Jump to content

Spyware.Password


Recommended Posts

Hej, i´ve got a problem with spyware.password.

Logs:

dds

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16521
Run by Kaputter at 21:25:52 on 2014-03-17
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2388.972 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Launch Manager\dsiwmis.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Launch Manager\LMworker.exe
C:\Program Files\Launch Manager\LMutilps32.exe
C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Users\Kaputter\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Audacity\audacity.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\avastUi.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Program Files\foobar2000\foobar2000.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.


BHO: {41564952-412D-5637-00A7-7A786E7484D7} - <orphaned>
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTAgent.exe" -autorun
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [uSB3MON] "c:\program files\intel\intel® usb 3.0 extensible host controller driver\application\iusb3mon.exe"
mRun: [broadcom Wireless Manager UI] c:\program files\broadcom\broadcom 802.11 network adapter\WLTRAY.exe
mRun: [intelTBRunOnce] wscript.exe //b //nologo "c:\program files\intel\turboboost\RunTBGadgetOnce.vbs"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [iAStorIcon] c:\program files\intel\intel® rapid storage technology\iastoriconlaunch.exe "c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe" 60
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [Launch LCore] c:\program files\logitech gaming software\LCore.exe /minimized
mRun: [ApnTBMon] "c:\program files\askpartnernetwork\toolbar\updater\TBNotifier.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRunOnce: [sPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: c:\users\kaputter\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\kaputter\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.

TCP: NameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{D506C771-21A9-476D-B0B6-F044060DD808} : DHCPNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{D506C771-21A9-476D-B0B6-F044060DD808}\25164716471647 : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{D506C771-21A9-476D-B0B6-F044060DD808}\64259445A51224F6870264F6E60275C414E40273237303 : DHCPNameServer = 192.168.178.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\websea~1\sprote~1.dll,c:\windows\system32\nvinit.dll c:\progra~2\conten~1\conten~1.dll,c:\windows\system32\nvinit.dll c:\progra~2\perfor~1\perfor~1.dll c:\progra~2\webgen~1\webgen~1.dll c:\progra~2\browse~1\browse~1.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.154\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\kaputter\appdata\roaming\mozilla\firefox\profiles\mavnvy4b.default\

FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL -
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\intel\intel® management engine components\ipt\npIntelWebAPIIPT.dll
FF - plugin: c:\program files\intel\intel® management engine components\ipt\npIntelWebAPIUpdater.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll
FF - ExtSQL: !HIDDEN! 2013-10-29 20:59; {479a636b-7c32-4be8-bc5f-e74618c76cdc}; c:\users\kaputter\appdata\roaming\mozilla\firefox\profiles\mavnvy4b.default\extensions\{479a636b-7c32-4be8-bc5f-e74618c76cdc}.xpi
FF - ExtSQL: !HIDDEN! 2013-11-05 20:46; {e0218464-b9e5-4446-bcbc-e9c5c5e74cc6}; c:\users\kaputter\appdata\roaming\mozilla\firefox\profiles\mavnvy4b.default\extensions\{e0218464-b9e5-4446-bcbc-e9c5c5e74cc6}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-3-17 180248]
R0 iusb3hcs;Intel® USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\drivers\iusb3hcs.sys [2013-9-16 13592]
R0 nvpciflt;nvpciflt;c:\windows\system32\drivers\nvpciflt.sys [2013-9-16 24936]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-3-17 775952]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-10-14 37352]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2013-9-15 242240]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2013-10-14 440400]
R2 AntiVirService;Avira Echtzeit-Scanner;c:\program files\avira\antivir desktop\avguard.exe [2013-10-14 440400]
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files\avira\antivir desktop\avwebg7.exe [2013-10-14 1017424]
R2 APNMCP;Ask Aktualisierungsdienst;c:\program files\askpartnernetwork\toolbar\apnmcp.exe [2014-2-13 166352]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-3-17 67824]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-10-14 90400]
R2 avnetflt;avnetflt;c:\windows\system32\drivers\avnetflt.sys [2013-10-14 69240]
R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\codemeter\runtime\bin\CodeMeter.exe [2012-11-21 2571704]
R2 DsiWMIService;Dritek WMI Service;c:\program files\launch manager\dsiwmis.exe [2013-9-16 355920]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2013-9-16 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\intel\icls client\HeciServer.exe [2012-4-20 462048]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files\intel\intel® management engine components\dal\Jhi_service.exe [2013-9-16 165760]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\drivers\TurboB.sys [2012-1-20 16128]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-3-17 64168]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\drivers\b57xdbd.sys [2011-11-4 60968]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\drivers\b57xdmp.sys [2011-11-4 17960]
R3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\drivers\bcmvwl32.sys [2013-9-16 17728]
R3 bScsiMSx;bScsiMSx;c:\windows\system32\drivers\bScsiMSx.sys [2011-9-2 43560]
R3 bScsiSDx;bScsiSDx;c:\windows\system32\drivers\bScsiSDx.sys [2012-6-1 52856]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2013-9-16 207152]
R3 IntcDAud;Intel® Display-Audio;c:\windows\system32\drivers\IntcDAud.sys [2013-9-16 280576]
R3 iusb3hub;Intel® USB 3.0-Hubtreiber;c:\windows\system32\drivers\iusb3hub.sys [2013-9-16 348440]
R3 iusb3xhc;Intel® USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\drivers\iusb3xhc.sys [2013-9-16 792856]
R3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2012-1-18 370728]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 19720]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 14856]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-3-17 22856]
R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2013-9-16 55104]
RUnknown qookszft;qookszft; [x]
S0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-3-17 49944]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-3-17 410784]
S2 26dc2c7a;WebGeniuos;c:\windows\system32\rundll32.exe [2009-7-14 44544]
S2 27961eae;Content Accelerator;c:\windows\system32\rundll32.exe [2009-7-14 44544]
S2 671c50b0;Browser System Enahncer;c:\windows\system32\rundll32.exe [2009-7-14 44544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 dfc86759;Performancer;c:\windows\system32\rundll32.exe [2009-7-14 44544]
S3 a4djavs;a4djavs;c:\windows\system32\drivers\a4djavs.sys [2009-10-8 35280]
S3 a4djusb;a4djusb;c:\windows\system32\drivers\a4djusb.sys [2009-10-8 276304]
S3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2013-9-13 4352]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\drivers\BUSB2902.sys [2014-1-19 384576]
S3 BEHRINGER_PT_MIDI;Behringer MIDI driver service (pt);c:\windows\system32\drivers\bhrngr_m.sys [2014-1-19 35904]
S3 BUSB_AUDIO_WDM;BEHRINGER USB WDM AUDIO;c:\windows\system32\drivers\busbwdm.sys [2014-1-19 39488]
S3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\drivers\fwlanusbn.sys [2013-9-13 586752]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-3-11 108032]
S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\drivers\tascusb2.sys [2014-1-18 399424]
S3 TASCAM_US144_MIDI;TASCAM US-144 WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [2014-1-18 26688]
S3 TASCAM_US144_WDM;TASCAM US-144 WDM;c:\windows\system32\drivers\tscusb2a.sys [2014-1-18 39488]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-9-17 52224]
.
=============== Created Last 30 ================
.
2014-03-17 20:10:47    --------    d-----w-    c:\users\kaputter\appdata\roaming\AVAST Software
2014-03-17 20:07:31    64168    ----a-w-    c:\windows\system32\drivers\aswStm.sys
2014-03-17 20:07:31    180248    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-03-17 20:07:30    79720    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2014-03-17 20:07:30    775952    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2014-03-17 20:07:30    67824    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-03-17 20:07:30    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-03-17 20:07:15    43152    ----a-w-    c:\windows\avastSS.scr
2014-03-17 20:06:15    --------    d-----w-    c:\program files\AVAST Software
2014-03-17 20:04:44    --------    d-----w-    c:\programdata\AVAST Software
2014-03-17 19:58:02    764416    --sh--w-    c:\windows\system32\devil.dll
2014-03-17 19:58:01    415744    --sh--w-    c:\windows\system32\avisynth.dll
2014-03-17 19:58:01    32256    --sh--w-    c:\windows\system32\AVSredirect.dll
2014-03-17 19:58:00    70656    --sh--w-    c:\windows\system32\yv12vfw.dll
2014-03-17 19:58:00    70656    --sh--w-    c:\windows\system32\i420vfw.dll
2014-03-17 19:57:52    --------    d-----w-    c:\program files\AviSynth 2.5
2014-03-17 19:53:53    --------    d-----w-    c:\program files\eRightSoft
2014-03-17 17:20:45    --------    d-----w-    c:\users\kaputter\appdata\roaming\Malwarebytes
2014-03-17 17:20:29    --------    d-----w-    c:\programdata\Malwarebytes
2014-03-17 17:20:28    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-03-17 17:20:28    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2014-03-17 17:17:43    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2014-03-17 17:17:43    --------    d-----w-    c:\program files\Spybot - Search & Destroy
2014-03-11 17:40:59    4244480    ----a-w-    c:\windows\system32\jscript9.dll
2014-03-09 20:33:01    --------    d-----w-    C:\Converted Audio Files
2014-03-09 20:32:12    --------    d-----w-    c:\program files\Acoustica MP3 To Wave Converter PLUS
2014-03-06 16:15:09    --------    d-----w-    c:\programdata\FiiNdBestDeal
2014-02-23 18:06:44    --------    d-----w-    c:\users\kaputter\appdata\roaming\foobar2000
2014-02-23 18:06:41    --------    d-----w-    c:\program files\foobar2000
2014-02-16 13:03:56    --------    d-----w-    c:\programdata\BLoickTheAdApp
2014-02-16 13:03:55    --------    d-----w-    c:\programdata\ckgahmdeeigcppflfoilhmbhcbgggchn
.
==================== Find3M  ====================
.
2014-03-11 17:27:46    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-11 17:27:46    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-03-01 04:11:20    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-03-01 04:10:48    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-03-01 03:52:43    61952    ----a-w-    c:\windows\system32\iesetup.dll
2014-03-01 03:51:53    51200    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2014-03-01 03:38:26    112128    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-03-01 03:38:23    108032    ----a-w-    c:\windows\system32\ieetwcollector.exe
2014-03-01 03:37:35    553472    ----a-w-    c:\windows\system32\jscript9diag.dll
2014-03-01 03:31:30    646144    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 03:00:08    1964032    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-03-01 02:32:16    1820160    ----a-w-    c:\windows\system32\wininet.dll
2014-02-13 13:20:06    98960    --sha-r-    c:\windows\system32\avfilter-lav-3.dll
2014-02-13 13:20:06    59536    --sha-r-    c:\windows\system32\avresample-lav-1.dll
2014-02-13 13:20:06    539280    --sha-r-    c:\windows\system32\avformat-lav-55.dll
2014-02-13 13:20:06    313520    --sha-r-    c:\windows\system32\HLvideo.dll
2014-02-13 13:20:06    3057808    --sha-r-    c:\windows\system32\avcodec-lav-55.dll
2014-02-13 13:20:06    202384    --sha-r-    c:\windows\system32\HLsplit.dll
2014-02-13 13:20:06    180368    --sha-r-    c:\windows\system32\avutil-lav-52.dll
2014-02-13 13:20:06    152720    --sha-r-    c:\windows\system32\IntelQuickSyncDecoder.dll
2014-02-13 13:20:06    122512    --sha-r-    c:\windows\system32\HLaudio.dll
2014-02-13 13:20:06    110224    --sha-r-    c:\windows\system32\libbluray.dll
2014-02-13 13:20:06    109200    --sha-r-    c:\windows\system32\swscale-lav-2.dll
2014-02-07 01:07:56    2349056    ----a-w-    c:\windows\system32\win32k.sys
2014-02-04 02:04:11    509440    ----a-w-    c:\windows\system32\qedit.dll
2014-01-29 02:06:47    381440    ----a-w-    c:\windows\system32\wer.dll
2013-12-24 23:09:41    1987584    ----a-w-    c:\windows\system32\d3d10warp.dll
2013-12-21 08:56:47    454656    ----a-w-    c:\windows\system32\vbscript.dll
2013-12-18 07:49:26    90400    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
2013-12-18 07:49:26    69240    ----a-w-    c:\windows\system32\drivers\avnetflt.sys
2009-09-27 08:39:26    415744    --sh--w-    c:\windows\system32\avisynth.dll
2005-07-14 11:31:20    32256    --sh--w-    c:\windows\system32\AVSredirect.dll
2004-02-22 09:11:08    764416    --sh--w-    c:\windows\system32\devil.dll
2004-01-24 23:00:00    70656    --sh--w-    c:\windows\system32\i420vfw.dll
2011-02-11 09:26:20    112128    --sha-r-    c:\windows\system32\OptimFROG.dll
2012-10-05 18:54:00    188416    --sha-r-    c:\windows\system32\winDCE32.dll
2004-01-24 23:00:00    70656    --sh--w-    c:\windows\system32\yv12vfw.dll
.
============= FINISH: 21:28:08,04 ===============
 

