Trojaner-Board - wie entferne ich Home Tab\TBUpdater.dll?

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-07-2013

Ran by SYSTEM on 24-07-2013 10:16:43

Running from D:\

Windows Vista (TM) Home Premium (X86) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Recovery
 

The current controlset is ControlSet001
 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)

HKLM\...\Run: [InstantBurn] - C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe [593920 2007-02-15] (CyberLink Corporation.)

HKLM\...\Run: [LG Intelligent Update] - C:\Program Files\lg_swupdate\giljabistart.exe [251184 2008-10-26] (BIT LEADER)

HKLM\...\Run: [Adobe Photo Downloader] - C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe [67752 2006-12-21] (Adobe Systems Incorporated)

HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [417792 2009-11-10] (Apple Inc.)

HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-02] (Adobe Systems Incorporated)

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)

HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)

HKLM\...\Run: [] -  [x]

HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)

HKU\Petra\...\Run: [Power2GoExpress] -  [x]

HKU\Petra\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-18] (Microsoft Corporation)

HKU\Petra\...\Run: [Search Protection] - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [x]

HKU\Petra\...\Run: [Sysyem Cleaner] - C:\Users\Petra\AppData\Local\Temp\webyeryb3460vavaw.exe [ 2013-05-03] (BM-productions) <===== ATTENTION

HKU\Petra\...\Winlogon: [Shell] explorer.exe <==== ATTENTION 
 

========================== Services (Whitelisted) =================
 

S2 AdobeActiveFileMonitor5.0; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [108712 2006-12-21] ()

S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)

S2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)

S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

S1 CLBStor; C:\Windows\System32\Drivers\CLBStor.sys [10368 2007-02-15] (Cyberlink Co.,Ltd.)

S2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [155264 2007-02-15] (CyberLink Corporation.)

S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)

S3 UserIO; C:\Program Files\lg_swupdate\UserIO.sys [9200 2006-12-27] ()

S3 ZY760_XP; C:\Windows\System32\DRIVERS\WlanUZXP.sys [402944 2006-06-02] (ZyDAS Technology Corporation)

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]

S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]

S3 IpInIp; system32\DRIVERS\ipinip.sys [x]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-07-24 10:15 - 2013-07-24 10:15 - 00000000 ____D C:\FRST
 

==================== One Month Modified Files and Folders =======
 

2013-07-24 10:15 - 2013-07-24 10:15 - 00000000 ____D C:\FRST

2013-07-23 07:30 - 2008-10-24 06:35 - 01487945 _____ C:\Windows\WindowsUpdate.log

2013-07-23 07:29 - 2008-10-24 06:44 - 00000680 _____ C:\Users\Petra\AppData\Local\d3d9caps.dat

2013-07-23 07:29 - 2006-11-02 04:47 - 00003168 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2013-07-23 07:29 - 2006-11-02 04:47 - 00003168 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
 

Files to move or delete:

====================

C:\Users\Petra\AppData\Roaming\skype.ini
 

==================== Known DLLs (Whitelisted) ============
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 

==================== EXE ASSOCIATION =====================
 

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK
 

==================== Restore Points  =========================
 

Restore point made on: 2013-04-28 21:41:23

Restore point made on: 2013-04-28 22:05:01

Restore point made on: 2013-04-29 04:30:57

Restore point made on: 2013-04-29 06:20:11

Restore point made on: 2013-04-29 07:30:35

Restore point made on: 2013-04-29 21:44:44

Restore point made on: 2013-04-30 02:11:00

Restore point made on: 2013-04-30 09:53:24

Restore point made on: 2013-04-30 10:30:06

Restore point made on: 2013-04-30 22:52:09

Restore point made on: 2013-05-01 05:05:36

Restore point made on: 2013-05-01 21:47:20

Restore point made on: 2013-05-02 02:24:32

Restore point made on: 2013-05-02 05:20:47

Restore point made on: 2013-05-02 07:18:41

Restore point made on: 2013-05-02 08:50:43

Restore point made on: 2013-05-02 22:07:53

Restore point made on: 2013-05-05 04:24:17
 

==================== Memory info =========================== 
 

Percentage of memory in use: 13%

Total physical RAM: 2046.75 MB

Available physical RAM: 1771.43 MB

Total Pagefile: 1980.39 MB

Available Pagefile: 1835.47 MB

Total Virtual: 2047.88 MB

Available Virtual: 1972.5 MB
 

==================== Drives ================================
 

Drive c: (SYSTEM) (Fixed) (Total:80 GB) (Free:23.08 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (STORE N GO) (Removable) (Total:7.45 GB) (Free:7.45 GB) FAT32

Drive e: (BACKUP) (Fixed) (Total:151.88 GB) (Free:129.84 GB) NTFS

Drive x: (WINRE) (Fixed) (Total:1 GB) (Free:0.4 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 7383D325)

Partition 1: (Not Active) - (Size=1 GB) - (Type=27)

Partition 2: (Active) - (Size=80 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=152 GB) - (Type=07 NTFS)
 

========================================================

Disk: 1 (Size: 7 GB) (Disk ID: 6F20736B)

No partition Table on disk 1.

