| |
| |||||||
Log-Analyse und Auswertung: Virusmeldung beim Hochfahren des Rechners in Form von akkustischem WarnsignalWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
08.05.2015, 06:36
| #16 |
| /// the machine /// TB-Ausbilder    |  Virusmeldung beim Hochfahren des Rechners in Form von akkustischem Warnsignal Das machen wir gleich  Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter RemoveProxy:
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.05.2015, 13:53
| #17 |
 | Virusmeldung beim Hochfahren des Rechners in Form von akkustischem Warnsignal FRST Logfile:
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-05-2015 01
Ran by Markus (administrator) on PIM-PC on 08-05-2015 14:15:45
Running from C:\Users\Markus\Downloads
Loaded Profiles: Markus (Available profiles: Markus)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Lexmark International, Inc.) C:\Windows\System32\LEXBCES.EXE
() C:\Windows\System32\LEXPPS.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Markus\Downloads\FRST(3).exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-11-15] (Synaptics, Inc.)
HKLM\...\Run: [HP Health Check Scheduler] => C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [46704 2006-11-10] (Hewlett-Packard)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [116040 2008-07-10] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [289064 2008-07-30] (Apple Inc.)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1164584 2010-09-01] ()
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2013-05-21] (RealNetworks, Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-06] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-14] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1916800003-2860886627-113782704-1002\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
BootExecute:
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1916800003-2860886627-113782704-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50064;https=127.0.0.1:50064
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1916800003-2860886627-113782704-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {0449F01E-0295-4025-A9DF-78D354D5B481} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1916800003-2860886627-113782704-1002 -> {0449F01E-0295-4025-A9DF-78D354D5B481} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
SearchScopes: HKU\S-1-5-21-1916800003-2860886627-113782704-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-04-16] (RealDownloader)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> c:\program files\google\googletoolbar2.dll [2007-04-30] (Google Inc.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-21] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\8e6udikz.default-1412062422621
FF Homepage: https://www.google.de/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2008-07-30] ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2010-08-25] (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Users\Markus\Desktop\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=13 -> C:\Program Files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll [2009-06-04] (Google)
FF Plugin: @real.com/nppl3260;version=16.0.2.32 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2013-05-21] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2013-05-21] (RealPlayer)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll [2007-09-18] (RealNetworks, Inc.)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.1 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll [2007-09-18] (RealNetworks, Inc.)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-04-16] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-21] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-21] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-07]
FF HKLM\...\Firefox\Extensions: [{E5886C91-CDD7-4832-B32D-0830705A9C60}] - C:\Users\Markus\AppData\Roaming\5012
FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-05-21]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKU\S-1-5-21-1916800003-2860886627-113782704-1002\...\Firefox\Extensions: [{E5886C91-CDD7-4832-B32D-0830705A9C60}] - C:\Users\Markus\AppData\Roaming\5012
Chrome:
=======
CHR Profile: C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (RealDownloader) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-08-28]
CHR Extension: (Skype Click to Call) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-08-28]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [116040 2008-07-22] (Apple Inc.)
S2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-14] (Avira Operations GmbH & Co. KG)
S2 gupdate1c9deaa14fed3cc; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-11-03] (Google Inc.)
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [63080 2006-11-21] (Hewlett-Packard)
R2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-03] (Hewlett-Packard Development Company, L.P.) [File not signed]
S3 IDriverT; C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LexBceS; C:\Windows\System32\LEXBCES.EXE [299008 2002-02-14] (Lexmark International, Inc.)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [575488 2008-08-07] (Nokia.) [File not signed]
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-03-21] (Avira Operations GmbH & Co. KG)
S3 cleanhlp; C:\EEK\bin\cleanhlp32.sys [50200 2015-05-06] (Emsisoft GmbH)
S3 eabfiltr; C:\Windows\System32\DRIVERS\eabfiltr.sys [8192 2006-06-28] (Hewlett-Packard Development Company, L.P.)