 

 

attach

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 13.09.2013 16:40:51
System Uptime: 17.03.2014 18:07:07 (3 hours ago)
.
Motherboard: Acer |  | BA51_HC_CR
Processor: Intel® Core i5-3230M CPU @ 2.60GHz | U3E1 | 2601/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 48,222 GiB free.
D: is FIXED (NTFS) - 233 GiB total, 232,781 GiB free.
E: is CDROM (CDFS)
F: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP58: 05.03.2014 14:50:51 - Geplanter Prüfpunkt
RP59: 11.03.2014 22:43:57 - Windows Update
RP61: 17.03.2014 21:05:35 - avast! antivirus system restore point
.
==== Installed Programs ======================
.
Überwachungstool für die Intel® Turbo-Boost-Technik 2.5
Acoustica MP3 To Wave Converter PLUS
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 12 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS6
Adobe Reader XI (11.0.06) - Deutsch
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
ASIO4ALL
µTorrent
Audacity 2.0.4
Authorizer 2.5.1
Authorizer Ignition Key Support
avast! Free Antivirus
Avira Free Antivirus
Avira SearchFree Toolbar
BEHRINGER USB AUDIO DRIVER
BEHRINGER USB MIDI DRIVER
BLoickTheAdApp
Borderlands 2
BPM Counter 1.6.0.0
Broadcom Card Reader Driver Installer
Broadcom NetLink Controller
Broadcom Wireless Utility
Browser System Enahncer
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Content Accelerator
Counter-Strike
Counter-Strike: Source
DAEMON Tools Pro
Dropbox
EPSON PX720WD Series Printer Uninstall
EPSON Scan
EpsonNet Print
EpsonNet Setup 3.3
ETDWare PS/2-X86 10.6.9.9_WHQL
Facebook Video Calling 2.0.0.447
FiiNdBestDeal
foobar2000 v1.3.1
Free Alarm Clock 3.0.3
Google Chrome
Google Earth Plug-in
Google Update Helper
Intel® Control Center
Intel® Management Engine Components
Intel® OpenCL CPU Runtime
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
LAME v3.99.3 (for Windows)
Launch Manager
League of Legends
Line 6 Uninstaller
Logitech Gaming Software
Logitech Gaming Software 8.51
Malwarebytes Anti-Malware Version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Mozilla Firefox 27.0.1 (x86 de)
Mozilla Maintenance Service
Native Instruments Audio 4 DJ Driver
Native Instruments Controller Editor
Native Instruments Service Center
Native Instruments Traktor
NVIDIA Grafiktreiber 307.17
NVIDIA Install Application
NVIDIA Optimus 1.10.8
NVIDIA PhysX
NVIDIA PhysX-Systemsoftware 9.12.0613
NVIDIA Systemsteuerung 307.17
NVIDIA Update 1.10.8
NVIDIA Update Components
Oblivion
OpenOffice 4.0.1
OptimizerPro
Pando Media Booster
PDF Settings
PDF Settings CS6
Performancer
Pidgin
pidgin-otr 4.0.0-1
Realtek High Definition Audio Driver
Reason 5.0
Reason 7.0.1
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Signum S1100
Skype™ 6.11
Spybot - Search & Destroy
Steam
SUPER © v2014.build.60+Recorder (2014/02/18) Version v2014.buil
US-122 MKII / US-144 MKII
VLC media player 2.1.0
WebGeniuos
WinRAR 5.00 (32-bit)
World of Warcraft
Xiph.Org Open Codecs 0.85.17777
.
==== End Of File ===========================

Greets

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
Multiple Antivirus Programs installed!

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time.

The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either avast! or avira.
 
 
 
 
Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please post the contents of that log in your next reply.

Link to post
Share on other sites

P2P software installed

Going over your logs I noticed that you have µTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.
 
 
 
 
Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs

WebGeniuos
Performancer
OptimizerPro
Avira SearchFree Toolbar
BLoickTheAdApp
Browser System Enahncer
FiiNdBestDeal



Close the window. 
 
 
Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe



When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.

Link to post
Share on other sites

Thanks for the advice.

 

 

