| |
| |||||||
Log-Analyse und Auswertung: Spybot scannt cnnt.searchbar, win32.eyeon.ie, virtumonde, tdss,... entfernt aber nichtsWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
27.01.2015, 19:00
| #1 |
| |  Spybot scannt cnnt.searchbar, win32.eyeon.ie, virtumonde, tdss,... entfernt aber nichts Liebes Trojaner-Board-Team, Spybot hielt sich lange an einer datei auf und dann habe ich mal zugeschaut und alles was mir seltsam rausgeschrieben und zum teil gegoogelt: win32.agent.dll, win32.tdss, win32.rootkit.gen, cnnt.searchbar, virtumonde (dll und sci), win32.gbdialer, fraud.sysguard, mypoints, cydoor, eblaster, win32.eyeon.ie, search. centrix, pornbho.ru, win32.smallbke,.. und das sind nur meine zufallsbeobachtungen!!  zunächst eine verständnisfrage: sind die sachen (zb win32.eyeon), die spybot scannt bereits auf meinem laptop oder überprüft er meinen laptop OB diese sachen drauf sind? - egal wie oft ich spybot drüber laufen lasse, er findet immer die selben 3-4 probleme: SPYBOT S&D Code:
ATTFilter [i] 15-01-27 17:58:17
[i] 15-01-27 17:58:17 Product MS Direct3D
[+] 15-01-27 17:58:17 Moving into quarantine HKEY_USERS\S-1-5-21-2004147135-30526615-2880431150-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name
[+] 15-01-27 17:58:17 Successfully cleaned HKEY_USERS\S-1-5-21-2004147135-30526615-2880431150-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name
[i] 15-01-27 17:58:17
[i] 15-01-27 17:58:17 Product MS DirectDraw
[+] 15-01-27 17:58:17 Moving into quarantine HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
[+] 15-01-27 17:58:17 Successfully cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
[i] 15-01-27 17:58:17
[i] 15-01-27 17:58:17 Product MS Wordpad
[+] 15-01-27 17:58:17 Moving into quarantine HKEY_USERS\S-1-5-21-2004147135-30526615-2880431150-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List
[+] 15-01-27 17:58:18 Successfully cleaned HKEY_USERS\S-1-5-21-2004147135-30526615-2880431150-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List
[i] 15-01-27 17:58:18
[i] 15-01-27 17:58:18 Product Windows
[+] 15-01-27 17:58:18 Moving into quarantine HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
[+] 15-01-27 17:58:18 Moving into quarantine HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
[+] 15-01-27 17:58:18 Successfully cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
[+] 15-01-27 17:58:18 Successfully cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
[i] 15-01-27 17:58:18
[i] 15-01-27 17:58:18 Product Cookie
[+] 15-01-27 17:58:18 Moving into quarantine Internet Explorer (Benutzer) (ML)Cookies
[+] 15-01-27 17:58:18 Successfully cleaned Internet Explorer (Benutzer) (ML)Cookies
[i] 15-01-27 17:58:18
[i] 15-01-27 17:58:18 Product Cache
[+] 15-01-27 17:58:18 Moving into quarantine Internet Explorer (Benutzer) (ML)Cache
[+] 15-01-27 17:58:19 Successfully cleaned Internet Explorer (Benutzer) (ML)Cache
[i] 15-01-27 17:58:19
[i] 15-01-27 17:58:19 Product Verlauf
[+] 15-01-27 17:58:19 Moving into quarantine Internet Explorer (Benutzer) (ML)History
[+] 15-01-27 17:58:19 Successfully cleaned Internet Explorer (Benutzer) (ML)History
[i] 15-01-27 17:58:19
[i] 15-01-27 17:58:19 Summary
[i] 15-01-27 17:58:19 Errors while cleaning 0
[i] 15-01-27 17:58:19 Files moved into quarantine 8
[i] 15-01-27 17:58:19 Files successfully cleaned 8
Code:
ATTFilter Search results from Spybot - Search & Destroy
27.01.2015 17:47:44
Scan took 01:19:59.
8 items found.
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2004147135-30526615-2880431150-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS Wordpad: [SBI $4C02334D] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2004147135-30526615-2880431150-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Cookie: [SBI $49804B54] Browser: Cookie (3) (Browser: Cookie, nothing done)
Cache: [SBI $49804B54] Browser: Cache (95) (Browser: Cache, nothing done)
Verlauf: [SBI $49804B54] Browser: History (12) (Browser: History, nothing done)
--- Spybot - Search & Destroy version: 2.3.39.131 DLL (build: 20140425) ---
2014-04-25 blindman.exe (2.3.39.151)
2014-04-25 explorer.exe (2.3.39.181)
2014-04-25 SDBootCD.exe (2.3.39.109)
2014-04-25 SDCleaner.exe (2.3.39.110)
2014-04-25 SDDelFile.exe (2.3.39.94)
2013-06-18 SDDisableProxy.exe
2014-04-25 SDFiles.exe (2.3.39.135)
2013-03-20 SDFileScanHelper.exe (2.1.16.1)
2014-04-25 SDFSSvc.exe (2.3.39.217)
2014-04-25 SDHelp.exe (2.3.39.1)
2014-04-25 SDHookHelper.exe (2.3.39.2)
2014-04-25 SDHookInst32.exe (2.3.39.2)
2014-04-25 SDHookInst64.exe (2.3.39.2)
2014-04-25 SDImmunize.exe (2.3.39.130)
2014-12-17 SDInformV2i-20141217.exe (1.0.0.0)
2014-04-25 SDLogReport.exe (2.3.39.107)
2014-04-25 SDOnAccess.exe (2.3.39.11)
2014-04-25 SDPESetup.exe (2.3.39.3)
2014-04-25 SDPEStart.exe (2.3.39.86)
2014-04-25 SDPhoneScan.exe (2.3.39.28)
2014-04-25 SDPRE.exe (2.3.39.22)
2014-04-25 SDPrepPos.exe (2.3.39.15)
2014-04-25 SDQuarantine.exe (2.3.39.103)
2014-04-25 SDRootAlyzer.exe (2.3.39.116)
2014-04-25 SDSBIEdit.exe (2.3.39.39)
2014-04-25 SDScan.exe (2.3.39.181)
2014-04-25 SDScript.exe (2.3.39.54)
2014-04-25 SDSettings.exe (2.3.39.139)
2014-04-25 SDShell.exe (2.3.39.2)
2014-04-25 SDShred.exe (2.3.39.108)
2014-04-25 SDSysRepair.exe (2.3.39.102)
2014-04-25 SDTools.exe (2.3.39.157)
2014-04-25 SDTray.exe (2.3.39.129)
2014-04-25 SDUpdate.exe (2.3.39.94)
2014-04-25 SDUpdSvc.exe (2.3.39.77)
2014-04-25 SDWelcome.exe (2.3.39.130)
2014-04-25 SDWSCSvc.exe (2.3.39.2)
2014-05-20 spybotsd2-install-bdcore-update.exe (2.3.39.0)
2014-07-28 spybotsd2-translation-es.exe (2.4.40.0)
2014-07-31 spybotsd2-translation-esx.exe
2013-06-19 spybotsd2-translation-frx.exe
2014-08-25 spybotsd2-translation-hux2.exe
2014-10-01 spybotsd2-translation-nlx2.exe
2014-11-05 spybotsd2-translation-ukx.exe
2014-05-29 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2014-04-25 NotificationSpreader.dll
2014-04-25 SDAdvancedCheckLibrary.dll (2.3.39.98)
2014-04-25 SDAV.dll
2014-04-25 SDECon32.dll (2.3.39.114)
2014-04-25 SDECon64.dll (2.3.39.113)
2014-04-25 SDEvents.dll (2.3.39.2)
2014-04-25 SDFileScanLibrary.dll (2.3.39.14)
2014-04-25 SDHook32.dll (2.3.39.2)
2014-04-25 SDHook64.dll (2.3.39.2)
2014-04-25 SDImmunizeLibrary.dll (2.3.39.2)
2014-04-25 SDLicense.dll (2.3.39.0)
2014-04-25 SDLists.dll (2.3.39.4)
2014-04-25 SDResources.dll (2.3.39.7)
2014-04-25 SDScanLibrary.dll (2.3.39.131)
2014-04-25 SDTasks.dll (2.3.39.15)
2013-12-19 SDWinLogon.dll (2.3.37.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2014-04-25 Tools.dll (2.3.39.36)
2014-03-05 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2015-01-21 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-11-14 Includes\Dialer-000.sbi (*)
2014-11-14 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-11-14 Includes\Hijackers-000.sbi (*)
2014-11-14 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-11-14 Includes\Keyloggers-000.sbi (*)
2014-09-24 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2014-11-14 Includes\Malware-000.sbi (*)
2014-11-14 Includes\Malware-001.sbi (*)
2014-11-14 Includes\Malware-002.sbi (*)
2014-11-14 Includes\Malware-003.sbi (*)
2014-11-14 Includes\Malware-004.sbi (*)
2014-11-14 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2015-01-06 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-11-14 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2015-01-21 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2014-11-14 Includes\Spyware-000.sbi (*)
2014-12-10 Includes\Spyware-001.sbi (*)
2015-01-14 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-11-14 Includes\Trojans-002.sbi (*)
2014-01-15 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2014-07-09 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-07-09 Includes\Trojans-008.sbi (*)
2014-07-09 Includes\Trojans-009.sbi (*)
2015-01-21 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-01-15 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
- obwohl ich eingestellt habe, dass die tabs der letzten firefoxsitzung angezeigt werden sollen tauchen sie seit gestern nicht mehr auf. - in der menüleiste im firefox (also rechts neben dem suchfenster) steht seit heute ein graues kästchen mit einem schwaren K ("virtual keyboard") - schwer zu beurteilen ob der laptop besonders beim seitenaufbau langsamer geworden ist, ich teile mir mit meinen nachbarn das wlan und da ist die verbindung meist langsam. hier die gewünschten logfiles: defogger (das ist nicht vollständig, oder?) Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:45 on 27/01/2015 (ML)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST64 Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by ML (administrator) on ML-PC on 27-01-2015 17:44:30
Running from C:\Users\ML\Downloads
Loaded Profiles: ML (Available profiles: ML)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avp.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\SmartAudio3.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avpui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSACCESS.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894640 2012-03-14] (ELAN Microelectronics Corp.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SA3\SACpl.exe [1654400 2012-02-21] (Conexant Systems, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [7520768 2012-04-26] (Dell Inc.)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2004147135-30526615-2880431150-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-2004147135-30526615-2880431150-1000\...\MountPoints2: {384f35d5-699e-11e2-b73a-ecc8e1959e2f} - F:\LaunchU3.exe
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\shellex.dll (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\shellex.dll (Kaspersky Lab ZAO)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-2004147135-30526615-2880431150-1000] => localhost:8080
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2004147135-30526615-2880431150-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\ML\AppData\Roaming\Mozilla\Firefox\Profiles\x49xq84s.default
FF DefaultSearchEngine: Ecosia
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\ML\AppData\Roaming\Mozilla\Firefox\Profiles\x49xq84s.default\user.js
FF SearchPlugin: C:\Users\ML\AppData\Roaming\Mozilla\Firefox\Profiles\x49xq84s.default\searchplugins\ecosia.xml
FF Extension: {040730a2-de14-41eb-81bc-b624bacdc69b} - C:\Users\ML\AppData\Roaming\Mozilla\Firefox\Profiles\x49xq84s.default\Extensions\{040730a2-de14-41eb-81bc-b624bacdc69b}.xpi [2014-12-07]