R3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [145920 2006-11-02] (Conexant Systems Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-10-03] (Avira GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 massfilter_hs; system32\drivers\massfilter_hs.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S0 pnyvih; System32\drivers\vjsvk.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-08 14:10 - 2015-05-08 14:10 - 01141248 _____ (Farbar) C:\Users\Markus\Downloads\FRST(3).exe
2015-05-08 14:09 - 2015-05-08 14:09 - 00000024 _____ () C:\Users\Markus\Desktop\Fixlist.txt
2015-05-07 09:47 - 2015-05-07 09:48 - 01141248 _____ (Farbar) C:\Users\Markus\Downloads\FRST(2).exe
2015-05-07 09:31 - 2015-05-07 09:31 - 00852630 _____ () C:\Users\Markus\Downloads\SecurityCheck.exe
2015-05-06 09:45 - 2015-05-06 09:45 - 00000691 _____ () C:\Users\Markus\Desktop\Start Emsisoft Emergency Kit.lnk
2015-05-06 09:43 - 2015-05-06 09:46 - 00000000 ____D () C:\EEK
2015-05-06 09:22 - 2015-05-06 09:28 - 156027424 _____ () C:\Users\Markus\Downloads\EmsisoftEmergencyKit.exe
2015-05-05 09:39 - 2015-05-05 09:39 - 02347384 _____ (ESET) C:\Users\Markus\Downloads\esetsmartinstaller_deu.exe
2015-05-04 12:00 - 2015-05-04 12:00 - 01140736 _____ (Farbar) C:\Users\Markus\Downloads\FRST(1).exe
2015-05-04 11:47 - 2015-05-04 11:47 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-PIM-PC-Windows-Vista-(TM)-Home-Premium-(32-bit).dat
2015-05-04 11:46 - 2015-05-04 11:46 - 00000000 ____D () C:\RegBackup
2015-05-04 11:45 - 2015-05-04 11:45 - 02716306 _____ (Thisisu) C:\Users\Markus\Downloads\JRT.exe
2015-05-04 11:18 - 2015-05-04 11:28 - 00000000 ____D () C:\AdwCleaner
2015-05-04 11:16 - 2015-05-04 11:16 - 02204160 _____ () C:\Users\Markus\Downloads\AdwCleaner_4.203.exe
2015-05-04 09:53 - 2015-05-04 09:53 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-04 09:53 - 2015-05-04 09:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-05-04 09:53 - 2015-05-04 09:53 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2015-05-04 09:53 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-04 09:53 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-04 09:48 - 2015-05-04 09:48 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Markus\Downloads\mbam-setup-2.1.6.1022(1).exe.part
2015-05-04 09:47 - 2015-05-04 09:48 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Markus\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-04 09:43 - 2015-05-04 09:45 - 00000000 ___SD () C:\32788R22FWJFW
2015-05-03 07:15 - 2015-05-03 07:15 - 00011166 _____ () C:\ComboFix.txt
2015-05-03 06:19 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-03 06:19 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-03 06:19 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-03 06:19 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-03 06:19 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-03 06:19 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-03 06:19 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-03 06:19 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-03 06:18 - 2015-05-03 07:16 - 00000000 ____D () C:\ComboFix
2015-05-03 06:18 - 2015-05-03 07:15 - 00000000 ____D () C:\Qoobox
2015-05-03 06:15 - 2015-05-04 09:42 - 05619691 _____ (Swearware) C:\Users\Markus\Downloads\ComboFix.exe
2015-05-01 18:06 - 2015-05-01 18:06 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Markus\Downloads\tdsskiller.exe
2015-05-01 15:38 - 2015-05-04 10:55 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-01 15:38 - 2015-05-04 06:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-01 15:33 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-01 15:32 - 2015-05-01 18:04 - 00000000 ____D () C:\Users\Markus\Desktop\mbar
2015-05-01 15:31 - 2015-05-01 15:32 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Markus\Downloads\mbar-1.09.1.1004.exe
2015-05-01 15:20 - 2015-05-01 15:20 - 00001057 _____ () C:\Users\Markus\Desktop\Revo Uninstaller.lnk
2015-05-01 15:19 - 2015-05-01 15:19 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Markus\Downloads\revosetup95.exe
2015-04-30 10:43 - 2015-04-30 10:47 - 00053973 _____ () C:\Users\Markus\Downloads\Addition.txt
2015-04-30 10:41 - 2015-05-08 14:15 - 00016489 _____ () C:\Users\Markus\Downloads\FRST.txt
2015-04-30 10:40 - 2015-05-08 14:15 - 00000000 ____D () C:\FRST
2015-04-30 10:39 - 2015-04-30 10:39 - 01140736 _____ (Farbar) C:\Users\Markus\Downloads\FRST.exe
2015-04-24 09:55 - 2015-04-24 09:56 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-16 11:36 - 2015-03-09 03:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-16 10:28 - 2015-03-05 04:24 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-16 10:20 - 2015-03-05 04:32 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-16 10:20 - 2015-03-05 04:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-16 10:13 - 2015-03-14 04:21 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-16 10:13 - 2015-03-13 03:51 - 03604920 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-16 10:13 - 2015-03-13 03:51 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 10:30 - 2015-03-10 01:06 - 12377600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 10:30 - 2015-03-10 01:03 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 10:30 - 2015-03-10 01:02 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 10:30 - 2015-03-10 01:00 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 10:30 - 2015-03-10 00:57 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 10:30 - 2015-03-10 00:57 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 10:30 - 2015-03-10 00:56 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 10:30 - 2015-03-10 00:56 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 10:30 - 2015-03-10 00:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-15 10:30 - 2015-03-10 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 10:30 - 2015-03-10 00:56 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-04-15 10:30 - 2015-03-10 00:56 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 10:30 - 2015-03-10 00:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 10:30 - 2015-03-10 00:55 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 10:30 - 2015-03-10 00:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 10:30 - 2015-03-10 00:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 10:30 - 2015-03-10 00:55 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 10:30 - 2015-03-10 00:55 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 10:30 - 2015-03-10 00:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 10:30 - 2015-03-10 00:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-04-15 10:30 - 2015-03-10 00:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-04-15 10:30 - 2015-03-10 00:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-08 14:09 - 2013-01-12 14:21 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-08 13:49 - 2007-05-01 04:01 - 01087031 _____ () C:\Windows\WindowsUpdate.log