Disk 1 is a removable device.
 
 

LastRegBack: 2013-07-17 04:09
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Hallo Schrauber...

endlich habe es! und hoffe, diesmal richtig mit hashtag gepostet auch :-))))
dir einen schönen tag!
guan

Guten Abend Schrauber..
also eine menge für dich zu lesen jetzt :crazy:

AdwCleaner Logfile:

Code:

# AdwCleaner v2.306 - Datei am 24/07/2013 um 21:02:59 erstellt

# Aktualisiert am 19/07/2013 von Xplode

# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)

# Benutzer : Petra - PETRA-PC

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\Petra\Desktop\adwcleaner.exe

# Option [Suche]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 

Datei Gefunden : C:\Program Files\Mozilla Firefox\.autoreg

Ordner Gefunden : C:\Users\Petra\AppData\Local\PackageAware
 

***** [Registrierungsdatenbank] *****
 

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Schlüssel Gefunden : HKCU\Software\YahooPartnerToolbar

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v9.0.8112.16464
 

[OK] Die Registrierungsdatenbank ist sauber.
 

-\\ Mozilla Firefox v3.5.9 (de)
 

Datei : C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\sxzhbivg.default\prefs.js
 

Gefunden : user_pref("surfcanyon.ad_status", "1");

Gefunden : user_pref("surfcanyon.added_to_searchbar", true);

Gefunden : user_pref("surfcanyon.disabled", false);

Gefunden : user_pref("surfcanyon.enable_craigslist", false);

Gefunden : user_pref("surfcanyon.enable_lexis", false);

Gefunden : user_pref("surfcanyon.enable_msn", false);

Gefunden : user_pref("surfcanyon.enable_yahoo", false);

Gefunden : user_pref("surfcanyon.fractions", "0.0_0.0\r\n");

Gefunden : user_pref("surfcanyon.hourly_code", "scGetDocument = function() {\nreturn scIsFF ? content.document [...]

Gefunden : user_pref("surfcanyon.hourly_code2", "scGetSearchStringFromGoogleSerp_hourly = function() {\nvar aTa[...]

Gefunden : user_pref("surfcanyon.hourly_code_timestamp", "1267831089238");

Gefunden : user_pref("surfcanyon.inst_id", "47584523322839356006290146610614777");

Gefunden : user_pref("surfcanyon.inst_timestamp", "1253801573622");

Gefunden : user_pref("surfcanyon.last_checked_ts", "1266970830406");

Gefunden : user_pref("surfcanyon.last_notification_displayed", 1);

Gefunden : user_pref("surfcanyon.last_seen_splash", "304");

Gefunden : user_pref("surfcanyon.num_recs_clicked", "6");

Gefunden : user_pref("surfcanyon.num_results_clicked", "98");

Gefunden : user_pref("surfcanyon.num_results_clicked_when_recs_available", "17");

Gefunden : user_pref("surfcanyon.num_searches", "106");
 

-\\ Google Chrome v26.0.1410.64
 

Datei : C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Preferences
 

[OK] Die Datei ist sauber.
 

*************************
 

AdwCleaner[R1].txt - [2921 octets] - [24/07/2013 21:02:59]
 

########## EOF - C:\AdwCleaner[R1].txt - [2981 octets] ##########

--- --- ---

AdwCleaner Logfile:

Code:

# AdwCleaner v2.306 - Datei am 24/07/2013 um 21:04:18 erstellt

# Aktualisiert am 19/07/2013 von Xplode

# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)

# Benutzer : Petra - PETRA-PC

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\Petra\Desktop\adwcleaner.exe

# Option [Löschen]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 

Datei Gelöscht : C:\Program Files\Mozilla Firefox\.autoreg

Ordner Gelöscht : C:\Users\Petra\AppData\Local\PackageAware
 

***** [Registrierungsdatenbank] *****
 

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v9.0.8112.16464
 

[OK] Die Registrierungsdatenbank ist sauber.
 

