Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Bin ich befallen?

Bin ich befallen?


Plagegeister aller Art und deren Bekämpfung: Bin ich befallen?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 21.10.2013, 15:07   #5
Zearat
 
Bin ich befallen? - Standard

Bin ich befallen?


ich brauch keine angst haben?
das klingt schonmal gut^^

aber mir macht das "IP-Adresse: 25.175.214.130 (England)
Provider: DINSA, Ministry of Defence"

immernoch angst o.O
und die anderen ip's hab ich nicht überprüft sonst bekomm ich noch mehr angst^^

und wenn ich einen proxy hab
wo ist er dann?
wieso weiß ich nix davon? xD
wtf?
zählt "tor" als proxy?
ansonsten wüsste ich nix was oder wo hier ein proxy sein könnte.. :/
wär nett wenn du mir das sagst^^ bzw mich aufklärst xD

hier die 3 logs

und vielen dank nochmal


ComcoFix:

Code:
ATTFilter
ComboFix 13-10-19.02 - Legendary 21.10.2013  15:08:44.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.6135.4704 [GMT 2:00]
ausgeführt von:: c:\users\Legendary\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Common Files\337
c:\program files (x86)\Common Files\337\libcef\1.1364.1123\icudt.dll
c:\program files (x86)\Common Files\337\libcef\1.1364.1123\libcef.dll
c:\program files (x86)\Common Files\337\libcef\1.1364.1123\locales\en-US.pak
c:\users\Legendary\AppData\Local\assembly\tmp
c:\users\Legendary\AppData\Roaming\0ad
c:\users\Legendary\AppData\Roaming\0ad\config\user.cfg
c:\windows\ST6UNST.000
c:\windows\SysWow64\frapsvid.dll
c:\windows\SysWow64\tmpD03A.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-09-21 bis 2013-10-21  ))))))))))))))))))))))))))))))
.
.
2013-10-21 13:12 . 2013-10-21 13:12	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-10-20 16:30 . 2013-10-20 16:30	--------	d-----w-	C:\FRST
2013-10-19 19:57 . 2013-10-19 19:57	231376	----a-w-	c:\windows\system32\drivers\truecrypt.sys
2013-10-19 18:50 . 2013-10-19 18:50	--------	d-----w-	c:\users\UpdatusUser.Godlike
2013-10-19 18:50 . 2013-05-12 20:34	6491936	----a-w-	c:\windows\system32\nvcpl.dll
2013-10-19 18:50 . 2013-05-12 20:34	3514656	----a-w-	c:\windows\system32\nvsvc64.dll
2013-10-19 18:50 . 2013-05-12 20:34	884512	----a-w-	c:\windows\system32\nvvsvc.exe
2013-10-19 18:50 . 2013-05-12 20:34	63776	----a-w-	c:\windows\system32\nvshext.dll
2013-10-19 18:50 . 2013-05-12 20:34	2555680	----a-w-	c:\windows\system32\nvsvcr.dll
2013-10-19 18:50 . 2013-05-12 20:34	237856	----a-w-	c:\windows\system32\nvmctray.dll
2013-10-19 18:49 . 2013-05-12 21:42	61216	----a-w-	c:\windows\system32\OpenCL.dll
2013-10-19 18:49 . 2013-05-12 21:42	53024	----a-w-	c:\windows\SysWow64\OpenCL.dll
2013-10-19 18:49 . 2013-10-19 18:49	--------	d-----w-	c:\programdata\NVIDIA Corporation
2013-10-19 18:46 . 2013-10-19 18:46	--------	d-----w-	C:\NVIDIA
2013-10-19 04:45 . 2013-10-20 17:53	--------	d-----w-	c:\program files (x86)\WinZipper
2013-10-19 04:45 . 2013-10-20 17:52	--------	d-----w-	c:\users\Legendary\AppData\Roaming\WinZipper
2013-10-19 04:42 . 2013-10-19 04:45	--------	d-----w-	c:\program files (x86)\Desk 365
2013-10-19 04:42 . 2013-10-19 04:44	--------	d-----w-	c:\users\Legendary\AppData\Roaming\Desk 365
2013-10-13 15:20 . 2013-10-13 15:20	33344	----a-w-	c:\windows\system32\drivers\hamachi.sys
2013-10-13 15:15 . 2013-10-13 17:31	--------	d-----w-	c:\users\Legendary\AppData\Roaming\Hamachi
2013-10-12 04:46 . 2013-10-12 04:46	--------	d-----w-	c:\users\Legendary\AppData\Local\LogMeIn
2013-10-12 04:46 . 2013-10-12 04:46	--------	d-----w-	c:\programdata\LogMeIn
2013-10-12 04:45 . 2013-10-20 17:55	--------	d-----w-	c:\users\Legendary\AppData\Local\LogMeIn Hamachi
2013-10-10 19:36 . 2013-10-10 19:36	283064	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2013-10-09 15:25 . 2013-10-09 15:25	--------	d-----w-	c:\program files\7-Zip
2013-09-29 12:21 . 2013-09-29 12:21	--------	d-----w-	c:\programdata\Oracle
2013-09-29 12:21 . 2013-09-29 12:21	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-09-29 12:21 . 2013-09-29 12:21	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-21 12:31 . 2013-07-18 09:37	6172	----a-w-	c:\windows\system32\PerfStringBackup.TMP
