Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: habe mir was eingefangen "DownloadSponsor.Gen"

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.03.2015, 18:52   #1
tom_sverige
 
habe mir was eingefangen "DownloadSponsor.Gen" - Standard

habe mir was eingefangen "DownloadSponsor.Gen"



Hallo,

mein Windows 8 wurde in letzter Zeit sehr langsam. Gestern merkte Avira Antivir, dass da eine Malware ist, konnte das aber nicht entfernen, sondern Avira fror ein. Ein paar Stunden später habe ich den Rechner neu starten können, dann habe ich Avira die Nacht über laufen lassen und am Morgen wurden Plagegeister "DownloadSponsor.gen" gefunden und in Quarantäne geschickt. Der Rechner ist jetzt auch wieder schnell.

Vor einer Stunde habe ich Avira wieder laufen lassen und das Antivir stürtze nach einer Weile ab, weil es in eine Spericherstelle geriet "die nicht gültig" ist. Jetzt vermute ich dass da doch was nicht in Ordnung ist.

Ich hatte vor ein paar Jahren schon mal einen Computer hier "repariert" bekommen, und ich dachte dass vielleicht wieder jemand hefen könne.
mfG,
\Tom

Alt 09.03.2015, 18:53   #2
schrauber
/// the machine
/// TB-Ausbilder
 

habe mir was eingefangen "DownloadSponsor.Gen" - Standard

habe mir was eingefangen "DownloadSponsor.Gen"



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 09.03.2015, 20:11   #3
tom_sverige
 
habe mir was eingefangen "DownloadSponsor.Gen" - Standard

habe mir was eingefangen "DownloadSponsor.Gen"



Hallo,

hier kommt's...
---snip

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2015 03
Ran by win_8 (administrator) on WIN8 on 09-03-2015 19:40:19
Running from C:\Users\win_8\Desktop
Loaded Profiles: win_8 (Available profiles: win_8)
Platform: Windows 8 (X64) OS Language: Svenska (Sverige)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(VMLite, Inc.) C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17074_none_6233bc1f5106b696\TiWorker.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-11-29] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2565544 2012-10-31] ()
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2172816 2012-10-22] (SRS Labs, Inc.)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-12-18] (Intel Corporation)
HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [7152640 2012-12-05] (Pegatron Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UVS10 Preload] => C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe [36864 2006-08-10] (Ulead Systems, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1609830323-765120689-1541722825-1001\...\MountPoints2: {0ac73d10-de8d-11e2-be87-7c05077950e8} - "E:\WD SmartWare.exe" autoplay=true
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1609830323-765120689-1541722825-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-1609830323-765120689-1541722825-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
SearchScopes: HKU\S-1-5-21-1609830323-765120689-1541722825-1001 -> DefaultScope {C959D6CA-DD06-4623-BC24-B1A330093942} URL = 
SearchScopes: HKU\S-1-5-21-1609830323-765120689-1541722825-1001 -> {C959D6CA-DD06-4623-BC24-B1A330093942} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-11-04] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-11-04] (Oracle Corporation)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\win_8\AppData\Roaming\Mozilla\Firefox\Profiles\w750w0hr.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-21] ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-11-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-11-04] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-21] ()
FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=6.1.0.18 -> C:\Program Files (x86)\BankID\npBispBrowser.dll [2014-11-27] (Finansiell ID-Teknik BID AB)
FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=6.2.5.1 -> C:\Program Files (x86)\BankID\npBispBrowser.dll [2014-11-27] (Finansiell ID-Teknik BID AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-06-07] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-05] (Adobe Systems Inc.)
FF Extension: DownloadHelper - C:\Users\win_8\AppData\Roaming\Mozilla\Firefox\Profiles\w750w0hr.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\win_8\AppData\Roaming\Mozilla\Firefox\Profiles\w750w0hr.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2015-02-20]
FF Extension: NoScript - C:\Users\win_8\AppData\Roaming\Mozilla\Firefox\Profiles\w750w0hr.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-03]
FF Extension: Adblock Plus - C:\Users\win_8\AppData\Roaming\Mozilla\Firefox\Profiles\w750w0hr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-24]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-18] (Avira Operations GmbH & Co. KG)
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-05] (Realtek Semiconductor)
R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [72512 2013-12-09] (IObit)
R3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2013-07-18] (Toshiba Europe GmbH)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-09-29] (Ulead Systems, Inc.) [File not signed]
R2 VMLiteService; C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe [426600 2010-08-21] (VMLite, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-28] (Avira Operations GmbH & Co. KG)
S3 ffusb2audio; C:\Windows\system32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)
S3 MUSONIK_PHASE_X64_USB; C:\Windows\System32\Drivers\msnkphsu.sys [460352 2009-11-13] (Ploytec GmbH)
S3 MUSONIK_PHASE_X64_WDM; C:\Windows\system32\drivers\msnkphsa.sys [49216 2009-11-13] (Ploytec GmbH)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation                           )
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-29] (Synaptics Incorporated)
S3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1816968 2010-04-16] (Syntek)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
R1 VBoxDrv; C:\Windows\System32\drivers\VBoxDrv.sys [204328 2010-08-11] (VMLite, Inc.)
R3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [146216 2010-08-11] (VMLite, Inc.)
R3 VBoxNetFlt; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [165800 2010-08-11] (VMLite, Inc.)
R1 vmlitedrv; C:\Windows\System32\drivers\vmlitedrv.sys [14952 2010-08-03] (VMLite, Inc.)
R3 vmlitestor; C:\Windows\system32\DRIVERS\vmlitestor.sys [177768 2010-08-11] (VMLite, Inc.)
R1 VMLiteUSBMon; C:\Windows\System32\drivers\vmliteusbmon.sys [135272 2010-08-18] (VMLite, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-09 19:40 - 2015-03-09 19:41 - 00014809 _____ () C:\Users\win_8\Desktop\FRST.txt
2015-03-09 19:40 - 2015-03-09 19:40 - 00000000 ____D () C:\FRST
2015-03-09 19:38 - 2015-03-09 19:38 - 02095104 _____ (Farbar) C:\Users\win_8\Desktop\FRST64.exe
2015-03-08 15:14 - 2015-03-08 15:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-27 21:29 - 2015-02-27 21:29 - 00000000 ____D () C:\Users\win_8\Documents\Mina webbplatser
2015-02-14 09:54 - 2015-02-14 09:56 - 00000000 ____D () C:\Users\win_8\.mediathek3
2015-02-14 09:49 - 2015-02-14 09:51 - 31470563 _____ () C:\Users\win_8\Downloads\MediathekView_8.zip
2015-02-13 19:44 - 2015-02-13 19:44 - 00000000 ____D () C:\Users\win_8\AppData\Local\pirateplay
2015-02-13 19:43 - 2015-02-13 19:43 - 00000000 ____D () C:\Users\win_8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pirateplayer
2015-02-13 19:43 - 2015-02-13 19:43 - 00000000 ____D () C:\Program Files (x86)\Pirateplayer
2015-02-13 19:42 - 2015-02-13 19:43 - 28896608 _____ () C:\Users\win_8\Downloads\ppinstaller_-_v0_5_0.exe
2015-02-10 22:32 - 2015-02-10 22:36 - 17520650 _____ () C:\Users\win_8\Downloads\JayB_VSynth.zip
2015-02-10 22:31 - 2015-02-10 22:32 - 00254541 _____ () C:\Users\win_8\Downloads\JayB_QY100.zip
2015-02-10 22:30 - 2015-02-10 22:30 - 00243017 _____ () C:\Users\win_8\Downloads\JayB_MotifES(1).zip
2015-02-10 22:30 - 2015-02-10 22:30 - 00100324 _____ () C:\Users\win_8\Downloads\JayB_PLG150AN.zip
2015-02-10 22:29 - 2015-02-10 22:29 - 00232611 _____ () C:\Users\win_8\Downloads\JayB_S80.zip
2015-02-10 22:29 - 2015-02-10 22:29 - 00024114 _____ () C:\Users\win_8\Downloads\JayB_AN1x.zip
2015-02-10 22:21 - 2015-02-10 22:21 - 00000000 ____D () C:\Users\win_8\Downloads\JayB_Effects
2015-02-10 22:20 - 2015-02-10 22:20 - 00243017 _____ () C:\Users\win_8\Downloads\JayB_MotifES.zip
2015-02-10 21:40 - 2015-02-10 21:54 - 65956150 _____ () C:\Users\win_8\Downloads\JayB_Effects.zip
2015-02-08 15:06 - 2013-10-01 09:41 - 00000000 ____D () C:\UBIOS

