PCDEventLauncherTask
2013-09-30 11:57 - 2013-09-23 14:39 - 00001051 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-30 11:57 - 2011-10-28 11:45 - 00001023 _____ C:\Users\Michael Schoenball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-30 11:56 - 2013-09-30 11:56 - 01042066 _____ C:\Users\Michael Schoenball\Desktop\adwcleaner_3.0.0.5.exe
2013-09-30 11:33 - 2013-09-29 19:46 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-09-30 11:24 - 2013-07-20 12:26 - 00000000 ____D C:\windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-09-30 10:19 - 2013-09-30 10:19 - 00030022 _____ C:\ComboFix.txt
2013-09-30 10:19 - 2013-09-30 10:07 - 00000000 ____D C:\Qoobox
2013-09-30 10:19 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-09-30 10:17 - 2013-09-30 10:07 - 00000000 ____D C:\windows\erdnt
2013-09-30 10:16 - 2009-07-14 04:34 - 00000215 _____ C:\windows\system.ini
2013-09-30 10:06 - 2013-09-30 10:06 - 00009719 _____ C:\Users\Michael Schoenball\Desktop\ESTAScan druckvorlage.odt
2013-09-30 10:00 - 2013-09-30 10:00 - 05131234 ____R (Swearware) C:\Users\Michael Schoenball\Desktop\ComboFix.exe
2013-09-30 09:58 - 2013-09-29 20:57 - 00000095 _____ C:\Users\Michael Schoenball\AppData\Roaming\WB.CFG
2013-09-30 09:58 - 2013-09-29 20:57 - 00000005 _____ C:\Users\Michael Schoenball\AppData\Roaming\WBPU-TTL.DAT
2013-09-29 20:07 - 2013-09-29 20:06 - 00053591 _____ C:\Users\Michael Schoenball\Downloads\FRST.txt
2013-09-29 20:02 - 2013-09-29 20:02 - 01953880 _____ (Farbar) C:\Users\Michael Schoenball\Desktop\FRST64.exe
2013-09-29 19:53 - 2013-09-10 23:54 - 00000000 ____D C:\ProgramData\Avira
2013-09-29 19:46 - 2013-09-29 19:46 - 00749248 _____ C:\Users\Michael Schoenball\Downloads\ZipExtractorSetup.exe
2013-09-29 19:43 - 2013-09-29 19:24 - 00060510 _____ C:\Users\Michael Schoenball\Downloads\Extras.Txt
2013-09-29 19:23 - 2013-09-29 19:23 - 00112384 _____ C:\Users\Michael Schoenball\Downloads\OTL.Txt
2013-09-29 18:41 - 2013-09-29 18:41 - 00602112 _____ (OldTimer Tools) C:\Users\Michael Schoenball\Downloads\OTL.exe
2013-09-28 18:29 - 2013-09-28 18:29 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\Windows Live Writer
2013-09-28 18:29 - 2013-09-28 18:29 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Local\Windows Live Writer
2013-09-28 18:23 - 2011-10-28 11:41 - 00068552 _____ C:\Users\Michael Schoenball\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-28 18:22 - 2009-07-14 06:45 - 00303664 _____ C:\windows\system32\FNTCACHE.DAT
2013-09-28 00:39 - 2011-11-10 01:42 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\SoftGrid Client
2013-09-27 20:20 - 2013-09-27 20:20 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2013-09-27 20:20 - 2013-09-27 20:20 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Roaming\OpenOffice
2013-09-27 20:19 - 2013-09-27 20:19 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-09-27 20:18 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-09-27 20:13 - 2013-09-27 20:10 - 163606685 _____ C:\Users\Michael Schoenball\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de.exe
2013-09-27 13:22 - 2013-09-27 11:40 - 00000000 ____D C:\Users\Michael Schoenball\Desktop\Lieder 30 WFD
2013-09-26 09:57 - 2013-09-26 09:56 - 00000000 ____D C:\Users\Michael Schoenball\Downloads\Marie Kees fotos
2013-09-26 09:32 - 2013-09-26 09:32 - 02650026 _____ C:\Users\Michael Schoenball\Downloads\awfotos30jahrewfd.zip
2013-09-26 09:29 - 2013-09-26 09:29 - 00010460 _____ C:\Users\Michael Schoenball\Downloads\rooming list academic orchestra 2013.xlsx
2013-09-23 14:39 - 2013-09-19 12:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-21 12:11 - 2013-06-03 23:22 - 00000000 ____D C:\Program Files\My Dell
2013-09-21 12:11 - 2012-03-06 16:00 - 00000000 ____D C:\ProgramData\PCDr
2013-09-20 11:28 - 2013-02-14 20:59 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-09-20 11:28 - 2013-02-14 20:59 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-20 11:28 - 2013-02-14 20:59 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-09-19 22:09 - 2013-09-27 11:26 - 16999796 ____C C:\Users\Michael Schoenball\Downloads\jens_kober1 - Kopie.jpg.tif
2013-09-19 22:09 - 2013-09-19 22:07 - 16999796 _____ C:\Users\Michael Schoenball\Downloads\jens_kober1.tif
2013-09-19 13:39 - 2011-10-28 16:49 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Local\Mozilla
2013-09-17 15:08 - 2013-09-17 15:06 - 05216044 _____ C:\Users\Michael Schoenball\Downloads\cusanus2.wav
2013-09-16 13:05 - 2013-09-16 13:05 - 00007898 _____ C:\Users\Michael Schoenball\Downloads\Raster Bühnenprogramm.odt
2013-09-16 01:22 - 2012-09-26 22:29 - 00000000 ____D C:\Users\Michael Schoenball\Documents\Noten
2013-09-16 01:20 - 2013-04-19 16:51 - 00000000 ____D C:\Users\Michael Schoenball\Documents\Cusanuswerk
2013-09-16 01:19 - 2013-09-16 01:18 - 00000000 ____D C:\Users\Michael Schoenball\Documents\Initiativen, Kampagnen
2013-09-15 21:39 - 2013-09-15 21:39 - 97671483 _____ C:\windows\SysWOW64\Ꮆ㶊–
2013-09-15 15:40 - 2013-09-15 15:40 - 00000000 ____D C:\FRST
2013-09-15 15:30 - 2013-09-15 15:30 - 00000000 ____D C:\windows\ERUNT
2013-09-14 10:11 - 2013-02-14 20:59 - 00002592 _____ C:\windows\SysWOW64\InstallUtil.InstallLog
2013-09-14 09:59 - 2011-10-28 11:45 - 00000000 ___RD C:\Users\Michael Schoenball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-14 09:59 - 2011-10-28 11:45 - 00000000 ___RD C:\Users\Michael Schoenball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-14 01:52 - 2013-09-14 01:52 - 00000000 ____D C:\Users\Michael Schoenball\AppData\Local\Google
2013-09-14 01:50 - 2013-09-14 01:50 - 00000000 ____D C:\Program Files (x86)\1clickmoviedownloader.com
2013-09-12 09:36 - 2011-11-10 01:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-09-12 00:12 - 2013-09-11 09:20 - 97181529 _____ C:\windows\SysWOW64\䌾懚X
2013-09-10 23:51 - 2013-09-10 23:51 - 02092792 _____ C:\Users\Michael Schoenball\Downloads\avira_free_4052_antivirus.exe
2013-09-04 16:15 - 2012-11-05 00:12 - 00000000 ____D C:\Users\Michael Schoenball\Documents\Collegium musicum
2013-09-04 11:59 - 2013-09-04 11:59 - 00019212 _____ C:\Users\Michael Schoenball\Documents\Trinksprüche.odt