FF Extension: Adblock Plus - C:\Users\ML\AppData\Roaming\Mozilla\Firefox\Profiles\x49xq84s.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-14]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013-02-09]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-26]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-26]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-26]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [807672 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2013-01-29] (Conexant Systems, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [47504 2014-05-12] (Synaptics Incorporated)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [6292992 2012-04-26] (Dell Inc.) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-10-14] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [138280 2012-03-05] (Broadcom Corporation.)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2015-01-26] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [818888 2015-01-26] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2015-01-26] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-27 17:44 - 2015-01-27 17:46 - 00017408 _____ () C:\Users\ML\Downloads\FRST.txt
2015-01-27 17:44 - 2015-01-27 17:44 - 00000000 ____D () C:\FRST
2015-01-27 15:24 - 2015-01-27 17:30 - 00000000 ____D () C:\Users\ML\Documents\Daten Probat
2015-01-27 14:29 - 2015-01-27 14:29 - 00000064 _____ () C:\Users\ML\Documents\ProBat43.laccdb
2015-01-27 13:02 - 2015-01-27 13:02 - 00000056 _____ () C:\Windows\setupact.log
2015-01-27 13:02 - 2015-01-27 13:02 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-27 13:01 - 2015-01-27 13:04 - 00492416 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-27 13:01 - 2015-01-27 13:01 - 00001608 _____ () C:\Windows\PFRO.log
2015-01-26 21:14 - 2015-01-26 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2015-01-26 21:14 - 2015-01-26 21:13 - 00002053 _____ () C:\Users\Public\Desktop\Kaspersky Total Security.lnk
2015-01-26 21:12 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-01-26 21:11 - 2015-01-27 17:37 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-26 21:11 - 2015-01-26 21:11 - 00000000 ____D () C:\Windows\ELAMBKUP
2015-01-26 21:11 - 2015-01-26 21:11 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-01-26 21:10 - 2014-08-12 18:33 - 00246456 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-01-26 21:09 - 2015-01-26 21:10 - 02129920 _____ (Farbar) C:\Users\ML\Downloads\FRST64.exe
2015-01-26 20:49 - 2015-01-26 20:49 - 00000000 __SHD () C:\Users\ML\AppData\Local\EmieBrowserModeList
2015-01-26 20:37 - 2015-01-26 20:53 - 202843712 _____ (Kaspersky Lab) C:\Users\ML\Downloads\kts15.0.1.415en.exe
2015-01-26 20:09 - 2015-01-26 20:09 - 00145064 _____ () C:\Users\ML\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-26 20:03 - 2015-01-27 17:45 - 00000466 _____ () C:\Users\ML\Downloads\defogger_disable.log
2015-01-26 20:03 - 2015-01-26 20:03 - 00050477 _____ () C:\Users\ML\Downloads\Defogger.exe
2015-01-26 20:03 - 2015-01-26 20:03 - 00000000 _____ () C:\Users\ML\defogger_reenable
2015-01-26 17:43 - 2015-01-26 17:43 - 00000000 ____D () C:\Users\ML\AppData\Roaming\Safer Networking
2015-01-26 17:29 - 2015-01-26 17:30 - 37987520 _____ (Microsoft Corporation) C:\Users\ML\Downloads\Windows-KB890830-x64-V5.20.exe
2015-01-26 16:36 - 2015-01-26 16:37 - 00000796 _____ () C:\Users\ML\Documents\cc_cleaner änderung registry.reg
2015-01-26 14:23 - 2015-01-26 14:24 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-26 14:23 - 2015-01-26 14:23 - 00002766 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-26 14:23 - 2015-01-26 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-26 14:15 - 2015-01-26 14:19 - 05325808 _____ (Piriform Ltd) C:\Users\ML\Downloads\ccsetup502pro.exe
2015-01-26 14:04 - 2015-01-26 16:38 - 00000000 ____D () C:\AdwCleaner
2015-01-26 14:03 - 2015-01-26 14:03 - 02186752 _____ () C:\Users\ML\Downloads\adwcleaner_4.108.exe
2015-01-26 00:01 - 2015-01-27 15:45 - 225009664 _____ () C:\Users\ML\Documents\ProBat43.accdb
2015-01-25 23:48 - 2015-01-25 23:50 - 07406326 _____ () C:\Users\ML\Documents\ProBat43-Beispieldatensatz.zip
2015-01-25 23:48 - 2015-01-25 23:49 - 03355646 _____ () C:\Users\ML\Documents\ProBat43_und_Begleitdokumente.zip
2015-01-25 00:47 - 2015-01-25 00:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QGIS Brighton
2015-01-25 00:38 - 2015-01-25 00:47 - 00000000 ____D () C:\Program Files\QGIS Brighton
2015-01-21 18:06 - 2015-01-21 18:06 - 00010495 _____ () C:\Users\ML\Downloads\MaLa_elster_21.01.2015.pfx
2015-01-20 22:47 - 2014-07-30 21:23 - 00450709 _____ () C:\Windows\system32\Drivers\etc\hosts.20150120-224724.backup
2015-01-20 16:47 - 2015-01-27 13:48 - 00000000 ____D () C:\Users\ML\Documents\BatExplorer
2015-01-20 16:41 - 2015-01-20 16:48 - 00000000 ____D () C:\Users\ML\AppData\Local\GMap.NET
2015-01-20 16:41 - 2015-01-20 16:41 - 00000000 ____D () C:\Users\ML\AppData\Local\Elekon_AG
2015-01-20 16:40 - 2015-01-20 16:49 - 00001006 _____ () C:\Users\Public\Desktop\BatExplorer.lnk
2015-01-20 16:40 - 2015-01-20 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BatExplorer
2015-01-20 16:40 - 2015-01-20 16:40 - 00000000 ____D () C:\Users\Public\Documents\BatExplorer
2015-01-20 16:40 - 2015-01-20 16:40 - 00000000 ____D () C:\Program Files\Elekon AG
2015-01-18 12:13 - 2015-01-24 18:22 - 00000000 ____D () C:\ArGis Daten
2015-01-17 21:39 - 2015-01-17 21:39 - 00007597 _____ () C:\Users\ML\AppData\Local\Resmon.ResmonCfg
2015-01-17 12:30 - 2015-01-17 12:30 - 00006324 _____ () C:\Users\ML\UStVA2014_09_September_.elfo
2015-01-17 12:29 - 2015-01-17 12:29 - 00006324 _____ () C:\Users\ML\UStVA2014_08_August_.elfo
2015-01-17 12:27 - 2015-01-17 12:27 - 00006324 _____ () C:\Users\ML\UStVA2014_07_Juli_.elfo
2015-01-17 12:24 - 2015-01-25 15:52 - 00024612 _____ () C:\Users\ML\UStVA2014_06_Juni_.elfo
2015-01-15 16:15 - 2015-01-21 18:11 - 00022260 _____ () C:\Users\ML\UStVA2014_05_Mai_.elfo
2015-01-14 17:07 - 2015-01-14 17:07 - 00006068 _____ () C:\Users\ML\UStVA2014_12_Dezember_.elfo
2015-01-14 16:56 - 2015-01-14 16:56 - 00006180 _____ () C:\Users\ML\UStVA2014_11_November_r.elfo
2015-01-14 13:59 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 13:59 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 13:59 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 13:59 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 13:59 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 13:59 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 13:59 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 13:59 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 13:59 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 13:59 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 13:59 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 13:59 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 13:59 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 20:37 - 2015-01-14 14:33 - 00000000 ____D () C:\Users\ML\AppData\Local\.elfohilfe
2015-01-13 20:36 - 2015-01-13 20:36 - 00000000 ____D () C:\Users\ML\AppData\Roaming\elsterformular
2015-01-13 20:34 - 2015-01-13 20:34 - 00001464 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk
2015-01-13 20:34 - 2015-01-13 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
2015-01-13 20:34 - 2015-01-13 20:34 - 00000000 ____D () C:\ProgramData\elsterformular
2015-01-13 20:33 - 2015-01-13 20:34 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-13 20:31 - 2015-01-13 20:31 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2015-01-13 19:17 - 2015-01-13 20:00 - 215975048 _____ (Landesfinanzdirektion Thüringen) C:\Users\ML\Downloads\ElsterFormular-16.0.20150113k.exe
2015-01-01 22:00 - 2014-07-30 21:23 - 00450709 _____ () C:\Windows\system32\Drivers\etc\hosts.20150101-220031.backup
2015-01-01 21:59 - 2014-07-30 21:23 - 00450709 _____ () C:\Windows\system32\Drivers\etc\hosts.20150101-215937.backup
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-27 17:36 - 2014-07-05 20:19 - 00000000 ____D () C:\Users\ML\AppData\Roaming\vlc
2015-01-27 17:35 - 2013-06-17 18:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-27 14:22 - 2013-01-28 23:44 - 00000000 ____D () C:\Users\ML
2015-01-27 13:12 - 2009-07-14 05:45 - 00026304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-27 13:12 - 2009-07-14 05:45 - 00026304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-27 13:05 - 2014-07-30 21:39 - 00000000 ____D () C:\ProgramData\Validity
2015-01-27 13:02 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-27 12:57 - 2013-01-28 22:00 - 01695736 _____ () C:\Windows\WindowsUpdate.log
2015-01-26 22:47 - 2013-01-29 00:14 - 00000000 ____D () C:\Users\ML\AppData\Local\Microsoft Help
2015-01-26 21:35 - 2014-08-20 18:04 - 00818888 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-01-26 21:35 - 2014-08-13 19:34 - 00077512 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klwtp.sys
2015-01-26 21:34 - 2014-08-18 14:43 - 00150536 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-01-26 19:27 - 2009-07-14 18:58 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2015-01-26 19:27 - 2009-07-14 18:58 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2015-01-26 19:27 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-26 16:44 - 2013-08-14 16:58 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-26 16:28 - 2013-01-28 21:50 - 00000000 ____D () C:\Windows\Panther
2015-01-25 00:35 - 2013-06-17 18:26 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-25 00:35 - 2013-02-02 21:22 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 00:35 - 2013-02-02 21:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-20 22:20 - 2013-02-16 13:07 - 00000000 ____D () C:\Users\ML\AppData\Local\ESRI
2015-01-20 10:20 - 2014-01-02 15:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-15 14:24 - 2013-01-28 23:44 - 00001377 _____ () C:\Users\ML\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-12 13:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-08 09:55 - 2013-12-18 16:39 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-04 23:22 - 2013-06-15 22:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-31 13:12 - 2013-02-23 16:24 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-30 20:32 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-28 20:56 - 2014-05-29 11:12 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
==================== Files in the root of some directories =======
2015-01-17 21:39 - 2015-01-17 21:39 - 0007597 _____ () C:\Users\ML\AppData\Local\Resmon.ResmonCfg
Some content of TEMP:
====================
C:\Users\ML\AppData\Local\Temp\avgnt.exe
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\nsprs.dll
C:\Windows\SysWOW64\serauth1.dll
C:\Windows\SysWOW64\serauth2.dll
C:\Windows\SysWOW64\ssprs.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-24 14:12
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by ML at 2015-01-27 17:46:56
Running from C:\Users\ML\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Kaspersky Total Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Total Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Kaspersky Total Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.01) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.01 - Adobe Systems Incorporated)
Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Any DWG DXF Converter 2010 (HKLM-x32\...\Any DWG DXF Converter_is1) (Version: - AnyDWG Software, Inc.)