2013-10-14 14:09 . 2012-03-30 21:46	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-14 14:09 . 2011-05-19 19:05	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-29 12:21 . 2012-07-04 22:29	868264	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-09-29 12:21 . 2011-02-03 07:25	790440	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-09-04 12:19 . 2013-05-02 09:40	81112	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-09-04 12:19 . 2013-03-28 03:26	132088	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-09-04 12:19 . 2013-03-28 03:26	105344	----a-w-	c:\windows\system32\drivers\avgntflt.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"TBPanel"="c:\program files (x86)\Vtune\TBPanel.exe" [2009-10-05 2158592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-09-17 1310720]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2009-03-20 1904640]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-09-04 347192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R4 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\OverwolfUpdater.exe;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 TeamViewer5;TeamViewer 5;d:\programme\TeamViewer\Version5\TeamViewer_Service.exe;d:\programme\TeamViewer\Version5\TeamViewer_Service.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [x]
S2 MBAMScheduler;MBAMScheduler;d:\programme\Malwarebytes' Anti-Malware\mbamscheduler.exe;d:\programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;d:\programme\Malwarebytes' Anti-Malware\mbamservice.exe;d:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S3 busenum;SteelBusSvc;c:\windows\system32\DRIVERS\SteelBus64.sys;c:\windows\SYSNATIVE\DRIVERS\SteelBus64.sys [x]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusb.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MCfilt;MCfilt;c:\windows\system32\drivers\MCfilt64.sys;c:\windows\SYSNATIVE\drivers\MCfilt64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys;c:\windows\SYSNATIVE\DRIVERS\teamviewervpn.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - PROCEXP152
.
Inhalt des "geplante Tasks" Ordners
.
2013-10-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2596776126-4250540403-3625636861-1000Core.job
- c:\users\Legendary\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-31 20:50]
.
2013-10-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2596776126-4250540403-3625636861-1000UA.job
- c:\users\Legendary\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-31 20:50]
.
2013-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-03 09:41]
.
2013-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-03 09:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local;<local>
uInternet Settings,ProxyServer = 0.0.0.0:80
FF - ProfilePath - c:\users\Legendary\AppData\Roaming\Mozilla\Firefox\Profiles\v58uzs8w.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112555&tt=290412_4_vs&babsrc=KW_ss&mntrId=78f0b59200000000000000ff61e755ce&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-10-18 15:34; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\Legendary\AppData\Roaming\Mozilla\Firefox\Profiles\v58uzs8w.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - user.js: extensions.claro.id - 78f0b59200000000000000ffaa8f1781
FF - user.js: extensions.claro.instlDay - 15569
FF - user.js: extensions.claro.vrsn - 1.6.4.1
FF - user.js: extensions.claro.vrsni - 1.6.4.1
FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.114:40
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - iclaro
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2596776126-4250540403-3625636861-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2596776126-4250540403-3625636861-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-10-21  15:14:06
ComboFix-quarantined-files.txt  2013-10-21 13:14
.
Vor Suchlauf: 10 Verzeichnis(se), 64.155.492.352 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 63.914.229.760 Bytes frei
.
- - End Of File - - 069C2489B0ED1E77AA6726FB868B7D17
A36C5E4F47E84449FF07ED3517B43A31

