Code:
Hi Sandra,
vielen Dank erstmal! :daumenhoc
OK., jetzt zeigt FRST:
Fix completed. The "Fixlog.txt" is saved in the same diretory FRST is located.
-> Ich drücke auf OK....und eine Seite mit folgendem Inhalt öffnet sich (vermutlich der Fixlog.txt):
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:01-05-2014
Ran by IBM at 2014-05-03 08:23:14 Run:1
Running from C:\Users\IBM\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Task: {314867A3-DDB0-49CA-859B-5148FE53BD5F} - System32\Tasks\Advanced System Protector => C:\Program Files\RegClean Pro\SystweakASP.exe <==== ATTENTION
C:\Program Files\RegClean Pro
*****************
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{314867A3-DDB0-49CA-859B-5148FE53BD5F} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{314867A3-DDB0-49CA-859B-5148FE53BD5F} => Key deleted successfully.
C:\Windows\System32\Tasks\Advanced System Protector => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector => Key deleted successfully.
"C:\Program Files\RegClean Pro" => File/Directory not found.
==== End of Fixlog ====
Und nun weiter!
zu 4.) Download: Malwarebytes Anti-Malware und
zu 5.) Nochmal FRST nach Anweisung und Bericht erstatten!
Viele Grüße, Nina
P.S. Warum steht meine Antwort jetzt immer in diesem dunkelgelben Fenster und nicht mehr,
so wie zuvor auf dem hellgelben Untergrund, so dass das dunkelgelbe Fenster deutlicher hervorsticht?
Nich so wichtig, aber "Laie Nina" wundert sich! ;-) Code:
Hallo Sandra,
hier jetzt der Inhalt von dem Protokoll Vom MBAM.txt und der darauf folgenden von Dir empfohlenen Vorgangsweise:
D.h.: Das neueste Suchlauf-Protokoll von MBAM ist als Datei (mbam.txt) auf meinem Desktop gespeichert.
......................................................................................................................
Malwarebytes Anti-Malware
www.malwarebytes.org
Protection, 03.05.2014 11:17:23, SYSTEM, IBM-PC, Protection, Malware Protection, Starting,
Protection, 03.05.2014 11:17:23, SYSTEM, IBM-PC, Protection, Malware Protection, Started,
Protection, 03.05.2014 11:17:24, SYSTEM, IBM-PC, Protection, Malicious Website Protection, Starting,
Protection, 03.05.2014 11:22:19, SYSTEM, IBM-PC, Protection, Malicious Website Protection, Started,
Update, 03.05.2014 11:25:57, SYSTEM, IBM-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.3.27.1,
Update, 03.05.2014 11:26:05, SYSTEM, IBM-PC, Manual, Malware Database, 2014.3.4.9, 2014.5.3.2,
Protection, 03.05.2014 11:26:07, SYSTEM, IBM-PC, Protection, Refresh, Starting,
Protection, 03.05.2014 11:26:08, SYSTEM, IBM-PC, Protection, Malicious Website Protection, Stopping,
Protection, 03.05.2014 11:26:10, SYSTEM, IBM-PC, Protection, Malicious Website Protection, Stopped,
Protection, 03.05.2014 11:27:00, SYSTEM, IBM-PC, Protection, Refresh, Success,
Protection, 03.05.2014 11:27:00, SYSTEM, IBM-PC, Protection, Malicious Website Protection, Starting,
Protection, 03.05.2014 11:27:04, SYSTEM, IBM-PC, Protection, Malicious Website Protection, Started,
Protection, 03.05.2014 13:14:18, SYSTEM, IBM-PC, Protection, Malware Protection, Starting,
Protection, 03.05.2014 13:14:18, SYSTEM, IBM-PC, Protection, Malware Protection, Started,
Protection, 03.05.2014 13:14:19, SYSTEM, IBM-PC, Protection, Malicious Website Protection, Starting,
Protection, 03.05.2014 13:18:10, SYSTEM, IBM-PC, Protection, Malicious Website Protection, Started,
(end)
..........................................................................................................................
..........................................................................................................................
"Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu."
-> Leider kann ich das jetzt nur noch über "Dirket Antworten" machen, bzw. jetzt hier so, da ich vor dem Runterfahren des Computers die zuvor geschriebene Nachricht sicherheitshalber schon an Dich abgeschickt hatte.
Ich hoffe Du liest sie trotzdem und kannst mir weiter mit Deinen super guten Ratschlägen weiterhelfen!