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-09 19:00 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\system32\sru
2015-03-09 18:42 - 2015-02-05 18:03 - 01073229 _____ () C:\windows\WindowsUpdate.log
2015-03-09 17:12 - 2012-07-26 08:59 - 00000000 ____D () C:\windows\CbsTemp
2015-03-08 23:45 - 2014-03-03 18:07 - 00168111 _____ () C:\MyXML.xml
2015-03-08 23:44 - 2013-07-15 09:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-08 23:44 - 2012-07-26 08:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-08 22:04 - 2013-06-24 19:53 - 00000000 ____D () C:\Users\win_8\AppData\Roaming\Skype
2015-03-08 20:18 - 2014-03-09 19:17 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-08 20:18 - 2013-06-24 19:53 - 00000000 ____D () C:\ProgramData\Skype
2015-03-08 19:15 - 2013-07-01 08:32 - 00000000 ___RD () C:\download
2015-03-02 18:32 - 2012-08-02 01:02 - 00712522 _____ () C:\windows\system32\perfh01D.dat
2015-03-02 18:32 - 2012-08-02 01:02 - 00148908 _____ () C:\windows\system32\perfc01D.dat
2015-03-02 18:32 - 2012-08-02 00:55 - 00440762 _____ () C:\windows\system32\perfh014.dat
2015-03-02 18:32 - 2012-08-02 00:55 - 00076914 _____ () C:\windows\system32\perfc014.dat
2015-03-02 18:32 - 2012-08-02 00:48 - 00426314 _____ () C:\windows\system32\perfh00B.dat
2015-03-02 18:32 - 2012-08-02 00:48 - 00081450 _____ () C:\windows\system32\perfc00B.dat
2015-03-02 18:32 - 2012-08-02 00:41 - 00455676 _____ () C:\windows\system32\perfh006.dat
2015-03-02 18:32 - 2012-08-02 00:41 - 00079422 _____ () C:\windows\system32\perfc006.dat
2015-03-02 18:32 - 2012-07-26 08:28 - 03259898 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-27 20:12 - 2013-09-10 17:06 - 00000000 ____D () C:\audio
2015-02-21 14:12 - 2013-06-24 18:32 - 00000000 ____D () C:\Users\win_8\AppData\Local\Adobe
2015-02-15 00:50 - 2014-08-25 17:22 - 00000000 ____D () C:\Users\win_8\Desktop\video
2015-02-14 13:38 - 2014-08-25 16:56 - 00000000 ____D () C:\video
2015-02-14 12:44 - 2013-06-26 18:28 - 00000000 ____D () C:\Users\win_8\AppData\Roaming\vlc
2015-02-14 11:29 - 2013-09-07 22:54 - 00000000 ____D () C:\fuji_3d
2015-02-14 09:54 - 2013-06-24 17:23 - 00000000 ____D () C:\Users\win_8
2015-02-11 23:18 - 2013-08-11 15:16 - 00000000 ____D () C:\1000d
2015-02-08 15:07 - 2014-04-23 20:28 - 00000023 _____ () C:\model.bat

==================== Files in the root of some directories =======

2013-06-26 18:27 - 2013-06-26 18:27 - 0000027 _____ () C:\Program Files\plugins.dat

Some content of TEMP:
====================
C:\Users\ADMINI~1\AppData\Local\Temp\PresentationCore.dll
C:\Users\ADMINI~1\AppData\Local\Temp\PresentationFramework.dll
C:\Users\ADMINI~1\AppData\Local\Temp\ReachFramework.dll
C:\Users\ADMINI~1\AppData\Local\Temp\UIAutomationProvider.dll
C:\Users\ADMINI~1\AppData\Local\Temp\UIAutomationTypes.dll
C:\Users\ADMINI~1\AppData\Local\Temp\WindowsBase.dll
C:\Users\ADMINI~1\AppData\Local\Temp\WindowsFormsIntegration.dll
C:\Users\win_8\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-08 15:54

==================== End Of Log ============================
         
--- --- ---


---snip

und hier addition

---snip
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2015 03
Ran by win_8 at 2015-03-09 19:41:26
Running from C:\Users\win_8\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.04) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
BankID säkerhetsprogram (HKLM-x32\...\{4B2557F9-8C03-4BE7-9984-4DE525076580}) (Version: 6.2.5.1 - Finansiell ID-Teknik BID AB)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.13.0.1 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Compatibility Pack för Office 2007-systemet (HKLM-x32\...\{90120000-0020-041D-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
DVBT Driver (x32 Version: 1.1.3.1 - ) Hidden
Empress of the Deep - The Darkest Secret (x32 Version: 2.2.0.98 - WildTangent) Hidden
ffdshow v1.3.4515 [2013-06-12] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4515.0 - )
Focusrite USB 2.0 Audio Driver 2.5.1 (HKLM\...\Focusrite USB 2.0 Audio Driver_is1) (Version: 2.5.1 - Focusrite Audio Engineering Limited.)
Fre(a)koscope (HKLM-x32\...\Fre(a)koscope_is1) (Version: 0.8 beta - Mdsp @ Smartelectronix)
Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(R) center 41663) (Version: 3.8.0.41663.61 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2875 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Office 2000 Premium (HKLM-x32\...\{0000041D-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6219.1000 - Microsoft Corporation)
Microsoft RichCopy 4.0 (HKLM-x32\...\{86F4F32B-77C7-4951-B33C-05D41A8190C1}) (Version: 4.0.211 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MPC-HC 1.7.5 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.5 - MPC-HC Team)
NetBeans IDE 7.4 (HKLM\...\nbi-nb-base-7.4.0.0.201310111528) (Version: 7.4 - NetBeans.org)
Passbild-Generator v3.6b (HKLM-x32\...\Passbild-Generator_is1) (Version:  - Passbild-Generator)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
PHASE X64 USB (HKLM\...\USB_AUDIO_DEusb-audio.dePhaseX64USB) (Version:  - )
Pirateplayer (HKLM-x32\...\Pirateplayer) (Version:  - )
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Premium Sound HD (HKLM\...\{000A208E-1050-4181-AC37-E13DA9254B73}) (Version: 1.12.6000 - DTS, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6794 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version:  - Seagate Technology)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 1.4.0.0 - IObit)
Steinberg Cubase 5 (HKLM-x32\...\{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}) (Version: 5.1.0 - Steinberg Media Technologies GmbH)
Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 1.0.0.1 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH)
Steinberg HALionOne (HKLM-x32\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Additional Content Set 01 (HKLM-x32\...\{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}) (Version: 1.0.0.001 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Expression Set (HKLM-x32\...\{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}) (Version: 1.0.1.0 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Drum Set (HKLM-x32\...\{AC997F93-0757-4ED4-A701-F40C2D654D09}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Set (HKLM-x32\...\{F057965A-D974-4C64-ADB1-4381CD4B8956}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Pro Set (HKLM-x32\...\{D82CDA0D-C182-42C8-8FF2-5649C98D6003}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Drum Set (HKLM-x32\...\{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Set (HKLM-x32\...\{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg LoopMash Content (HKLM-x32\...\{4D454CF8-12FD-464D-B57B-B46FE27B78BB}) (Version: 1.0.0.005 - Steinberg Media Technologies GmbH)
Steinberg REVerence Content 01 (HKLM-x32\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 1.0.0.006 - Steinberg Media Technologies GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.0 - Synaptics Incorporated)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.08.6402 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6626.6410 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 2.00.973 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.1.54043006 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0015 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.6.0 - Toshiba Europe GmbH)
Ulead VideoStudio SE DVD (HKLM-x32\...\{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}) (Version: 10.0 - Ulead Systems)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
USB2.0 Grabber (HKLM-x32\...\{45518B6D-9DDF-4144-83E4-A56762524F35}) (Version: 7.12.000.002 - Youyan)
USB2.0 Grabber (HKLM-x32\...\USB2.0 Grabber) (Version:  - )
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
Visual Analyser 2011 (HKLM-x32\...\{BE2F9F39-9512-4DFD-A412-0355A2FE66D3}) (Version: 14.0.0.19 - Alfredo Accattatis)
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
VMLite Workstation (HKLM\...\{197F2BEF-2705-406E-8CEB-8E404FFFE414}) (Version: 3.2.6 - VMLite)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.9.7 - WildTangent) Hidden
Windows-drivrutinspaket - Focusrite USB 2.0 Audio Driver (09/25/2013 2.5.128.1) (HKLM\...\CF1FC201D237269A9CD51A3A6B14ADBF67175C32) (Version: 09/25/2013 2.5.128.1 - Focusrite)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