AdwCleaber:

Code:
ATTFilter
# AdwCleaner v3.010 - Bericht erstellt am 21/10/2013 um 15:47:32
# Updated 20/10/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzername : Legendary - GODLIKE
# Gestartet von : C:\Users\Legendary\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

[!] Ordner Gelöscht : C:\Program Files (x86)\Desk 365
[!] Ordner Gelöscht : C:\Program Files (x86)\WinZipper
[!] Ordner Gelöscht : C:\Users\Legendary\AppData\Roaming\Desk 365
[!] Ordner Gelöscht : C:\Users\Legendary\AppData\Roaming\Media Finder
[!] Ordner Gelöscht : C:\Users\Legendary\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
[!] Ordner Gelöscht : C:\Users\Legendary\AppData\Roaming\Systweak
[!] Ordner Gelöscht : C:\Users\Legendary\AppData\Roaming\WinZipper
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Legendary\AppData\Roaming\Mozilla\Firefox\Profiles\v58uzs8w.default\foxydeal.sqlite
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\Legendary\AppData\Roaming\Mozilla\Firefox\Profiles\v58uzs8w.default\user.js
Datei Gelöscht : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASMANCS
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_the-elder-scrolls-iv-oblivion_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_the-elder-scrolls-iv-oblivion_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_xpadder_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_xpadder_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_monopoly-3_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_monopoly-3_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_windows-live-messenger_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_windows-live-messenger_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\lollipop
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\YourFileDownloader
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Desksvc
Schlüssel Gelöscht : HKLM\Software\Uniblue\DriverScanner
Schlüssel Gelöscht : HKLM\Software\V9
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DomaIQ

***** [ Browser ] *****

-\\ Internet Explorer v8.0.7600.16700


-\\ Mozilla Firefox v11.0 (de)

[ Datei : C:\Users\Legendary\AppData\Roaming\Mozilla\Firefox\Profiles\v58uzs8w.default\prefs.js ]

Zeile gelöscht : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Zeile gelöscht : user_pref("browser.search.order.1", "Search the web (Babylon)");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112555&tt=290412_4_vs&babsrc=NT_ss&mntrId=78f0b59200000000000000ff61e755ce");
Zeile gelöscht : user_pref("extensions.claro.admin", false);
Zeile gelöscht : user_pref("extensions.claro.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.claro.dfltLng", "en");
Zeile gelöscht : user_pref("extensions.claro.excTlbr", false);
Zeile gelöscht : user_pref("extensions.claro.id", "78f0b59200000000000000ffaa8f1781");
Zeile gelöscht : user_pref("extensions.claro.instlDay", "15569");
Zeile gelöscht : user_pref("extensions.claro.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.claro.prdct", "claro");
Zeile gelöscht : user_pref("extensions.claro.prtnrId", "claro");
Zeile gelöscht : user_pref("extensions.claro.tlbrId", "iclaro");
Zeile gelöscht : user_pref("extensions.claro.vrsn", "1.6.4.1");
Zeile gelöscht : user_pref("extensions.claro.vrsni", "1.6.4.1");
Zeile gelöscht : user_pref("extensions.claro_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.claro_i.vrsnTs", "1.6.4.114:40:26");
Zeile gelöscht : user_pref("extensions.crossrider.bic", "141cf0a0112989110264d712db233270");
Zeile gelöscht : user_pref("extensions.gencrawler@some.com.install-event-fired", true);
Zeile gelöscht : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=112555&tt=290412_4_vs&babsrc=KW_ss&mntrId=78f0b59200000000000000ff61e755ce&q=");

*************************

AdwCleaner[R0].txt - [6512 octets] - [21/10/2013 15:36:34]
AdwCleaner[S0].txt - [6099 octets] - [21/10/2013 15:47:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6159 octets] ##########