2015-05-08 13:49 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-08 13:49 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-08 08:51 - 2009-07-02 07:29 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-08 08:43 - 2011-02-08 18:11 - 00349614 _____ () C:\Windows\PFRO.log
2015-05-08 08:43 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-07 15:25 - 2007-05-01 17:24 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-05-07 15:25 - 2006-11-02 15:01 - 00032624 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-07 13:47 - 2015-04-02 10:55 - 00049664 _____ () C:\Users\Markus\Documents\Schichtplan.xls
2015-05-05 09:37 - 2006-11-02 12:33 - 00763586 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-04 11:12 - 2014-05-18 09:53 - 00006933 _____ () C:\mbam.txt
2015-05-04 10:39 - 2013-02-19 14:30 - 00000000 ____D () C:\Windows\massfilter
2015-05-03 08:15 - 2012-07-09 11:37 - 00000000 ____D () C:\Users\Markus\Documents\Kontoauszüge_CoBa
2015-05-03 06:58 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini
2015-05-03 06:50 - 2006-11-02 12:22 - 50593792 _____ () C:\Windows\system32\config\COMPON~3.bak
2015-05-03 06:50 - 2006-11-02 12:22 - 49545216 _____ () C:\Windows\system32\config\software.bak
2015-05-03 06:50 - 2006-11-02 12:22 - 22020096 _____ () C:\Windows\system32\config\system.bak
2015-05-03 06:50 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\security.bak
2015-05-03 06:50 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\default.bak
2015-05-03 06:50 - 2006-11-02 12:22 - 00131072 _____ () C:\Windows\system32\config\sam.bak
2015-05-03 06:48 - 2008-10-14 17:21 - 00000000 ____D () C:\Windows\ERDNT
2015-05-01 15:39 - 2014-05-17 11:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-28 08:58 - 2014-05-24 06:26 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-17 13:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-16 11:35 - 2013-08-15 07:12 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-16 10:38 - 2006-11-02 12:24 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-04-15 11:09 - 2013-01-12 14:21 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-15 11:09 - 2013-01-12 14:21 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2011-03-25 08:43 - 2011-03-25 08:43 - 0002048 _____ () C:\Users\Markus\AppData\Roaming\6ywjg3vy.default.dat
2010-05-19 20:45 - 2010-05-19 20:45 - 0007887 _____ () C:\Users\Markus\AppData\Roaming\pcouffin.cat
2010-05-19 20:45 - 2010-05-19 20:45 - 0001144 _____ () C:\Users\Markus\AppData\Roaming\pcouffin.inf
2010-05-19 20:45 - 2010-05-19 20:45 - 0000033 _____ () C:\Users\Markus\AppData\Roaming\pcouffin.log
2010-05-19 20:45 - 2010-05-19 20:45 - 0047360 _____ (VSO Software) C:\Users\Markus\AppData\Roaming\pcouffin.sys
2011-03-24 09:37 - 2011-03-24 09:38 - 0000084 _____ () C:\Users\Markus\AppData\Roaming\urhtps.dat
2008-10-24 18:41 - 2008-10-24 18:41 - 0000000 _____ () C:\Users\Markus\AppData\Local\AtStart.txt
2009-07-12 15:22 - 2012-10-23 13:21 - 0059904 _____ () C:\Users\Markus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-10-24 18:41 - 2008-10-24 18:41 - 0000000 _____ () C:\Users\Markus\AppData\Local\DSwitch.txt
2008-10-24 18:41 - 2008-10-24 18:41 - 0000000 _____ () C:\Users\Markus\AppData\Local\QSwitch.txt
2008-03-27 02:00 - 2008-03-27 02:00 - 0000032 _____ () C:\ProgramData\ezsid.dat
2007-09-20 19:50 - 2010-05-19 18:26 - 0009793 _____ () C:\ProgramData\hpzinstall.log
Files to move or delete:
====================
C:\ProgramData\ezsid.dat
Some content of TEMP:
====================
C:\Users\Markus\AppData\Local\Temp\avgnt.exe
C:\Users\Markus\AppData\Local\Temp\Quarantine.exe
C:\Users\Markus\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-08 08:54
==================== End Of Log ============================
--- --- --- --- --- --- Hi, bin mir nicht sicher, ob das so richtig ist, als Fixbutton drückte kam eine Meldung "no fixlist found." "The fixlist should be in the same folder/directory the tool is located." ??? Gruss masi76 Nachtrag: hatte zuerst das fixlist.txt auf dem Desktop gespeichert, allerdings nach der vorhergenannten Meldung dahin verschoben, wo auch das FRST tool ist. |
|
09.05.2015, 08:45
| #18 |
| /// the machine /// TB-Ausbilder | Virusmeldung beim Hochfahren des Rechners in Form von akkustischem Warnsignal Also lief der Fix jetzt? Fixlog?
__________________
__________________ |
|
10.05.2015, 08:22
| #19 |
| | Virusmeldung beim Hochfahren des Rechners in Form von akkustischem Warnsignal Hallo, nein, der Fixlog lief nicht. Das log was ich zuvor gepostet hab, ist nur das FRST log, was ich allerdings erst später gesehen hatte. Sorry für die Umstände! Gruss masi76 |
|
10.05.2015, 19:37
| #20 |
| /// the machine /// TB-Ausbilder | Virusmeldung beim Hochfahren des Rechners in Form von akkustischem Warnsignal Speichere die fixlist im Download Ordner, neben dem Programm FRST, dann fix drücken.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.05.2015, 10:05
| #21 |
| | Virusmeldung beim Hochfahren des Rechners in Form von akkustischem WarnsignalCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-05-2015
Ran by Markus at 2015-05-11 09:52:16 Run:1
Running from C:\Users\Markus\Downloads
Loaded Profiles: Markus (Available profiles: Markus)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
RemoveProxy:
Emptytemp:
*****************
========= RemoveProxy: =========
"HKU\S-1-5-21-1916800003-2860886627-113782704-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-1916800003-2860886627-113782704-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-1916800003-2860886627-113782704-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
========= End of RemoveProxy: =========
EmptyTemp: => Removed 476.4 MB temporary data.