22-02-2015 16:16:45 Schemalagd kontrollpunkt
25-02-2015 21:08:35 Windows Update
28-02-2015 22:16:07 Windows Update
08-03-2015 16:24:01 Schemalagd kontrollpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00D33521-7874-4CD6-8BB2-863C2C00EA3B} - System32\Tasks\StartMenuAutoupdate => C:\Program Files (x86)\IObit\Start Menu 8\AutoUpdate.exe [2015-01-22] (IObit)
Task: {09928DDE-9D84-4891-93C7-0676062C66CC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {13F34040-20F2-4AA3-B808-7F7EED36A5F4} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2013-07-18] (Toshiba Europe GmbH)
Task: {6EAB019B-FFF9-4F3B-9061-53FC2DC5D1C4} - System32\Tasks\{128FE2DB-52E4-4D16-BA42-5F04D72A0C62} => Firefox.exe hxxp://ui.skype.com/ui/0/6.11.0.102/de/abandoninstall?page=tsProgressBar
Task: {74118A71-CC1D-4C3B-888A-52D20702266F} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {7E2AB53E-B992-4373-8C7E-4662A968BEE1} - System32\Tasks\{E064D739-1F93-4F82-983F-2AF2EA6353CE} => Firefox.exe hxxp://ui.skype.com/ui/0/6.11.0.102/de/abandoninstall?page=tsBing
Task: {EB5ED57C-B450-4E90-B0C5-A5FDC3306643} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-11-29] (Synaptics Incorporated)
Task: {EF1EAFEE-95F9-4987-ABA9-2460BF88F59B} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)
Task: {F59F3CDE-905A-4317-8C70-BAC604AAF49C} - System32\Tasks\{7BE2C727-B857-4282-A9DE-8763EC92488D} => Firefox.exe hxxp://ui.skype.com/ui/0/6.11.0.102/de/abandoninstall?page=tsProgressBar

==================== Loaded Modules (whitelisted) ==============

2011-10-13 13:38 - 2011-10-13 13:38 - 00156672 _____ () C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
2010-08-11 13:18 - 2010-08-11 13:18 - 00202344 _____ () C:\Program Files\VMLite\VMLite Workstation\VBoxDDU.dll
2010-08-11 13:18 - 2010-08-11 13:18 - 02725480 _____ () C:\Program Files\VMLite\VMLite Workstation\VBoxRT.dll
2009-03-26 21:03 - 2009-03-26 21:03 - 01289728 _____ () C:\Program Files\VMLite\VMLite Workstation\LIBEAY32.dll
2012-10-26 00:24 - 2012-10-24 06:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-10-31 15:15 - 2012-10-31 15:15 - 02565544 _____ () C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
2012-07-18 18:38 - 2012-07-18 18:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-18 18:38 - 2012-07-18 18:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2013-06-26 17:52 - 2013-12-09 16:10 - 00348992 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madExcept_.bpl
2013-06-26 17:52 - 2013-12-09 16:10 - 00183616 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madBasic_.bpl
2013-06-26 17:52 - 2013-12-09 16:10 - 00051008 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madDisAsm_.bpl
2014-03-03 18:07 - 2013-12-09 16:10 - 00089920 _____ () C:\Program Files (x86)\IObit\Start Menu 8\NTFSScan.dll
2013-10-18 17:29 - 2013-12-09 16:10 - 00039744 _____ () C:\Program Files (x86)\IObit\Start Menu 8\pri.dll
2013-10-18 17:29 - 2013-12-09 16:11 - 00041280 _____ () C:\Program Files (x86)\IObit\Start Menu 8\winkey.dll
2013-05-03 22:20 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1609830323-765120689-1541722825-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Microsoft Office.lnk"
HKLM\...\StartupApproved\Run: => "TecoResident"
HKLM\...\StartupApproved\Run32: => "Intel AppUp(R) center"
HKLM\...\StartupApproved\Run32: => "TCrdMain"
HKLM\...\StartupApproved\Run32: => "TODDMain"
HKLM\...\StartupApproved\Run32: => "TosWaitSrv"

==================== Accounts: =============================

Administratör (S-1-5-21-1609830323-765120689-1541722825-500 - Administrator - Disabled)
Gäst (S-1-5-21-1609830323-765120689-1541722825-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1609830323-765120689-1541722825-1003 - Limited - Enabled)
win_8 (S-1-5-21-1609830323-765120689-1541722825-1001 - Administrator - Enabled) => C:\Users\win_8

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/09/2015 05:48:55 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (03/08/2015 10:14:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programmet firefox.exe, version 36.0.1.5542, avslutades eftersom det slutade samverka med Windows. Ytterligare information kan finnas i problemhistoriken på kontrollpanelen för Åtgärdscentret och lösningar.

Process-ID: d7c

Starttid: 01d059acc958762b

Avslutningstid: 4294967295

Programsökväg: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Rapport-ID: 15fb7580-c5d8-11e4-803b-7c05077950e8

Fullständigt namn på felaktigt paket: 

Program-ID relativt till felaktigt paket:

Error: (03/08/2015 10:14:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: plugin-container.exe, version 36.0.1.5542, tidsstämpel 0x54f851c0
, felet uppstod i modulen med namn: mozalloc.dll, version 36.0.1.5542, tidsstämpel 0x54f8437e
Undantagskod: 0x80000003
Felförskjutning: 0x00001e02
Process-ID: 0x122c
Programmets starttid: 0xplugin-container.exe0
Sökväg till program: plugin-container.exe1
Sökväg till modul: plugin-container.exe2
Rapport-ID: plugin-container.exe3
Fullständigt namn på felaktigt paket: plugin-container.exe4
Program-ID relativt till felaktigt paket: plugin-container.exe5

Error: (03/03/2015 06:04:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programmet firefox.exe, version 36.0.0.5531, avslutades eftersom det slutade samverka med Windows. Ytterligare information kan finnas i problemhistoriken på kontrollpanelen för Åtgärdscentret och lösningar.

Process-ID: f28

Starttid: 01d0550e22159c0a

Avslutningstid: 4294967295

Programsökväg: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Rapport-ID: 6bd7ca1f-c1c7-11e4-8039-7c05077950e8

Fullständigt namn på felaktigt paket: 

Program-ID relativt till felaktigt paket:

Error: (03/03/2015 06:04:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: plugin-container.exe, version 36.0.0.5531, tidsstämpel 0x54eb029a
, felet uppstod i modulen med namn: mozalloc.dll, version 36.0.0.5531, tidsstämpel 0x54eaf3b7
Undantagskod: 0x80000003
Felförskjutning: 0x00001e02
Process-ID: 0x380
Programmets starttid: 0xplugin-container.exe0
Sökväg till program: plugin-container.exe1
Sökväg till modul: plugin-container.exe2
Rapport-ID: plugin-container.exe3
Fullständigt namn på felaktigt paket: plugin-container.exe4
Program-ID relativt till felaktigt paket: plugin-container.exe5

Error: (03/02/2015 06:29:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: TCrdMain_Win8.exe, version 2.0.7.64, tidsstämpel 0x5091827a
, felet uppstod i modulen med namn: SynCOM.dll_unloaded, version 0.0.0.0, tidsstämpel 0x50b86421
Undantagskod: 0xc0000005
Felförskjutning: 0x000000001001f368
Process-ID: 0xcf0
Programmets starttid: 0xTCrdMain_Win8.exe0
Sökväg till program: TCrdMain_Win8.exe1
Sökväg till modul: TCrdMain_Win8.exe2
Rapport-ID: TCrdMain_Win8.exe3
Fullständigt namn på felaktigt paket: TCrdMain_Win8.exe4
Program-ID relativt till felaktigt paket: TCrdMain_Win8.exe5

Error: (03/01/2015 07:46:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programmet firefox.exe, version 36.0.0.5531, avslutades eftersom det slutade samverka med Windows. Ytterligare information kan finnas i problemhistoriken på kontrollpanelen för Åtgärdscentret och lösningar.