-\\ Mozilla Firefox v3.5.9 (de)
 

Datei : C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\sxzhbivg.default\prefs.js
 

C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\sxzhbivg.default\user.js ... Gelöscht !
 

Gelöscht : user_pref("surfcanyon.ad_status", "1");

Gelöscht : user_pref("surfcanyon.added_to_searchbar", true);

Gelöscht : user_pref("surfcanyon.disabled", false);

Gelöscht : user_pref("surfcanyon.enable_craigslist", false);

Gelöscht : user_pref("surfcanyon.enable_lexis", false);

Gelöscht : user_pref("surfcanyon.enable_msn", false);

Gelöscht : user_pref("surfcanyon.enable_yahoo", false);

Gelöscht : user_pref("surfcanyon.fractions", "0.0_0.0\r\n");

Gelöscht : user_pref("surfcanyon.hourly_code", "scGetDocument = function() {\nreturn scIsFF ? content.document [...]

Gelöscht : user_pref("surfcanyon.hourly_code2", "scGetSearchStringFromGoogleSerp_hourly = function() {\nvar aTa[...]

Gelöscht : user_pref("surfcanyon.hourly_code_timestamp", "1267831089238");

Gelöscht : user_pref("surfcanyon.inst_id", "47584523322839356006290146610614777");

Gelöscht : user_pref("surfcanyon.inst_timestamp", "1253801573622");

Gelöscht : user_pref("surfcanyon.last_checked_ts", "1266970830406");

Gelöscht : user_pref("surfcanyon.last_notification_displayed", 1);

Gelöscht : user_pref("surfcanyon.last_seen_splash", "304");

Gelöscht : user_pref("surfcanyon.num_recs_clicked", "6");

Gelöscht : user_pref("surfcanyon.num_results_clicked", "98");

Gelöscht : user_pref("surfcanyon.num_results_clicked_when_recs_available", "17");

Gelöscht : user_pref("surfcanyon.num_searches", "106");
 

-\\ Google Chrome v26.0.1410.64
 

Datei : C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Preferences
 

[OK] Die Datei ist sauber.
 

*************************
 

AdwCleaner[R1].txt - [3050 octets] - [24/07/2013 21:02:59]

AdwCleaner[S1].txt - [3082 octets] - [24/07/2013 21:04:18]
 

########## EOF - C:\AdwCleaner[S1].txt - [3142 octets] ##########

--- --- ---JRT Logfile:

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 5.2.2 (07.22.2013:2)

OS: Windows Vista (TM) Home Premium x86

Ran by Petra on 24.07.2013 at 21:07:32,33

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{364B61AD-331D-4504-B395-85F6C6377B4A}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E4E3302C-B6C9-40C3-B93C-DA35A2D5A465}
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ FireFox
 

Successfully deleted the following from C:\Users\Petra\AppData\Roaming\mozilla\firefox\profiles\sxzhbivg.default\prefs.js
 

user_pref("google.toolbar.search-icon", "data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7PT7/3zF6/9Ptu//RbHx/

Emptied folder: C:\Users\Petra\AppData\Roaming\mozilla\firefox\profiles\sxzhbivg.default\minidumps [10 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 24.07.2013 at 21:10:08,55

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--- --- ---

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-07-2013

Ran by Petra (administrator) on 24-07-2013 21:18:40

Running from C:\Users\Petra\Desktop

Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard

Internet Explorer Version 9

Boot Mode: Normal
 

==================== Processes (Whitelisted) ===================
 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe

() C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

(Nero AG) C:\Program Files\Nero\Update\NASvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(CyberLink Corporation.) C:\Program Files\CyberLink\InstantBurn\Win2K\IBurn.exe

(BIT LEADER) C:\Program Files\lg_swupdate\GiljabiStart.exe

(Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe

(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

(Microsoft Corporation) C:\Windows\system32\conime.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)

HKLM\...\Run: [InstantBurn] - C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe [593920 2007-02-15] (CyberLink Corporation.)

HKLM\...\Run: [LG Intelligent Update] - C:\Program Files\lg_swupdate\giljabistart.exe [251184 2008-10-26] (BIT LEADER)

HKLM\...\Run: [Adobe Photo Downloader] - C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe [67752 2006-12-22] (Adobe Systems Incorporated)

HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [417792 2009-11-11] (Apple Inc.)

HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)

HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)

HKLM\...\Run: [] -  [x]

HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)

HKCU\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe [1233920 2009-04-11] (Microsoft Corporation)

HKCU\...\Run: [Power2GoExpress] -  [x]

HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)

HKCU\...\Run: [Search Protection] - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [x]

MountPoints2: F - F:\AutoRun.exe

MountPoints2: {0692ac9a-6fed-11df-9696-001d9251b137} - F:\ljutis\\drugom.exe

MountPoints2: {3e98ccf4-9be8-11de-9855-001d9251b137} - F:\AutoRun.exe

MountPoints2: {3e98ccf5-9be8-11de-9855-001d9251b137} - G:\AutoRun.exe

MountPoints2: {6284498d-8a4e-11de-a3ed-001d9251b137} - F:\AutoRun.exe

MountPoints2: {628449af-8a4e-11de-a3ed-001d9251b137} - G:\AutoRun.exe

MountPoints2: {8681fae7-9ae3-11de-915d-806e6f6e6963} - G:\AutoRun.exe

MountPoints2: {8e4fb7f1-ddd9-11de-a04f-001d9251b137} - H:\Menu.exe

MountPoints2: {8f19088b-b63c-11de-92d8-806e6f6e6963} - F:\AutoRun.exe

MountPoints2: {93229a07-9824-11de-a830-806e6f6e6963} - G:\AutoRun.exe

MountPoints2: {983466da-8a6e-11de-9136-806e6f6e6963} - G:\AutoRun.exe

MountPoints2: {983467d3-8a6e-11de-9136-001d9251b137} - F:\AutoRun.exe

MountPoints2: {983467d5-8a6e-11de-9136-001d9251b137} - G:\AutoRun.exe

MountPoints2: {a34d01b0-9a0f-11de-89d1-001d9251b137} - F:\AutoRun.exe

MountPoints2: {a34d01b2-9a0f-11de-89d1-001d9251b137} - F:\AutoRun.exe

MountPoints2: {d5efdd99-4032-11e0-b045-806e6f6e6963} - G:\LaunchU3.exe -a

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
 

==================== Internet (Whitelisted) ====================
 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - {D4506AF9-540C-4A8C-B3D4-1BA4E59FA168} URL = hxxp://www.google.de/search?q={searchTerms}

SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-rog

BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

Toolbar: HKCU -No Name - {4064EA35-578D-4073-A834-C96D82CBCF40} -  No File

Toolbar: HKCU -No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
 

FireFox:

========

FF ProfilePath: C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\sxzhbivg.default

FF Homepage: hxxp://go.gmx.net/br/ff3_startpage

FF Keyword.URL: hxxp://wa.ui-portal.de/gmx/gmx/s?produkte.browser.link.searchlink&s_brand=gmx&t_link=searchlink&ns_type=clickin&ns_url=hxxp://suche.gmx.net/search/web/?origin=br_urlbar_ff&su=

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()

FF Plugin: @java.com/DTPlugin,version=1.6.0_37 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @videolan.org/vlc,version=1.0.3 - D:\Documents\Downloads\VLC\npvlc.dll No File

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\sxzhbivg.default\searchplugins\amazonde.xml

FF SearchPlugin: C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\sxzhbivg.default\searchplugins\gmx-suche.xml

FF SearchPlugin: C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\sxzhbivg.default\searchplugins\preisvergleich.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

FF Extension: No Name - C:\Users\Petra\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

FF Extension: FireShot - C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\sxzhbivg.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}

FF Extension: FlashGot - C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\sxzhbivg.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}

FF Extension: Microsoft .NET Framework Assistant - C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\sxzhbivg.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF Extension: Update Notifier - C:\Program Files\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66}

FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF Extension: GMX Firefox Addon - C:\Program Files\Mozilla Firefox\extensions\{C473DC2B-895F-4E11-B8BF-FF28DFD62829}

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF HKLM\...\Firefox\Extensions: [{3112ca9c-de6d-4884-a869-9855de68056c}] C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}

FF Extension: Google Toolbar for Firefox - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
 

Chrome: 

=======

CHR HomePage: hxxp://www.google.com/

CHR RestoreOnStartup: "hxxp://www.google.com/"

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File

CHR Plugin: (Java(TM) Platform SE 6 U37) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File

CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll No File

CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

CHR Extension: (YouTube) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1

CHR Extension: (Google Search) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1

CHR Extension: (Gmail) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
 

========================== Services (Whitelisted) =================
 

R2 AdobeActiveFileMonitor5.0; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [108712 2006-12-22] ()

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)

R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)

R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

R1 CLBStor; C:\Windows\System32\Drivers\CLBStor.sys [10368 2007-02-15] (Cyberlink Co.,Ltd.)