The system needed a reboot.
==== End of Fixlog 09:55:47 ====
|
|
12.05.2015, 06:34
| #22 |
| /// the machine /// TB-Ausbilder | Virusmeldung beim Hochfahren des Rechners in Form von akkustischem Warnsignal Perfekt. Frisches FRST Log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.05.2015, 09:20
| #23 |
| | Virusmeldung beim Hochfahren des Rechners in Form von akkustischem Warnsignal FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-05-2015
Ran by Markus (administrator) on PIM-PC on 12-05-2015 10:11:34
Running from C:\Users\Markus\Downloads
Loaded Profiles: Markus (Available profiles: Markus)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Lexmark International, Inc.) C:\Windows\System32\LEXBCES.EXE
() C:\Windows\System32\LEXPPS.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Farbar) C:\Users\Markus\Downloads\FRST(5).exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-11-15] (Synaptics, Inc.)
HKLM\...\Run: [HP Health Check Scheduler] => C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [46704 2006-11-10] (Hewlett-Packard)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [116040 2008-07-10] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [289064 2008-07-30] (Apple Inc.)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1164584 2010-09-01] ()
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2013-05-21] (RealNetworks, Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-06] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-14] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1916800003-2860886627-113782704-1002\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
BootExecute:
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1916800003-2860886627-113782704-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {0449F01E-0295-4025-A9DF-78D354D5B481} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1916800003-2860886627-113782704-1002 -> {0449F01E-0295-4025-A9DF-78D354D5B481} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
SearchScopes: HKU\S-1-5-21-1916800003-2860886627-113782704-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-04-16] (RealDownloader)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> c:\program files\google\googletoolbar2.dll [2007-04-30] (Google Inc.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-21] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\8e6udikz.default-1412062422621
FF Homepage: https://www.google.de/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2008-07-30] ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2010-08-25] (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Users\Markus\Desktop\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=13 -> C:\Program Files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll [2009-06-04] (Google)
FF Plugin: @real.com/nppl3260;version=16.0.2.32 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2013-05-21] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2013-05-21] (RealPlayer)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll [2007-09-18] (RealNetworks, Inc.)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.1 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll [2007-09-18] (RealNetworks, Inc.)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-04-16] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-21] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-21] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-07]
FF HKLM\...\Firefox\Extensions: [{E5886C91-CDD7-4832-B32D-0830705A9C60}] - C:\Users\Markus\AppData\Roaming\5012
FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-05-21]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKU\S-1-5-21-1916800003-2860886627-113782704-1002\...\Firefox\Extensions: [{E5886C91-CDD7-4832-B32D-0830705A9C60}] - C:\Users\Markus\AppData\Roaming\5012
Chrome:
=======
CHR Profile: C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (RealDownloader) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-08-28]
CHR Extension: (Skype Click to Call) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-08-28]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [116040 2008-07-22] (Apple Inc.)
S2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-14] (Avira Operations GmbH & Co. KG)
S2 gupdate1c9deaa14fed3cc; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-11-03] (Google Inc.)
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [63080 2006-11-21] (Hewlett-Packard)
R2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-03] (Hewlett-Packard Development Company, L.P.) [File not signed]
S3 IDriverT; C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LexBceS; C:\Windows\System32\LEXBCES.EXE [299008 2002-02-14] (Lexmark International, Inc.)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [575488 2008-08-07] (Nokia.) [File not signed]
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-03-21] (Avira Operations GmbH & Co. KG)
S3 cleanhlp; C:\EEK\bin\cleanhlp32.sys [50200 2015-05-06] (Emsisoft GmbH)
S3 eabfiltr; C:\Windows\System32\DRIVERS\eabfiltr.sys [8192 2006-06-28] (Hewlett-Packard Development Company, L.P.)