Process-ID: 1c44

Starttid: 01d05430892f0135

Avslutningstid: 4294967295

Programsökväg: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Rapport-ID: 55b755a3-c043-11e4-8037-7c05077950e8

Fullständigt namn på felaktigt paket: 

Program-ID relativt till felaktigt paket:

Error: (03/01/2015 07:46:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: plugin-container.exe, version 36.0.0.5531, tidsstämpel 0x54eb029a
, felet uppstod i modulen med namn: mozalloc.dll, version 36.0.0.5531, tidsstämpel 0x54eaf3b7
Undantagskod: 0x80000003
Felförskjutning: 0x00001e02
Process-ID: 0x2848
Programmets starttid: 0xplugin-container.exe0
Sökväg till program: plugin-container.exe1
Sökväg till modul: plugin-container.exe2
Rapport-ID: plugin-container.exe3
Fullständigt namn på felaktigt paket: plugin-container.exe4
Program-ID relativt till felaktigt paket: plugin-container.exe5

Error: (03/01/2015 04:00:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: plugin-container.exe, version 36.0.0.5531, tidsstämpel 0x54eb029a
, felet uppstod i modulen med namn: mozalloc.dll, version 36.0.0.5531, tidsstämpel 0x54eaf3b7
Undantagskod: 0x80000003
Felförskjutning: 0x00001e02
Process-ID: 0x180c
Programmets starttid: 0xplugin-container.exe0
Sökväg till program: plugin-container.exe1
Sökväg till modul: plugin-container.exe2
Rapport-ID: plugin-container.exe3
Fullständigt namn på felaktigt paket: plugin-container.exe4
Program-ID relativt till felaktigt paket: plugin-container.exe5

Error: (03/01/2015 03:44:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: TCrdMain_Win8.exe, version 2.0.7.64, tidsstämpel 0x5091827a
, felet uppstod i modulen med namn: SynCOM.dll_unloaded, version 0.0.0.0, tidsstämpel 0x50b86421
Undantagskod: 0xc0000005
Felförskjutning: 0x000000001001f368
Process-ID: 0x2a74
Programmets starttid: 0xTCrdMain_Win8.exe0
Sökväg till program: TCrdMain_Win8.exe1
Sökväg till modul: TCrdMain_Win8.exe2
Rapport-ID: TCrdMain_Win8.exe3
Fullständigt namn på felaktigt paket: TCrdMain_Win8.exe4
Program-ID relativt till felaktigt paket: TCrdMain_Win8.exe5


System errors:
=============
Error: (03/08/2015 11:41:35 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Tjänsten Windows Update stängdes inte på rätt sätt efter att ha mottagit en systemstängningsvarning.

Error: (03/08/2015 03:30:17 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Den senaste avstängningen av datorn vid 14:43:31 den ‎08.‎03.‎2015 skedde oväntat.

Error: (03/08/2015 02:43:31 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Den senaste avstängningen av datorn vid 18:14:50 den ‎03.‎03.‎2015 skedde oväntat.

Error: (03/02/2015 06:12:35 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Den senaste avstängningen av datorn vid 17:53:51 den ‎02.‎03.‎2015 skedde oväntat.

Error: (02/22/2015 03:15:43 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Den senaste avstängningen av datorn vid 21:21:44 den ‎21.‎02.‎2015 skedde oväntat.

Error: (02/19/2015 00:52:34 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Den senaste avstängningen av datorn vid 12:20:01 den ‎19.‎02.‎2015 skedde oväntat.

Error: (02/10/2015 06:28:20 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Den senaste avstängningen av datorn vid 20:46:38 den ‎08.‎02.‎2015 skedde oväntat.

Error: (02/07/2015 11:53:42 AM) (Source: DCOM) (EventID: 10010) (User: win8)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (02/03/2015 07:37:21 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Den senaste avstängningen av datorn vid 22:12:50 den ‎02.‎02.‎2015 skedde oväntat.

Error: (02/02/2015 07:21:19 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Den senaste avstängningen av datorn vid 19:04:13 den ‎01.‎02.‎2015 skedde oväntat.


Microsoft Office Sessions:
=========================
Error: (03/09/2015 05:48:55 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (03/08/2015 10:14:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe36.0.1.5542d7c01d059acc958762b4294967295C:\Program Files (x86)\Mozilla Firefox\firefox.exe15fb7580-c5d8-11e4-803b-7c05077950e8

Error: (03/08/2015 10:14:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe36.0.1.554254f851c0mozalloc.dll36.0.1.554254f8437e8000000300001e02122c01d059acdee8f26bC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll16fa4c51-c5d8-11e4-803b-7c05077950e8

Error: (03/03/2015 06:04:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe36.0.0.5531f2801d0550e22159c0a4294967295C:\Program Files (x86)\Mozilla Firefox\firefox.exe6bd7ca1f-c1c7-11e4-8039-7c05077950e8

Error: (03/03/2015 06:04:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe36.0.0.553154eb029amozalloc.dll36.0.0.553154eaf3b78000000300001e0238001d0550e27b09621C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll6c5c7a0e-c1c7-11e4-8039-7c05077950e8

Error: (03/02/2015 06:29:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TCrdMain_Win8.exe2.0.7.645091827aSynCOM.dll_unloaded0.0.0.050b86421c0000005000000001001f368cf001d0550c55bb4964C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exeSynCOM.dllafad17f9-c101-11e4-8039-7c05077950e8

Error: (03/01/2015 07:46:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe36.0.0.55311c4401d05430892f01354294967295C:\Program Files (x86)\Mozilla Firefox\firefox.exe55b755a3-c043-11e4-8037-7c05077950e8

Error: (03/01/2015 07:46:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe36.0.0.553154eb029amozalloc.dll36.0.0.553154eaf3b78000000300001e02284801d054468a7ceebcC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll56aba36c-c043-11e4-8037-7c05077950e8

Error: (03/01/2015 04:00:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe36.0.0.553154eb029amozalloc.dll36.0.0.553154eaf3b78000000300001e02180c01d0542faa06b65fC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllb4455f20-c023-11e4-8037-7c05077950e8

Error: (03/01/2015 03:44:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TCrdMain_Win8.exe2.0.7.645091827aSynCOM.dll_unloaded0.0.0.050b86421c0000005000000001001f3682a7401d0542c19571e0dC:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exeSynCOM.dll7cc58333-c021-11e4-8037-7c05077950e8


==================== Memory info =========================== 

Processor: Intel(R) Celeron(R) CPU 1000M @ 1.80GHz
Percentage of memory in use: 48%
Total physical RAM: 3979.21 MB
Available physical RAM: 2038.67 MB
Total Pagefile: 8587.21 MB
Available Pagefile: 3107.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: (TI31061100A) (Fixed) (Total:286.29 GB) (Free:97.81 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
__________________

Alt 10.03.2015, 13:32   #4
schrauber
/// the machine
/// TB-Ausbilder
 

habe mir was eingefangen "DownloadSponsor.Gen" - Standard

habe mir was eingefangen "DownloadSponsor.Gen"



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.03.2015, 18:48   #5
tom_sverige
 
habe mir was eingefangen "DownloadSponsor.Gen" - Standard

habe mir was eingefangen "DownloadSponsor.Gen"



Hallo,

das erste Programm habe ich ausgeführt, hier die Logdatei. Beim zweiten Programm gibts nur Englisch, und da sind die Kommandos: Scan Cleaning Logfile Uninstall (von links nach rechts). Ich habe zwar scan durchgeführt, war dann aber unsicher wegen "löschen" - soll ich nun Cleaning oder Uninstall wählen? "Löschen" (also Delete), war nicht dabei.

Bevor ich das dritte Programm starte, möchte ich erst Deine Antwort abwarten.