BatExplorer Version 1.10.4.0 (HKLM\...\{F9D54139-4C52-4E35-A95B-621D129BB44F}_is1) (Version: 1.10.4.0 - Elekon AG)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Citavi (HKLM-x32\...\{E12C6653-1FF0-4686-ADB8-589C13AE761F}) (Version: 3.4.0.2 - Swiss Academic Software)
Conexant HD Audio (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 1.0.30.0 - Conexant)
Dell Touchpad (HKLM\...\Elantech) (Version: 10.3.2.2 - ELAN Microelectronic Corp.)
Der große Kosmos Vogelatlas 5.0 (HKLM-x32\...\InstallShield_{E199B811-85B4-4A59-81E2-39DBF0A8DBE9}) (Version: 1.00.0000 - Kosmos)
Der große Kosmos Vogelatlas 5.0 (x32 Version: 1.00.0000 - Kosmos) Hidden
Dungeon Keeper 2 (HKLM-x32\...\Dungeon Keeper II) (Version: - )
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 6.20.55.52 - Dell Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.0.20150113 - Landesfinanzdirektion Thüringen)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
Kosmos Wald- und Forstlexikon (HKLM-x32\...\InstallShield_{A3B635AA-4BBD-4F25-8DCE-6C74F9A9AD19}) (Version: 1.00.0000 - Kosmos)
Kosmos Wald- und Forstlexikon (x32 Version: 1.00.0000 - Kosmos) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
QGIS Brighton 2.6.1 Brighton (HKLM\...\QGIS Brighton) (Version: - QGIS Development Team)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.14.010 - Dell Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.54.309.2012 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.39019 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SPSS 14.0 for Windows Evaluation Version (HKLM-x32\...\{2763FD5A-57E9-442B-AFDF-6DCCC23883B0}) (Version: 14.0.0 - SPSS Inc.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2500 - Broadcom Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
26-01-2015 01:08:48 Windows Update
26-01-2015 16:31:04 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2014-07-30 21:23 - 00450709 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {47A47B17-293D-4285-BC90-60DEFDD499FE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {507D391C-7D9D-45EC-AF7E-29EE845D4C9C} - System32\Tasks\{553ED9C7-C4D5-42B7-AD58-8EEB15AFF844} => pcalua.exe -a D:\Maike\treiber\iMEI_Intel_W7_A00_Setup-TDR8M_ZPE.exe -d D:\Maike\treiber
Task: {577805AA-8297-43B9-AB2E-83A8BAC63B89} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {5E1C94DA-CE5C-4267-A71F-D3F183C7CA78} - System32\Tasks\{2F61C482-6E1F-4420-B3BB-65743205E0D8} => pcalua.exe -a D:\Maike\treiber\Chipset_Intel_W7_A00_Setup-2D89J_ZPE.exe -d D:\Maike\treiber
Task: {65C666EC-3656-4D27-8419-1746CE8D9BD0} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {8FA72952-CB0F-4AF5-AE90-7680EF490EB0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {B2CF60AD-C035-4A73-B986-50861EF70787} - System32\Tasks\{F21D3013-C183-4D4C-9AE5-8E743C23C881} => pcalua.exe -a D:\Maike\treiber\DW1703_W7_A01_Setup-5W54C_ZPE.exe -d D:\Maike\treiber
Task: {D37DBC98-EDD5-497C-9B9F-9E2121390C77} - System32\Tasks\{EB6D32C3-1DA8-497E-9A81-9EB735D89A7D} => pcalua.exe -a D:\Maike\Forstlexikon\Setup\AIMSetup.exe -d D:\Maike\Forstlexikon\Setup
Task: {DEB681C3-1A8C-492C-8524-CE06D25BE34A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {E9A90CB6-2A8C-4F5A-B49C-2E92CED6FADE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2014-06-02 09:51 - 2013-04-15 10:50 - 00198144 _____ () C:\Windows\System32\HP1006LM.DLL
2014-06-02 09:51 - 2013-04-15 10:50 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1006PP.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-12-14 02:42 - 2012-12-14 02:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-01-29 12:12 - 2012-04-05 14:55 - 00164992 _____ () C:\Program Files\Conexant\SA3\MaxxAudioWrapper.dll
2015-01-21 03:06 - 2015-01-21 03:06 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-01-06 14:18 - 2015-01-06 14:18 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2014-08-30 17:12 - 2014-08-30 17:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\kpcengine.2.3.dll
2014-05-29 11:12 - 2014-04-25 13:11 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-05-29 11:12 - 2014-04-25 13:11 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-05-29 11:12 - 2014-04-25 13:11 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-05-29 11:12 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-05-29 11:12 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-01-29 12:16 - 2012-02-01 16:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2009-07-13 22:03 - 2009-07-14 02:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2014-01-02 15:59 - 2015-01-20 10:20 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-08-30 17:12 - 2015-01-26 21:34 - 00459048 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
2014-08-30 17:12 - 2015-01-26 21:34 - 00587048 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll
2014-08-30 17:12 - 2015-01-26 21:34 - 00332584 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com\nponlinebanking.dll
2014-05-29 11:12 - 2014-04-25 13:11 - 02972112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\NotificationSpreader.dll
2013-02-09 22:50 - 2013-02-09 22:50 - 03719680 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\plug_ins\Citavi Picker\CitaviPicker.api
2012-09-23 20:43 - 2012-09-23 20:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^vpngui.exe.lnk => C:\Windows\pss\vpngui.exe.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^ML^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe
MSCONFIG\startupreg: QuickSet => C:\Program Files\Dell\QuickSet\QuickSet.exe
========================= Accounts: ==========================
Administrator (S-1-5-21-2004147135-30526615-2880431150-500 - Administrator - Disabled)
Gast (S-1-5-21-2004147135-30526615-2880431150-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2004147135-30526615-2880431150-1002 - Limited - Enabled)
ML (S-1-5-21-2004147135-30526615-2880431150-1000 - Administrator - Enabled) => C:\Users\ML
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Broadcom Virtual Wireless Adapter
Description: Broadcom Virtual Wireless Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BcmVWL
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/27/2015 01:02:31 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path name Fehler bei der Überprüfung. Fehler: Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error: (01/27/2015 01:02:31 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path name Fehler bei der Überprüfung. Fehler: Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error: (01/27/2015 01:02:31 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path name Fehler bei der Überprüfung. Fehler: Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error: (01/27/2015 03:22:57 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <4, 0xc0041800, Fehler beim Hinzufügen des Projekts: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.
Error: (01/27/2015 03:22:57 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/27/2015 03:22:57 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/27/2015 03:22:57 AM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden.
Details:
0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800))
Error: (01/27/2015 03:22:57 AM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows (5332) Windows: Fehler -1811 (0xfffff8ed) beim Öffnen von Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.
Error: (01/27/2015 03:22:57 AM) (Source: ESENT) (EventID: 490) (User: )
Description: Windows (5332) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error: (01/27/2015 02:05:45 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <4, 0xc0041800, Fehler beim Hinzufügen des Projekts: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.
System errors:
=============
Error: (01/27/2015 01:03:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/27/2015 01:03:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.
Error: (01/27/2015 03:22:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 28 Mal passiert.
Error: (01/27/2015 03:22:57 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473536.
Error: (01/27/2015 02:05:47 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 27 Mal passiert.
Error: (01/27/2015 02:05:47 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473536.
Error: (01/27/2015 01:40:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 26 Mal passiert.
Error: (01/27/2015 01:40:35 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473536.
Error: (01/27/2015 01:37:54 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 25 Mal passiert.
Error: (01/27/2015 01:37:54 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473536.
