Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Firefox: Websiten werden auf Lycos umgeleitet - Werbung popt auf - Internet langsam! (https://www.trojaner-board.de/138942-firefox-websiten-lycos-umgeleitet-werbung-popt-internet-langsam.html)

nobody123 21.08.2013 07:11
Code:
ComboFix 13-08-18.01 - Tim 19.08.2013  7:50.3.4 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3326.2248 [GMT 2:00]
ausgeführt von:: c:\users\Tim\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Tim\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_afcbjbbo
-------\Service_miegnlzi
-------\Service_ntplmfor
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-07-19 bis 2013-08-19  ))))))))))))))))))))))))))))))
.
.
2013-08-19 05:55 . 2013-08-19 05:55        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-08-19 05:55 . 2013-08-19 05:55        --------        d-----w-        c:\users\Administrator\AppData\Local\temp
2013-08-18 13:12 . 2013-07-02 06:54        7143960        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{321838C2-98B1-4F0D-B1CA-126EB08BD6F5}\mpengine.dll
2013-08-16 17:39 . 2013-07-02 06:54        7143960        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-14 08:06 . 2013-08-14 08:08        --------        d-----w-        c:\windows\system32\MRT
2013-08-14 06:45 . 2013-07-09 04:50        652800        ----a-w-        c:\windows\system32\rpcrt4.dll
2013-08-14 06:45 . 2013-07-09 04:52        175104        ----a-w-        c:\windows\system32\wintrust.dll
2013-08-14 06:45 . 2013-07-09 04:46        140288        ----a-w-        c:\windows\system32\cryptsvc.dll
2013-08-14 06:45 . 2013-07-09 04:46        1166848        ----a-w-        c:\windows\system32\crypt32.dll
2013-08-14 06:45 . 2013-07-09 04:46        103936        ----a-w-        c:\windows\system32\cryptnet.dll
2013-08-14 06:44 . 2013-07-09 05:03        3968960        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2013-08-14 06:44 . 2013-07-09 05:03        3913664        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-08-14 06:44 . 2013-07-09 04:53        1289096        ----a-w-        c:\windows\system32\ntdll.dll
2013-08-14 06:44 . 2013-07-06 05:05        1293760        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2013-08-14 06:43 . 2013-07-25 08:57        1620992        ----a-w-        c:\windows\system32\WMVDECOD.DLL
2013-08-14 06:38 . 2013-07-19 01:41        2048        ----a-w-        c:\windows\system32\tzres.dll
2013-08-14 06:38 . 2013-06-15 03:38        31232        ----a-w-        c:\windows\system32\drivers\tssecsrv.sys
2013-08-11 20:08 . 2013-08-11 20:09        --------        d-----w-        c:\programdata\Tarma Installer
2013-08-11 20:04 . 2013-08-11 20:04        --------        d-----w-        c:\users\Tim\AppData\Roaming\Babylon
2013-08-11 20:04 . 2013-08-11 20:04        --------        d-----w-        c:\programdata\Babylon
2013-07-31 06:12 . 2013-07-31 06:12        --------        d-----w-        C:\FRST
2013-07-28 16:47 . 2013-07-28 16:47        --------        d-----w-        c:\windows\ERUNT
2013-07-26 19:53 . 2013-07-26 19:53        --------        d-----w-        c:\users\Tim\AppData\Roaming\Malwarebytes
2013-07-26 19:53 . 2013-07-26 19:53        --------        d-----w-        c:\programdata\Malwarebytes
2013-07-26 19:53 . 2013-07-26 19:53        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2013-07-26 19:53 . 2013-04-04 12:50        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-07-26 19:52 . 2013-07-26 19:52        --------        d-----w-        c:\users\Tim\AppData\Local\Programs
2013-07-26 19:22 . 2013-07-26 19:23        171        ----a-w-        c:\windows\DeleteOnReboot.bat
2013-07-21 20:49 . 2013-07-21 20:48        698504        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EBC968A6-7CCE-44E1-B6CB-FBA21BBF6B07}\gapaengine.dll
2013-07-21 20:49 . 2013-06-05 03:05        2347520        ----a-w-        c:\windows\system32\win32k.sys
2013-07-21 20:49 . 2013-04-10 05:03        936448        ----a-w-        c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-21 20:38 . 2013-04-09 23:34        1247744        ----a-w-        c:\windows\system32\DWrite.dll