---snip

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 10.03.2015
Suchlauf-Zeit: 17:41:40
Logdatei: suchlauf_protokoll.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2014.11.20.06
Rootkit Datenbank: v2015.02.25.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: win_8

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 334846
Verstrichene Zeit: 39 Min, 29 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         


Alt 11.03.2015, 10:32   #6
schrauber
/// the machine
/// TB-Ausbilder
 

habe mir was eingefangen "DownloadSponsor.Gen" - Standard

habe mir was eingefangen "DownloadSponsor.Gen"



Warum läuft AdwCleaner bei dir auf Englisch? Komisch. Bitte Clean drücken.
__________________
--> habe mir was eingefangen "DownloadSponsor.Gen"

Alt 11.03.2015, 22:58   #7
tom_sverige
 
habe mir was eingefangen "DownloadSponsor.Gen" - Standard

habe mir was eingefangen "DownloadSponsor.Gen"



Hallo,

hier kommt jetzt der Rest. Was kann der "DownloadSponsor.Gen" eigentlich anrichten?


mbam:

--snip
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 10.03.2015
Suchlauf-Zeit: 17:41:40
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2014.11.20.06
Rootkit Datenbank: v2015.02.25.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: win_8

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 334846
Verstrichene Zeit: 39 Min, 29 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
---snip
adw:
Code:
ATTFilter
# AdwCleaner v4.112 - Logfile created 11/03/2015 at 22:18:45
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 8  (x64)
# Username : win_8 - WIN8
# Running from : C:\Users\win_8\Desktop\AdwCleaner_4.112.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\OCS

***** [ Web browsers ] *****

-\\ Internet Explorer v10.0.9200.17116


-\\ Mozilla Firefox v36.0.1 (x86 de)


*************************

AdwCleaner[R0].txt - [791 bytes] - [10/03/2015 18:41:27]
AdwCleaner[R1].txt - [849 bytes] - [11/03/2015 22:05:18]
AdwCleaner[S0].txt - [742 bytes] - [11/03/2015 22:18:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [800  bytes] ##########
         