R3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [145920 2006-11-02] (Conexant Systems Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-10-03] (Avira GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 massfilter_hs; system32\drivers\massfilter_hs.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S0 pnyvih; System32\drivers\vjsvk.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-12 10:08 - 2015-05-12 10:09 - 01141248 _____ (Farbar) C:\Users\Markus\Downloads\FRST(5).exe
2015-05-11 09:48 - 2015-05-11 09:48 - 01141248 _____ (Farbar) C:\Users\Markus\Downloads\FRST(4).exe
2015-05-08 14:10 - 2015-05-08 14:10 - 01141248 _____ (Farbar) C:\Users\Markus\Downloads\FRST(3).exe
2015-05-07 09:47 - 2015-05-07 09:48 - 01141248 _____ (Farbar) C:\Users\Markus\Downloads\FRST(2).exe
2015-05-07 09:31 - 2015-05-07 09:31 - 00852630 _____ () C:\Users\Markus\Downloads\SecurityCheck.exe
2015-05-06 09:45 - 2015-05-06 09:45 - 00000691 _____ () C:\Users\Markus\Desktop\Start Emsisoft Emergency Kit.lnk
2015-05-06 09:43 - 2015-05-06 09:46 - 00000000 ____D () C:\EEK
2015-05-06 09:22 - 2015-05-06 09:28 - 156027424 _____ () C:\Users\Markus\Downloads\EmsisoftEmergencyKit.exe
2015-05-05 09:39 - 2015-05-05 09:39 - 02347384 _____ (ESET) C:\Users\Markus\Downloads\esetsmartinstaller_deu.exe
2015-05-04 12:00 - 2015-05-04 12:00 - 01140736 _____ (Farbar) C:\Users\Markus\Downloads\FRST(1).exe
2015-05-04 11:47 - 2015-05-04 11:47 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-PIM-PC-Windows-Vista-(TM)-Home-Premium-(32-bit).dat
2015-05-04 11:46 - 2015-05-04 11:46 - 00000000 ____D () C:\RegBackup
2015-05-04 11:45 - 2015-05-04 11:45 - 02716306 _____ (Thisisu) C:\Users\Markus\Downloads\JRT.exe
2015-05-04 11:18 - 2015-05-04 11:28 - 00000000 ____D () C:\AdwCleaner
2015-05-04 11:16 - 2015-05-04 11:16 - 02204160 _____ () C:\Users\Markus\Downloads\AdwCleaner_4.203.exe
2015-05-04 09:53 - 2015-05-04 09:53 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-04 09:53 - 2015-05-04 09:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-05-04 09:53 - 2015-05-04 09:53 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2015-05-04 09:53 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-04 09:53 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-04 09:48 - 2015-05-04 09:48 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Markus\Downloads\mbam-setup-2.1.6.1022(1).exe.part
2015-05-04 09:47 - 2015-05-04 09:48 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Markus\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-04 09:43 - 2015-05-04 09:45 - 00000000 ___SD () C:\32788R22FWJFW
2015-05-03 07:15 - 2015-05-03 07:15 - 00011166 _____ () C:\ComboFix.txt
2015-05-03 06:19 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-03 06:19 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-03 06:19 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-03 06:19 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-03 06:19 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-03 06:19 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-03 06:19 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-03 06:19 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-03 06:18 - 2015-05-03 07:16 - 00000000 ____D () C:\ComboFix
2015-05-03 06:18 - 2015-05-03 07:15 - 00000000 ____D () C:\Qoobox
2015-05-03 06:15 - 2015-05-04 09:42 - 05619691 _____ (Swearware) C:\Users\Markus\Downloads\ComboFix.exe
2015-05-01 18:06 - 2015-05-01 18:06 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Markus\Downloads\tdsskiller.exe
2015-05-01 15:38 - 2015-05-04 10:55 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-01 15:38 - 2015-05-04 06:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-01 15:33 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-01 15:32 - 2015-05-01 18:04 - 00000000 ____D () C:\Users\Markus\Desktop\mbar
2015-05-01 15:31 - 2015-05-01 15:32 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Markus\Downloads\mbar-1.09.1.1004.exe
2015-05-01 15:20 - 2015-05-01 15:20 - 00001057 _____ () C:\Users\Markus\Desktop\Revo Uninstaller.lnk
2015-05-01 15:19 - 2015-05-01 15:19 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Markus\Downloads\revosetup95.exe
2015-04-30 10:43 - 2015-04-30 10:47 - 00053973 _____ () C:\Users\Markus\Downloads\Addition.txt
2015-04-30 10:41 - 2015-05-12 10:11 - 00016287 _____ () C:\Users\Markus\Downloads\FRST.txt
2015-04-30 10:40 - 2015-05-12 10:11 - 00000000 ____D () C:\FRST
2015-04-30 10:39 - 2015-04-30 10:39 - 01140736 _____ (Farbar) C:\Users\Markus\Downloads\FRST.exe