Bitte entschuldige, ich will nur sicher gehen, dass meine Nachricht ankommt!!!!!!
Nun zum letzten Schritt:
zu 5.) Ich führe nochmal mal FRST duch...
Hier der Inhalt der neuen FRST.txt (bei mir FRST2.txt genannt):
..........................................................................................................................
FRST Logfile:
FRST Logfile:
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-05-2014
Ran by IBM (administrator) on IBM-PC on 03-05-2014 14:30:00
Running from C:\Users\IBM\Downloads
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AuthenTec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
(Infowatch) C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(AuthenTec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksrvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [snpstd] => C:\Windows\vsnpstd.exe [339968 2005-10-11] ()
HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe [340456 2009-12-25] (Kaspersky Lab)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
Winlogon\Notify\klogon: C:\Windows\system32\klogon.dll (Kaspersky Lab)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (AuthenTec Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-1047929562-1591717178-1045411463-1001\...\Run: [EPSON Stylus DX7400 Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE [182272 2007-04-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1047929562-1591717178-1045411463-1001\...\MountPoints2: E - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1047929562-1591717178-1045411463-1001\...\MountPoints2: {8bbbcced-6995-11e3-b17c-000fb399d299} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1047929562-1591717178-1045411463-1001\...\MountPoints2: {8bbbccf7-6995-11e3-b17c-000fb399d299} - E:\setup_vmc_lite.exe /checkApplicationPresence
AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll => C:\Program Files\Kaspersky Lab\Kaspersky PURE\mzvkbd3.dll [109072 2009-12-25] (Kaspersky Lab)
AppInit_DLLs: , C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll => C:\Program Files\Kaspersky Lab\Kaspersky PURE\kloehk.dll [17936 2009-12-25] (Kaspersky Lab)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk
ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files\phase-6\reminder\reminder.exe (phase-6)
==================== Internet (Whitelisted) ====================
ProxyServer: localhost:21320
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x809D04654541CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll (Kaspersky Lab)
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\IBM\AppData\Roaming\Mozilla\Firefox\Profiles\r9n6iwzf.default
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2014-03-19]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-03-19]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-19]
FF HKLM\...\Thunderbird\Extensions: [{eea12ec4-729d-4703-bc37-106ce9879ce2}] - C:\Program Files\Kaspersky Lab\Kaspersky PURE\THBExt
FF Extension: Kaspersky Anti-Spam Extension - C:\Program Files\Kaspersky Lab\Kaspersky PURE\THBExt [2013-09-09]
========================== Services (Whitelisted) =================
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe [340456 2009-12-25] (Kaspersky Lab)
R2 CSObjectsSrv; C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [743992 2009-12-21] (Infowatch)
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-11] (SEIKO EPSON CORPORATION)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 UpekSrvc; C:\Program Files\ThinkVantage Fingerprint Software\upeksrvc.exe [35688 2012-09-27] (AuthenTec Inc.)
==================== Drivers (Whitelisted) ====================
R2 ACEDRV08; C:\Windows\system32\drivers\ACEDRV08.sys [108768 2012-07-19] (Protect Software GmbH)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [88632 2009-12-14] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [39352 2009-12-14] (Infowatch)
R1 kl1; C:\Windows\System32\DRIVERS\kl1.sys [128016 2009-09-01] (Kaspersky Lab)
R0 KLBG; C:\Windows\System32\DRIVERS\klbg.sys [36880 2009-10-14] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [311312 2013-09-09] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [21520 2009-09-14] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [19472 2009-10-02] (Kaspersky Lab)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25416 2011-07-14] ()
R2 MASPINT; C:\Windows\system32\Drivers\MASPINT.sys [8096 2000-03-29] (MicroStaff Co.,Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-05-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation)
R3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2595840 2007-03-07] (Intel® Corporation)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [11976 2011-05-30] (Authentec Inc.)
S3 snpstd; C:\Windows\System32\DRIVERS\snpstd.sys [390784 2006-05-03] ()
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2009-09-19] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2009-09-19] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2009-09-19] (MCCI Corporation)
R3 TcUsb; C:\Windows\System32\Drivers\tcusb.sys [51400 2011-08-19] (AuthenTec, Inc.)
R3 VSTHWICH; C:\Windows\System32\DRIVERS\VSTICH3.SYS [242176 2009-07-14] (Conexant Systems, Inc.)