---snip
jrt:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 8 x64
Ran by win_8 on 11.03.2015 at 22:38:20,46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\win_8\AppData\Roaming\mozilla\firefox\profiles\w750w0hr.default\minidumps [38 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.03.2015 at 22:40:44,34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
---snip
frst:
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by win_8 (administrator) on WIN8 on 11-03-2015 22:42:12
Running from C:\Users\win_8\Desktop
Loaded Profiles: win_8 (Available profiles: win_8)
Platform: Windows 8 (X64) OS Language: Svenska (Sverige)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(VMLite, Inc.) C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-11-29] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2565544 2012-10-31] ()
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2172816 2012-10-22] (SRS Labs, Inc.)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-12-18] (Intel Corporation)
HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [7152640 2012-12-05] (Pegatron Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703280 2015-03-10] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UVS10 Preload] => C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe [36864 2006-08-10] (Ulead Systems, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1609830323-765120689-1541722825-1001\...\MountPoints2: {0ac73d10-de8d-11e2-be87-7c05077950e8} - "E:\WD SmartWare.exe" autoplay=true
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1609830323-765120689-1541722825-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-1609830323-765120689-1541722825-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1609830323-765120689-1541722825-1001 -> {C959D6CA-DD06-4623-BC24-B1A330093942} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-11-04] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-11-04] (Oracle Corporation)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\win_8\AppData\Roaming\Mozilla\Firefox\Profiles\w750w0hr.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-21] ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-11-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-11-04] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-21] ()
FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=6.1.0.18 -> C:\Program Files (x86)\BankID\npBispBrowser.dll [2014-11-27] (Finansiell ID-Teknik BID AB)
FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=6.2.5.1 -> C:\Program Files (x86)\BankID\npBispBrowser.dll [2014-11-27] (Finansiell ID-Teknik BID AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-06-07] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-05] (Adobe Systems Inc.)
FF Extension: DownloadHelper - C:\Users\win_8\AppData\Roaming\Mozilla\Firefox\Profiles\w750w0hr.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\win_8\AppData\Roaming\Mozilla\Firefox\Profiles\w750w0hr.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2015-02-20]
FF Extension: NoScript - C:\Users\win_8\AppData\Roaming\Mozilla\Firefox\Profiles\w750w0hr.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-03]
FF Extension: Adblock Plus - C:\Users\win_8\AppData\Roaming\Mozilla\Firefox\Profiles\w750w0hr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-24]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-10] (Avira Operations GmbH & Co. KG)
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-05] (Realtek Semiconductor)
R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [72512 2013-12-09] (IObit)
R3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2013-07-18] (Toshiba Europe GmbH)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-09-29] (Ulead Systems, Inc.) [File not signed]
R2 VMLiteService; C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe [426600 2010-08-21] (VMLite, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-28] (Avira Operations GmbH & Co. KG)
S3 ffusb2audio; C:\Windows\system32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)
S3 MUSONIK_PHASE_X64_USB; C:\Windows\System32\Drivers\msnkphsu.sys [460352 2009-11-13] (Ploytec GmbH)
S3 MUSONIK_PHASE_X64_WDM; C:\Windows\system32\drivers\msnkphsa.sys [49216 2009-11-13] (Ploytec GmbH)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation                           )
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-29] (Synaptics Incorporated)
S3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1816968 2010-04-16] (Syntek)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
R1 VBoxDrv; C:\Windows\System32\drivers\VBoxDrv.sys [204328 2010-08-11] (VMLite, Inc.)
R3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [146216 2010-08-11] (VMLite, Inc.)
R3 VBoxNetFlt; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [165800 2010-08-11] (VMLite, Inc.)
R1 vmlitedrv; C:\Windows\System32\drivers\vmlitedrv.sys [14952 2010-08-03] (VMLite, Inc.)
R3 vmlitestor; C:\Windows\system32\DRIVERS\vmlitestor.sys [177768 2010-08-11] (VMLite, Inc.)
R1 VMLiteUSBMon; C:\Windows\System32\drivers\vmliteusbmon.sys [135272 2010-08-18] (VMLite, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-11 22:42 - 2015-03-11 22:42 - 00000000 ____D () C:\Users\win_8\Desktop\FRST-OlderVersion
2015-03-11 22:40 - 2015-03-11 22:40 - 00000744 _____ () C:\Users\win_8\Desktop\JRT.txt
2015-03-11 22:33 - 2015-02-03 20:29 - 00714184 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-03-11 22:33 - 2015-02-03 20:29 - 00106440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-11 22:24 - 2015-03-11 22:24 - 00000000 ____D () C:\windows\system32\appraiser
2015-03-11 22:21 - 2015-03-11 22:21 - 00000372 _____ () C:\windows\PFRO.log
2015-03-10 19:13 - 2014-10-09 05:00 - 01519104 _____ (Microsoft Corporation) C:\windows\system32\vssapi.dll
2015-03-10 19:13 - 2014-10-09 05:00 - 01484288 _____ (Microsoft Corporation) C:\windows\system32\VSSVC.exe
2015-03-10 19:13 - 2014-10-09 05:00 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\vsstrace.dll
2015-03-10 19:13 - 2014-10-09 04:59 - 01195520 _____ (Microsoft Corporation) C:\windows\SysWOW64\vssapi.dll
2015-03-10 19:13 - 2014-10-09 04:59 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\vsstrace.dll
2015-03-10 18:41 - 2015-03-11 22:18 - 00000000 ____D () C:\AdwCleaner
2015-03-10 18:38 - 2015-03-10 18:38 - 00001202 _____ () C:\Users\win_8\Desktop\suchlauf_protokoll.txt
2015-03-10 17:40 - 2015-03-10 17:40 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-10 17:39 - 2015-03-10 17:39 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-10 17:39 - 2015-03-10 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-10 17:39 - 2015-03-10 17:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-10 17:39 - 2015-03-10 17:39 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-03-10 17:39 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-03-10 17:39 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-03-10 17:39 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-03-10 17:36 - 2015-03-10 17:36 - 02171392 _____ () C:\Users\win_8\Desktop\AdwCleaner_4.112.exe
2015-03-10 17:36 - 2015-03-10 17:36 - 01388333 _____ (Thisisu) C:\Users\win_8\Desktop\JRT.exe
2015-03-10 17:35 - 2015-03-10 17:36 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\win_8\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-09 19:59 - 2015-03-09 20:01 - 00000000 ____D () C:\Users\win_8\Desktop\stick
2015-03-09 19:41 - 2015-03-09 19:42 - 00028808 _____ () C:\Users\win_8\Desktop\Addition.txt
2015-03-09 19:40 - 2015-03-11 22:42 - 00014729 _____ () C:\Users\win_8\Desktop\FRST.txt
2015-03-09 19:40 - 2015-03-11 22:42 - 00000000 ____D () C:\FRST
2015-03-09 19:38 - 2015-03-11 22:42 - 02095616 _____ (Farbar) C:\Users\win_8\Desktop\FRST64.exe
2015-03-09 18:02 - 2015-01-12 07:48 - 19291136 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-03-09 18:02 - 2015-01-12 07:47 - 15403008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-03-09 18:02 - 2015-01-12 06:06 - 14373376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-03-09 18:02 - 2014-11-21 09:36 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-03-09 18:02 - 2014-11-21 09:36 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-03-09 18:01 - 2015-01-12 07:49 - 02237952 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-03-09 18:01 - 2015-01-12 07:49 - 01409536 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-03-09 18:01 - 2015-01-12 07:49 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2015-03-09 18:01 - 2015-01-12 07:49 - 00600576 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-03-09 18:01 - 2015-01-12 07:48 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-03-09 18:01 - 2015-01-12 07:47 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-03-09 18:01 - 2015-01-12 07:47 - 02655744 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-03-09 18:01 - 2015-01-12 07:47 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-03-09 18:01 - 2015-01-12 07:47 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-03-09 18:01 - 2015-01-12 07:46 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-03-09 18:01 - 2015-01-12 06:07 - 01762816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-03-09 18:01 - 2015-01-12 06:07 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-03-09 18:01 - 2015-01-12 06:07 - 00523264 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-03-09 18:01 - 2015-01-12 06:06 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-03-09 18:01 - 2015-01-12 06:06 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-03-09 18:01 - 2015-01-12 06:06 - 02055168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-03-09 18:01 - 2015-01-12 06:06 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-03-09 18:01 - 2015-01-12 06:06 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-03-09 18:01 - 2015-01-12 06:06 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-03-09 18:01 - 2015-01-12 05:16 - 00441856 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-03-09 18:01 - 2015-01-12 04:46 - 00361984 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-03-09 18:01 - 2014-11-21 09:38 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-03-09 18:01 - 2014-11-21 09:37 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2015-03-09 18:01 - 2014-11-21 09:36 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-03-09 18:01 - 2014-11-21 09:36 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-03-09 18:01 - 2014-11-21 09:36 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-03-09 18:01 - 2014-11-21 09:36 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2015-03-09 18:01 - 2014-11-21 09:36 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-03-09 18:01 - 2014-11-21 09:36 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-03-09 18:01 - 2014-11-21 08:17 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-03-09 18:01 - 2014-11-21 08:17 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-03-09 18:01 - 2014-11-21 08:17 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2015-03-09 18:01 - 2014-11-21 08:16 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-03-09 18:01 - 2014-11-21 08:16 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-03-09 18:01 - 2014-11-21 08:16 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-03-09 18:01 - 2014-11-21 08:16 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2015-03-09 18:01 - 2014-11-21 08:16 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-03-09 18:01 - 2014-11-21 08:16 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-03-09 18:01 - 2014-11-21 08:16 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-03-09 18:01 - 2014-11-21 08:00 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-03-09 18:01 - 2014-11-21 07:54 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-03-09 18:01 - 2014-11-21 05:30 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2015-03-09 18:00 - 2015-01-09 05:33 - 04061696 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-03-09 17:59 - 2015-01-15 12:44 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2015-03-09 17:59 - 2015-01-15 12:43 - 01282560 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-03-09 17:58 - 2015-01-15 12:44 - 01043968 _____ (Microsoft Corporation) C:\windows\system32\usercpl.dll
2015-03-09 17:58 - 2015-01-15 11:00 - 00961536 _____ (Microsoft Corporation) C:\windows\SysWOW64\usercpl.dll
2015-03-09 17:58 - 2015-01-15 11:00 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2015-03-09 17:58 - 2015-01-15 10:38 - 00717824 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-03-09 17:58 - 2015-01-15 10:09 - 00717824 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-03-09 17:58 - 2015-01-15 05:08 - 00568656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-03-09 17:57 - 2014-12-11 07:51 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-03-09 17:57 - 2014-10-11 08:44 - 19764736 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-03-09 17:57 - 2014-10-11 06:57 - 17562112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-03-09 17:57 - 2014-10-09 04:59 - 00623616 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll
2015-03-09 17:57 - 2014-10-09 04:59 - 00212992 _____ (Microsoft Corporation) C:\windows\system32\dnsrslvr.dll
2015-03-09 17:57 - 2014-10-09 04:58 - 00458240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll
2015-03-09 17:57 - 2014-09-22 06:38 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\mfmpeg2srcsnk.dll
2015-03-09 17:57 - 2014-09-22 04:56 - 00513536 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmpeg2srcsnk.dll
2015-03-09 17:54 - 2014-12-19 07:48 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-03-09 17:54 - 2014-09-13 07:24 - 02233152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2015-03-09 17:54 - 2014-09-03 03:48 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2015-03-09 17:54 - 2014-09-03 03:22 - 00188928 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2015-03-09 17:54 - 2014-08-29 05:17 - 02043392 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2015-03-09 17:54 - 2014-08-29 05:17 - 00227328 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2015-03-09 17:54 - 2014-08-29 05:04 - 02837504 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2015-03-09 17:54 - 2014-08-29 05:04 - 00309248 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2015-03-09 17:54 - 2014-08-28 07:04 - 00499712 _____ (Microsoft Corporation) C:\windows\SysWOW64\FXSCOMEX.dll
2015-03-09 17:54 - 2014-08-28 07:04 - 00227840 _____ (Microsoft Corporation) C:\windows\SysWOW64\FXSAPI.dll
2015-03-09 17:54 - 2014-08-28 06:59 - 00616448 _____ (Microsoft Corporation) C:\windows\system32\FXSAPI.dll
2015-03-09 17:54 - 2014-08-28 06:59 - 00609280 _____ (Microsoft Corporation) C:\windows\system32\FXSCOMEX.dll