2013-07-21 20:36 . 2013-06-04 04:53        509440        ----a-w-        c:\windows\system32\qedit.dll
2013-07-21 20:20 . 2013-05-27 04:57        680960        ----a-w-        c:\program files\Windows Defender\MpSvc.dll
2013-07-21 20:20 . 2013-05-27 04:57        392704        ----a-w-        c:\program files\Windows Defender\MpClient.dll
2013-07-21 20:20 . 2013-05-27 04:57        224768        ----a-w-        c:\program files\Windows Defender\MpCommu.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-23 15:39 . 2013-01-01 19:14        692104        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2013-06-23 15:39 . 2013-01-01 19:14        71048        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-23 14:22 . 2011-04-03 18:09        724464        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-26 17:36 . 2013-05-26 17:36        745472        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-26 17:36 . 2013-05-26 17:36        185344        ----a-w-        c:\windows\system32\elshyph.dll
2013-05-26 17:36 . 2013-05-26 17:36        158720        ----a-w-        c:\windows\system32\msls31.dll
2013-05-26 17:36 . 2013-05-26 17:36        523264        ----a-w-        c:\windows\system32\vbscript.dll
2013-05-26 17:36 . 2013-05-26 17:36        150528        ----a-w-        c:\windows\system32\iexpress.exe
2013-05-26 17:36 . 2013-05-26 17:36        138752        ----a-w-        c:\windows\system32\wextract.exe
2013-05-26 17:36 . 2013-05-26 17:36        137216        ----a-w-        c:\windows\system32\ieUnatt.exe
2013-05-26 17:36 . 2013-05-26 17:36        12800        ----a-w-        c:\windows\system32\mshta.exe
2013-05-26 17:36 . 2013-05-26 17:36        38400        ----a-w-        c:\windows\system32\imgutil.dll
2013-05-26 17:36 . 2013-05-26 17:36        73728        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2013-05-26 17:36 . 2013-05-26 17:36        110592        ----a-w-        c:\windows\system32\IEAdvpack.dll
2013-05-26 17:36 . 2013-05-26 17:36        61952        ----a-w-        c:\windows\system32\tdc.ocx
2013-05-26 17:36 . 2013-05-26 17:36        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2013-05-26 17:36 . 2013-05-26 17:36        361984        ----a-w-        c:\windows\system32\html.iec
2013-05-26 17:36 . 2013-05-26 17:36        719360        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2013-05-26 17:36 . 2013-05-26 17:36        1441280        ----a-w-        c:\windows\system32\inetcpl.cpl
2013-05-26 17:36 . 2013-05-26 17:36        23040        ----a-w-        c:\windows\system32\licmgr10.dll
2013-05-26 17:33 . 2013-05-26 17:33        9728        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-26 17:33 . 2013-05-26 17:33        4096        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-26 17:33 . 2013-05-26 17:33        3072        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-26 17:33 . 2013-05-26 17:33        5632        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-26 17:33 . 2013-05-26 17:33        5632        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-26 17:33 . 2013-05-26 17:33        3584        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-26 17:33 . 2013-05-26 17:33        3072        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-26 17:33 . 2013-05-26 17:33        2560        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-26 17:33 . 2013-05-26 17:33        10752        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-26 17:33 . 2013-05-26 17:33        364544        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2013-05-26 17:33 . 2013-05-26 17:33        2284544        ----a-w-        c:\windows\system32\msmpeg2vdec.dll
2013-05-26 17:33 . 2013-05-26 17:33        1158144        ----a-w-        c:\windows\system32\XpsPrint.dll
2013-05-26 17:33 . 2013-05-26 17:33        906240        ----a-w-        c:\windows\system32\FntCache.dll
2013-05-26 17:33 . 2013-05-26 17:33        417792        ----a-w-        c:\windows\system32\WMPhoto.dll