S2 atksgt; system32\DRIVERS\atksgt.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [75096 2012-11-02] (Kaspersky Lab)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-03 14:30 - 2014-05-03 14:30 - 00022695 _____ () C:\Users\IBM\Desktop\FRST1.txt
2014-05-03 13:35 - 2014-05-03 13:35 - 00001609 _____ () C:\Users\IBM\Desktop\mbam.txt
2014-05-03 11:25 - 2014-05-03 13:20 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-03 11:15 - 2014-05-03 11:15 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-03 11:15 - 2014-05-03 11:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-03 11:15 - 2014-05-03 11:15 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-03 11:15 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-03 11:15 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-03 11:15 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-03 11:11 - 2014-05-03 11:12 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\IBM\Downloads\mbam-setup-2.0.1.1004(2).exe
2014-05-03 09:30 - 2014-05-03 09:30 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\IBM\Downloads\mbam-setup-2.0.1.1004(1).exe
2014-05-03 09:27 - 2014-05-03 09:27 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\IBM\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-02 11:47 - 2014-05-02 11:51 - 00000231 _____ () C:\Users\IBM\Downloads\Search.txt
2014-05-02 11:43 - 2014-05-02 11:43 - 01050624 _____ (Farbar) C:\Users\IBM\Downloads\FRST(1).exe
2014-05-02 10:32 - 2014-05-02 10:32 - 00000184 _____ () C:\Users\IBM\Desktop\Fixlist.txt
2014-05-01 18:08 - 2014-05-01 18:16 - 00000000 ____D () C:\Users\IBM\UTE Becker
2014-05-01 11:51 - 2014-05-01 11:51 - 00020611 _____ () C:\Users\IBM\Desktop\Addition.txt
2014-05-01 11:50 - 2014-05-01 11:50 - 00022695 _____ () C:\Users\IBM\Desktop\FRST.txt
2014-05-01 11:49 - 2014-05-03 13:04 - 00000000 ____D () C:\Users\IBM\TROJANER
2014-05-01 08:37 - 2014-05-01 08:40 - 00020611 _____ () C:\Users\IBM\Downloads\Addition.txt
2014-05-01 08:34 - 2014-05-03 14:31 - 00010959 _____ () C:\Users\IBM\Downloads\FRST.txt
2014-05-01 08:16 - 2014-05-03 14:30 - 00000000 ____D () C:\FRST
2014-05-01 08:14 - 2014-05-01 08:14 - 01050624 _____ (Farbar) C:\Users\IBM\Downloads\FRST.exe
2014-04-30 21:37 - 2014-04-30 21:37 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-30 12:36 - 2014-04-30 08:50 - 00000426 _____ () C:\AVScanner.ini
2014-04-30 08:06 - 2014-04-30 08:06 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-30 07:38 - 2014-04-14 04:11 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-30 07:38 - 2014-04-14 04:07 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-26 14:42 - 2014-04-26 14:42 - 00000000 __SHD () C:\Users\IBM\AppData\Local\EmieUserList
2014-04-26 14:42 - 2014-04-26 14:42 - 00000000 __SHD () C:\Users\IBM\AppData\Local\EmieSiteList
2014-04-19 22:05 - 2014-04-19 22:17 - 00000000 ____D () C:\Windows\rescache
2014-04-19 00:38 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-19 00:38 - 2014-03-06 10:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-19 00:38 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-19 00:38 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-19 00:38 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-19 00:38 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-19 00:38 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-19 00:38 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-19 00:37 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-19 00:37 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-19 00:37 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-19 00:37 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-19 00:37 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-19 00:37 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-19 00:37 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-19 00:37 - 2014-03-06 09:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-19 