2015-03-09 17:54 - 2014-08-28 06:59 - 00432640 _____ (Microsoft Corporation) C:\windows\system32\FXSTIFF.dll
2015-03-09 17:54 - 2014-08-28 06:59 - 00254976 _____ (Microsoft Corporation) C:\windows\system32\FXST30.dll
2015-03-09 17:54 - 2014-07-24 14:12 - 00328512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Classpnp.sys
2015-03-09 17:53 - 2014-09-22 06:53 - 00035320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
2015-03-09 17:53 - 2014-08-26 23:08 - 00270024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
2015-03-09 17:52 - 2014-07-12 05:41 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\KBDRUM.DLL
2015-03-09 17:52 - 2014-07-12 05:41 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2015-03-09 17:52 - 2014-07-12 05:41 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2015-03-09 17:52 - 2014-07-12 05:41 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2015-03-09 17:52 - 2014-07-12 05:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2015-03-09 17:52 - 2014-07-12 05:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2015-03-09 17:52 - 2014-07-12 05:16 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRUM.DLL
2015-03-09 17:52 - 2014-07-12 05:16 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2015-03-09 17:52 - 2014-07-12 05:16 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2015-03-09 17:52 - 2014-07-12 05:16 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2015-03-09 17:52 - 2014-07-12 05:16 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2015-03-09 17:52 - 2014-07-12 05:15 - 00006144 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2015-03-09 17:52 - 2014-07-08 23:33 - 00181248 _____ (Microsoft Corp.) C:\windows\system32\Defrag.exe
2015-03-09 17:52 - 2014-07-08 23:32 - 01539584 _____ (Microsoft Corporation) C:\windows\system32\storagewmi.dll
2015-03-09 17:52 - 2014-07-08 23:32 - 00340480 _____ (Microsoft Corporation) C:\windows\system32\defragsvc.dll
2015-03-09 17:52 - 2014-07-08 23:30 - 01220608 _____ (Microsoft Corporation) C:\windows\SysWOW64\storagewmi.dll
2015-03-09 17:52 - 2014-07-07 06:52 - 00263680 _____ (Microsoft Corporation) C:\windows\system32\wcmsvc.dll
2015-03-09 17:52 - 2014-07-07 06:52 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\wcmcsp.dll
2015-03-09 17:52 - 2014-07-04 11:52 - 00328000 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys
2015-03-09 17:52 - 2014-07-03 02:59 - 01824784 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-03-09 17:52 - 2014-07-03 01:30 - 01408952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-03-09 17:52 - 2014-06-28 08:01 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll
2015-03-09 17:52 - 2014-06-28 07:56 - 00117248 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2015-03-09 17:52 - 2014-06-25 08:09 - 00733184 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2015-03-09 17:52 - 2014-06-25 08:07 - 01023488 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2015-03-09 17:52 - 2014-06-18 00:27 - 02032640 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2015-03-09 17:52 - 2014-06-18 00:23 - 02238464 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2015-03-09 17:52 - 2014-06-11 15:47 - 02842112 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2015-03-09 17:52 - 2014-06-11 05:40 - 02620928 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2015-03-09 17:52 - 2014-06-10 23:44 - 01403896 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-03-09 17:52 - 2014-02-04 11:57 - 01271664 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-03-09 17:47 - 2015-02-04 10:54 - 00609280 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-03-09 17:47 - 2015-02-04 10:52 - 00894464 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-03-09 17:47 - 2015-02-04 10:52 - 00761856 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-03-09 17:47 - 2015-02-04 10:52 - 00414208 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-03-09 17:47 - 2015-02-04 10:52 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-03-09 17:47 - 2015-02-03 00:18 - 01098752 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-03-09 17:47 - 2014-12-08 07:48 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-03-09 17:47 - 2014-12-08 06:04 - 00318464 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll
2015-03-09 17:47 - 2014-12-03 02:48 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-03-09 17:46 - 2014-10-11 08:45 - 10115072 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2015-03-09 17:46 - 2014-10-11 08:44 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2015-03-09 17:46 - 2014-10-11 08:44 - 00393216 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2015-03-09 17:46 - 2014-10-11 08:43 - 02307072 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2015-03-09 17:46 - 2014-10-11 06:58 - 08858624 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2015-03-09 17:46 - 2014-10-11 06:57 - 02416640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2015-03-09 17:46 - 2014-10-11 06:57 - 00295424 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2015-03-09 17:46 - 2014-10-11 06:56 - 02037760 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2015-03-09 17:43 - 2014-12-06 08:52 - 00384000 _____ (Microsoft Corporation) C:\windows\system32\ncsi.dll
2015-03-09 17:43 - 2014-12-06 08:52 - 00357376 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-03-09 17:43 - 2014-12-06 08:52 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\nlaapi.dll
2015-03-09 17:43 - 2014-12-06 07:09 - 00055296 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-03-09 17:40 - 2014-12-06 08:53 - 00458240 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2015-03-09 17:40 - 2014-12-06 08:53 - 00026112 _____ (Microsoft Corporation) C:\windows\system32\WerFaultSecure.exe
2015-03-09 17:40 - 2014-12-06 08:51 - 00370688 _____ (Microsoft Corporation) C:\windows\system32\Faultrep.dll
2015-03-09 17:40 - 2014-12-06 08:51 - 00267264 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-03-09 17:40 - 2014-12-06 08:50 - 00783872 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-03-09 17:40 - 2014-12-06 07:10 - 00355840 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2015-03-09 17:40 - 2014-12-06 07:10 - 00023552 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFaultSecure.exe
2015-03-09 17:40 - 2014-12-06 07:09 - 00332800 _____ (Microsoft Corporation) C:\windows\SysWOW64\Faultrep.dll
2015-03-09 17:40 - 2014-10-03 02:21 - 00522728 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-03-09 17:40 - 2014-10-02 23:29 - 00169472 _____ (Microsoft Corporation) C:\windows\system32\AudioEndpointBuilder.dll
2015-03-09 17:39 - 2014-11-26 07:43 - 00778240 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-03-09 17:39 - 2014-11-26 05:50 - 00567808 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2015-03-09 17:39 - 2014-10-11 08:44 - 03248640 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2015-03-09 17:38 - 2014-12-18 09:51 - 00096576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wfplwfs.sys
2015-03-09 17:38 - 2014-12-18 07:52 - 00889344 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2015-03-09 17:38 - 2014-12-18 07:51 - 01160192 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2015-03-09 17:38 - 2014-12-18 07:50 - 00723968 _____ (Microsoft Corporation) C:\windows\system32\BFE.DLL
2015-03-09 17:38 - 2014-12-18 07:20 - 00702464 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2015-03-09 17:37 - 2014-12-09 00:14 - 00391526 _____ () C:\windows\system32\ApnDatabase.xml
2015-03-09 17:37 - 2014-09-25 00:29 - 00318976 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-03-09 17:37 - 2014-09-25 00:29 - 00072192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncryptsslp.dll
2015-03-09 17:37 - 2014-09-25 00:01 - 00414208 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-03-09 17:37 - 2014-09-25 00:01 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\ncryptsslp.dll
2015-03-09 17:36 - 2015-01-12 07:49 - 01627648 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-03-09 17:36 - 2015-01-12 06:07 - 01338880 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-03-09 17:36 - 2014-12-19 05:35 - 00142336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-03-09 17:34 - 2014-11-08 12:22 - 00238080 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2015-03-09 17:34 - 2014-11-08 07:57 - 00187904 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2015-03-09 17:33 - 2014-11-08 12:21 - 00827904 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-03-09 17:33 - 2014-11-08 07:56 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-03-09 17:33 - 2014-10-23 13:47 - 00079872 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2015-03-09 17:33 - 2014-10-23 12:04 - 00068096 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2015-03-09 17:33 - 2014-10-11 09:35 - 00171840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-03-09 17:33 - 2014-10-11 06:41 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-03-09 17:33 - 2014-10-11 06:05 - 00146944 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-03-09 17:32 - 2015-01-15 22:45 - 06973248 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-03-09 17:31 - 2014-08-22 00:56 - 01418752 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-03-09 17:31 - 2014-08-22 00:27 - 01845760 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-03-09 00:29 - 2015-01-09 07:43 - 00951808 _____ (Microsoft Corporation) C:\windows\system32\Windows.Globalization.dll
2015-03-09 00:29 - 2015-01-09 06:03 - 00601088 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Globalization.dll
2015-03-09 00:29 - 2015-01-09 00:52 - 00478296 _____ () C:\windows\SysWOW64\locale.nls
2015-03-09 00:29 - 2015-01-09 00:52 - 00478296 _____ () C:\windows\system32\locale.nls
2015-03-09 00:12 - 2014-10-30 08:20 - 01890816 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-03-09 00:12 - 2014-10-30 06:22 - 01569792 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-03-08 15:14 - 2015-03-08 15:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-27 21:29 - 2015-02-27 21:29 - 00000000 ____D () C:\Users\win_8\Documents\Mina webbplatser
2015-02-14 09:54 - 2015-02-14 09:56 - 00000000 ____D () C:\Users\win_8\.mediathek3
2015-02-14 09:49 - 2015-02-14 09:51 - 31470563 _____ () C:\Users\win_8\Downloads\MediathekView_8.zip
2015-02-13 19:44 - 2015-02-13 19:44 - 00000000 ____D () C:\Users\win_8\AppData\Local\pirateplay
2015-02-13 19:43 - 2015-02-13 19:43 - 00000000 ____D () C:\Users\win_8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pirateplayer
2015-02-13 19:43 - 2015-02-13 19:43 - 00000000 ____D () C:\Program Files (x86)\Pirateplayer
2015-02-13 19:42 - 2015-02-13 19:43 - 28896608 _____ () C:\Users\win_8\Downloads\ppinstaller_-_v0_5_0.exe
2015-02-10 22:32 - 2015-02-10 22:36 - 17520650 _____ () C:\Users\win_8\Downloads\JayB_VSynth.zip
2015-02-10 22:31 - 2015-02-10 22:32 - 00254541 _____ () C:\Users\win_8\Downloads\JayB_QY100.zip
2015-02-10 22:30 - 2015-02-10 22:30 - 00243017 _____ () C:\Users\win_8\Downloads\JayB_MotifES(1).zip
2015-02-10 22:30 - 2015-02-10 22:30 - 00100324 _____ () C:\Users\win_8\Downloads\JayB_PLG150AN.zip
2015-02-10 22:29 - 2015-02-10 22:29 - 00232611 _____ () C:\Users\win_8\Downloads\JayB_S80.zip
2015-02-10 22:29 - 2015-02-10 22:29 - 00024114 _____ () C:\Users\win_8\Downloads\JayB_AN1x.zip
2015-02-10 22:21 - 2015-02-10 22:21 - 00000000 ____D () C:\Users\win_8\Downloads\JayB_Effects
2015-02-10 22:20 - 2015-02-10 22:20 - 00243017 _____ () C:\Users\win_8\Downloads\JayB_MotifES.zip
2015-02-10 21:40 - 2015-02-10 21:54 - 65956150 _____ () C:\Users\win_8\Downloads\JayB_Effects.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-11 22:42 - 2014-03-03 18:07 - 00168111 _____ () C:\MyXML.xml
2015-03-11 22:31 - 2012-07-26 08:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-11 22:25 - 2012-07-26 09:12 - 00000000 ___RD () C:\windows\ToastData
2015-03-11 22:25 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-11 22:25 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-11 22:25 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\SysWOW64\en-GB
2015-03-11 22:25 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\system32\en-GB
2015-03-11 22:25 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-11 22:25 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-11 22:24 - 2014-07-28 14:57 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-03-11 22:24 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\AppCompat
2015-03-11 22:20 - 2015-02-05 18:03 - 01633410 _____ () C:\windows\WindowsUpdate.log
2015-03-11 22:20 - 2012-07-26 06:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2015-03-11 22:00 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\system32\sru
2015-03-11 20:25 - 2012-07-26 08:59 - 00000000 ____D () C:\windows\CbsTemp
2015-03-11 20:17 - 2012-08-02 01:02 - 00712522 _____ () C:\windows\system32\perfh01D.dat
2015-03-11 20:17 - 2012-08-02 01:02 - 00148908 _____ () C:\windows\system32\perfc01D.dat
2015-03-11 20:17 - 2012-08-02 00:55 - 00440762 _____ () C:\windows\system32\perfh014.dat
2015-03-11 20:17 - 2012-08-02 00:55 - 00076914 _____ () C:\windows\system32\perfc014.dat
2015-03-11 20:17 - 2012-08-02 00:48 - 00426314 _____ () C:\windows\system32\perfh00B.dat
2015-03-11 20:17 - 2012-08-02 00:48 - 00081450 _____ () C:\windows\system32\perfc00B.dat
2015-03-11 20:17 - 2012-08-02 00:41 - 00455676 _____ () C:\windows\system32\perfh006.dat
2015-03-11 20:17 - 2012-08-02 00:41 - 00079422 _____ () C:\windows\system32\perfc006.dat
2015-03-11 20:17 - 2012-07-26 08:28 - 03259898 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-10 22:51 - 2013-07-01 08:32 - 00000000 ___RD () C:\download
2015-03-10 21:00 - 2013-06-24 19:53 - 00000000 ____D () C:\Users\win_8\AppData\Roaming\Skype
2015-03-10 19:46 - 2013-06-26 17:17 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2015-03-10 19:46 - 2013-06-26 17:15 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2015-03-10 19:46 - 2013-06-26 17:15 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2015-03-08 23:44 - 2013-07-15 09:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-08 20:18 - 2014-03-09 19:17 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-08 20:18 - 2013-06-24 19:53 - 00000000 ____D () C:\ProgramData\Skype
2015-02-27 20:12 - 2013-09-10 17:06 - 00000000 ____D () C:\audio
2015-02-21 14:12 - 2013-06-24 18:32 - 00000000 ____D () C:\Users\win_8\AppData\Local\Adobe
2015-02-15 00:50 - 2014-08-25 17:22 - 00000000 ____D () C:\Users\win_8\Desktop\video
2015-02-14 13:38 - 2014-08-25 16:56 - 00000000 ____D () C:\video
2015-02-14 12:44 - 2013-06-26 18:28 - 00000000 ____D () C:\Users\win_8\AppData\Roaming\vlc
2015-02-14 11:29 - 2013-09-07 22:54 - 00000000 ____D () C:\fuji_3d
2015-02-14 09:54 - 2013-06-24 17:23 - 00000000 ____D () C:\Users\win_8
2015-02-11 23:18 - 2013-08-11 15:16 - 00000000 ____D () C:\1000d