2013-05-26 17:33 . 2013-05-26 17:33        249856        ----a-w-        c:\windows\system32\d3d10_1core.dll
2013-05-26 17:33 . 2013-05-26 17:33        220160        ----a-w-        c:\windows\system32\d3d10core.dll
2013-05-26 17:33 . 2013-05-26 17:33        207872        ----a-w-        c:\windows\system32\WindowsCodecsExt.dll
2013-05-26 17:33 . 2013-05-26 17:33        1080832        ----a-w-        c:\windows\system32\d3d10.dll
2013-05-26 17:33 . 2013-05-26 17:33        604160        ----a-w-        c:\windows\system32\d3d10level9.dll
2013-05-26 17:33 . 2013-05-26 17:33        3419136        ----a-w-        c:\windows\system32\d2d1.dll
2013-05-26 17:33 . 2013-05-26 17:33        161792        ----a-w-        c:\windows\system32\d3d10_1.dll
2013-05-26 17:33 . 2013-05-26 17:33        293376        ----a-w-        c:\windows\system32\dxgi.dll
2013-05-26 17:33 . 2013-05-26 17:33        1988096        ----a-w-        c:\windows\system32\d3d10warp.dll
2013-05-26 17:33 . 2013-05-26 17:33        187392        ----a-w-        c:\windows\system32\UIAnimation.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EADM"="c:\program files\Origin\Origin.exe" [2013-05-19 3497552]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-04-19 18678376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-06 8555040]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-04-01 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-04-04 05:53        843712        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-12-12 12:57        152544        ----a-w-        c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 02:12        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-18 19:07        1242448        ----a-w-        c:\program files\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 13:49        249064        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-04-19 161384]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 100328]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 295232]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-29 1343400]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-07 172032]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 Realtek11nSU;Realtek11nSU;c:\program files\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2010-04-16 36864]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2011-08-11 602216]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 30392]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-02 23:00        1173456        ----a-w-        c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-01 15:39]
.
2013-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-03 09:50]
.
2013-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-03 09:50]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=A03A74F06D1A81C7&affID=119523&tt=070813_wt4&tsp=4971
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{914F0FAE-A51C-4BBC-A0E5-9445B0F62A3F}: NameServer = 192.168.1.1
FF - ProfilePath - c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\bkp2s34p.default\
FF - ExtSQL: 2013-06-27 20:43; Shuu2lqk7OSV@NTO066xN6gxohjuS.com; c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\bkp2s34p.default\extensions\Shuu2lqk7OSV@NTO066xN6gxohjuS.com.xpi
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - a03a8f6200000000000074f06d1a81c7
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15928
FF - user.js: extensions.delta.vrsn - 1.8.22.0
FF - user.js: extensions.delta.vrsni - 1.8.22.0
FF - user.js: extensions.delta.vrsnTs - 1.8.22.022:06
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - de
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119523&tt=070813_wt4&tsp=4971
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-08-19  08:01:15 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-08-19 06:01
ComboFix2.txt  2013-08-13 20:30
ComboFix3.txt  2013-08-02 22:43
.
Vor Suchlauf: 10 Verzeichnis(se), 729.751.683.072 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 729.320.689.664 Bytes frei
.
- - End Of File - - 4F47FFB3B4FA1BB2102FD71DFA43463F
8BCB23B30DB1819E7D8DDAE01AEBB583