ComboFix 14-03-16.01 - Kaputter 17.03.2014  23:02:04.1.4 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2388.1178 [GMT 1:00]
ausgeführt von:: c:\users\Kaputter\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\0
c:\programdata\sAveNshare
c:\programdata\SearchNewTab
c:\users\Kaputter\AppData\Roaming\Mozilla\Firefox\Profiles\mavnvy4b.default\extensions\b-lj@cvxaldtvz.edu
c:\users\Kaputter\AppData\Roaming\Mozilla\Firefox\Profiles\mavnvy4b.default\extensions\b-lj@cvxaldtvz.edu\bootstrap.js
c:\users\Kaputter\AppData\Roaming\Mozilla\Firefox\Profiles\mavnvy4b.default\extensions\b-lj@cvxaldtvz.edu\chrome.manifest
c:\users\Kaputter\AppData\Roaming\Mozilla\Firefox\Profiles\mavnvy4b.default\extensions\b-lj@cvxaldtvz.edu\content\bg.js
c:\users\Kaputter\AppData\Roaming\Mozilla\Firefox\Profiles\mavnvy4b.default\extensions\b-lj@cvxaldtvz.edu\install.rdf
c:\windows\system32\drivers\npf.sys
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-02-17 bis 2014-03-17  ))))))))))))))))))))))))))))))
.
.
2014-03-17 22:10 . 2014-03-17 22:10    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2014-03-17 22:10 . 2014-03-17 22:10    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-03-17 20:10 . 2014-03-17 20:10    --------    d-----w-    c:\users\Kaputter\AppData\Roaming\AVAST Software
2014-03-17 20:07 . 2014-03-17 20:07    64168    ----a-w-    c:\windows\system32\drivers\aswStm.sys
2014-03-17 20:07 . 2014-03-17 20:07    180248    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-03-17 20:07 . 2014-03-17 20:07    775952    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2014-03-17 20:07 . 2014-03-17 20:07    67824    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-03-17 20:07 . 2014-03-17 20:07    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-03-17 20:07 . 2014-03-17 20:07    410784    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2014-03-17 20:07 . 2014-03-17 20:07    79720    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2014-03-17 20:07 . 2014-03-17 20:07    270240    ----a-w-    c:\windows\system32\aswBoot.exe
2014-03-17 20:07 . 2014-03-17 20:07    43152    ----a-w-    c:\windows\avastSS.scr
2014-03-17 20:06 . 2014-03-17 20:06    --------    d-----w-    c:\program files\AVAST Software
2014-03-17 20:04 . 2014-03-17 20:04    --------    d-----w-    c:\programdata\AVAST Software
2014-03-17 19:58 . 2004-02-22 09:11    764416    --sh--w-    c:\windows\system32\devil.dll
2014-03-17 19:58 . 2009-09-27 08:39    415744    --sh--w-    c:\windows\system32\avisynth.dll
2014-03-17 19:58 . 2005-07-14 11:31    32256    --sh--w-    c:\windows\system32\AVSredirect.dll
2014-03-17 19:58 . 2004-01-24 23:00    70656    --sh--w-    c:\windows\system32\yv12vfw.dll
2014-03-17 19:58 . 2004-01-24 23:00    70656    --sh--w-    c:\windows\system32\i420vfw.dll
2014-03-17 19:57 . 2014-03-17 19:57    --------    d-----w-    c:\program files\AviSynth 2.5
2014-03-17 17:20 . 2014-03-17 17:20    --------    d-----w-    c:\users\Kaputter\AppData\Roaming\Malwarebytes
2014-03-17 17:20 . 2014-03-17 17:20    --------    d-----w-    c:\programdata\Malwarebytes
2014-03-17 17:20 . 2014-03-17 17:20    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2014-03-17 17:20 . 2013-04-04 13:50    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-03-17 17:17 . 2014-03-17 19:47    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2014-03-17 17:17 . 2014-03-17 17:17    --------    d-----w-    c:\program files\Spybot - Search & Destroy
2014-03-11 17:40 . 2014-03-01 03:14    4244480    ----a-w-    c:\windows\system32\jscript9.dll
2014-03-09 20:33 . 2014-03-09 20:34    --------    d-----w-    C:\Converted Audio Files
2014-03-09 20:32 . 2014-03-09 20:32    --------    d-----w-    c:\program files\Acoustica MP3 To Wave Converter PLUS
2014-03-06 16:15 . 2014-03-06 21:00    --------    d-----w-    c:\programdata\FiiNdBestDeal
2014-02-23 18:06 . 2014-03-17 21:58    --------    d-----w-    c:\users\Kaputter\AppData\Roaming\foobar2000
2014-02-23 18:06 . 2014-02-23 18:06    --------    d-----w-    c:\program files\foobar2000
2014-02-16 13:03 . 2014-02-16 13:07    --------    d-----w-    c:\programdata\BLoickTheAdApp
2014-02-16 13:03 . 2014-02-16 13:03    --------    d-----w-    c:\programdata\ckgahmdeeigcppflfoilhmbhcbgggchn
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-11 17:27 . 2013-09-13 15:10    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-11 17:27 . 2013-09-13 15:10    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-12-24 23:09 . 2014-02-14 16:18    1987584    ----a-w-    c:\windows\system32\d3d10warp.dll
2013-12-21 08:56 . 2014-02-14 17:08    454656    ----a-w-    c:\windows\system32\vbscript.dll
2009-09-27 08:39    415744    --sh--w-    c:\windows\System32\avisynth.dll
2005-07-14 11:31    32256    --sh--w-    c:\windows\System32\AVSredirect.dll
2004-02-22 09:11    764416    --sh--w-    c:\windows\System32\devil.dll
2004-01-24 23:00    70656    --sh--w-    c:\windows\System32\i420vfw.dll
2011-02-11 09:26    112128    --sha-r-    c:\windows\System32\OptimFROG.dll
2012-10-05 18:54    188416    --sha-r-    c:\windows\System32\winDCE32.dll
2004-01-24 23:00    70656    --sh--w-    c:\windows\System32\yv12vfw.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-03-17 20:07    259464    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    131248    ----a-w-    c:\users\Kaputter\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    131248    ----a-w-    c:\users\Kaputter\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    131248    ----a-w-    c:\users\Kaputter\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2012-10-23 3108480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-23 180504]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-23 187672]
"USB3MON"="c:\program files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]
"Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe" [2013-09-16 6471168]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 141824]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-23 144664]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-11-14 6213400]
"ApnTBMon"="c:\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2014-02-13 1758160]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-03-17 3767096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-09-20 280576]
.
c:\users\Kaputter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Kaputter\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\nvinit.dll c:\windows\System32\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CodeMeter Control Center.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk
backup=c:\windows\pss\CodeMeter Control Center.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpUninstallCleanUp]
REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57    959904    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-04-04 04:09    446392    ------w-    c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
2012-03-09 14:26    1073312    ----a-w-    c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnTBMon]
2014-02-13 05:22    1758160    ----a-w-    c:\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON PX720WD Series]
2013-10-27 15:48    201216    ----a-w-    c:\windows\System32\spool\drivers\w32x86\3\E_FATIGYE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Epson Stylus Photo PX720WD(Netzwerk)]
2013-10-27 15:48    201216    ----a-w-    c:\windows\System32\spool\drivers\w32x86\3\E_FATIGYE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ETDCtrl]
2012-03-07 13:48    2193200    ----a-w-    c:\program files\Elantech\ETDCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeAC]
2013-11-04 21:20    1339672    ----a-w-    c:\program files\FreeAlarmClock\FreeAlarmClock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2012-03-23 09:33    1105488    ----a-w-    c:\program files\Launch Manager\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37    517096    ----a-w-    c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
3;4 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys [x]
3;4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R2 26dc2c7a;WebGeniuos;c:\windows\system32\rundll32.exe [2009-07-14 44544]
R2 27961eae;Content Accelerator;c:\windows\system32\rundll32.exe [2009-07-14 44544]
R2 671c50b0;Browser System Enahncer;c:\windows\system32\rundll32.exe [2009-07-14 44544]
R2 dfc86759;Performancer;c:\windows\system32\rundll32.exe [2009-07-14 44544]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-09-05 171680]
R3 a4djavs;a4djavs;c:\windows\system32\Drivers\a4djavs.sys [2009-10-08 35280]
R3 a4djusb;a4djusb;c:\windows\system32\Drivers\a4djusb.sys [2009-10-08 276304]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2010-10-22 4352]
R3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\Drivers\BUSB2902.sys [2009-10-30 384576]
R3 BEHRINGER_PT_MIDI;Behringer MIDI driver service (pt);c:\windows\system32\drivers\bhrngr_m.sys [2009-12-15 35904]
R3 BUSB_AUDIO_WDM;BEHRINGER USB WDM AUDIO;c:\windows\system32\drivers\busbwdm.sys [2009-10-30 39488]
R3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys [2010-10-22 586752]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-01 108032]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\Drivers\tascusb2.sys [2009-11-26 399424]
R3 TASCAM_US144_MIDI;TASCAM US-144 WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [2009-11-26 26688]
R3 TASCAM_US144_WDM;TASCAM US-144 WDM;c:\windows\system32\drivers\tscusb2a.sys [2009-11-26 39488]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.5;c:\program files\Intel\TurboBoost\TurboBoost.exe [2012-01-20 122368]
S0 iusb3hcs;Intel® USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-02-27 13592]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-10-12 24936]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-09-15 242240]
S2 APNMCP;Ask Aktualisierungsdienst;c:\program files\AskPartnerNetwork\Toolbar\apnmcp.exe [2014-02-13 166352]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [2012-11-21 2571704]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2012-03-23 355920]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-01 13592]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-04-20 462048]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-07-18 165760]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-12-08 3616768]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2012-01-20 16128]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-07-18 364416]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [2011-11-04 60968]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [2011-11-04 17960]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl32.sys [2013-09-16 17728]
S3 bScsiMSx;bScsiMSx;c:\windows\system32\DRIVERS\bScsiMSx.sys [2011-09-02 43560]
S3 bScsiSDx;bScsiSDx;c:\windows\system32\DRIVERS\bScsiSDx.sys [2012-06-01 52856]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-03-07 207152]
S3 IntcDAud;Intel® Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 280576]
S3 iusb3hub;Intel® USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-02-27 348440]
S3 iusb3xhc;Intel® USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-02-27 792856]
S3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2012-01-18 370728]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 19720]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 14856]
S3 MEI;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [2012-07-02 55104]
S4 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\avwebg7.exe [2014-02-20 1017424]
S4 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 18807732
*NewlyCreated* - 48402221
*NewlyCreated* - ASWMONFLT
*NewlyCreated* - ASWRDR
*NewlyCreated* - ASWSNX
*NewlyCreated* - ASWSTM
*NewlyCreated* - ASWVMM
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - QOOKSZFT
*Deregistered* - 18807732
*Deregistered* - 48402221
*Deregistered* - ssmdrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-17 20:09    1150280    ----a-w-    c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-03-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-13 17:27]
.
2014-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-12-28 14:10]
.
2014-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-12-28 14:10]
.
.
------- Zusätzlicher Suchlauf -------
.

uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Kaputter\AppData\Roaming\Mozilla\Firefox\Profiles\mavnvy4b.default\

FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL -
FF - ExtSQL: !HIDDEN! 2013-10-29 20:59; {479a636b-7c32-4be8-bc5f-e74618c76cdc}; c:\users\Kaputter\AppData\Roaming\Mozilla\Firefox\Profiles\mavnvy4b.default\extensions\{479a636b-7c32-4be8-bc5f-e74618c76cdc}.xpi
FF - ExtSQL: !HIDDEN! 2013-11-05 20:46; {e0218464-b9e5-4446-bcbc-e9c5c5e74cc6}; c:\users\Kaputter\AppData\Roaming\Mozilla\Firefox\Profiles\mavnvy4b.default\extensions\{e0218464-b9e5-4446-bcbc-e9c5c5e74cc6}.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{41564952-412D-5637-00A7-7A786E7484D7} - (no file)
Toolbar-{41564952-412D-5637-00A7-7A786E7484D7} - (no file)
MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
MSConfigStartUp-AVMWlanClient - c:\program files\avmwlanstick\wlangui.exe
MSConfigStartUp-Facebook Update - c:\users\Kaputter\AppData\Local\Facebook\Update\FacebookUpdate.exe
MSConfigStartUp-KSS - c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{26dc2c7a} - c:\progra~2\WEBGEN~1\WEBGEN~1.DLL
AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{27961eae} - c:\progra~2\CONTEN~1\CONTEN~1.DLL
AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{671c50b0} - c:\progra~2\BROWSE~1\BROWSE~1.DLL
AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{dfc86759} - c:\progra~2\PERFOR~1\PERFOR~1.DLL
AddRemove-{B5DB572D-EA87-D3B0-08F6-4D153EA6A783} - c:\programdata\FiiNdBestDeal\uSmqQwN.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(680)
c:\windows\System32\BCMLogon.dll
.
Zeit der Fertigstellung: 2014-03-17  23:11:52
ComboFix-quarantined-files.txt  2014-03-17 22:11
.
Vor Suchlauf: 11 Verzeichnis(se), 51.592.093.696 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 51.643.486.208 Bytes frei
.
- - End Of File - - 0792818D0080399E331C30F20C0E3362
A36C5E4F47E84449FF07ED3517B43A31
 

Link to post
Share on other sites

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

Full System Scan with Malwarebytes Antimalware


  • If not existing, please download
Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.