==================== Files in the root of some directories =======

2013-06-26 18:27 - 2013-06-26 18:27 - 0000027 _____ () C:\Program Files\plugins.dat

Some content of TEMP:
====================
C:\Users\ADMINI~1\AppData\Local\Temp\PresentationCore.dll
C:\Users\ADMINI~1\AppData\Local\Temp\PresentationFramework.dll
C:\Users\ADMINI~1\AppData\Local\Temp\ReachFramework.dll
C:\Users\ADMINI~1\AppData\Local\Temp\UIAutomationProvider.dll
C:\Users\ADMINI~1\AppData\Local\Temp\UIAutomationTypes.dll
C:\Users\ADMINI~1\AppData\Local\Temp\WindowsBase.dll
C:\Users\ADMINI~1\AppData\Local\Temp\WindowsFormsIntegration.dll
C:\Users\win_8\AppData\Local\Temp\avgnt.exe
C:\Users\win_8\AppData\Local\Temp\Quarantine.exe
C:\Users\win_8\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-08 15:54

==================== End Of Log ============================
         
--- --- ---

Alt 12.03.2015, 12:16   #8
schrauber
/// the machine
/// TB-Ausbilder
 

habe mir was eingefangen "DownloadSponsor.Gen" - Standard

habe mir was eingefangen "DownloadSponsor.Gen"




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu habe mir was eingefangen "DownloadSponsor.Gen"
antivir, avira, avira antivir, computer, downloadsponsor -gen, eingefangen, entferne, entfernen, gefangen, gen, gestern, gültig, jahre, konnte, laufen, malware, morgen, nacht, neu, plagegeister, quarantäne, rechner, starte, starten, stunden, windows



Ähnliche Themen: habe mir was eingefangen "DownloadSponsor.Gen"


  1. Windows 7; ESET Online-Scanner Fund "Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung"
    Log-Analyse und Auswertung - 27.04.2015 (13)
  2. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  3. Nach Spybot-Scan "DownloadSponsor" löschen
    Log-Analyse und Auswertung - 21.06.2014 (7)
  4. Beim Treiber Update "wiederspenstige" Software eingefangen. "SpeedUpMyComputer"
    Plagegeister aller Art und deren Bekämpfung - 27.05.2014 (3)
  5. Habe mir den "safesaver"-Mist eingefangen
    Plagegeister aller Art und deren Bekämpfung - 20.01.2014 (7)
  6. Verdacht auf TR/Kazy und PUP "Downloadsponsor.A"
    Plagegeister aller Art und deren Bekämpfung - 18.11.2013 (13)
  7. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  8. Malewarebytes fand infizierte Datei "PUP.Optional.DownloadSponsor.A"
    Log-Analyse und Auswertung - 22.10.2013 (8)
  9. 3x | habe mir virus/trojaner über skype eingefangen "sie ist auf diesem foto?"
    Mülltonne - 23.04.2013 (1)
  10. Habe mir "search.conduit.com" im IE eingefangen
    Log-Analyse und Auswertung - 18.03.2013 (7)
  11. Ich habe mir vor drei Tagen den Ukash-BKA-Virus "eingefangen". Wie bekomme ich den wieder los?
    Plagegeister aller Art und deren Bekämpfung - 29.12.2012 (1)
  12. Habe mir einen "virus" o.ä. eingefangen, Linker Mausklick geht nicht mehr
    Log-Analyse und Auswertung - 17.09.2011 (1)
  13. habe auch "Roter Bildschirm: "Ihr System wurde aus Sicherheitsgründen blockiert" "
    Plagegeister aller Art und deren Bekämpfung - 26.08.2011 (3)
  14. Habe mir den "ICQ-Virus" eingefangen
    Plagegeister aller Art und deren Bekämpfung - 22.04.2010 (2)
  15. Habe mir "ADSPY.AgentN" eingefangen...Was nun
    Plagegeister aller Art und deren Bekämpfung - 13.12.2009 (1)
  16. Hilfe, habe mir ein "TR /Renos.OAL" eingefangen
    Plagegeister aller Art und deren Bekämpfung - 01.07.2009 (2)
  17. "RdxIE.dll"-habe ich mir etwas eingefangen?
    Log-Analyse und Auswertung - 13.04.2005 (1)

Zum Thema habe mir was eingefangen "DownloadSponsor.Gen" - Hallo, mein Windows 8 wurde in letzter Zeit sehr langsam. Gestern merkte Avira Antivir, dass da eine Malware ist, konnte das aber nicht entfernen, sondern Avira fror ein. Ein paar - habe mir was eingefangen "DownloadSponsor.Gen"...
Archiv
Du betrachtest: habe mir was eingefangen "DownloadSponsor.Gen" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.