cosinus 21.08.2013 08:12
Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


nobody123 23.08.2013 06:35
Code:
# AdwCleaner v3.000 - Report created 23/08/2013 at 07:08:28
# Updated 20/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Tim - Tim-PC
# Running from : C:\Users\Tim\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Tim\AppData\Roaming\Babylon
File Deleted : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\bkp2s34p.default\searchplugins\Babylon.xml
File Deleted : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\bkp2s34p.default\user.js
File Deleted : C:\Windows\System32\Tasks\Dealply
File Deleted : C:\Windows\System32\Tasks\DealPlyUpdate

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\a6dd88bc6aea43
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\BabSolution
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\FoxyDeal
Key Deleted : HKLM\Software\Delta

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v23.0.1 (de)

[ File : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\bkp2s34p.default\prefs.js ]

Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "de");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "a03a8f6200000000000074f06d1a81c7");
Line Deleted : user_pref("extensions.delta.instlDay", "15928");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.22.0");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.22.022:06:46");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.22.0");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=119523&tt=070813_wt4&tsp=4971");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");

-\\ Google Chrome v29.0.1547.57

[ File : C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [4457 octets] - [23/08/2013 07:07:03]
AdwCleaner[S0].txt - [3658 octets] - [23/08/2013 07:08:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3718 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Windows 7 Home Premium x86
Ran by Tim on 23.08.2013 at  7:18:47,16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dsiteproducts
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\Tim\AppData\Roaming\mozilla\firefox\profiles\bkp2s34p.default\invalidprefs.js
Emptied folder: C:\Users\Tim\AppData\Roaming\mozilla\firefox\profiles\bkp2s34p.default\minidumps [10 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.08.2013 at  7:20:23,23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-08-2013 02
Ran by Tim (administrator) on 23-08-2013 07:26:26
Running from C:\Users\Tim\Downloads
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Realtek) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Electronic Arts) C:\Program Files\Origin\Origin.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Farbar) C:\Users\Tim\Downloads\FRST(2).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-04-06] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8555040 2010-04-06] (Realtek Semiconductor)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKCU\...\Run: [EADM] - C:\Program Files\Origin\Origin.exe [3497552 2013-05-19] (Electronic Arts)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [18678376 2013-04-19] (Skype Technologies S.A.)
HKU\Default\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [ 2009-11-12] ()
HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [ 2009-10-23] ()
HKU\Default User\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [ 2009-11-12] ()
HKU\Default User\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [ 2009-10-23] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {1B349F1D-EAC2-4825-A0D1-AB44B87F56AB} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKCU - {FEC19396-EE58-4F28-B179-8060C46869A8} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll No File
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/de-de/wlscctrl2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{914F0FAE-A51C-4BBC-A0E5-9445B0F62A3F}: [NameServer]192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\bkp2s34p.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.4 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Shuu2lqk7OSV - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\bkp2s34p.default\Extensions\Shuu2lqk7OSV@NTO066xN6gxohjuS.com.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========================== Services (Whitelisted) =================

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)
R2 Realtek11nSU; C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe" [x]