00:37 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-19 00:37 - 2014-03-06 09:28 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-19 00:37 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-19 00:37 - 2014-03-06 09:18 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-19 00:37 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-19 00:37 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-19 00:37 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-19 00:37 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-19 00:37 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-19 00:37 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-18 23:09 - 2014-04-18 23:10 - 02278856 _____ () C:\Users\IBM\Downloads\avira_pc_cleaner_de.exe
2014-04-16 07:03 - 2014-04-16 07:08 - 57360945 _____ () C:\Users\IBM\Downloads\jre-7u55-solaris-sparc.tar.gz
2014-04-16 07:02 - 2014-04-16 07:08 - 46933036 _____ () C:\Users\IBM\Downloads\jre-7u55-linux-x64.tar.gz
2014-04-16 07:02 - 2014-04-16 07:07 - 48340455 _____ () C:\Users\IBM\Downloads\jre-7u55-linux-i586.tar.gz
2014-04-16 07:02 - 2014-04-16 07:05 - 33576653 _____ () C:\Users\IBM\Downloads\jre-7u55-linux-x64.rpm
2014-04-16 07:01 - 2014-04-16 07:02 - 33040762 _____ () C:\Users\IBM\Downloads\jre-7u55-linux-i586.rpm
2014-04-16 06:58 - 2014-04-16 06:59 - 29164456 _____ (Oracle Corporation) C:\Users\IBM\Downloads\jre-7u55-windows-i586.exe
2014-04-16 06:58 - 2014-04-16 06:58 - 00921512 _____ (Oracle Corporation) C:\Users\IBM\Downloads\jre-7u55-windows-i586-iftw.exe
2014-04-15 08:23 - 2014-04-15 08:24 - 00921512 _____ (Oracle Corporation) C:\Users\IBM\Downloads\jre-7u51-windows-i586-iftw.exe
2014-04-12 14:10 - 2014-04-13 15:40 - 00000000 ____D () C:\Users\IBM\sofa
2014-04-09 11:32 - 2014-01-24 04:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-09 11:31 - 2014-03-04 11:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 11:31 - 2014-02-04 04:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 11:31 - 2014-02-04 04:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 11:31 - 2014-02-04 04:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 11:31 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-04 20:57 - 2014-04-04 20:57 - 00440528 _____ (Lenovo Group Limited ) C:\Users\IBM\Downloads\79za05ww(3).exe
2014-04-04 19:03 - 2014-04-04 19:03 - 00440528 _____ (Lenovo Group Limited ) C:\Users\IBM\Downloads\79za05ww(2).exe
2014-04-04 18:54 - 2014-04-04 18:55 - 00440528 _____ (Lenovo Group Limited ) C:\Users\IBM\Downloads\79za05ww(1).exe
2014-04-04 18:05 - 2014-04-04 18:06 - 02816040 _____ (LionSea SoftWare ) C:\Users\IBM\Downloads\setup.exe
==================== One Month Modified Files and Folders =======
2014-05-03 14:31 - 2014-05-01 08:34 - 00010959 _____ () C:\Users\IBM\Downloads\FRST.txt
2014-05-03 14:30 - 2014-05-03 14:30 - 00022695 _____ () C:\Users\IBM\Desktop\FRST1.txt
2014-05-03 14:30 - 2014-05-01 08:16 - 00000000 ____D () C:\FRST
2014-05-03 14:01 - 2012-07-09 11:39 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-03 13:58 - 2012-07-09 11:38 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-03 13:35 - 2014-05-03 13:35 - 00001609 _____ () C:\Users\IBM\Desktop\mbam.txt
2014-05-03 13:26 - 2009-07-14 06:34 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-03 13:26 - 2009-07-14 06:34 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-03 13:24 - 2011-07-13 11:06 - 01876253 _____ () C:\Windows\WindowsUpdate.log
2014-05-03 13:20 - 2014-05-03 11:25 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-03 13:16 - 2013-08-10 11:00 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-05-03 13:15 - 2012-07-09 11:39 - 00001088 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-03 13:13 - 2013-11-29 10:35 - 00015618 _____ () C:\Windows\setupact.log
2014-05-03 13:13 - 2010-11-20 23:48 - 00154394 _____ () C:\Windows\PFRO.log