Some content of TEMP:
====================
C:\Users\Michael Schoenball\AppData\Local\Temp\Quarantine.exe
C:\Users\Michael Schoenball\AppData\Local\Temp\uninst1.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-01 15:23

==================== End Of Log ============================
--- --- ---


Bis bald
micha

Alt 02.10.2013, 19:29   #10
schrauber
/// the machine
/// TB-Ausbilder
 
Windows7: Infektion mit Ihavenet - Standard

Windows7: Infektion mit Ihavenet


Java updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
2013-09-29 19:46 - 2013-09-30 11:33 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-09-29 19:46 - 2013-09-29 19:46 - 00749248 _____ C:\Users\Michael Schoenball\Downloads\ZipExtractorSetup.exe
C:\Program Files\Enigma Software Group

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.10.2013, 20:10   #11
michasnet
 
Windows7: Infektion mit Ihavenet - Standard

Windows7: Infektion mit Ihavenet


Hallo Schrauber,

hat alles ohne Probleme funktioniert. Danke!
Dann hier noch der Lesestoff:
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by Michael Schoenball at 2013-10-03 21:04:30 Run:1
Running from C:\Users\Michael Schoenball\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
2013-09-29 19:46 - 2013-09-30 11:33 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-09-29 19:46 - 2013-09-29 19:46 - 00749248 _____ C:\Users\Michael Schoenball\Downloads\ZipExtractorSetup.exe
C:\Program Files\Enigma Software Group
*****************

esgiguard => Service not found.
"C:\Program Files (x86)\BonanzaDeals" => File/Directory not found.
"C:\Users\Michael Schoenball\Downloads\ZipExtractorSetup.exe" => File/Directory not found.
"C:\Program Files\Enigma Software Group" => File/Directory not found.