Microsoft Office Sessions:
=========================
Error: (01/27/2015 01:02:31 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path name43900
Error: (01/27/2015 01:02:31 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path name25900
Error: (01/27/2015 01:02:31 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path name17900
Error: (01/27/2015 03:22:57 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 40xc0041800Fehler beim Hinzufügen des Projekts: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects
Error: (01/27/2015 03:22:57 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt
Error: (01/27/2015 03:22:57 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
4700
Error: (01/27/2015 03:22:57 AM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description:
Details:
0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800))
Error: (01/27/2015 03:22:57 AM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows5332Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log-1811 (0xfffff8ed)
Error: (01/27/2015 03:22:57 AM) (Source: ESENT) (EventID: 490) (User: )
Description: Windows5332Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Error: (01/27/2015 02:05:45 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 40xc0041800Fehler beim Hinzufügen des Projekts: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects
CodeIntegrity Errors:
===================================
Date: 2014-04-28 19:51:09.812
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-03-06 14:43:37.106
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-03-06 12:59:40.029
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-03-06 12:52:35.689
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-03-06 12:19:46.780
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-03-05 23:39:00.972
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-03-05 18:20:45.804
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-03-05 17:12:20.259
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-27 21:01:31.941
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-16 13:03:27.295
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-2328M CPU @ 2.20GHz
Percentage of memory in use: 76%
Total physical RAM: 3969.36 MB
Available physical RAM: 941.52 MB
Total Pagefile: 7936.9 MB
Available Pagefile: 3920.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:99.51 GB) (Free:30.14 GB) NTFS
Drive d: () (Fixed) (Total:198.18 GB) (Free:27.09 GB) NTFS
Drive g: (Toshiba silber) (Fixed) (Total:465.76 GB) (Free:412.39 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: F3928170)
Partition 1: (Not Active) - (Size=298 MB) - (Type=DE)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=99.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=198.2 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 3D290DB3)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-01-27 18:23:16
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.01.0 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\ML\AppData\Local\Temp\pxldypoc.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 448 fffff80002ff3000 19 bytes [A7, F4, 00, 00, 00, 00, 4C, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 469 fffff80002ff3015 26 bytes [87, EC, 00, 00, 00, 4C, 89, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000734313cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007343146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000734316d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000734319db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000734319fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073431a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5740] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000734313cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5740] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007343146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5740] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000734316d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5740] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000734319db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5740] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000734319fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5740] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073431a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4868] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000734313cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4868] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007343146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4868] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000734316d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4868] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000734319db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4868] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000734319fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4868] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073431a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5912] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000734313cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5912] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007343146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5912] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000734316d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5912] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000734319db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5912] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000734319fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[5912] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073431a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077571398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007757143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077571594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007757191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077571bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077571d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077571edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077571fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000775727b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000775727d2 8 bytes {JMP 0x10}
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007757282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077572898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077572d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077572d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007757323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000775733c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077573a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077573ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077573b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077574190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077574241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000775742b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000775743f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077574434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 00000000775745d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 00000000775746d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077574a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077574b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077574c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077574d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077574ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077574ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000775750f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000775752f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000775753f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 00000000775755e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000775764d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007757668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 000000007757687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000775768bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000775768d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007757692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077577166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077577dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077577e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000775c1380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000775c1500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000775c1530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775c1650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000775c1700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775c1d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000775c1f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775c27e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000734313cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007343146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000734316d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000734319db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000734319fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ML\Downloads\Gmer-19357.exe[3180] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073431a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\svchost.exe [956:5312] 000007fef2de2154
Thread C:\Windows\system32\svchost.exe [1156:1736] 000007fef7d0bd70
Thread C:\Windows\system32\svchost.exe [1156:2172] 000007fef5c85170
Thread C:\Windows\system32\svchost.exe [1156:2340] 000007fef7e95124
Thread C:\Windows\system32\WLANExt.exe [1256:1380] 000007fef9dc2f9c
Thread C:\Windows\System32\spoolsv.exe [1420:1996] 000007fef77710c8
Thread C:\Windows\System32\spoolsv.exe [1420:1560] 000007fef6b86144
Thread C:\Windows\System32\spoolsv.exe [1420:2052] 000007fef6b35fd0
Thread C:\Windows\System32\spoolsv.exe [1420:2056] 000007fef7603438
Thread C:\Windows\System32\spoolsv.exe [1420:2060] 000007fef6b363ec
Thread C:\Windows\System32\spoolsv.exe [1420:2068] 000007fef7ca5e5c
Thread C:\Windows\System32\WUDFHost.exe [5008:5240] 0000000074e73810
Thread C:\Windows\System32\WUDFHost.exe [5008:5252] 0000000074e73810
Thread C:\Windows\System32\WUDFHost.exe [5008:5256] 0000000074e73810
Thread C:\Windows\System32\WUDFHost.exe [5008:5308] 0000000074e73810
Thread C:\Windows\System32\WUDFHost.exe [5008:5336] 0000000074e73810
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\08edb9924326
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\08edb9924326 (not active ControlSet)
---- EOF - GMER 2.1 ----
ich habe fast schon das gefühl je mehr programme ich mir zur hilfe runterladen desto mehr mist bekomme ich. ich lese bei jedem download eigentlich alles durch, entferne häkchen um keine sonstigen programme dazuinstalliert zu bekommen - aber irgendwie .. ich bedanke mich jetzt schonmal 1287356423186475231961247517mal für eure hilfe. falls ich das system neu aufsetzen muss.. - bringt es mir bitte schonend bei  danke und liebe grüße |
|
27.01.2015, 19:18
| #2 |
| /// TB-Ausbilder   | Spybot scannt cnnt.searchbar, win32.eyeon.ie, virtumonde, tdss,... entfernt aber nichts Hallo entropia
__________________ Mein Name ist Timo und ich werde Dir bei deinem Problem behilflich sein.
 Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist immer der sicherste Weg. Wir arbeiten hier alle freiwillig und meist auch nur in unserer Freizeit. Daher kann es bei Antworten zu Verzögerungen kommen. Solltest du innerhalb 48 Std keine Antwort von mir erhalten, dann schreib mit eine PM Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis ich oder jemand vom Team sagt, dass Du clean bist. Führe sämtliche Tools mit administrativen Rechten aus, Vista, Win7,Win8 User mit Rechtsklick "als Administrator starten". Schmeiss mal einen von den aktiven Virenscannern komplett vom System. Das geht selten gut, die behindern sich nur gegenseitig. Also entweder Avira oder Kaspersky löschen. Spybot hat auch schon seine besten Zeiten hinter sich. Danach bitte: Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Downloade Dir bitte  Malwarebytes Anti-Malware
Starte noch einmal FRST.
__________________ |
|
27.01.2015, 23:25
| #3 |
| | Spybot scannt cnnt.searchbar, win32.eyeon.ie, virtumonde, tdss,... entfernt aber nichts hey timo,