==================== Drivers (Whitelisted) ====================

R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11832 2009-07-07] (Advanced Micro Devices Inc.)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Tim\AppData\Local\Temp\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-23 07:20 - 2013-08-23 07:20 - 00001170 _____ C:\Users\Tim\Desktop\JRT.txt
2013-08-23 07:17 - 2013-08-23 07:17 - 01021434 _____ (Thisisu) C:\Users\Tim\Downloads\JRT(1).exe
2013-08-23 07:06 - 2013-08-23 07:08 - 00000000 ____D C:\AdwCleaner
2013-08-23 07:04 - 2013-08-23 07:06 - 00000000 ____D C:\Users\Tim\Desktop\Fotos
2013-08-23 07:04 - 2013-08-23 07:05 - 00975858 _____ C:\Users\Tim\Desktop\adwcleaner.exe
2013-08-19 08:58 - 2013-08-19 08:58 - 00030234 _____ C:\Users\Tim\Desktop\user_1.jpeg
2013-08-19 08:58 - 2013-08-19 08:58 - 00029067 _____ C:\Users\Tim\Desktop\0.jpeg
2013-08-19 08:39 - 2013-08-19 08:40 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-19 08:01 - 2013-08-19 08:01 - 00017989 _____ C:\ComboFix.txt
2013-08-18 15:02 - 2013-08-18 15:04 - 05105231 ____R (Swearware) C:\Users\Tim\Desktop\ComboFix.exe
2013-08-16 09:43 - 2013-08-16 09:43 - 61079552 _____ C:\Users\Tim\Desktop\iTunes64.msi
2013-08-16 09:43 - 2013-08-16 09:43 - 00077136 _____ (Apple Inc.) C:\Users\Tim\Desktop\SetupAdmin.exe
2013-08-16 08:37 - 2013-08-16 08:37 - 21538816 _____ C:\Users\Tim\Desktop\AppleApplicationSupport.msi
2013-08-14 10:06 - 2013-08-14 10:08 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 10:02 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 10:02 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 10:02 - 2013-07-26 05:13 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 10:02 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 10:02 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 10:02 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 10:02 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 10:02 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 10:02 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 10:02 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 10:02 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 10:02 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 10:02 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 10:02 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 10:02 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 10:02 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 08:45 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 08:45 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 08:45 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 08:45 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 08:45 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 08:44 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-14 08:44 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 08:44 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 08:44 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 08:43 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 08:38 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 08:38 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-11 22:54 - 2013-08-11 22:55 - 00000000 ____D C:\Users\Tim\Desktop\Bilder August
2013-08-11 22:01 - 2013-08-11 22:02 - 01066136 _____ C:\Users\Tim\Downloads\setup.exe
2013-08-03 00:30 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-03 00:30 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-03 00:30 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-03 00:30 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-03 00:30 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-03 00:30 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-03 00:30 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-03 00:30 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-03 00:20 - 2013-08-19 08:01 - 00000000 ____D C:\Qoobox
2013-08-03 00:19 - 2013-08-19 07:55 - 00000000 ____D C:\Windows\erdnt
2013-08-03 00:14 - 2013-08-13 21:52 - 05103833 _____ (Swearware) C:\Users\Tim\Downloads\ComboFix.exe
2013-07-31 08:14 - 2013-07-31 08:15 - 00013610 _____ C:\Users\Tim\Downloads\Addition.txt
2013-07-31 08:12 - 2013-07-31 08:12 - 00000000 ____D C:\FRST
2013-07-31 08:09 - 2013-07-31 08:10 - 01222064 _____ (Farbar) C:\Users\Tim\Downloads\FRST(1).exe
2013-07-31 08:08 - 2013-07-31 08:09 - 01222064 _____ (Farbar) C:\Users\Tim\Downloads\FRST.exe
2013-07-30 19:39 - 2013-07-30 19:40 - 02347384 _____ (ESET) C:\Users\Tim\Downloads\esetsmartinstaller_deu.exe
2013-07-28 18:47 - 2013-07-28 18:47 - 00000000 ____D C:\Windows\ERUNT
2013-07-28 18:46 - 2013-07-28 18:47 - 00561198 _____ (Oleg N. Scherbakov) C:\Users\Tim\Downloads\JRT.exe
2013-07-27 10:59 - 2013-07-27 11:00 - 00891062 _____ C:\Users\Tim\Downloads\SecurityCheck.exe
2013-07-27 08:39 - 2013-07-27 08:39 - 02347384 _____ (ESET) C:\Users\Tim\Downloads\esetsmartinstaller_enu.exe
2013-07-26 21:53 - 2013-07-26 21:53 - 00001075 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-26 21:53 - 2013-07-26 21:53 - 00000000 ____D C:\Users\Tim\AppData\Roaming\Malwarebytes
2013-07-26 21:53 - 2013-07-26 21:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-26 21:53 - 2013-07-26 21:53 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-26 21:53 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-26 21:49 - 2013-07-26 21:52 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Tim\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-26 21:38 - 2013-07-26 21:38 - 00700783 ____R (Swearware) C:\Users\Tim\Downloads\dds+.exe
2013-07-26 21:22 - 2013-07-26 21:23 - 00000171 _____ C:\Windows\DeleteOnReboot.bat
2013-07-26 21:21 - 2013-07-26 21:23 - 00001190 _____ C:\AdwCleaner[S2].txt
2013-07-26 21:21 - 2013-07-26 21:22 - 00002044 _____ C:\AdwCleaner[S1].txt
2013-07-26 21:02 - 2013-07-26 21:04 - 00666633 _____ C:\Users\Tim\Downloads\adwcleaner06.exe
2013-07-26 20:01 - 2013-07-26 20:01 - 00000005 _____ C:\Users\Tim\AppData\Roaming\WBPU-TTL.DAT
2013-07-26 12:00 - 2013-07-26 12:00 - 00793536 _____ C:\Users\Tim\Downloads\ZipOpenerSetup.exe
2013-07-25 20:37 - 2013-07-25 20:45 - 17165244 _____ C:\Users\Tim\Downloads\FSK18_mi116(1).AVI