R2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [155264 2007-02-15] (CyberLink Corporation.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)

S3 UserIO; C:\Program Files\lg_swupdate\UserIO.sys [9200 2006-12-27] ()

S3 ZY760_XP; C:\Windows\System32\DRIVERS\WlanUZXP.sys [402944 2006-06-02] (ZyDAS Technology Corporation)

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]

S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]

S3 IpInIp; system32\DRIVERS\ipinip.sys [x]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-07-24 21:15 - 2013-07-24 10:11 - 01220240 _____ (Farbar) C:\Users\Petra\Desktop\FRST.exe

2013-07-24 21:10 - 2013-07-24 21:10 - 00001360 _____ C:\Users\Petra\Desktop\JRT.txt

2013-07-24 21:07 - 2013-07-24 21:07 - 00000000 ____D C:\Windows\ERUNT

2013-07-24 21:04 - 2013-07-24 21:04 - 00003211 _____ C:\AdwCleaner[S1].txt

2013-07-24 21:02 - 2013-07-24 21:03 - 00003050 _____ C:\AdwCleaner[R1].txt

2013-07-24 21:01 - 2013-07-24 21:01 - 00000796 _____ C:\Windows\setupact.log

2013-07-24 21:01 - 2013-07-24 21:01 - 00000000 _____ C:\Windows\setuperr.log

2013-07-24 21:01 - 2013-07-24 20:58 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\Petra\Desktop\JRT.exe

2013-07-24 21:01 - 2013-07-24 20:57 - 00666633 _____ C:\Users\Petra\Desktop\adwcleaner.exe

2013-07-24 20:15 - 2013-07-24 20:15 - 00000000 ____D C:\FRST
 

==================== One Month Modified Files and Folders =======
 

2013-07-24 21:15 - 2008-10-24 16:44 - 00000000 ___RD C:\Users\Petra\Desktop

2013-07-24 21:15 - 2008-10-24 16:35 - 01649183 _____ C:\Windows\WindowsUpdate.log

2013-07-24 21:10 - 2013-07-24 21:10 - 00001360 _____ C:\Users\Petra\Desktop\JRT.txt

2013-07-24 21:07 - 2013-07-24 21:07 - 00000000 ____D C:\Windows\ERUNT

2013-07-24 21:05 - 2012-11-22 06:44 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-07-24 21:05 - 2008-10-24 16:44 - 00000680 _____ C:\Users\Petra\AppData\Local\d3d9caps.dat

2013-07-24 21:05 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-07-24 21:05 - 2006-11-02 14:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2013-07-24 21:05 - 2006-11-02 14:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2013-07-24 21:04 - 2013-07-24 21:04 - 00003211 _____ C:\AdwCleaner[S1].txt

2013-07-24 21:04 - 2008-10-26 15:12 - 00000000 ____D C:\Program Files\Mozilla Firefox

2013-07-24 21:04 - 2007-01-09 20:49 - 00000012 _____ C:\Windows\bthservsdp.dat

2013-07-24 21:04 - 2006-11-02 15:01 - 00032558 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-07-24 21:03 - 2013-07-24 21:02 - 00003050 _____ C:\AdwCleaner[R1].txt

2013-07-24 21:02 - 2006-11-02 12:33 - 01472468 _____ C:\Windows\system32\PerfStringBackup.INI

2013-07-24 21:01 - 2013-07-24 21:01 - 00000796 _____ C:\Windows\setupact.log

2013-07-24 21:01 - 2013-07-24 21:01 - 00000000 _____ C:\Windows\setuperr.log

2013-07-24 20:59 - 2012-11-22 06:44 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-07-24 20:58 - 2013-07-24 21:01 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\Petra\Desktop\JRT.exe

2013-07-24 20:57 - 2013-07-24 21:01 - 00666633 _____ C:\Users\Petra\Desktop\adwcleaner.exe

2013-07-24 20:52 - 2012-11-22 06:43 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-07-24 20:15 - 2013-07-24 20:15 - 00000000 ____D C:\FRST

2013-07-24 10:11 - 2013-07-24 21:15 - 01220240 _____ (Farbar) C:\Users\Petra\Desktop\FRST.exe
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-07-24 21:13
 

==================== End Of Log ============================

--- --- ---

--- --- ---