__________________dir und deinen kollegen ein riesen dankeschön! noch kurz was zur symptomatik: als ergänzung: gestern abend funktionierte die tastatur erst nach neustart wieder. klär mich gerne auf, aber ich dachte um auf nummer sicher zu gehen lade ich mich von freunden eine neue avira version runter (macht sowas sinn? andere rechner nutzen?). kaspersky habe ich nach deinem rat runtergeschmissen. beim versuch der installation von avira über usb ist der laptop abgestürzt, blauer bildschirm, laptop fährt wieder hoch und es erscheint die meldung "windows wird nach unerwartetem herunterfahren wieder ausgeführt". beim nächsten versuch ließ sich avira nicht installieren weil reste von kaspersky störten, beim 3. versuch ging es dann. das zuvor beschriebene graues quadrat mit dem K befindet sich nun nicht mehr in der menüleiste von FF. meine urpsürnglichen FF-Einstellungen: tabs der letzten sitzung anzeigen, chronik nicht löschen. derzeit fehlen nach jedem neustart die tabs UND die chronik. wenn du mir noch erklären könntest ob nun spybot programme scannt, die tatsächlich auf meinem laptop sind, oder ob spybot schaut ob die ihm bekannten programme bei mir auftauchen? sprich: habe ich diesen ganzen mist wirklich auf meinem rechner oder nicht? wäre sehr dankbar für eine antwort..  und hier die logfiles: ADWcleaner Code:
ATTFilter # AdwCleaner v4.109 - Bericht erstellt am 27/01/2015 um 21:26:23
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-24.3 [Local]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : ML - ML-PC
# Gestartet von : C:\Users\ML\Downloads\Desktop\AdwCleaner_4.109.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gelöscht : C:\Users\ML\Favorites\Links\Startfenster.lnk
Datei Gelöscht : C:\Users\ML\AppData\Roaming\Mozilla\Firefox\Profiles\x49xq84s.default\user.js
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - localhost:8080
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v35.0 (x86 de)
*************************
AdwCleaner[R0].txt - [12492 octets] - [26/01/2015 14:04:34]
AdwCleaner[R1].txt - [892 octets] - [26/01/2015 14:18:54]
AdwCleaner[R2].txt - [951 octets] - [26/01/2015 16:34:57]
AdwCleaner[R3].txt - [1356 octets] - [27/01/2015 21:18:21]
AdwCleaner[R4].txt - [1417 octets] - [27/01/2015 21:23:50]
AdwCleaner[S0].txt - [12173 octets] - [26/01/2015 14:10:39]
AdwCleaner[S1].txt - [1275 octets] - [27/01/2015 21:26:23]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1335 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Professional x64
Ran by ML on 27.01.2015 at 21:34:22,51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] "C:\Windows\launcher.exe"
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\ML\AppData\Roaming\mozilla\firefox\profiles\x49xq84s.default\prefs.js
user_pref("HomeTab_3869.global.DisplayRecentSearches", "true");
Emptied folder: C:\Users\ML\AppData\Roaming\mozilla\firefox\profiles\x49xq84s.default\minidumps [298 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.01.2015 at 21:38:54,46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Update, 27.01.2015 20:09:25, SYSTEM, ML-PC, Manual, Failed, Unable to access update server, Update, 27.01.2015 20:20:58, SYSTEM, ML-PC, Manual, Failed, Unable to access update server, Scan, 27.01.2015 20:34:00, SYSTEM, ML-PC, Manual, Start: % 1 "% 2", Dauer: % 1 min 13 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, 0-Malwareerkennung, Update, 27.01.2015 21:54:05, SYSTEM, ML-PC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, Update, 27.01.2015 21:54:29, SYSTEM, ML-PC, Manual, Rootkit Database, 2014.11.18.1, 2015.1.14.1, Error, 27.01.2015 21:55:39, SYSTEM, ML-PC, Manual, 0, Update, 27.01.2015 21:55:39, SYSTEM, ML-PC, Manual, Malware Database, Failed, Unable to access update server, 2014.11.20.6, 2015.1.27.9, Update, 27.01.2015 22:01:06, SYSTEM, ML-PC, Manual, Malware Database, 2014.11.20.6, 2015.1.27.9, Scan, 27.01.2015 22:26:19, SYSTEM, ML-PC, Manual, Start: % 1 "% 2", Dauer: % 1 min 24 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, 0-Malwareerkennung, Update, 27.01.2015 22:32:55, SYSTEM, ML-PC, Manual, Malware Database, 2015.1.27.9, 2015.1.27.10, Scan, 27.01.2015 22:57:44, SYSTEM, ML-PC, Manual, Start: % 1 "% 2", Dauer: % 1 min 23 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, 0-Malwareerkennung, (end) FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by ML (administrator) on ML-PC on 27-01-2015 23:01:23
Running from C:\Users\ML\Downloads\Desktop
Loaded Profiles: ML & (Available profiles: ML)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\SmartAudio3.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Malwarebytes Corporation) C:\Program Files (x86)\hansi\mbam.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894640 2012-03-14] (ELAN Microelectronics Corp.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SA3\SACpl.exe [1654400 2012-02-21] (Conexant Systems, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [7520768 2012-04-26] (Dell Inc.)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2004147135-30526615-2880431150-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-2004147135-30526615-2880431150-1000\...\MountPoints2: {384f35d5-699e-11e2-b73a-ecc8e1959e2f} - F:\LaunchU3.exe
HKU\S-1-5-21-2004147135-30526615-2880431150-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-2004147135-30526615-2880431150-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {384f35d5-699e-11e2-b73a-ecc8e1959e2f} - F:\LaunchU3.exe
HKU\S-1-5-21-2004147135-30526615-2880431150-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-2004147135-30526615-2880431150-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {384f35d5-699e-11e2-b73a-ecc8e1959e2f} - F:\LaunchU3.exe
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => No File
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => No File
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2004147135-30526615-2880431150-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-2004147135-30526615-2880431150-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-2004147135-30526615-2880431150-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\ML\AppData\Roaming\Mozilla\Firefox\Profiles\x49xq84s.default
FF DefaultSearchEngine: Ecosia
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\ML\AppData\Roaming\Mozilla\Firefox\Profiles\x49xq84s.default\searchplugins\ecosia.xml
FF Extension: Avira Browser Safety - C:\Users\ML\AppData\Roaming\Mozilla\Firefox\Profiles\x49xq84s.default\Extensions\abs@avira.com [2015-01-27]
FF Extension: {040730a2-de14-41eb-81bc-b624bacdc69b} - C:\Users\ML\AppData\Roaming\Mozilla\Firefox\Profiles\x49xq84s.default\Extensions\{040730a2-de14-41eb-81bc-b624bacdc69b}.xpi [2014-12-07]
FF Extension: Adblock Plus - C:\Users\ML\AppData\Roaming\Mozilla\Firefox\Profiles\x49xq84s.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-14]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013-02-09]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2013-01-29] (Conexant Systems, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [47504 2014-05-12] (Synaptics Incorporated)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [6292992 2012-04-26] (Dell Inc.) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [138280 2012-03-05] (Broadcom Corporation.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-27] (Malwarebytes Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-27 21:34 - 2015-01-27 21:34 - 00000000 ____D () C:\Windows\ERUNT
2015-01-27 21:19 - 2015-01-27 21:16 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-01-27 21:11 - 2015-01-27 21:11 - 00000000 ____D () C:\Users\ML\AppData\Roaming\Avira
2015-01-27 21:10 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-01-27 21:10 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-01-27 21:10 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-01-27 20:58 - 2015-01-27 20:58 - 00000000 ____D () C:\OETemp
2015-01-27 20:57 - 2015-01-27 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-27 20:57 - 2015-01-27 21:10 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-27 20:53 - 2015-01-27 20:53 - 600015575 _____ () C:\Windows\MEMORY.DMP
2015-01-27 20:53 - 2015-01-27 20:53 - 00297800 _____ () C:\Windows\Minidump\012715-24570-01.dmp
2015-01-27 20:53 - 2015-01-27 20:53 - 00000000 ____D () C:\Windows\Minidump
2015-01-27 20:09 - 2015-01-27 22:33 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-27 20:09 - 2015-01-27 20:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hansi
2015-01-27 20:09 - 2015-01-27 20:09 - 00000000 ____D () C:\Program Files (x86)\hansi
2015-01-27 20:09 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-27 20:09 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-27 20:09 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-27 17:57 - 2015-01-27 17:57 - 00380416 _____ () C:\Users\ML\Downloads\Gmer-19357.exe
2015-01-27 17:46 - 2015-01-27 17:49 - 00028133 _____ () C:\Users\ML\Downloads\Addition.txt
2015-01-27 17:44 - 2015-01-27 23:01 - 00000000 ____D () C:\FRST
2015-01-27 17:44 - 2015-01-27 17:49 - 00030064 _____ () C:\Users\ML\Downloads\FRST.txt
2015-01-27 15:24 - 2015-01-27 17:30 - 00000000 ____D () C:\Users\ML\Documents\Daten Probat
2015-01-27 13:02 - 2015-01-27 21:27 - 00000224 _____ () C:\Windows\setupact.log
2015-01-27 13:02 - 2015-01-27 13:02 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-27 13:01 - 2015-01-27 21:27 - 00136048 _____ () C:\Windows\PFRO.log
2015-01-27 13:01 - 2015-01-27 13:04 - 00492416 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-26 21:11 - 2015-01-27 20:51 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-26 21:11 - 2015-01-26 21:11 - 00000000 ____D () C:\Windows\ELAMBKUP
2015-01-26 20:49 - 2015-01-26 20:49 - 00000000 __SHD () C:\Users\ML\AppData\Local\EmieBrowserModeList
2015-01-26 20:37 - 2015-01-26 20:53 - 202843712 _____ (Kaspersky Lab) C:\Users\ML\Downloads\kts15.0.1.415en.exe
2015-01-26 20:09 - 2015-01-26 20:09 - 00145064 _____ () C:\Users\ML\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-26 20:03 - 2015-01-27 17:45 - 00000466 _____ () C:\Users\ML\Downloads\defogger_disable.log
2015-01-26 20:03 - 2015-01-26 20:03 - 00050477 _____ () C:\Users\ML\Downloads\Defogger.exe
2015-01-26 20:03 - 2015-01-26 20:03 - 00000000 _____ () C:\Users\ML\defogger_reenable
2015-01-26 17:43 - 2015-01-26 17:43 - 00000000 ____D () C:\Users\ML\AppData\Roaming\Safer Networking
2015-01-26 17:29 - 2015-01-26 17:30 - 37987520 _____ (Microsoft Corporation) C:\Users\ML\Downloads\Windows-KB890830-x64-V5.20.exe
2015-01-26 16:36 - 2015-01-26 16:37 - 00000796 _____ () C:\Users\ML\Documents\cc_cleaner änderung registry.reg
2015-01-26 14:23 - 2015-01-26 14:24 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-26 14:23 - 2015-01-26 14:23 - 00002766 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-26 14:23 - 2015-01-26 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-26 14:15 - 2015-01-26 14:19 - 05325808 _____ (Piriform Ltd) C:\Users\ML\Downloads\ccsetup502pro.exe
2015-01-26 14:04 - 2015-01-27 21:26 - 00000000 ____D () C:\AdwCleaner
2015-01-26 00:01 - 2015-01-27 18:03 - 04202496 _____ () C:\Users\ML\Documents\ProBat43.accdb
2015-01-25 23:48 - 2015-01-25 23:50 - 07406326 _____ () C:\Users\ML\Documents\ProBat43-Beispieldatensatz.zip
2015-01-25 23:48 - 2015-01-25 23:49 - 03355646 _____ () C:\Users\ML\Documents\ProBat43_und_Begleitdokumente.zip
2015-01-25 00:47 - 2015-01-25 00:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QGIS Brighton
2015-01-25 00:38 - 2015-01-25 00:47 - 00000000 ____D () C:\Program Files\QGIS Brighton
2015-01-21 18:06 - 2015-01-21 18:06 - 00010495 _____ () C:\Users\ML\Downloads\MaLa_elster_21.01.2015.pfx
2015-01-20 22:47 - 2014-07-30 21:23 - 00450709 _____ () C:\Windows\system32\Drivers\etc\hosts.20150120-224724.backup
2015-01-20 16:47 - 2015-01-27 13:48 - 00000000 ____D () C:\Users\ML\Documents\BatExplorer
2015-01-20 16:41 - 2015-01-20 16:48 - 00000000 ____D () C:\Users\ML\AppData\Local\GMap.NET
2015-01-20 16:41 - 2015-01-20 16:41 - 00000000 ____D () C:\Users\ML\AppData\Local\Elekon_AG
2015-01-20 16:40 - 2015-01-20 16:49 - 00001006 _____ () C:\Users\Public\Desktop\BatExplorer.lnk
2015-01-20 16:40 - 2015-01-20 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BatExplorer
2015-01-20 16:40 - 2015-01-20 16:40 - 00000000 ____D () C:\Users\Public\Documents\BatExplorer
2015-01-20 16:40 - 2015-01-20 16:40 - 00000000 ____D () C:\Program Files\Elekon AG
2015-01-18 12:13 - 2015-01-24 18:22 - 00000000 ____D () C:\ArGis Daten
2015-01-17 21:39 - 2015-01-17 21:39 - 00007597 _____ () C:\Users\ML\AppData\Local\Resmon.ResmonCfg
2015-01-17 12:30 - 2015-01-17 12:30 - 00006324 _____ () C:\Users\ML\UStVA2014_09_September_.elfo
2015-01-17 12:29 - 2015-01-17 12:29 - 00006324 _____ () C:\Users\ML\UStVA2014_08_August_.elfo