2015-04-24 09:55 - 2015-04-24 09:56 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-16 11:36 - 2015-03-09 03:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-16 10:28 - 2015-03-05 04:24 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-16 10:20 - 2015-03-05 04:32 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-16 10:20 - 2015-03-05 04:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-16 10:13 - 2015-03-14 04:21 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-16 10:13 - 2015-03-13 03:51 - 03604920 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-16 10:13 - 2015-03-13 03:51 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 10:30 - 2015-03-10 01:06 - 12377600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 10:30 - 2015-03-10 01:03 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 10:30 - 2015-03-10 01:02 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 10:30 - 2015-03-10 01:00 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 10:30 - 2015-03-10 00:57 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 10:30 - 2015-03-10 00:57 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 10:30 - 2015-03-10 00:56 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 10:30 - 2015-03-10 00:56 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 10:30 - 2015-03-10 00:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-15 10:30 - 2015-03-10 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 10:30 - 2015-03-10 00:56 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-04-15 10:30 - 2015-03-10 00:56 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 10:30 - 2015-03-10 00:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 10:30 - 2015-03-10 00:55 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 10:30 - 2015-03-10 00:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 10:30 - 2015-03-10 00:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 10:30 - 2015-03-10 00:55 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 10:30 - 2015-03-10 00:55 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 10:30 - 2015-03-10 00:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 10:30 - 2015-03-10 00:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-04-15 10:30 - 2015-03-10 00:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-04-15 10:30 - 2015-03-10 00:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-12 10:17 - 2015-04-02 10:55 - 00049664 _____ () C:\Users\Markus\Documents\Schichtplan.xls
2015-05-12 10:09 - 2013-01-12 14:21 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-12 10:03 - 2007-05-01 04:01 - 01213807 _____ () C:\Windows\WindowsUpdate.log
2015-05-12 09:08 - 2009-07-02 07:29 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-12 09:05 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-12 09:05 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-12 09:05 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-11 15:26 - 2007-05-01 17:24 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-05-11 15:26 - 2006-11-02 15:01 - 00032624 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-08 08:43 - 2011-02-08 18:11 - 00349614 _____ () C:\Windows\PFRO.log
2015-05-05 09:37 - 2006-11-02 12:33 - 00763586 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-04 11:12 - 2014-05-18 09:53 - 00006933 _____ () C:\mbam.txt
2015-05-04 10:39 - 2013-02-19 14:30 - 00000000 ____D () C:\Windows\massfilter
2015-05-03 08:15 - 2012-07-09 11:37 - 00000000 ____D () C:\Users\Markus\Documents\Kontoauszüge_CoBa
2015-05-03 06:58 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini
2015-05-03 06:50 - 2006-11-02 12:22 - 50593792 _____ () C:\Windows\system32\config\COMPON~3.bak
2015-05-03 06:50 - 2006-11-02 12:22 - 49545216 _____ () C:\Windows\system32\config\software.bak
2015-05-03 06:50 - 2006-11-02 12:22 - 22020096 _____ () C:\Windows\system32\config\system.bak
2015-05-03 06:50 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\security.bak
2015-05-03 06:50 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\default.bak
2015-05-03 06:50 - 2006-11-02 12:22 - 00131072 _____ () C:\Windows\system32\config\sam.bak
2015-05-03 06:48 - 2008-10-14 17:21 - 00000000 ____D () C:\Windows\ERDNT
2015-05-01 15:39 - 2014-05-17 11:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-28 08:58 - 2014-05-24 06:26 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-17 13:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-16 11:35 - 2013-08-15 07:12 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-16 10:38 - 2006-11-02 12:24 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-04-15 11:09 - 2013-01-12 14:21 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-15 11:09 - 2013-01-12 14:21 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2011-03-25 08:43 - 2011-03-25 08:43 - 0002048 _____ () C:\Users\Markus\AppData\Roaming\6ywjg3vy.default.dat
2010-05-19 20:45 - 2010-05-19 20:45 - 0007887 _____ () C:\Users\Markus\AppData\Roaming\pcouffin.cat
2010-05-19 20:45 - 2010-05-19 20:45 - 0001144 _____ () C:\Users\Markus\AppData\Roaming\pcouffin.inf
2010-05-19 20:45 - 2010-05-19 20:45 - 0000033 _____ () C:\Users\Markus\AppData\Roaming\pcouffin.log
2010-05-19 20:45 - 2010-05-19 20:45 - 0047360 _____ (VSO Software) C:\Users\Markus\AppData\Roaming\pcouffin.sys
2011-03-24 09:37 - 2011-03-24 09:38 - 0000084 _____ () C:\Users\Markus\AppData\Roaming\urhtps.dat
2008-10-24 18:41 - 2008-10-24 18:41 - 0000000 _____ () C:\Users\Markus\AppData\Local\AtStart.txt
2009-07-12 15:22 - 2012-10-23 13:21 - 0059904 _____ () C:\Users\Markus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-10-24 18:41 - 2008-10-24 18:41 - 0000000 _____ () C:\Users\Markus\AppData\Local\DSwitch.txt
2008-10-24 18:41 - 2008-10-24 18:41 - 0000000 _____ () C:\Users\Markus\AppData\Local\QSwitch.txt
2008-03-27 02:00 - 2008-03-27 02:00 - 0000032 _____ () C:\ProgramData\ezsid.dat
2007-09-20 19:50 - 2010-05-19 18:26 - 0009793 _____ () C:\ProgramData\hpzinstall.log
Files to move or delete:
====================