JRT:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Home Premium x64
Ran by Legendary on 21.10.2013 at 15:54:47,21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Babylon Toolbar by Visicom uninstall_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Babylon Toolbar by Visicom uninstall_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\MyBabylonTBVS4_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\MyBabylonTBVS4_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Babylon Toolbar by Visicom uninstall_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Babylon Toolbar by Visicom uninstall_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\MyBabylonTBVS4_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\MyBabylonTBVS4_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{0241C56D-A87A-4FD2-80D9-B52C9C8C7A2F}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{0548D9C2-7640-40D4-A373-E6510B1B13A0}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{07624605-98D6-4ECA-BDBF-64C86B86738A}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{079ECB50-D24D-45BA-AEFE-68D388C75087}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{09B1497F-B5DB-4787-B2A9-ACB8BCC1CC68}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{0C8725E3-02E5-476A-816D-FE9F79058163}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{0C8E72DE-5C47-4635-9D07-941957D20403}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{122A0A55-4B97-4427-B358-8E423189E0ED}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{12BB08EC-46F1-400F-80F5-CE1129D170C1}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{1343B5C1-AA3D-4231-A201-57AC4B90C12C}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{178FABE6-83CB-465C-8F2C-C6ACF87E7F2A}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{17DB4173-9847-4791-9C49-DC014961DD8A}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{18805EA7-18E2-4D66-9E41-DDF6D17716BD}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{19B8DEF7-35F3-49B8-853B-526096C16BE0}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{1DB8B49D-180E-4F97-B389-6F5D209ECA18}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{2166D6DD-D7D7-4654-9029-4AAC03D486E2}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{24986039-EB45-43E3-B1FF-F0D654925699}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{27DA666A-E8EC-428E-B6EF-D37D4F946039}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{284E8125-99C8-4885-9FF0-73B75CCA8FC7}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{2B15AEDD-98CF-4CF6-A5B0-DACDB7E8C66D}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{2E6990FB-4097-41CE-B0E0-6A7222385BE1}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{32EB1D7E-13A8-41D1-B503-579AA817AA5B}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{33A4495B-F590-4FBE-ABCB-53607B287332}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{354F19CB-D297-407D-9742-3093FD08F5FC}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{35E62630-B56F-454E-A052-D2F248073053}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{37EDCFFA-E086-4D77-B8FF-FFD81A8A028B}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{38734CDE-AFFB-4C40-8489-11A1B8B1131B}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{3922F4D9-E6FF-4F97-BDA1-6B49639E2B1D}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{39905953-F1BD-428D-891E-E01BD0E036EA}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{39F0DB27-3371-4D76-8418-8CA700E73C24}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{3B577C3A-2367-433F-8C2C-788630366767}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{3B893033-7E47-49EE-9F72-51A166851351}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{3CD89AED-A040-47BD-8141-8C5932B6DF55}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{3DF80913-25E7-463F-884A-8D20279087D5}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{3FA944F5-DE9C-485F-B38B-53C11E215FF5}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{427B085D-F3A8-4B7F-B3A9-4B46E818424B}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{42E955DC-E6E7-4FB1-96FC-62C0FC27156E}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{431603B4-0A4A-425E-AD80-D1269C0C318B}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{4451EC75-D7A9-4FF6-87A1-49B35C865121}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{455D5493-33A1-49AD-9854-18C79564A657}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{4792C8C4-72E0-4CD7-8BED-DD223289B7C2}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{49333DC7-B0FD-4EC8-A9D1-BAE34D370CCA}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