2014-05-03 13:13 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-03 13:13 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\schemas
2014-05-03 13:04 - 2014-05-01 11:49 - 00000000 ____D () C:\Users\IBM\TROJANER
2014-05-03 12:39 - 2011-07-13 13:43 - 00000000 ____D () C:\Users\IBM\Programme
2014-05-03 11:15 - 2014-05-03 11:15 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-03 11:15 - 2014-05-03 11:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-03 11:15 - 2014-05-03 11:15 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-03 11:15 - 2013-08-27 08:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-03 11:12 - 2014-05-03 11:11 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\IBM\Downloads\mbam-setup-2.0.1.1004(2).exe
2014-05-03 09:30 - 2014-05-03 09:30 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\IBM\Downloads\mbam-setup-2.0.1.1004(1).exe
2014-05-03 09:27 - 2014-05-03 09:27 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\IBM\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-02 11:51 - 2014-05-02 11:47 - 00000231 _____ () C:\Users\IBM\Downloads\Search.txt
2014-05-02 11:43 - 2014-05-02 11:43 - 01050624 _____ (Farbar) C:\Users\IBM\Downloads\FRST(1).exe
2014-05-02 10:32 - 2014-05-02 10:32 - 00000184 _____ () C:\Users\IBM\Desktop\Fixlist.txt
2014-05-01 18:16 - 2014-05-01 18:08 - 00000000 ____D () C:\Users\IBM\UTE Becker
2014-05-01 18:08 - 2011-07-13 11:13 - 00000000 ____D () C:\Users\IBM
2014-05-01 18:04 - 2013-04-26 07:59 - 00000000 ____D () C:\Users\IBM\FOTOS
2014-05-01 11:51 - 2014-05-01 11:51 - 00020611 _____ () C:\Users\IBM\Desktop\Addition.txt
2014-05-01 11:50 - 2014-05-01 11:50 - 00022695 _____ () C:\Users\IBM\Desktop\FRST.txt
2014-05-01 08:40 - 2014-05-01 08:37 - 00020611 _____ () C:\Users\IBM\Downloads\Addition.txt
2014-05-01 08:14 - 2014-05-01 08:14 - 01050624 _____ (Farbar) C:\Users\IBM\Downloads\FRST.exe
2014-05-01 07:40 - 2012-07-21 11:13 - 00000000 ____D () C:\Windows\system32\Adobe
2014-04-30 21:37 - 2014-04-30 21:37 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-30 08:50 - 2014-04-30 12:36 - 00000426 _____ () C:\AVScanner.ini
2014-04-30 08:06 - 2014-04-30 08:06 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-30 08:06 - 2012-07-09 11:38 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-04-30 08:06 - 2011-07-22 22:15 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-04-30 08:03 - 2011-12-02 10:17 - 00000000 ____D () C:\Users\IBM\AppData\Local\Adobe
2014-04-28 15:05 - 2011-07-22 08:07 - 00000000 ____D () C:\Users\IBM\Bewerbung
2014-04-26 14:42 - 2014-04-26 14:42 - 00000000 __SHD () C:\Users\IBM\AppData\Local\EmieUserList
2014-04-26 14:42 - 2014-04-26 14:42 - 00000000 __SHD () C:\Users\IBM\AppData\Local\EmieSiteList
2014-04-20 22:08 - 2013-09-05 16:19 - 00000000 ____D () C:\Users\IBM\AppData\Roaming\Skype
2014-04-19 22:17 - 2014-04-19 22:05 - 00000000 ____D () C:\Windows\rescache
2014-04-19 01:26 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-04-18 23:10 - 2014-04-18 23:09 - 02278856 _____ () C:\Users\IBM\Downloads\avira_pc_cleaner_de.exe
2014-04-16 07:08 - 2014-04-16 07:03 - 57360945 _____ () C:\Users\IBM\Downloads\jre-7u55-solaris-sparc.tar.gz
2014-04-16 07:08 - 2014-04-16 07:02 - 46933036 _____ () C:\Users\IBM\Downloads\jre-7u55-linux-x64.tar.gz
2014-04-16 07:07 - 2014-04-16 07:02 - 48340455 _____ () C:\Users\IBM\Downloads\jre-7u55-linux-i586.tar.gz
2014-04-16 07:05 - 2014-04-16 07:02 - 33576653 _____ () C:\Users\IBM\Downloads\jre-7u55-linux-x64.rpm
2014-04-16 07:02 - 2014-04-16 07:01 - 33040762 _____ () C:\Users\IBM\Downloads\jre-7u55-linux-i586.rpm
2014-04-16 06:59 - 2014-04-16 06:58 - 29164456 _____ (Oracle Corporation) C:\Users\IBM\Downloads\jre-7u55-windows-i586.exe
2014-04-16 06:58 - 2014-04-16 06:58 - 00921512 _____ (Oracle Corporation) C:\Users\IBM\Downloads\jre-7u55-windows-i586-iftw.exe
2014-04-15 08:24 - 2014-04-15 08:23 - 00921512 _____ (Oracle Corporation) C:\Users\IBM\Downloads\jre-7u51-windows-i586-iftw.exe