C:\ProgramData\ezsid.dat
Some content of TEMP:
====================
C:\Users\Markus\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-12 09:11
==================== End Of Log ============================
--- --- --- Habe ansonsten keine Probleme mehr festgestellt |
|
12.05.2015, 17:41
| #24 |
| /// the machine /// TB-Ausbilder | Virusmeldung beim Hochfahren des Rechners in Form von akkustischem Warnsignal Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung:  Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.05.2015, 12:30
| #25 |
| | Virusmeldung beim Hochfahren des Rechners in Form von akkustischem Warnsignal Hi, die Deinstallation von Combofix hat soweit geklappt, allerdings kam nach dem Rebooten des Rechners auf dem Desktop das schwarze und blaue leere Fenster von Combibox wieder hoch und blinkten im Wechsel. Habe dann nochmals einen normalen Restart und einmal einen Neustart gemacht, leider blinken immer noch die beiden Fenster, welche nur schwer mit dem roten Kreuz wegzuclicken sind, da sich die Position verändert. "Sind quasi schwer einzufangen".  |
|
13.05.2015, 19:22
| #26 |
| /// the machine /// TB-Ausbilder | Virusmeldung beim Hochfahren des Rechners in Form von akkustischem Warnsignal Delfix auch schon gemacht?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.05.2015, 14:51
| #27 |
| | Virusmeldung beim Hochfahren des Rechners in Form von akkustischem WarnsignalCode:
ATTFilter ComboFix 15-04-28.01 - Markus 13/05/2015 12:30:59.3.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1013.334 [GMT 2:00]
Running from: C:\Users\Markus\Downloads\ComboFix.exe
Command switches used :: / Uninstall
AV: Avira Desktop *Disabled/Outdated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Outdated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Users\Markus\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
---- Previous Run -------
C:\Users\Markus\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
((((((((((((((((((((((((( Files Created from 2015-04-13 to 2015-05-13 )))))))))))))))))))))))))))))))
2015-05-13 12:44:38 . 2015-04-30 16:03:33 279040 ----a-w- C:\Windows\system32\schannel.dll
2015-05-13 12:41:49 . 2015-04-19 21:24:52 160768 ----a-w- C:\Windows\system32\d3d10_1.dll
2015-05-13 12:41:48 . 2015-04-19 21:24:52 219648 ----a-w- C:\Windows\system32\d3d10_1core.dll
2015-05-13 12:41:48 . 2015-04-19 21:24:52 189952 ----a-w- C:\Windows\system32\d3d10core.dll
2015-05-13 12:41:48 . 2015-04-19 20:19:37 1172480 ----a-w- C:\Windows\system32\d3d10warp.dll
2015-05-13 12:41:48 . 2015-04-19 20:18:56 486400 ----a-w- C:\Windows\system32\d3d10level9.dll
2015-05-13 10:51:42 . 2015-05-13 10:51:42 -------- d-----w- C:\Users\Public\AppData\Local\temp
2015-05-13 10:51:42 . 2015-05-13 10:51:42 -------- d-----w- C:\Users\Default\AppData\Local\temp
2015-05-06 07:43:43 . 2015-05-06 07:46:03 -------- d-----w- C:\EEK
2015-05-04 09:46:46 . 2015-05-04 09:46:46 -------- d-----w- C:\RegBackup
2015-05-04 09:18:29 . 2015-05-04 09:28:00 -------- d-----w- C:\AdwCleaner
2015-05-04 07:53:20 . 2015-04-14 07:37:50 51928 ----a-w- C:\Windows\system32\drivers\mwac.sys
2015-05-04 07:53:20 . 2015-04-14 07:37:42 23256 ----a-w- C:\Windows\system32\drivers\mbam.sys
2015-05-04 07:53:16 . 2015-05-04 07:53:33 -------- d-----w- C:\Program Files\ Malwarebytes Anti-Malware
2015-05-01 13:38:30 . 2015-05-04 04:44:53 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-01 13:38:28 . 2015-05-04 08:55:12 119512 ----a-w- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2015-05-01 13:33:18 . 2015-04-14 07:37:44 92888 ----a-w- C:\Windows\system32\drivers\mbamchameleon.sys
2015-04-30 08:40:59 . 2015-05-12 08:18:21 -------- d-----w- C:\FRST
2015-04-16 09:36:18 . 2015-03-09 01:01:02 1249280 ----a-w- C:\Windows\system32\msxml3.dll
2015-04-16 08:28:42 . 2015-03-05 02:24:07 297984 ----a-w- C:\Windows\system32\gdi32.dll
2015-04-16 08:20:54 . 2015-03-05 02:23:54 57344 ----a-w- C:\Windows\system32\clfsw32.dll
2015-04-16 08:20:50 . 2015-03-05 02:32:11 244152 ----a-w- C:\Windows\system32\clfs.sys
2015-04-16 08:13:16 . 2015-03-14 02:21:11 1205168 ----a-w- C:\Windows\system32\ntdll.dll
2015-04-16 08:13:14 . 2015-03-13 01:51:44 3604920 ----a-w- C:\Windows\system32\ntkrnlpa.exe
2015-04-16 08:13:07 . 2015-03-13 01:51:44 3552184 ----a-w- C:\Windows\system32\ntoskrnl.exe
2015-04-14 00:35:06 . 2015-04-14 00:35:06 875720 ----a-w- C:\Windows\system32\msvcr120_clr0400.dll
2015-04-14 00:35:06 . 2015-04-14 00:35:06 536776 ----a-w- C:\Windows\system32\msvcp120_clr0400.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2015-04-19 04:59:19 . 2015-05-13 12:41:47 2065408 ----a-w- C:\Windows\system32\win32k.sys
2015-04-15 09:09:39 . 2013-01-12 12:21:42 778416 ----a-w- C:\Windows\system32\FlashPlayerApp.exe
2015-04-15 09:09:39 . 2013-01-12 12:21:42 142512 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-09 22:57:20 . 2015-04-15 08:30:44 1129472 ----a-w- C:\Windows\system32\wininet.dll
2015-03-09 22:56:13 . 2015-04-15 08:30:52 421376 ----a-w- C:\Windows\system32\vbscript.dll
2015-02-24 02:23:36 . 2009-10-03 22:27:14 246920 ------w- C:\Windows\system32\MpSigStub.exe
2015-02-20 02:03:22 . 2015-03-14 16:26:58 34304 ----a-w- C:\Windows\system32\atmlib.dll