{4E86F001-11FA-47B1-9D0B-A2ED51BBFF67}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{4FB42234-7711-42D5-B597-9C25227C81DA}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{5217BB09-65D0-4E19-A6EF-F6CFD6243B38}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{52AD4D57-2428-4C00-BF90-7C7E00AA0E21}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{57D06E18-D6D0-43EF-8B36-509B1B337251}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{5CDAE36B-FC10-4685-8D73-03A4495ED89E}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{5EF4F8DB-E6F1-4552-BD3D-1D6D3DC221D0}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{629F3EBC-02B7-45C1-A0E1-0FDB257D5493}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{62B327AA-5B01-4C8D-82EA-B4DD89BD3465}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{661B3FB6-F0AC-4645-8FE6-0653EB84EF52}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{66E7DDD9-E3CE-447C-9499-737694182E58}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{75222397-F290-448A-B82B-16E4E60A3BFB}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{7619BF5C-637A-4461-92F5-18804144658D}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{76379371-29E9-40D1-8CD7-372B50D5947C}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{7D525B4D-D31C-4C9B-BBB9-D1229A0B0AD1}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{83B05DBC-1950-4BE2-BBC9-8D2C975915D0}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{83BD8EE8-CAD0-483D-B1D0-14AC05C9A05E}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{867C00E9-2474-4B27-941C-DC61E744B664}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{883EBD53-5235-47E9-949C-2D419002910B}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{8BF40BC3-1838-40BC-A4DB-8A557E57987E}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{8BFD534C-C96C-403F-AC20-B2C3F1154EC7}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{8FEAB879-2AC6-4D58-8372-DD0598048EC7}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{9090CC1A-445D-4160-8102-A29B77B7240B}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{928AF18D-4A40-480C-8209-8FB1A4B6C985}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{97C8B6FD-C7B6-41F2-9568-77A2151AA01C}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{99A9E508-BFD7-417D-8FB7-95CCC5906F37}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{9E4C4AE0-85A1-4274-8CD5-002DFABC35B7}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{9EE296B7-0EF8-4B05-85CC-4AD153EF14C5}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{A0305B4D-C6D1-4B1E-8216-18FDCB36317C}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{A2663284-6AF9-464C-B0BF-982643831572}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{A3D33C92-2AA3-44BE-80B0-DFCC955641A8}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{A4A3D66D-FB7C-4FED-9916-DE1D158F10AD}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{A653B9DB-9E53-4249-8BE4-23CE54B55359}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{A8137471-3C4C-499D-B4DA-FAE2A59276C0}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{AA15E11C-0C96-403E-AA82-37F2EB3CC450}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{AA525556-FD48-4A27-B7A5-3ED63CFD1955}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{AB652B70-03A7-427D-9CB6-DED7E9744DDF}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{AD8A0A0C-1215-473C-BCF6-8BD1B51A00BC}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{B38E846D-D0F3-4FF1-9C6A-5AF50546E100}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{B9F996C1-082D-4535-8280-3555278F14D5}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{BA13883A-9CB7-41E4-AAD5-7318D5AE67A6}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{BA93E6A5-3413-4026-8736-CB33AA6CAEFF}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{BD144172-C18E-44E0-8C1F-140682D8403C}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{BFA86951-BAEC-46C2-A62B-1E3937512F00}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{C1A80C6B-4369-4477-BDEF-41EE51AB38D3}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{C360D610-105D-464E-84CB-E7BA0A459729}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{C46A54A9-6B7D-40A2-9331-A80CC40F5E30}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{C5AFB7B0-31AE-4CE8-8AF2-8A0F59F22F06}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{C5DDAF80-1E67-421B-81E7-9834957F5942}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{C8086E73-D2FF-40BA-A9B4-A29BE5E2C941}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{C9DD5528-E70B-4F08-957D-E7F5C6B13B6D}