2014-04-14 16:57 - 2009-07-14 04:04 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140430-213010.backup
2014-04-14 04:11 - 2014-04-30 07:38 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 04:07 - 2014-04-30 07:38 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-13 15:40 - 2014-04-12 14:10 - 00000000 ____D () C:\Users\IBM\sofa
2014-04-09 14:56 - 2013-08-15 20:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 14:51 - 2011-07-13 11:32 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-04 20:57 - 2014-04-04 20:57 - 00440528 _____ (Lenovo Group Limited ) C:\Users\IBM\Downloads\79za05ww(3).exe
2014-04-04 19:03 - 2014-04-04 19:03 - 00440528 _____ (Lenovo Group Limited ) C:\Users\IBM\Downloads\79za05ww(2).exe
2014-04-04 18:55 - 2014-04-04 18:54 - 00440528 _____ (Lenovo Group Limited ) C:\Users\IBM\Downloads\79za05ww(1).exe
2014-04-04 18:06 - 2014-04-04 18:05 - 02816040 _____ (LionSea SoftWare ) C:\Users\IBM\Downloads\setup.exe
2014-04-04 07:14 - 2013-09-11 07:03 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-03 09:51 - 2014-05-03 11:15 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-05-03 11:15 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-05-03 11:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
Files to move or delete:
====================
C:\Users\IBM\CCleaner-Müll.reg
Some content of TEMP:
====================
C:\Users\IBM\AppData\Local\Temp\install_flashplayer13x32au_mssa_aaa_aih.exe
C:\Users\IBM\AppData\Local\Temp\install_reader11_de_mssd_aaa_aih.exe
C:\Users\IBM\AppData\Local\Temp\jna7110988679362825148.hunspell-win-x86-32.dll
C:\Users\IBM\AppData\Local\Temp\jna8206802142811855218.hunspell-win-x86-32.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-29 09:50
==================== End Of Log ============================ --- --- ---
--- --- ---
--- --- ---
...........................................................................................................................
...........................................................................................................................
...und hier noch der Inhalt der neuen Addition.txt, bei mir Addition2.txt genannt:
...........................................................................................................................
Additional scan result of Farbar Recovery Scan Tool (x86) Version:01-05-2014
Ran by IBM at 2014-05-03 14:33:03
Running from C:\Users\IBM\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Kaspersky PURE (Enabled - Up to date) {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
AS: Kaspersky PURE (Enabled - Up to date) {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Kaspersky PURE (Enabled) {9626F52E-C560-D06F-0A42-2E08BA60B3D5}
==================== Installed Programs ======================
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}) (Version: - Microsoft)
2007 Microsoft Office Suite Service Pack 1 (SP1) (Version: - Microsoft) Hidden
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Adobe Acrobat 4.0 (HKLM\...\Adobe Acrobat 4.0) (Version: 4.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.2.0.2070 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
ArcSoft PhotoImpression 4 (HKLM\...\{68D5CEF9-0DA8-47FE-B0EB-4CBFB5AAF662}) (Version: - )
ArcSoft VideoImpression 1.6 (HKLM\...\{A0ACD7D7-E79D-4593-BBF8-65D17889FA25}) (Version: - )
Camera RAW Plug-In for EPSON Creativity Suite (HKLM\...\{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}) (Version: 2.2.0.0 - SEIKO EPSON CORPORATION)
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Die große media Mahjongg-Sammlung (HKLM\...\{7A92A322-1A10-4153-B551-D547AA9B4649}) (Version: 1.1 - media Verlagsgesellschaft mbH)
Dienstprogramm "ThinkPad UltraNav" (HKLM\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
Digital Camera (HKLM\...\{C1205500-2179-11D7-B0B9-0000E24D4B29}) (Version: - )