If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

CFScript.txt

Link to post
Share on other sites

The combofix.txt:

 

 

ComboFix 14-03-16.01 - Kaputter 18.03.2014  19:45:53.2.4 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2388.1440 [GMT 1:00]
ausgeführt von:: c:\users\Kaputter\Downloads\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Kaputter\Downloads\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Kaputter\AppData\Roaming\Mozilla\Firefox\Profiles\mavnvy4b.default\extensions\{479a636b-7c32-4be8-bc5f-e74618c76cdc}.xpi"
"c:\users\Kaputter\AppData\Roaming\Mozilla\Firefox\Profiles\mavnvy4b.default\extensions\{e0218464-b9e5-4446-bcbc-e9c5c5e74cc6}.xpi"
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AskPartnerNetwork
c:\program files\AskPartnerNetwork\Toolbar\apnmcp.exe
c:\program files\AskPartnerNetwork\Toolbar\APNSetup.exe
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\1031.mst
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\1033.mst
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\1034.mst
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\1036.mst
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\1040.mst
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\1041.mst
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\1043.mst
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\1045.mst
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\1049.mst
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\2070.mst
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\appdata\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\extensions\toolbar_AVIRA-V7@apn.ask.com.xpi
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\AskToolbarInstaller-12.10.0_AVIRA-V7.msi
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\AskToolbarInstaller-12.10.3_AVIRA-V7.msi
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\AskToolbarInstaller-12.5.1_AVIRA-V7.msi
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\AskToolbarInstaller-12.6.0_AVIRA-V7.msi
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\{Crx_Version}\Toolbar.crx
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\ToolbarCR.crx
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\Update.xml
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport_x64.dll
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\SO.dll
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\toolbar_x64.dll
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\Updater\{PartnerID}\config.xml
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\Updater\ask-search.xml
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\VNT\content.zip
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\VNT\vntldr.exe
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\VNT\vntsrv.dll
c:\program files\AskPartnerNetwork\Toolbar\searchhook.dll
c:\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe
c:\program files\AskPartnerNetwork\Toolbar\SO.dll
c:\program files\AskPartnerNetwork\Toolbar\toolbar.dll
c:\program files\AskPartnerNetwork\Toolbar\Toolbar.exe
c:\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll
c:\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe
c:\program files\AskPartnerNetwork\Toolbar\Updater\ask-search.xml
c:\program files\AskPartnerNetwork\Toolbar\Updater\AVIRA-V7\config.xml
c:\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
c:\programdata\BLoickTheAdApp
c:\programdata\BLoickTheAdApp\z6f6.dat
c:\programdata\BLoickTheAdApp\z6f6.tlb
c:\programdata\ckgahmdeeigcppflfoilhmbhcbgggchn
c:\programdata\ckgahmdeeigcppflfoilhmbhcbgggchn\ckgahmdeeigcppflfoilhmbhcbgggchn.crx
c:\programdata\ckgahmdeeigcppflfoilhmbhcbgggchn\update.xml
c:\programdata\FiiNdBestDeal
c:\programdata\FiiNdBestDeal\uSmqQwN.dat
c:\programdata\FiiNdBestDeal\uSmqQwN.tlb
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_QOOKSZFT
-------\Service_26dc2c7a
-------\Service_27961eae
-------\Service_671c50b0
-------\Service_APNMCP
-------\Service_dfc86759
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-02-18 bis 2014-03-18  ))))))))))))))))))))))))))))))
.
.
2014-03-18 18:52 . 2014-03-18 18:52    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2014-03-18 18:52 . 2014-03-18 18:52    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-03-18 17:42 . 2014-03-07 04:35    7969936    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{E6547DF0-348D-44CB-871E-6C5F8B548AEA}\mpengine.dll
2014-03-17 20:10 . 2014-03-17 20:10    --------    d-----w-    c:\users\Kaputter\AppData\Roaming\AVAST Software
2014-03-17 20:07 . 2014-03-17 20:07    64168    ----a-w-    c:\windows\system32\drivers\aswStm.sys
2014-03-17 20:07 . 2014-03-17 20:07    180248    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-03-17 20:07 . 2014-03-17 20:07    775952    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2014-03-17 20:07 . 2014-03-17 20:07    67824    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-03-17 20:07 . 2014-03-17 20:07    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-03-17 20:07 . 2014-03-17 20:07    410784    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2014-03-17 20:07 . 2014-03-17 20:07    79720    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2014-03-17 20:07 . 2014-03-17 20:07    270240    ----a-w-    c:\windows\system32\aswBoot.exe
2014-03-17 20:07 . 2014-03-17 20:07    43152    ----a-w-    c:\windows\avastSS.scr
2014-03-17 20:06 . 2014-03-17 20:06    --------    d-----w-    c:\program files\AVAST Software
2014-03-17 20:04 . 2014-03-17 20:04    --------    d-----w-    c:\programdata\AVAST Software
2014-03-17 19:58 . 2004-02-22 09:11    764416    --sh--w-    c:\windows\system32\devil.dll
2014-03-17 19:58 . 2009-09-27 08:39    415744    --sh--w-    c:\windows\system32\avisynth.dll
2014-03-17 19:58 . 2005-07-14 11:31    32256    --sh--w-    c:\windows\system32\AVSredirect.dll
2014-03-17 19:58 . 2004-01-24 23:00    70656    --sh--w-    c:\windows\system32\i420vfw.dll
2014-03-17 19:57 . 2014-03-17 19:57    --------    d-----w-    c:\program files\AviSynth 2.5
2014-03-17 17:20 . 2014-03-17 17:20    --------    d-----w-    c:\users\Kaputter\AppData\Roaming\Malwarebytes
2014-03-17 17:20 . 2014-03-17 17:20    --------    d-----w-    c:\programdata\Malwarebytes
2014-03-17 17:20 . 2014-03-17 17:20    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2014-03-17 17:20 . 2013-04-04 13:50    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-03-17 17:17 . 2014-03-17 19:47    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2014-03-17 17:17 . 2014-03-17 17:17    --------    d-----w-    c:\program files\Spybot - Search & Destroy
2014-03-11 17:40 . 2014-03-01 03:14    4244480    ----a-w-    c:\windows\system32\jscript9.dll
2014-03-09 20:33 . 2014-03-09 20:34    --------    d-----w-    C:\Converted Audio Files
2014-03-09 20:32 . 2014-03-09 20:32    --------    d-----w-    c:\program files\Acoustica MP3 To Wave Converter PLUS
2014-02-23 18:06 . 2014-03-18 18:49    --------    d-----w-    c:\users\Kaputter\AppData\Roaming\foobar2000
2014-02-23 18:06 . 2014-02-23 18:06    --------    d-----w-    c:\program files\foobar2000