2015-01-17 12:27 - 2015-01-17 12:27 - 00006324 _____ () C:\Users\ML\UStVA2014_07_Juli_.elfo
2015-01-17 12:24 - 2015-01-25 15:52 - 00024612 _____ () C:\Users\ML\UStVA2014_06_Juni_.elfo
2015-01-15 16:15 - 2015-01-21 18:11 - 00022260 _____ () C:\Users\ML\UStVA2014_05_Mai_.elfo
2015-01-14 17:07 - 2015-01-14 17:07 - 00006068 _____ () C:\Users\ML\UStVA2014_12_Dezember_.elfo
2015-01-14 16:56 - 2015-01-14 16:56 - 00006180 _____ () C:\Users\ML\UStVA2014_11_November_.elfo
2015-01-14 13:59 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 13:59 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 13:59 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 13:59 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 13:59 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 13:59 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 13:59 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 13:59 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 13:59 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 13:59 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 13:59 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 13:59 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 13:59 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 20:37 - 2015-01-14 14:33 - 00000000 ____D () C:\Users\ML\AppData\Local\.elfohilfe
2015-01-13 20:36 - 2015-01-13 20:36 - 00000000 ____D () C:\Users\ML\AppData\Roaming\elsterformular
2015-01-13 20:34 - 2015-01-13 20:34 - 00001464 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk
2015-01-13 20:34 - 2015-01-13 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
2015-01-13 20:34 - 2015-01-13 20:34 - 00000000 ____D () C:\ProgramData\elsterformular
2015-01-13 20:33 - 2015-01-27 20:57 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-13 20:31 - 2015-01-13 20:31 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2015-01-13 19:17 - 2015-01-13 20:00 - 215975048 _____ (Landesfinanzdirektion Thüringen) C:\Users\ML\Downloads\ElsterFormular-16.0.20150113k.exe
2015-01-01 22:00 - 2014-07-30 21:23 - 00450709 _____ () C:\Windows\system32\Drivers\etc\hosts.20150101-220031.backup
2015-01-01 21:59 - 2014-07-30 21:23 - 00450709 _____ () C:\Windows\system32\Drivers\etc\hosts.20150101-215937.backup
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-27 22:35 - 2013-06-17 18:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-27 21:58 - 2013-01-28 22:00 - 01753559 _____ () C:\Windows\WindowsUpdate.log
2015-01-27 21:45 - 2009-07-14 18:58 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2015-01-27 21:45 - 2009-07-14 18:58 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2015-01-27 21:45 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-27 21:36 - 2009-07-14 05:45 - 00026304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-27 21:36 - 2009-07-14 05:45 - 00026304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-27 21:30 - 2014-07-30 21:39 - 00000000 ____D () C:\ProgramData\Validity
2015-01-27 21:27 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-27 21:10 - 2013-01-29 01:48 - 00000000 ____D () C:\ProgramData\Avira
2015-01-27 17:36 - 2014-07-05 20:19 - 00000000 ____D () C:\Users\ML\AppData\Roaming\vlc
2015-01-27 14:22 - 2013-01-28 23:44 - 00000000 ____D () C:\Users\ML
2015-01-26 22:47 - 2013-01-29 00:14 - 00000000 ____D () C:\Users\ML\AppData\Local\Microsoft Help
2015-01-26 16:44 - 2013-08-14 16:58 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-26 16:28 - 2013-01-28 21:50 - 00000000 ____D () C:\Windows\Panther
2015-01-25 00:35 - 2013-06-17 18:26 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-25 00:35 - 2013-02-02 21:22 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 00:35 - 2013-02-02 21:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-20 22:20 - 2013-02-16 13:07 - 00000000 ____D () C:\Users\ML\AppData\Local\ESRI
2015-01-20 10:20 - 2014-01-02 15:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-15 14:24 - 2013-01-28 23:44 - 00001377 _____ () C:\Users\ML\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-12 13:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-08 09:55 - 2013-12-18 16:39 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-04 23:22 - 2013-06-15 22:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-31 13:12 - 2013-02-23 16:24 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-30 20:32 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-28 20:56 - 2014-05-29 11:12 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
==================== Files in the root of some directories =======
2015-01-17 21:39 - 2015-01-17 21:39 - 0007597 _____ () C:\Users\ML\AppData\Local\Resmon.ResmonCfg
Some content of TEMP:
====================
C:\Users\ML\AppData\Local\Temp\avgnt.exe
C:\Users\ML\AppData\Local\Temp\Quarantine.exe
C:\Users\ML\AppData\Local\Temp\sqlite3.dll
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\nsprs.dll
C:\Windows\SysWOW64\serauth1.dll
C:\Windows\SysWOW64\serauth2.dll
C:\Windows\SysWOW64\ssprs.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-24 14:12
==================== End Of Log ============================
Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by ML at 2015-01-27 23:02:42
Running from C:\Users\ML\Downloads\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.01) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.01 - Adobe Systems Incorporated)
Any DWG DXF Converter 2010 (HKLM-x32\...\Any DWG DXF Converter_is1) (Version: - AnyDWG Software, Inc.)
Avira (HKLM-x32\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
BatExplorer Version 1.10.4.0 (HKLM\...\{F9D54139-4C52-4E35-A95B-621D129BB44F}_is1) (Version: 1.10.4.0 - Elekon AG)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Citavi (HKLM-x32\...\{E12C6653-1FF0-4686-ADB8-589C13AE761F}) (Version: 3.4.0.2 - Swiss Academic Software)
Conexant HD Audio (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 1.0.30.0 - Conexant)
Dell Touchpad (HKLM\...\Elantech) (Version: 10.3.2.2 - ELAN Microelectronic Corp.)
Der große Kosmos Vogelatlas 5.0 (HKLM-x32\...\InstallShield_{E199B811-85B4-4A59-81E2-39DBF0A8DBE9}) (Version: 1.00.0000 - Kosmos)
Der große Kosmos Vogelatlas 5.0 (x32 Version: 1.00.0000 - Kosmos) Hidden
Dungeon Keeper 2 (HKLM-x32\...\Dungeon Keeper II) (Version: - )
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 6.20.55.52 - Dell Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.0.20150113 - Landesfinanzdirektion Thüringen)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Kosmos Wald- und Forstlexikon (HKLM-x32\...\InstallShield_{A3B635AA-4BBD-4F25-8DCE-6C74F9A9AD19}) (Version: 1.00.0000 - Kosmos)
Kosmos Wald- und Forstlexikon (x32 Version: 1.00.0000 - Kosmos) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
QGIS Brighton 2.6.1 Brighton (HKLM\...\QGIS Brighton) (Version: - QGIS Development Team)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.14.010 - Dell Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.54.309.2012 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.39019 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SPSS 14.0 for Windows Evaluation Version (HKLM-x32\...\{2763FD5A-57E9-442B-AFDF-6DCCC23883B0}) (Version: 14.0.0 - SPSS Inc.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2500 - Broadcom Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
26-01-2015 01:08:48 Windows Update
26-01-2015 16:31:04 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2014-07-30 21:23 - 00450709 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {47A47B17-293D-4285-BC90-60DEFDD499FE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {507D391C-7D9D-45EC-AF7E-29EE845D4C9C} - System32\Tasks\{553ED9C7-C4D5-42B7-AD58-8EEB15AFF844} => pcalua.exe -a D:\Maike\treiber\iMEI_Intel_W7_A00_Setup-TDR8M_ZPE.exe -d D:\Maike\treiber
Task: {577805AA-8297-43B9-AB2E-83A8BAC63B89} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {5E1C94DA-CE5C-4267-A71F-D3F183C7CA78} - System32\Tasks\{2F61C482-6E1F-4420-B3BB-65743205E0D8} => pcalua.exe -a D:\Maike\treiber\Chipset_Intel_W7_A00_Setup-2D89J_ZPE.exe -d D:\Maike\treiber
Task: {65C666EC-3656-4D27-8419-1746CE8D9BD0} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {8FA72952-CB0F-4AF5-AE90-7680EF490EB0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {B2CF60AD-C035-4A73-B986-50861EF70787} - System32\Tasks\{F21D3013-C183-4D4C-9AE5-8E743C23C881} => pcalua.exe -a D:\Maike\treiber\DW1703_W7_A01_Setup-5W54C_ZPE.exe -d D:\Maike\treiber
Task: {D37DBC98-EDD5-497C-9B9F-9E2121390C77} - System32\Tasks\{EB6D32C3-1DA8-497E-9A81-9EB735D89A7D} => pcalua.exe -a D:\Maike\Forstlexikon\Setup\AIMSetup.exe -d D:\Maike\Forstlexikon\Setup
Task: {DEB681C3-1A8C-492C-8524-CE06D25BE34A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {E9A90CB6-2A8C-4F5A-B49C-2E92CED6FADE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2014-06-02 09:51 - 2013-04-15 10:50 - 00198144 _____ () C:\Windows\System32\HP1006LM.DLL
2014-06-02 09:51 - 2013-04-15 10:50 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1006PP.dll
2012-12-14 02:42 - 2012-12-14 02:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-01-29 12:12 - 2012-04-05 14:55 - 00164992 _____ () C:\Program Files\Conexant\SA3\MaxxAudioWrapper.dll
2015-01-21 03:06 - 2015-01-21 03:06 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-01-06 14:18 - 2015-01-06 14:18 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-05-29 11:12 - 2014-04-25 13:11 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-05-29 11:12 - 2014-04-25 13:11 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-05-29 11:12 - 2014-04-25 13:11 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-01-29 12:16 - 2012-02-01 16:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-01-02 15:59 - 2015-01-20 10:20 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^vpngui.exe.lnk => C:\Windows\pss\vpngui.exe.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^ML^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe
MSCONFIG\startupreg: QuickSet => C:\Program Files\Dell\QuickSet\QuickSet.exe
========================= Accounts: ==========================
Administrator (S-1-5-21-2004147135-30526615-2880431150-500 - Administrator - Disabled)
Gast (S-1-5-21-2004147135-30526615-2880431150-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2004147135-30526615-2880431150-1002 - Limited - Enabled)
ML (S-1-5-21-2004147135-30526615-2880431150-1000 - Administrator - Enabled) => C:\Users\ML
==================== Faulty Device Manager Devices =============
Name: Broadcom Virtual Wireless Adapter
Description: Broadcom Virtual Wireless Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BcmVWL
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (01/27/2015 09:43:07 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-04-28 19:51:09.812
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-03-06 14:43:37.106
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-03-06 12:59:40.029
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-03-06 12:52:35.689
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-03-06 12:19:46.780
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-03-05 23:39:00.972
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-03-05 18:20:45.804
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-03-05 17:12:20.259
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-27 21:01:31.941
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-16 13:03:27.295
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-2328M CPU @ 2.20GHz
Percentage of memory in use: 58%
Total physical RAM: 3969.36 MB
Available physical RAM: 1664.56 MB
Total Pagefile: 7936.9 MB
Available Pagefile: 5155.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:99.51 GB) (Free:29.5 GB) NTFS
Drive d: () (Fixed) (Total:198.18 GB) (Free:27.09 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: F3928170)
Partition 1: (Not Active) - (Size=298 MB) - (Type=DE)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=99.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=198.2 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
28.01.2015, 09:57
| #4 | |
| /// TB-Ausbilder | Spybot scannt cnnt.searchbar, win32.eyeon.ie, virtumonde, tdss,... entfernt aber nichtsZitat:
Allerdings hast du die falschen Logs von MBAM gepostet: Malwarebytes Anti-Malware Logfile finden - Anleitungen Aus den Spybot Logs sehe ich nur, das er den Cache + Verlauf vom IE und anderen Anwendungen gelöscht hat, aber keine Funde von irgendwas schädlichem. Ich habe Spybot nie genutzt und nutze es auch nicht, MBAM ist die definitiv bessere Alternative. Poste bitte das richtige MBAM Log, dann gehts weiter.