==================== One Month Modified Files and Folders =======

2013-08-23 07:25 - 2013-08-23 07:25 - 01070315 _____ (Farbar) C:\Users\Tim\Downloads\FRST(2).exe
2013-08-23 07:20 - 2013-08-23 07:20 - 00001170 _____ C:\Users\Tim\Desktop\JRT.txt
2013-08-23 07:17 - 2013-08-23 07:17 - 01021434 _____ (Thisisu) C:\Users\Tim\Downloads\JRT(1).exe
2013-08-23 07:17 - 2009-07-14 06:34 - 00010096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-23 07:17 - 2009-07-14 06:34 - 00010096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-23 07:11 - 2013-05-19 17:00 - 00000000 ____D C:\Users\Tim\AppData\Roaming\Skype
2013-08-23 07:10 - 2013-02-03 11:50 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-23 07:10 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-23 07:10 - 2009-07-14 06:39 - 00117967 _____ C:\Windows\setupact.log
2013-08-23 07:08 - 2013-08-23 07:06 - 00000000 ____D C:\AdwCleaner
2013-08-23 07:08 - 2010-08-05 18:44 - 01167319 _____ C:\Windows\WindowsUpdate.log
2013-08-23 07:06 - 2013-08-23 07:04 - 00000000 ____D C:\Users\Tim\Desktop\Fotos
2013-08-23 07:05 - 2013-08-23 07:04 - 00975858 _____ C:\Users\Tim\Desktop\adwcleaner.exe
2013-08-23 06:56 - 2013-02-03 11:50 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-23 06:39 - 2013-01-01 21:14 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-23 04:03 - 2013-02-03 11:51 - 00002133 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-22 23:45 - 2013-06-24 04:29 - 00000000 ____D C:\Users\Tim\Desktop\Kalifornien 2013
2013-08-22 23:35 - 2013-02-03 16:12 - 00000000 ____D C:\Users\Tim\Desktop\ebay
2013-08-22 22:50 - 2013-01-01 21:14 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-22 22:50 - 2013-01-01 21:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-22 21:56 - 2013-01-18 11:58 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-19 08:58 - 2013-08-19 08:58 - 00030234 _____ C:\Users\Tim\Desktop\user_1.jpeg
2013-08-19 08:58 - 2013-08-19 08:58 - 00029067 _____ C:\Users\Tim\Desktop\0.jpeg
2013-08-19 08:40 - 2013-08-19 08:39 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-19 08:01 - 2013-08-19 08:01 - 00017989 _____ C:\ComboFix.txt
2013-08-19 08:01 - 2013-08-03 00:20 - 00000000 ____D C:\Qoobox
2013-08-19 07:57 - 2010-01-26 18:04 - 00119792 _____ C:\Windows\PFRO.log
2013-08-19 07:57 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-08-19 07:56 - 2009-07-14 04:03 - 53477376 _____ C:\Windows\system32\config\software.bak
2013-08-19 07:56 - 2009-07-14 04:03 - 20185088 _____ C:\Windows\system32\config\system.bak
2013-08-19 07:56 - 2009-07-14 04:03 - 00262144 _____ C:\Windows\system32\config\security.bak
2013-08-19 07:56 - 2009-07-14 04:03 - 00262144 _____ C:\Windows\system32\config\sam.bak
2013-08-19 07:56 - 2009-07-14 04:03 - 00262144 _____ C:\Windows\system32\config\default.bak
2013-08-19 07:55 - 2013-08-03 00:19 - 00000000 ____D C:\Windows\erdnt
2013-08-18 15:35 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-08-18 15:04 - 2013-08-18 15:02 - 05105231 ____R (Swearware) C:\Users\Tim\Desktop\ComboFix.exe
2013-08-16 19:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-16 19:26 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-08-16 09:43 - 2013-08-16 09:43 - 61079552 _____ C:\Users\Tim\Desktop\iTunes64.msi
2013-08-16 09:43 - 2013-08-16 09:43 - 00077136 _____ (Apple Inc.) C:\Users\Tim\Desktop\SetupAdmin.exe
2013-08-16 08:37 - 2013-08-16 08:37 - 21538816 _____ C:\Users\Tim\Desktop\AppleApplicationSupport.msi
2013-08-14 10:08 - 2013-08-14 10:06 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 10:06 - 2010-01-28 15:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-14 10:06 - 2010-01-26 16:42 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-14 10:04 - 2010-01-26 16:21 - 01633792 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-13 21:52 - 2013-08-03 00:14 - 05103833 _____ (Swearware) C:\Users\Tim\Downloads\ComboFix.exe
2013-08-11 22:55 - 2013-08-11 22:54 - 00000000 ____D C:\Users\Tim\Desktop\Bilder August
2013-08-11 22:02 - 2013-08-11 22:01 - 01066136 _____ C:\Users\Tim\Downloads\setup.exe