Du und Dein Heim für Tiere (HKLM\...\{744E32F8-7678-4124-9FD5-431ADC0B4509}) (Version: 1.0.0 - Caipirinha Games)
EPSON Attach To Email (HKLM\...\InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}) (Version: 1.01.0000 - SEIKO EPSON)
EPSON Attach To Email (Version: 1.01.0000 - SEIKO EPSON) Hidden
EPSON Copy Utility 3 (HKLM\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.3.0.0 - )
EPSON Easy Photo Print (HKLM\...\{3D78F2A2-C893-4ABD-B5FE-AD7011837755}) (Version: 1.5.0.0 - SEIKO EPSON CORPORATION)
EPSON File Manager (HKLM\...\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}) (Version: 1.3.0.0 - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - )
EPSON Scan Assistant (HKLM\...\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}) (Version: 1.10.00 - )
EPSON Stylus CX7300_CX8300_DX7400_DX8400 Handbuch (HKLM\...\EPSON Stylus CX7300_CX8300_DX7400_DX8400 Benutzerhandbuch) (Version: - )
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
Freddy:Englisch5/Englisch6 (HKLM\...\freddyEnglisch56) (Version: - )
Freddy:Mathe5/Mathe6 (HKLM\...\freddyMathe56) (Version: - )
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
Image Transfer (HKLM\...\{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9}) (Version: - )
ImageMixer for Sony (HKLM\...\{1B4AA674-F5CA-4BB5-831A-CD37B4021959}) (Version: - )
Kaspersky PURE (HKLM\...\InstallWIX_{1A59064A-12A9-469F-99F6-04BF118DBCFF}) (Version: 9.0.0.192 - Kaspersky Lab)
Kaspersky PURE (Version: 9.0.0.192 - Kaspersky Lab) Hidden
Kidizoom™ PC Anwendungen (HKLM\...\{43D2A1DD-69C9-4E86-8F51-4890A6263863}) (Version: - )
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.65.05.21 - )
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Standard 2007 (HKLM\...\STANDARD) (Version: 12.0.6215.1000 - Microsoft Corporation)
Microsoft Office Standard 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MicroStaff WINASPI (HKLM\...\MWASPI) (Version: - )
Mozilla Firefox 28.0 (x86 de) (HKLM\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
OLYMPUS CAMEDIA Master 2.5 (HKLM\...\{06230E02-2B7E-11D2-92D0-0040051BD005}) (Version: - )
phase-6 2.3.2a (HKLM\...\phase-6) (Version: 2.3.2a - phase-6)
QuickTime (HKLM\...\QuickTime) (Version: - )
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.21 - Safer-Networking Ltd.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.18.0 - )
Thinkpad Wireless LAN Adapters Software (11a/b/g/n) (HKLM\...\{8485F313-4B62-42F3-ADD8-0DE34A4DDAEF}) (Version: 7.7.0.498b - Atheros)
ThinkVantage Fingerprint Software (HKLM\...\{9AB3F8D9-3EF7-466D-B124-08B3AF53CB6A}) (Version: 5.8.9.7266 - AuthenTec Inc.)
Trust 150 Spacecam Portable (HKLM\...\{EED808CB-6C61-4A5C-8910-91A45F61506A}) (Version: 4.6.13.1 - )
==================== Restore Points =========================
02-05-2014 07:53:36 Removed Java 7 Update 13
02-05-2014 07:59:09 Removed Java(TM) 6 Update 37
==================== Hosts content: ==========================
2009-07-14 04:04 - 2014-04-30 21:30 - 00450709 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 www.123moviedownload.com
127.0.0.1 123simsen.com
127.0.0.1 www.123simsen.com
127.0.0.1 123topsearch.com
127.0.0.1 www.123topsearch.com
127.0.0.1 125sms.co.uk
127.0.0.1 www.125sms.co.uk
127.0.0.1 125sms.com
127.0.0.1 www.125sms.com
127.0.0.1 132.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
Task: {012191BE-CA64-49FA-BB76-C1403E58264C} - System32\Tasks\{380AE0C3-9AD6-448F-B67E-21B6E5D957D8} => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {83F3A8F4-B159-436A-A9AD-5D8B4E5D9854} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-30] (Adobe Systems Incorporated)
Task: {86DAEF33-3986-4A15-9EB5-852B672D3841} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-07-09] (Google Inc.)
Task: {8DAB29A3-4F66-4CD2-8463-98D9737BD210} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {95A9E033-0EBF-4AE9-8084-9FCE53712FFB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-07-09] (Google Inc.)