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
|
28.01.2015, 15:06
| #5 |
| | Spybot scannt cnnt.searchbar, win32.eyeon.ie, virtumonde, tdss,... entfernt aber nichts hallo timo, also zu dem mbam-thema: HTML-Code: [URL]http://www.trojaner-board.de/51187-anleitung-malwarebytes-anti-malware.html[/URL] zitat: "Falls sich Malwarebytes' Anti-Malware sich nicht komplett deinstallieren lässt oder z.B. von der kostenpflichtigen Pro-Version auf die Free-Version gewechselt werden soll: Dazu gibt es vom Hersteller ein spezielles Deinstallationstool. Man sollte versuchen Malwarebytes' Anti-Malware normal zu deinstallieren (wenn möglich), System neu starten und anschließend das Programm mbam-clean.exe herunterladen (falls nicht schon vorher getan) und ausführen. Angefragter anschließender Neustart ist (laut Hersteller) unbedingt durchzuführen!" und ich habe beim gestrigen wie auch dem heutigen scan kein suchlaufprotokoll erhalten, das letzte ist vom 4.1., nur das schutz-protokoll, insofern kann ich dir leider nichts anderes posten. nebenbei bemerkt kann ich derzeit keine neuen emails abrufen. ich weiß nur dass ich x neue habe, beim aktualisieren hängt sich posteo aber auf. ist es überhaupt ratsam jetzt solche sachen aufzurufen wo man passwörter eingibt? danke un dliebe grüße |
|
28.01.2015, 15:13
| #6 | |
| /// TB-Ausbilder | Spybot scannt cnnt.searchbar, win32.eyeon.ie, virtumonde, tdss,... entfernt aber nichts Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
__________________ --> Spybot scannt cnnt.searchbar, win32.eyeon.ie, virtumonde, tdss,... entfernt aber nichts |
|
28.01.2015, 15:36
| #7 |
| | Spybot scannt cnnt.searchbar, win32.eyeon.ie, virtumonde, tdss,... entfernt aber nichtsCode:
ATTFilter https://www.virustotal.com/de/file/3874f15f1b2530137edc528e96cff8d453a7864e6f53358000997c522e74981f/analysis/1422455634/
 btw: bei der aktualisierung von spybot konnten einige antyspywareupdates nicht runtergeladen werden. das updatelogfile ist zu groß um es auf einmal posten zu können. wenn du es dir anschauen möchstest sag bescheid, dann splitte ich es Geändert von entropia (28.01.2015 um 15:57 Uhr) |
|
28.01.2015, 16:33
| #8 |
| /// TB-Ausbilder | Spybot scannt cnnt.searchbar, win32.eyeon.ie, virtumonde, tdss,... entfernt aber nichts Löschen wir die Datei, wenns nen "wichtiges" Addon ware, dann hätte es nen gescheiten Namen oder die ID wäre bekannt. Falls dir im Firefox nach den löschen irgendwas fehlt, können wirs immer noch recovern. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\ML\AppData\Roaming\Mozilla\Firefox\Profiles\x49xq84s.default\Extensions\{040730a2-de14-41eb-81bc-b624bacdc69b}.xpi
emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Downloade Dir bitte  SecurityCheck und:
Und ESET Scan, der dauert länger ! ESET Online Scanner
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
|
29.01.2015, 22:39
| #9 |
| | Spybot scannt cnnt.searchbar, win32.eyeon.ie, virtumonde, tdss,... entfernt aber nichts hey timo, also FRST Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-01-2015
Ran by ML at 2015-01-28 16:46:39 Run:1
Running from C:\Users\ML\Downloads\Desktop
Loaded Profiles: ML (Available profiles: ML)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Users\ML\AppData\Roaming\Mozilla\Firefox\Profiles\x49xq84s.default\Extensions\{040730a2-de14-41eb-81bc-b624bacdc69b}.xpi
emptytemp:
*****************
"C:\Users\ML\AppData\Roaming\Mozilla\Firefox\Profiles\x49xq84s.default\Extensions\{040730a2-de14-41eb-81bc-b624bacdc69b}.xpi" => File/Directory not found.
EmptyTemp: => Removed 257.9 MB temporary data.
The system needed a reboot.
==== End of Fixlog 16:46:48 ====
Code:
ATTFilter Results of screen317's Security Check version 0.99.95
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.296
Adobe Reader XI
Mozilla Firefox (35.0.1)
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=c39f199d0d031647babf22f78b426ad1
# engine=22191
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-28 08:58:25
# local_time=2015-01-28 09:58:25 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 33109 5661305 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 94481 174108555 0 0
# scanned=176058
# found=2
# cleaned=0
# scan_time=16780
sh=36F0450625F9DECA3B17485E418C815225EE13B7 ft=0 fh=0000000000000000 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="D:\ML-PC\Backup Set 2013-09-08 190002\Backup Files 2013-10-21 101749\Backup files 1.zip"
sh=432B9E89D3ADC09FFA71489C73A148DF0ADED0C7 ft=0 fh=0000000000000000 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="D:\ML-PC\Backup Set 2013-12-23 091301\Backup Files 2013-12-23 091301\Backup files 10.zip"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=c39f199d0d031647babf22f78b426ad1
# engine=22206
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-29 06:41:46
# local_time=2015-01-29 07:41:46 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 17433 5739506 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 172682 174186756 0 0
# scanned=176420
# found=2
# cleaned=0
# scan_time=17240
sh=36F0450625F9DECA3B17485E418C815225EE13B7 ft=0 fh=0000000000000000 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="D:\ML-PC\Backup Set 2013-09-08 190002\Backup Files 2013-10-21 101749\Backup files 1.zip"
sh=432B9E89D3ADC09FFA71489C73A148DF0ADED0C7 ft=0 fh=0000000000000000 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="D:\ML-PC\Backup Set 2013-12-23 091301\Backup Files 2013-12-23 091301\Backup files 10.zip"
danke und liebe grüße |
|
30.01.2015, 08:53
| #10 |
| /// TB-Ausbilder | Spybot scannt cnnt.searchbar, win32.eyeon.ie, virtumonde, tdss,... entfernt aber nichts OK, da ist nunmehr nur noch eine Anwendung mit Toolbar in nem Backup Zip File, das kann man ignorieren. Ansonsten sind die Logs sauber. Natürlich kannst du ESET auf dem Rechner belassen und weiterhin nutzen, allerdings wird es, im Gegensatz zu den anderen Tools, nicht automatisch am Ende der Bereinigung von uns gelöscht. Ok dann so weiter und du bist damit "befreit": Die Reihenfolge ist hier entscheidend.
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems. Ändere regelmäßig alle deine Passwörter, jetzt, nach der Bereinigung ist ein idealer Zeitpunkt dafür
Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti-Viren-Programm und zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden. Mozilla Firefox
Performance
Was du vermeiden solltest:
Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen oder Lob, Kritik und Wünsche loswerden? Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
|
30.01.2015, 14:10
| #11 |
| | Spybot scannt cnnt.searchbar, win32.eyeon.ie, virtumonde, tdss,... entfernt aber nichts hey timo, danke. habe alles durchgeführt, firefox funktioniert aber trotz entsprechender einstellungen immer noch nicht so wie zuvor (chronik wird bei jedem schließen gelöscht und die tabs der letzten sitzung werden auch nicht angezeigt :/ mein emailprovider (posteo.de) arbeitet auch nicht so wie er sollte, was aber ggf nicht an meinem rechner liegt. werde es gleich mal bei bekannten testen) eine ganz wichtige frage habe ich zum abschluss: war mein laptop überhaupt mit irgendetwas infiziert?? ich weiß ich bin laie und du wirst deine gründe haben warum diese kaskade mit tools abgehalten wird, aber bis auf ESET haben die anderen programm doch keine einträge gefunden und diese funde sind scheinbar auch noch harmlos, oder? .. (von der auswertung der logfiles habe ich zugegeben keine ahung, daher die frage  ). haben die ganzen reinigungs- und suchtools irgendwelche einträge gelöscht oder nur gescannt? welches war das problemprogramm oder gab es überhaupt eines?und noch 2 fragen: - WAS MACHT SPYBOT? scannt er sachen die sich bereits auf meinem system eingeschlichen haben oder durchwühlt er seine datenbank ob von den ihm bekannten malwareprgrammen etwas auch auf meinem rechner ist? ich weiß ich hatte dich das schon gefragt aber weil es eben ausschlaggebend für meine besorgnis und daher meine hilfesuche bei euch war wäre eine antwort von dir oder einem anderen trojaner-board-mitglied extreeeeemst hilfreich, sonst lande ich und offensichtlich auch viele andere ggf immer wieder hier - woran erkennt man dass irgendwelche zusatzsoftware beim download eines gewünschten programms angehängt wird? was ist der unterschied zwischen filepony und chip, heise und co? und ich meine jetzt nicht den ganz offensichtlichen fall dass man ein häkchen entfernen muss um nicht irgendnen mist "gratis" dazuzuerhalten. ich würde mich riesig über deine antwort freuen, das wär wirklich toll. Geändert von entropia (30.01.2015 um 14:47 Uhr) |
|
30.01.2015, 14:55
| #12 | |
| /// TB-Ausbilder | Spybot scannt cnnt.searchbar, win32.eyeon.ie, virtumonde, tdss,... entfernt aber nichts https://support.mozilla.org/de/kb/fi...einfach-loesen oder ein neues Profil testen https://support.mozilla.org/de/kb/fi...n-und-loeschen könnten beim Firefox Problem helfen. Auf dem Rechner war nur wenig AdWare. Wie Spybot die Erkennung durchführt, kann ich dir nicht 100%ig sagen,dann wohl besser direkt bei Spybot anfragen. In der Regel anhand von Signaturen, ob es noch proaktive Erkennung gibt oder verhaltensbasiert - keine Ahnung. Spybot hat doch nix gefunden ? Zitat:
Bei Chip ist 100% alles mit AdWare, sobald man den Chip-Downloader nutzt. Die Alternative ist gut versteckt: Chip/Softonic Downloader:Bei Chip.de und Softonic gibt es beim Download zwei Möglichkeiten: einmal den Chip Downloader mit DownloadSponsor, der Werbung mitbringt und gern versucht, den User dazu zu überreden, noch diese und jene Toolbar zu installieren. Und es gibt immer den alternativen Download, das ist die eigentliche Anwendung als Setup, so wie sie vom Hersteller kommt. Der Alternativlink ist genau unter der Chip Download-Schaltfläche.