2013-08-11 01:11 - 2013-01-03 20:27 - 00000000 ____D C:\ProgramData\Comodo
2013-08-11 01:11 - 2013-01-03 20:26 - 00000000 ____D C:\Program Files\Comodo
2013-08-04 22:01 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2013-08-03 07:00 - 2009-07-14 06:53 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-03 00:43 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-08-03 00:43 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-07-31 08:15 - 2013-07-31 08:14 - 00013610 _____ C:\Users\Tim\Downloads\Addition.txt
2013-07-31 08:12 - 2013-07-31 08:12 - 00000000 ____D C:\FRST
2013-07-31 08:10 - 2013-07-31 08:09 - 01222064 _____ (Farbar) C:\Users\Tim\Downloads\FRST(1).exe
2013-07-31 08:09 - 2013-07-31 08:08 - 01222064 _____ (Farbar) C:\Users\Tim\Downloads\FRST.exe
2013-07-30 19:40 - 2013-07-30 19:39 - 02347384 _____ (ESET) C:\Users\Tim\Downloads\esetsmartinstaller_deu.exe
2013-07-28 18:47 - 2013-07-28 18:47 - 00000000 ____D C:\Windows\ERUNT
2013-07-28 18:47 - 2013-07-28 18:46 - 00561198 _____ (Oleg N. Scherbakov) C:\Users\Tim\Downloads\JRT.exe
2013-07-27 11:00 - 2013-07-27 10:59 - 00891062 _____ C:\Users\Tim\Downloads\SecurityCheck.exe
2013-07-27 08:39 - 2013-07-27 08:39 - 02347384 _____ (ESET) C:\Users\Tim\Downloads\esetsmartinstaller_enu.exe
2013-07-27 08:37 - 2013-01-03 20:30 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2013-07-27 08:17 - 2009-07-14 10:57 - 00000000 ____D C:\Windows\ShellNew
2013-07-27 08:13 - 2012-11-20 22:52 - 00000000 ____D C:\Users\Tim\Desktop\Neuer Ordner
2013-07-26 21:53 - 2013-07-26 21:53 - 00001075 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-26 21:53 - 2013-07-26 21:53 - 00000000 ____D C:\Users\Tim\AppData\Roaming\Malwarebytes
2013-07-26 21:53 - 2013-07-26 21:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-26 21:53 - 2013-07-26 21:53 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-26 21:52 - 2013-07-26 21:49 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Tim\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-26 21:38 - 2013-07-26 21:38 - 00700783 ____R (Swearware) C:\Users\Tim\Downloads\dds+.exe
2013-07-26 21:23 - 2013-07-26 21:22 - 00000171 _____ C:\Windows\DeleteOnReboot.bat
2013-07-26 21:23 - 2013-07-26 21:21 - 00001190 _____ C:\AdwCleaner[S2].txt
2013-07-26 21:22 - 2013-07-26 21:21 - 00002044 _____ C:\AdwCleaner[S1].txt
2013-07-26 21:04 - 2013-07-26 21:02 - 00666633 _____ C:\Users\Tim\Downloads\adwcleaner06.exe
2013-07-26 20:01 - 2013-07-26 20:01 - 00000005 _____ C:\Users\Tim\AppData\Roaming\WBPU-TTL.DAT
2013-07-26 12:00 - 2013-07-26 12:00 - 00793536 _____ C:\Users\Tim\Downloads\ZipOpenerSetup.exe
2013-07-26 05:13 - 2013-08-14 10:02 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 05:13 - 2013-08-14 10:02 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 05:13 - 2013-08-14 10:02 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 05:12 - 2013-08-14 10:02 - 14329344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 05:12 - 2013-08-14 10:02 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 05:12 - 2013-08-14 10:02 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 05:12 - 2013-08-14 10:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 05:12 - 2013-08-14 10:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 05:12 - 2013-08-14 10:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 05:12 - 2013-08-14 10:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 05:12 - 2013-08-14 10:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 05:12 - 2013-08-14 10:02 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 05:11 - 2013-08-14 10:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 05:11 - 2013-08-14 10:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 04:49 - 2013-08-14 10:02 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 03:59 - 2013-08-14 10:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-25 20:45 - 2013-07-25 20:37 - 17165244 _____ C:\Users\Tim\Downloads\FSK18_mi116(1).AVI
2013-07-25 10:57 - 2013-08-14 08:43 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-23 00:55