Task: {AF1BF59C-22E9-4270-B402-459140DEA786} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {B9CAFA35-B0B0-4F27-839F-0CE79D4A3AFD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {CFE9051F-E99D-4369-91E6-744F02008577} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {E5DA7A3E-37FF-49F0-B075-63422E8D082B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2009-10-30 19:32 - 2009-10-30 19:32 - 00410496 _____ () C:\Program Files\Kaspersky Lab\Kaspersky PURE\dblite.dll
2009-12-25 16:32 - 2009-12-25 16:32 - 00491520 _____ () C:\Program Files\Kaspersky Lab\Kaspersky PURE\backup.ppl
2009-12-25 16:42 - 2009-12-25 16:42 - 02069520 _____ () C:\Program Files\Kaspersky Lab\Kaspersky PURE\avzkrnl.dll
2013-09-04 21:51 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-09-04 21:51 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2013-09-04 21:51 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-09-04 21:51 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2013-09-04 21:51 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-03-19 22:51 - 2014-03-19 22:52 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-04-29 09:58 - 2014-04-30 08:06 - 16351920 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Image Transfer.lnk => C:\Windows\pss\Image Transfer.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: PSQLLauncher => "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/03/2014 01:15:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/03/2014 07:31:15 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/02/2014 06:02:27 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/01/2014 05:18:46 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/01/2014 00:10:21 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SDScan.exe, Version: 2.1.18.177, Zeitstempel: 0x51949fa2
Name des fehlerhaften Moduls: SDScanLibrary.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x51949f22
Ausnahmecode: 0xc0000005
Fehleroffset: 0x04bd4abe
ID des fehlerhaften Prozesses: 0x3d0
Startzeit der fehlerhaften Anwendung: 0xSDScan.exe0
Pfad der fehlerhaften Anwendung: SDScan.exe1
Pfad des fehlerhaften Moduls: SDScan.exe2
Berichtskennung: SDScan.exe3
Error: (05/01/2014 07:35:24 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/30/2014 08:48:09 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 28.0.0.5186, Zeitstempel: 0x53240e37
Name des fehlerhaften Moduls: xul.dll, Version: 28.0.0.5186, Zeitstempel: 0x53240e04
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00184729
ID des fehlerhaften Prozesses: 0x7d8
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (04/30/2014 08:14:04 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 28.0.0.5186, Zeitstempel: 0x53240e5d
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x6ef568f4
ID des fehlerhaften Prozesses: 0xbdc
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (04/30/2014 07:25:38 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/29/2014 08:03:22 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (05/03/2014 01:20:20 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535
Error: (05/03/2014 01:20:20 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Error: (05/03/2014 01:20:20 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801
Error: (05/03/2014 01:20:20 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535
Error: (05/03/2014 01:20:20 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Error: (05/03/2014 01:20:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535
Error: (05/03/2014 01:20:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Error: (05/03/2014 01:20:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535
Error: (05/03/2014 01:20:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Error: (05/03/2014 01:20:18 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535
Microsoft Office Sessions:
=========================
Error: (06/24/2013 00:14:40 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 12363 seconds with 5700 seconds of active time. This session ended with a crash.
Error: (03/07/2012 11:18:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 32748 seconds with 2100 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 68%
Total physical RAM: 1022.99 MB
Available physical RAM: 320.5 MB
Total Pagefile: 2046.99 MB
Available Pagefile: 743.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 1916.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:37.16 GB) (Free:2.35 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 37 GB) (Disk ID: 6B138C01)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=37 GB) - (Type=07 NTFS)
==================== End Of Log ============================
.........................................................................................................................
Nun habe ich alle von Dir vorgeschlagenen Punkte erledigt und ich HOFFE ich habe mit meiner "Nachrichten-Flut weder Dir, noch Deinen Kollegen Komplikationen bereitet!
Ich freue mich auf die nächste Nachrich von Dir!
Viele Grüße, Nina Code:
Hallo Sandra,
OK! Hier mein zweiter Versuch das Richtige zu tun!
Hier die mbam.txt Datei (Suchlaufprotokoll):
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 03.05.2014
Suchlauf-Zeit: 12:39:21
Logdatei: mbam.txt
Administrator: Ja
Version: 2.00.1.1004
Malware Datenbank: v2014.05.03.02
Rootkit Datenbank: v2014.03.27.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: IBM
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 252314
Verstrichene Zeit: 1 Std, 1 Min, 10 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registrierungsschlüssel: 1
PUP.Optional.RegCleanerPro.A, HKU\S-1-5-21-1047929562-1591717178-1045411463-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\RegClean Pro, In Quarantäne, [b34b44081b609a9cfb229d0bec17946c],
Registrierungswerte: 0
(No malicious items detected)
Registrierungsdaten: 0
(No malicious items detected)
Ordner: 0
(No malicious items detected)
Dateien: 1
PUP.Optional.RegCleanerPro, C:\Users\IBM\Programme\rcpsetup_cde.exe, In Quarantäne, [9c622f1d8af105312bdcd4340bf643bd],
Physische Sektoren: 0
(No malicious items detected)
(end)
Außer diesem Suchlaufprotokoll sind noch zwei weitere "Schutzprotokolle" im Verlauf "hinterlegt"... Aber ich denke vermutlich weißt Du das.
Viele Grüße! Nina |