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{D028FFCE-34EE-4529-87B6-D5E7EDFC2E51}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{D24FC331-1E6E-4B5E-BB54-8E78AA88EDD7}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{D31FBF16-5B0E-40CA-BE30-6BA6C3C44E98}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{D75CBA78-A595-4003-B3B3-F07FF541087F}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{D932A5A6-7657-4D68-8664-88CB5BA76612}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{DC685E59-30A2-4469-B8B5-17015EB30386}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{E35C1C42-BD0D-45F0-8E71-0F6EF706F102}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{E42B7C06-C301-4C94-85D3-33A62DBEABDE}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{E69EAF3B-764F-4379-8473-BB868336E288}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{E7EBA629-39D1-4B50-8952-DB4E0C9B6DB2}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{E9E1F181-8CED-464B-A586-68047E155DD9}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{EB0D896B-F902-4B6F-A2FD-8FD72399B2C8}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{F0A2222C-848E-4688-ABE0-A719D7B36074}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{F4519813-1D9D-4575-8815-B805DBAA2048}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{F4A169CF-C524-4838-B1BC-CBF6A28FCBF8}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{F6411C65-2DBF-45E9-AA71-3A6F16A80A9E}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{F8EBC487-BCE7-484F-B0D7-62DD7801F869}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{FAB9430C-984C-4B81-95BF-764EBE4FD851}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{FE082742-021C-4B86-9474-F32E82677A9B}
Successfully deleted: [Empty Folder] C:\Users\Legendary\appdata\local\{FE9FB8D0-0EC1-4BBA-8C58-C5938AD5B557}



~~~ FireFox

Emptied folder: C:\Users\Legendary\AppData\Roaming\mozilla\firefox\profiles\v58uzs8w.default\minidumps [4 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.10.2013 at 15:58:20,48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Edit:
übrigens wenn ich beim anmeldefenster unten links auf die erleichterte bedienung klicke kommt nichtmehr das eingabeaufforderungsfenster :/
da kommt dann ein fenster mit 5 auswahlmöglichkeiten
zbs bildschirmlupe und so ein schmarn :P
wie bekomm ich meine eingabeaufforderung wieder da hin? xD
danke

Geändert von Zearat (21.10.2013 um 15:17 Uhr)

 

Themen zu Bin ich befallen?
anderem, ausspioniert, befallen, befehl, folge, folgende, komische, link, netstat, noob, sache, sachen, screenshot, tagen, unbemerkt, video, virus, wissen


« Computer ist langsam, fährt von selbst runter und öffnet von alleine andauernd irgednweclhe Internetseiten unteranderem Virenbekämpfungsprog | Windows 7: I have net-Problematik am PC »


Ähnliche Themen: Bin ich befallen?


  1. Internet befallen...
    Plagegeister aller Art und deren Bekämpfung - 02.12.2013 (9)
  2. vbs.facebook PC befallen?
    Log-Analyse und Auswertung - 26.08.2013 (13)
  3. Pc mit Virus befallen
    Plagegeister aller Art und deren Bekämpfung - 21.05.2011 (13)
  4. PC von Alureon H befallen!
    Plagegeister aller Art und deren Bekämpfung - 01.10.2010 (13)
  5. ALH.exe befallen?
    Plagegeister aller Art und deren Bekämpfung - 26.02.2010 (1)
  6. von Schädling befallen?
    Log-Analyse und Auswertung - 05.08.2009 (1)
  7. PC von Viren befallen!!!
    Plagegeister aller Art und deren Bekämpfung - 11.07.2009 (4)
  8. System befallen?
    Log-Analyse und Auswertung - 15.04.2009 (18)
  9. System befallen?
    Log-Analyse und Auswertung - 16.03.2009 (0)
  10. MSN Vire / IE , MF befallen :s
    Log-Analyse und Auswertung - 13.02.2009 (1)
  11. Von Keylogger befallen
    Log-Analyse und Auswertung - 29.01.2009 (0)
  12. Befallen??
    Mülltonne - 13.11.2008 (0)
  13. Pc ist befallen?!?
    Log-Analyse und Auswertung - 17.09.2008 (4)
  14. PC befallen was nun ?
    Plagegeister aller Art und deren Bekämpfung - 14.07.2008 (11)
  15. bin ich befallen ???
    Log-Analyse und Auswertung - 25.02.2008 (1)
  16. TCP und UDP Protokole befallen!!
    Mülltonne - 20.10.2007 (1)
  17. Hilfe!!! Pc Befallen
    Plagegeister aller Art und deren Bekämpfung - 02.06.2007 (7)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Bin ich befallen? - ich brauch keine angst haben? das klingt schonmal gut^^ aber mir macht das "IP-Adresse: 25.175.214.130 (England) Provider: DINSA, Ministry of Defence" immernoch angst o.O und die anderen ip's hab ich - Bin ich befallen?...
Archiv
Du betrachtest: Bin ich befallen? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131