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Erledigt - was muss ich als nächstes machen? :pfeiff:

Danke vielmals nochmal!

cosinus 23.08.2013 09:06
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\bkp2s34p.default\Extensions\Shuu2lqk7OSV@NTO066xN6gxohjuS.com.xpi

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


nobody123 26.08.2013 21:23
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 21-08-2013 02
Ran by Tim at 2013-08-26 22:22:06 Run:1
Running from C:\Users\Tim\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\bkp2s34p.default\Extensions\Shuu2lqk7OSV@NTO066xN6gxohjuS.com.xpi
*****************

C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\bkp2s34p.default\Extensions\Shuu2lqk7OSV@NTO066xN6gxohjuS.com.xpi => Moved successfully.

==== End of Fixlog ====

cosinus 27.08.2013 11:14
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


nobody123 29.08.2013 20:48
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.29.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16660
Tim :: TIM-PC [Administrator]

29.08.2013 21:37:38
mbam-log-2013-08-29 (21-37-38).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 228400
Laufzeit: 7 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Tim\Downloads\setup.exe (PUP.Optional.IBryte.A) -> Keine Aktion durchgeführt.
C:\Users\Tim\Downloads\ZipOpenerSetup.exe (PUP.Optional.InstallCore) -> Keine Aktion durchgeführt.

(Ende)

cosinus 29.08.2013 20:58
Warum entfernst du die Funde nicht? :confused:
Sind aber eh nur harmlose Geschichten. Die Setups enthalten Toolbars bzw. sind Adware

nobody123 29.08.2013 22:47
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=23bff815b40679499d3a9479ae45d3af
# engine=14947
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-29 09:13:27
# local_time=2013-08-29 11:13:27 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 3337926 129441998 0 0
# scanned=178667
# found=7
# cleaned=0
# scan_time=4077
sh=690FB32A205C66446E7951575E2DA510F6D896E5 ft=1 fh=62779f90b138744b vn="a variant of Win32/SpeedingUpMyPC.B application" ac=I fn="C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2QYYKW2D\OptimizerPro[1].exe"
sh=1DDC39E810FA90F8B11DFE07640EC359F66FC1FC ft=1 fh=f2284be2c764232b vn="multiple threats" ac=I fn="C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\93MJOWZA\WebCakesetup[1].exe"
sh=F439BC6FF954846FAD2B7E9005DE6D024F0F409C ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-1723.IM trojan" ac=I fn="C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\71ede3d6-511960de"
sh=F439BC6FF954846FAD2B7E9005DE6D024F0F409C ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-1723.IM trojan" ac=I fn="C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\b86459-65ab61d5"
sh=F439BC6FF954846FAD2B7E9005DE6D024F0F409C ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-1723.IM trojan" ac=I fn="C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\53071cfb-111c9c3e"
sh=0E829F3D3C14854057322163DBF94145FA5C5D91 ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2012-1723.IK trojan" ac=I fn="C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\40d05c7c-7048de0b"
sh=B216C60147C641164E7338C89856434AC951D253 ft=1 fh=f436bf275bc52bd6 vn="a variant of Win32/Adware.iBryte.G application" ac=I fn="C:\Users\Tim\Downloads\setup.exe"
Immer noch 7 Funde! :headbang:

Was muss ich als nächstes machen? Danke vorab und LG

cosinus 29.08.2013 23:29
Das sind alles nur Müll-Reste :D

TFC ausführen:

TFC - Temp File Cleaner

Lade dir TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
  • Öffne die TFC.exe.
    Vista und Win 7 User mit Rechtsklick "als Administrator starten".
  • Schließe alle anderen Programme.
  • Drücke auf den Button Start.
  • Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.


nobody123 30.08.2013 08:09
Erledigt!

Leider ist mein Internet immer noch wahnsinnig langsam. Ich dachte, das hängt mit den Trojanern zusammen. An was kann das liegen?

Vielen Dank

cosinus 30.08.2013 10:17
Router mal neu starten

nobody123 06.09.2013 03:44
Bei mir passt jetzt alles :-)

Viiiiiiiielen Dank nochmal!


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:15 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24