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
|
30.01.2015, 18:00
| #13 |
| | Spybot scannt cnnt.searchbar, win32.eyeon.ie, virtumonde, tdss,... entfernt aber nichts danke timo. wird wohl das schlauste sein dort direkt anzufragen, bei spybot. hab das programm eben nochmal drüner laufen gelassen, hier das logfile Code:
ATTFilter [i] 15-01-30 16:05:43
[i] 15-01-30 16:05:43 Product MS Management Console
[+] 15-01-30 16:05:43 Moving into quarantine HKEY_USERS\S-1-5-21-2004147135-30526615-2880431150-1000\Software\Microsoft\Microsoft Management Console\Recent File List
[+] 15-01-30 16:05:43 Successfully cleaned HKEY_USERS\S-1-5-21-2004147135-30526615-2880431150-1000\Software\Microsoft\Microsoft Management Console\Recent File List
[i] 15-01-30 16:05:43
[i] 15-01-30 16:05:43 Product MS Direct3D
[+] 15-01-30 16:05:43 Moving into quarantine HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name
[+] 15-01-30 16:05:43 Moving into quarantine HKEY_USERS\S-1-5-21-2004147135-30526615-2880431150-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name
[+] 15-01-30 16:05:43 Moving into quarantine HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name
[+] 15-01-30 16:05:43 Successfully cleaned HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name
[+] 15-01-30 16:05:43 Successfully cleaned HKEY_USERS\S-1-5-21-2004147135-30526615-2880431150-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name
[+] 15-01-30 16:05:43 Successfully cleaned HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name
[i] 15-01-30 16:05:43
[i] 15-01-30 16:05:43 Product Windows
[+] 15-01-30 16:05:43 Moving into quarantine HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
[+] 15-01-30 16:05:43 Moving into quarantine HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
[+] 15-01-30 16:05:43 Successfully cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
[+] 15-01-30 16:05:43 Successfully cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
[i] 15-01-30 16:05:43
[i] 15-01-30 16:05:43 Product Windows Explorer
[+] 15-01-30 16:05:43 Moving into quarantine HKEY_USERS\S-1-5-21-2004147135-30526615-2880431150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
[+] 15-01-30 16:05:43 Successfully cleaned HKEY_USERS\S-1-5-21-2004147135-30526615-2880431150-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
[i] 15-01-30 16:05:43
[i] 15-01-30 16:05:43 Product Cache
[+] 15-01-30 16:05:43 Moving into quarantine Internet Explorer (Benutzer) (ML)Cache
[+] 15-01-30 16:05:44 Successfully cleaned Internet Explorer (Benutzer) (ML)Cache
[i] 15-01-30 16:05:44
[i] 15-01-30 16:05:44 Product Verlauf
[+] 15-01-30 16:05:44 Moving into quarantine Internet Explorer (Benutzer) (ML)History
[+] 15-01-30 16:05:44 Successfully cleaned Internet Explorer (Benutzer) (ML)History
[i] 15-01-30 16:05:44
[i] 15-01-30 16:05:44 Product Cookie
[+] 15-01-30 16:05:44 Moving into quarantine Firefox (PE_C_PUBLIC (default))Cookies
[+] 15-01-30 16:05:44 Successfully cleaned Firefox (PE_C_PUBLIC (default))Cookies
[i] 15-01-30 16:05:44
[i] 15-01-30 16:05:44 Summary
[i] 15-01-30 16:05:44 Errors while cleaning 0
[i] 15-01-30 16:05:44 Files moved into quarantine 10
[i] 15-01-30 16:05:44 Files successfully cleaned 10
spricht für die qualität dieses tools, vielleicht ist das aber auch irreführend. |
|
02.02.2015, 08:55
| #14 |
| /// TB-Ausbilder | Spybot scannt cnnt.searchbar, win32.eyeon.ie, virtumonde, tdss,... entfernt aber nichts Ja aber der löscht nur Verlauf+Cache
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
|
02.02.2015, 13:39
| #15 |
| | Spybot scannt cnnt.searchbar, win32.eyeon.ie, virtumonde, tdss,... entfernt aber nichts d.h. der einzige sinn von spybot besteht darin zu zeigen DASS irgendetwas da ist, dauerhaft entfernen kann das programm offensichtlich nicht. ich muss gestehen dass ich immer noch das gefühl habe viel mist auf dem rechner zu haben. Eset habe ich durchgeführt kurz nachdem wir die letzte runde bereinigungstools gestartet hatten. ergebnis: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=c39f199d0d031647babf22f78b426ad1
# engine=22191
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-28 08:58:25
# local_time=2015-01-28 09:58:25 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 33109 5661305 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 94481 174108555 0 0
# scanned=176058
# found=2
# cleaned=0
# scan_time=16780
sh=36F0450625F9DECA3B17485E418C815225EE13B7 ft=0 fh=0000000000000000 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="D:\ML-PC\Backup Set 2013-09-08 190002\Backup Files 2013-10-21 101749\Backup files 1.zip"
sh=432B9E89D3ADC09FFA71489C73A148DF0ADED0C7 ft=0 fh=0000000000000000 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="D:\ML-PC\Backup Set 2013-12-23 091301\Backup Files 2013-12-23 091301\Backup files 10.zip"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=c39f199d0d031647babf22f78b426ad1
# engine=22206
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-29 06:41:46
# local_time=2015-01-29 07:41:46 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 17433 5739506 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 172682 174186756 0 0
# scanned=176420
# found=2
# cleaned=0
# scan_time=17240
sh=36F0450625F9DECA3B17485E418C815225EE13B7 ft=0 fh=0000000000000000 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="D:\ML-PC\Backup Set 2013-09-08 190002\Backup Files 2013-10-21 101749\Backup files 1.zip"
sh=432B9E89D3ADC09FFA71489C73A148DF0ADED0C7 ft=0 fh=0000000000000000 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="D:\ML-PC\Backup Set 2013-12-23 091301\Backup Files 2013-12-23 091301\Backup files 10.zip"
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=c39f199d0d031647babf22f78b426ad1
# engine=22239
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-01-31 05:14:21
# local_time=2015-01-31 06:14:21 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 81492 5907061 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 340237 174354311 0 0
# scanned=190262
# found=8
# cleaned=8
# scan_time=19892
sh=EC24867176BD8148ED2C062C870D7E2A3E161FD6 ft=1 fh=ddaefaf5f1f8dbee vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-2004147135-30526615-2880431150-1000\$R2PF4ZX.exe"
sh=B28F62AB67E128D8C1AD456B4A5192CB5FA1FEB9 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\ML-PC\Backup Set 2013-02-09 223819\Backup Files 2013-02-09 223819\Backup files 6.zip"
sh=715C48F33836D239CBFFEAD7757B476BD294FC67 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\ML-PC\Backup Set 2013-05-05 202306\Backup Files 2013-05-12 191413\Backup files 3.zip"
sh=6821CDE9295A03C9AFE011E83E91E1387CDEA2BA ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\ML-PC\Backup Set 2013-09-08 190002\Backup Files 2013-09-08 190002\Backup files 21.zip"
sh=36F0450625F9DECA3B17485E418C815225EE13B7 ft=0 fh=0000000000000000 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\ML-PC\Backup Set 2013-09-08 190002\Backup Files 2013-10-21 101749\Backup files 1.zip"
sh=432B9E89D3ADC09FFA71489C73A148DF0ADED0C7 ft=0 fh=0000000000000000 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\ML-PC\Backup Set 2013-12-23 091301\Backup Files 2013-12-23 091301\Backup files 10.zip"
sh=512D8E05CE3A54FF7B562FA676B974C1F1A63BED ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\ML-PC\Backup Set 2013-12-23 091301\Backup Files 2013-12-23 091301\Backup files 24.zip"
sh=E14DAD0AD9EB9155CF9950F3D6285E79C83CF22E ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\ML-PC\Backup Set 2013-12-23 091301\Backup Files 2014-02-16 190002\Backup files 2.zip"
macht die scans im abgesicherten modus laufen lassen sinn? würdest du in meinem fall eine Neuinstallation von win vorschlagen? (dass es im prinzip immer die beste lösung ist ist klar) ich traue mich derzeit gar nicht wirklich onlinebanking zu machen.. ich fürchte das ist bereits die antwort |
|
| Themen zu Spybot scannt cnnt.searchbar, win32.eyeon.ie, virtumonde, tdss,... entfernt aber nichts |
| antivir, avira, browser, ccsetup, converter, cpu, defender, desktop, fehler, flash player, helper.exe, homepage, installation, kaspersky, kaspersky total security, mozilla, prozess, refresh, registry, registry key, rundll, scan, services.exe, software, svchost.exe, system, usb, virtumonde, windows, wlan |
Linear-Darstellung