2015-02-20 00:28:27 . 2015-03-14 16:26:58 296960 ----a-w- C:\Windows\system32\atmfd.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2009-04-11 06:28:03 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 07:33:09 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 06:02:46 815104]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-06 09:02:32 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-06 09:05:32 106496]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-11-06 09:02:18 81920]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-11-10 18:50:42 46704]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 08:47:28 116040]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 09:47:56 289064]
"DivXUpdate"="C:\Program Files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 06:39:18 1164584]
"TkBellExe"="C:\Program Files\Real\RealPlayer\update\realsched.exe" [2013-05-21 10:42:41 295512]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2014-08-06 09:48:36 751184]
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 19:43:52 59720]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2013-05-01 01:59:04 421888]
"Avira Systray"="C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe" [2014-07-14 14:49:14 190032]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-06 06:52:36 988488 ----a-w- C:\Program Files\Google\Chrome\Application\42.0.2311.135\Installer\chrmstp.exe
Contents of the 'Scheduled Tasks' folder
2015-05-13 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-12 12:21:43 . 2015-04-15 09:09:41]
2014-05-18 C:\Windows\Tasks\Google Software Updater.job
- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-30 18:46:23 . 2011-11-17 04:02:31]
2015-05-13 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-27 09:03:40 . 2014-11-03 06:52:56]
2015-02-22 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-27 09:03:40 . 2014-11-03 06:52:56]
2014-05-18 C:\Windows\Tasks\User_Feed_Synchronization-{0798338A-4626-44DD-9D57-0FE79EFEF1D8}.job
- C:\Windows\system32\msfeedssync.exe [2015-04-15 08:30:45 . 2015-03-09 22:55:31]
------- Supplementary Scan -------
uStart Page = www.google.com
mStart Page = www.google.com
mSearchMigratedDefaultURL = hxxp://www.Google.com/
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\8e6udikz.default-1412062422621\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/?gws_rd=ssl
- - - - ORPHANS REMOVED - - - -
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
Code:
ATTFilter # DelFix v10.9 - Logfile created 14/05/2015 at 15:36:46
# Updated 27/02/2015 by Xplode
# Username : Markus - PIM-PC
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
~ Activating UAC ... OK
~ Removing disinfection tools ...
Deleted : C:\Qoobox
Deleted : C:\Combofix
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Markus\Desktop\mbar
Deleted : C:\ComboFix.txt
Deleted : C:\TDSSKiller.3.0.0.44_01.05.2015_18.08.12_log.txt
Deleted : C:\TDSSKiller.3.0.0.44_01.05.2015_18.09.46_log.txt
Deleted : C:\Users\Markus\Downloads\Addition.txt
Deleted : C:\Users\Markus\Downloads\AdwCleaner_4.203.exe
Deleted : C:\Users\Markus\Downloads\ComboFix.exe
Deleted : C:\Users\Markus\Downloads\esetsmartinstaller_deu.exe
Deleted : C:\Users\Markus\Downloads\Fixlog.txt
Deleted : C:\Users\Markus\Downloads\FRST(1).exe
Deleted : C:\Users\Markus\Downloads\FRST(2).exe
Deleted : C:\Users\Markus\Downloads\FRST(3).exe
Deleted : C:\Users\Markus\Downloads\FRST(4).exe
Deleted : C:\Users\Markus\Downloads\FRST(5).exe
Deleted : C:\Users\Markus\Downloads\FRST.exe
Deleted : C:\Users\Markus\Downloads\FRST.txt
Deleted : C:\Users\Markus\Downloads\JRT.exe
Deleted : C:\Users\Markus\Downloads\SecurityCheck.exe
Deleted : C:\Users\Markus\Downloads\tdsskiller.exe
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
~ Creating registry backup ... OK
~ Cleaning system restore ...
Deleted : RP #1669 [Windows Update | 05/05/2015 07:13:26]
Deleted : RP #1670 [Scheduled Checkpoint | 05/07/2015 11:23:22]
Deleted : RP #1671 [Scheduled Checkpoint | 05/08/2015 08:54:29]
Deleted : RP #1672 [Scheduled Checkpoint | 05/10/2015 08:16:04]
Deleted : RP #1674 [Windows Update | 05/12/2015 07:35:19]
Deleted : RP #1675 [Windows Update | 05/13/2015 12:07:58]
Deleted : RP #1676 [Scheduled Checkpoint | 05/14/2015 13:00:07]
New restore point created !
~ Resetting system settings ... OK
########## - EOF - ##########
|
|
14.05.2015, 20:57
| #28 |
| /// the machine /// TB-Ausbilder | Virusmeldung beim Hochfahren des Rechners in Form von akkustischem Warnsignal Kommt das Fenster jetzt noch?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.05.2015, 09:03
| #29 |
| | Virusmeldung beim Hochfahren des Rechners in Form von akkustischem Warnsignal Hi, nein, die beiden Fenster kommen nicht mehr beim Hochfahren des Rechners. Gruss masi76 |
|
16.05.2015, 06:03
| #30 |
| /// the machine /// TB-Ausbilder | Virusmeldung beim Hochfahren des Rechners in Form von akkustischem Warnsignal ok, dann sind wir fertig
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Virusmeldung beim Hochfahren des Rechners in Form von akkustischem Warnsignal |
| abspielen, angezeigt, avira, desktop, eingefangen, gefangen, gen, gestern, gestoppt, hochfahren, hängt, komplette, laptop, laufen, log, nervig, nichts, plugin, rechners, richtig, signal, skript, verbindung, virus, virusmeldung |
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