==== End of Fixlog ====
Vielen Dank dir schon mal für deine Mühen! Der Laptop wirkt jetzt wieder grundgereinigt.
Welches Antivirenprogramm würdest du denn empfehlen? Ich habe schon gehört, Avira soll nicht so toll sein....
herzliche Grüße
micha

Alt 04.10.2013, 02:13   #12
schrauber
/// the machine
/// TB-Ausbilder
 
Windows7: Infektion mit Ihavenet - Standard

Windows7: Infektion mit Ihavenet


Ich empfehle immer Emsisoft

Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.10.2013, 17:26   #13
michasnet
 
Windows7: Infektion mit Ihavenet - Standard

Windows7: Infektion mit Ihavenet


Vielen vielen Dank!

Antwort

Themen zu Windows7: Infektion mit Ihavenet
.com, adware.installbrain, adware.whilokii, checkliste, computer, einfach, forum, hängen, hängt, internet explorer, langsamer, laptop, pup.optional.iminent.a, pup.optional.qvo6.a, pup.optionalbundleinstaller.a, suchergebnisse, suchmaschine, umgeleitet, win32/adware.yontoo.b, win32/kryptik.bkjd, windows, wirklich


« Lanman Workstation und Lanman Server | TR/ATRAPS.Gen2 in Windows 7 »


Ähnliche Themen: Windows7: Infektion mit Ihavenet


  1. Windows7 (64bit) : "Ads by TheTorntvs V11-1" Adware-Infektion
    Plagegeister aller Art und deren Bekämpfung - 26.02.2015 (11)
  2. Avast: Infektion blockiert , Infektion: URL:Mal (bei Ebay.de)
    Plagegeister aller Art und deren Bekämpfung - 21.05.2014 (3)
  3. Windows7: Windows-Sicherheitscenterdienst kann nicht gestartet werden und Google-Suche wurde zu ihavenet umgeleitet
    Log-Analyse und Auswertung - 06.02.2014 (21)
  4. Ihavenet - Virus
    Log-Analyse und Auswertung - 17.11.2013 (6)
  5. Qvo6-Infektion unter Windows7
    Log-Analyse und Auswertung - 12.11.2013 (11)
  6. ihavenet virus
    Log-Analyse und Auswertung - 09.10.2013 (28)
  7. 2x | Ihavenet - Virus
    Mülltonne - 30.09.2013 (1)
  8. IHAVENET-virus??
    Plagegeister aller Art und deren Bekämpfung - 30.09.2013 (12)
  9. ihavenet trojaner WINDOWS7
    Log-Analyse und Auswertung - 29.08.2013 (9)
  10. ihavenet auf XP
    Log-Analyse und Auswertung - 27.08.2013 (11)
  11. Probleme mit ihavenet.com
    Plagegeister aller Art und deren Bekämpfung - 19.12.2012 (23)
  12. ihavenet.com II
    Plagegeister aller Art und deren Bekämpfung - 19.12.2012 (11)
  13. ihavenet.com
    Plagegeister aller Art und deren Bekämpfung - 18.12.2012 (48)
  14. Ihavenet.com
    Log-Analyse und Auswertung - 27.11.2012 (5)
  15. Infektion durch ihavenet Virus
    Plagegeister aller Art und deren Bekämpfung - 26.11.2012 (1)
  16. ihavenet trojaner
    Plagegeister aller Art und deren Bekämpfung - 23.11.2012 (21)
  17. Ihavenet.com Browser Hijacker- bei Googlesuche öffnen sich andere Seiten (Weiterleitung über Ihavenet.com)
    Log-Analyse und Auswertung - 21.11.2012 (13)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows7: Infektion mit Ihavenet - Hallo ihr alle! Ich hoffe, ich hab die Checkliste beachtet und das Thema hängt jetzt nicht irgendwo...bin nämlich neu hier. von daher nochmal Hallo an alle! Nachdem es mich jetzt - Windows7: Infektion mit Ihavenet...
Archiv
Du betrachtest: Windows7: Infektion mit Ihavenet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54