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-11 17:27 . 2013-09-13 15:10    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-11 17:27 . 2013-09-13 15:10    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-03-01 02:32 . 2014-03-11 17:41    1820160    ----a-w-    c:\windows\system32\wininet.dll
2014-02-07 01:07 . 2014-03-11 17:40    2349056    ----a-w-    c:\windows\system32\win32k.sys
2013-12-24 23:09 . 2014-02-14 16:18    1987584    ----a-w-    c:\windows\system32\d3d10warp.dll
2013-12-21 08:56 . 2014-02-14 17:08    454656    ----a-w-    c:\windows\system32\vbscript.dll
2009-09-27 08:39    415744    --sh--w-    c:\windows\System32\avisynth.dll
2005-07-14 11:31    32256    --sh--w-    c:\windows\System32\AVSredirect.dll
2004-02-22 09:11    764416    --sh--w-    c:\windows\System32\devil.dll
2004-01-24 23:00    70656    --sh--w-    c:\windows\System32\i420vfw.dll
2011-02-11 09:26    112128    --sha-r-    c:\windows\System32\OptimFROG.dll
2012-10-05 18:54    188416    --sha-r-    c:\windows\System32\winDCE32.dll
2004-01-24 23:00    70656    --sh--w-    c:\windows\System32\yv12vfw.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-03-17 20:07    259464    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    131248    ----a-w-    c:\users\Kaputter\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    131248    ----a-w-    c:\users\Kaputter\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    131248    ----a-w-    c:\users\Kaputter\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2012-10-23 3108480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-23 180504]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-23 187672]
"USB3MON"="c:\program files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]
"Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe" [2013-09-16 6471168]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 141824]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-23 144664]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-11-14 6213400]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-03-17 3767096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-09-20 280576]
.
c:\users\Kaputter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Kaputter\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\nvinit.dll c:\windows\System32\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CodeMeter Control Center.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk
backup=c:\windows\pss\CodeMeter Control Center.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpUninstallCleanUp]
REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57    959904    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-04-04 04:09    446392    ------w-    c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
2012-03-09 14:26    1073312    ----a-w-    c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON PX720WD Series]
2013-10-27 15:48    201216    ----a-w-    c:\windows\System32\spool\drivers\w32x86\3\E_FATIGYE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Epson Stylus Photo PX720WD(Netzwerk)]
2013-10-27 15:48    201216    ----a-w-    c:\windows\System32\spool\drivers\w32x86\3\E_FATIGYE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ETDCtrl]
2012-03-07 13:48    2193200    ----a-w-    c:\program files\Elantech\ETDCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeAC]
2013-11-04 21:20    1339672    ----a-w-    c:\program files\FreeAlarmClock\FreeAlarmClock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2012-03-23 09:33    1105488    ----a-w-    c:\program files\Launch Manager\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37    517096    ----a-w-    c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-09-05 171680]
R3 a4djavs;a4djavs;c:\windows\system32\Drivers\a4djavs.sys [2009-10-08 35280]
R3 a4djusb;a4djusb;c:\windows\system32\Drivers\a4djusb.sys [2009-10-08 276304]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2010-10-22 4352]
R3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\Drivers\BUSB2902.sys [2009-10-30 384576]
R3 BEHRINGER_PT_MIDI;Behringer MIDI driver service (pt);c:\windows\system32\drivers\bhrngr_m.sys [2009-12-15 35904]
R3 BUSB_AUDIO_WDM;BEHRINGER USB WDM AUDIO;c:\windows\system32\drivers\busbwdm.sys [2009-10-30 39488]
R3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys [2010-10-22 586752]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-01 108032]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\Drivers\tascusb2.sys [2009-11-26 399424]
R3 TASCAM_US144_MIDI;TASCAM US-144 WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [2009-11-26 26688]
R3 TASCAM_US144_WDM;TASCAM US-144 WDM;c:\windows\system32\drivers\tscusb2a.sys [2009-11-26 39488]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.5;c:\program files\Intel\TurboBoost\TurboBoost.exe [2012-01-20 122368]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Intel® USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-02-27 13592]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-10-12 24936]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-03-17 775952]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-03-17 410784]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-09-15 242240]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-03-17 67824]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [2012-11-21 2571704]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2012-03-23 355920]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-01 13592]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-04-20 462048]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-07-18 165760]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-12-08 3616768]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2012-01-20 16128]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-07-18 364416]
S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-03-17 64168]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [2011-11-04 60968]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [2011-11-04 17960]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl32.sys [2013-09-16 17728]
S3 bScsiMSx;bScsiMSx;c:\windows\system32\DRIVERS\bScsiMSx.sys [2011-09-02 43560]
S3 bScsiSDx;bScsiSDx;c:\windows\system32\DRIVERS\bScsiSDx.sys [2012-06-01 52856]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-03-07 207152]
S3 IntcDAud;Intel® Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 280576]
S3 iusb3hub;Intel® USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-02-27 348440]
S3 iusb3xhc;Intel® USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-02-27 792856]
S3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2012-01-18 370728]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 19720]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 14856]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 MEI;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [2012-07-02 55104]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-17 20:09    1150280    ----a-w-    c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-03-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-13 17:27]
.
2014-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-12-28 14:10]
.
2014-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-12-28 14:10]
.
.
------- Zusätzlicher Suchlauf -------
.

uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Kaputter\AppData\Roaming\Mozilla\Firefox\Profiles\mavnvy4b.default\

FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL -
FF - ExtSQL: !HIDDEN! 2013-10-29 20:59; {479a636b-7c32-4be8-bc5f-e74618c76cdc}; c:\users\Kaputter\AppData\Roaming\Mozilla\Firefox\Profiles\mavnvy4b.default\extensions\{479a636b-7c32-4be8-bc5f-e74618c76cdc}.xpi
FF - ExtSQL: !HIDDEN! 2013-11-05 20:46; {e0218464-b9e5-4446-bcbc-e9c5c5e74cc6}; c:\users\Kaputter\AppData\Roaming\Mozilla\Firefox\Profiles\mavnvy4b.default\extensions\{e0218464-b9e5-4446-bcbc-e9c5c5e74cc6}.xpi
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(720)
c:\windows\System32\BCMLogon.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Launch Manager\LMworker.exe
c:\program files\Launch Manager\LMutilps32.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\conhost.exe
c:\program files\DAEMON Tools Pro\DTShellHlp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\users\Kaputter\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-03-18  19:59:06 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-03-18 18:59
ComboFix2.txt  2014-03-17 22:11
.
Vor Suchlauf: 14 Verzeichnis(se), 51.551.817.728 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 51.106.377.728 Bytes frei
.
- - End Of File - - A9096F7C0CE314B73EA1098A40368D43
A36C5E4F47E84449FF07ED3517B43A31
 

 

 

The Anti-Malware Log:

 

 

Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.03.18.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16521
Kaputter :: KAPUTTER-PC [Administrator]

Schutz: Deaktiviert

18.03.2014 20:09:39
MBAM-log-2014-03-19 (00-24-26).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 438048
Laufzeit: 4 Stunde(n), 12 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 11
C:\Users\Kaputter\Desktop\Alles\Crack Photoshop CS6\x32\amtlib.dll (PUP.RiskwareTool.CK) -> Keine Aktion durchgeführt.
C:\Users\Kaputter\Desktop\Alles\Crack Photoshop CS6\x64\amtlib.dll (PUP.RiskwareTool.CK) -> Keine Aktion durchgeführt.
C:\Users\Kaputter\Desktop\Alles\Secret File\32bit crack\amtlib.dll (PUP.RiskwareTool.CK) -> Keine Aktion durchgeführt.
C:\Users\Kaputter\Desktop\Alles\Secret File\64bitcrack\amtlib.dll (PUP.RiskwareTool.CK) -> Keine Aktion durchgeführt.
C:\Users\Kaputter\Downloads\OnlineWeatherSetup-8Zq01OZ.exe (PUP.Optional.Somoto) -> Keine Aktion durchgeführt.
C:\Users\Kaputter\Downloads\Windows_Loader_v2.2.1.exe (Hacktool.Agent) -> Keine Aktion durchgeführt.
C:\Users\Kaputter\Downloads\FLVPlayerSetup-7wk6L0A.exe (PUP.Optional.Somoto) -> Keine Aktion durchgeführt.
C:\Users\Kaputter\Downloads\Windows_Loader_v2.2.1\Windows Loader.exe (Hacktool.Agent) -> Keine Aktion durchgeführt.
C:\Program Files\Adobe\Adobe Photoshop CS6\amtlib.dll (PUP.RiskwareTool.CK) -> Keine Aktion durchgeführt.
C:\Program Files\WebSearch\sprotector.dll (PUP.Optional.SProtect.A) -> Keine Aktion durchgeführt.
C:\ProgramData\InstallMate\{89FA6655-4BE6-48D2-AA39-03C4521944A3}\Custom.dll (Adware.Agent) -> Keine Aktion durchgeführt.

(Ende)
 

Link to post
Share on other sites

Oh, sorry. This is the log after removing the malware.

 

Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.03.18.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16521
Kaputter :: KAPUTTER-PC [Administrator]

Schutz: Deaktiviert

18.03.2014 20:09:39
mbam-log-2014-03-18 (20-09-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 438048
Laufzeit: 4 Stunde(n), 12 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 11
C:\Users\Kaputter\Desktop\Alles\Crack Photoshop CS6\x32\amtlib.dll (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kaputter\Desktop\Alles\Crack Photoshop CS6\x64\amtlib.dll (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kaputter\Desktop\Alles\Secret File\32bit crack\amtlib.dll (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kaputter\Desktop\Alles\Secret File\64bitcrack\amtlib.dll (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kaputter\Downloads\OnlineWeatherSetup-8Zq01OZ.exe (PUP.Optional.Somoto) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kaputter\Downloads\Windows_Loader_v2.2.1.exe (Hacktool.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kaputter\Downloads\FLVPlayerSetup-7wk6L0A.exe (PUP.Optional.Somoto) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kaputter\Downloads\Windows_Loader_v2.2.1\Windows Loader.exe (Hacktool.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Adobe\Adobe Photoshop CS6\amtlib.dll (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\WebSearch\sprotector.dll (PUP.Optional.SProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\InstallMate\{89FA6655-4BE6-48D2-AA39-03C4521944A3}\Custom.dll (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
 

Link to post
Share on other sites

Your logs show obvious signs of having cracked software on your system. This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Referring to the Forum Rules which you should have read at the time of Registering at this forum, this forum does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine

Having said that we can help you clean your machine this time BUT this would be a ONCE ONLY offer on the understanding that all cracks are removed. This would apply not only here but at many other Malware Support forums if you were to appear again with cracks onboard, as many of us analysts work at multiple support sites. Please remove all cracked software and illegally obtained copyrighted material you have on the system so we may continue with the clean up.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.