| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Nach Bluescreen Internetseiten laden nicht außer FacebookWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
21.07.2013, 18:05
| #1 |
| |  Nach Bluescreen Internetseiten laden nicht außer Facebook Hi! Hab seid gestern ein Problem und zwar mitten im Internet surfen tratt plötzlich ein Bluescreen auf. Ich startete den PC wieder neu und mir viel gleich auf das meine Virensoftware (GData) innaktiv war und sich nicht mehr aktivieren lässt. Dann öffnete ich Firefox und bemerkte, dass die Steiten nur sehr sehr langsam laden, außer Facebook geht normal schnell. Hab schon Malwarebytes Anit-Malware ausgeführt und alles gescannt, hab die Funde dann gelöscht und nach dem neustart ist noch immer alles nach wie vor. Vielleicht kann mann noch was retten ohne den PC neu aufsetzen zu müssen, Tipps wären mir sehr hilfreich  LG |
|
21.07.2013, 18:48
| #2 | |
| /// TB-Ausbilder   | Nach Bluescreen Internetseiten laden nicht außer Facebook Hi,
__________________Zitat:
Zusätzlich: Downloade dir bitte die für dein System passende Version (32-bit/64-bit) von Farbar Recovery Scan Tool (FRST) und speichere es auf den Desktop. (Wenn du nicht sicher bist, welche du benötigst: Start -> Computer (Rechtsklick) -> Eigenschaften)
__________________ |
|
22.07.2013, 09:11
| #3 | ||
| | Nach Bluescreen Internetseiten laden nicht außer Facebook Logfile von Malwarebyte:
__________________Zitat:
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2013
Ran by Walter (administrator) on 22-07-2013 10:00:32
Running from C:\Users\Walter\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\TotalCare\AVK\AVKService.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\TotalCare\AVK\AVKWCtlX64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Adobe Systems, Inc.) C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\TotalCare\AVKTray\AVKTray.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(DivX, LLC) C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(facemoods.com) C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe
(SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
(mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at) C:\Program Files (x86)\A1\A1 Diagnose\A1Diagnose.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\TotalCare\GUI\GDSC.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\TotalCare\AVK\AVK.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8114720 2009-09-16] (Realtek Semiconductor)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2328944 2011-01-07] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\program files (x86)\g data\totalcare\avkkid\avkcks.exe
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-01-28] (Google Inc.)
HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [719672 2012-01-20] (Microsoft Corporation)
HKCU\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEMN.EXE [944520 2011-02-12] (Microsoft Corporation)
HKCU\...\Run: [AdobeBridge] - C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe [12001224 2010-11-10] (Adobe Systems, Inc.)
HKCU\...\Run: [KiesHelper] - C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [934800 2011-04-29] (Samsung)
HKCU\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3373968 2011-04-29] (Samsung Electronics Co., Ltd.)
HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [19856 2011-04-29] ()
MountPoints2: I - I:\LaunchU3.exe -a
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [G DATA AntiVirus Trayapplication] - C:\Program Files (x86)\G DATA\TotalCare\AVKTray\AVKTray.exe [924232 2009-09-18] (G Data Software AG)
HKLM-x32\...\Run: [DivXUpdate] - "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1226608 2010-12-09] ()
HKLM-x32\...\Run: [DivX Download Manager] - "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start [63360 2010-12-08] (DivX, LLC)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [facemoods] - "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe" /md I [323584 2010-10-26] (facemoods.com)
HKLM-x32\...\Run: [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SweetIM] - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [114992 2011-12-05] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [A1Diagnose] - C:\Program Files (x86)\A1\A1 Diagnose\A1Diagnose.exe /auto [20678872 2012-08-03] (mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
URLSearchHook: (No Name) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No File
URLSearchHook: (No Name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No File
URLSearchHook: (No Name) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - No File
SearchScopes: HKLM-x32 - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKLM-x32 - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = hxxp://www.daemon-search.com/search?q={searchTerms}
SearchScopes: HKCU - {B3AB01ED-5478-429A-AD22-232105350A20} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
SearchScopes: HKCU - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
BHO: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G DATA\TotalCare\Webfilter\AVKWebIEx64.dll (G Data Software AG)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G DATA\TotalCare\Webfilter\AVKWebIE.dll (G Data Software AG)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: CescrtHlpr Object - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll (facemoods.com BHO)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Freeware.de Toolbar - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFre0.dll (Conduit Ltd.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SweetIM Toolbar Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G DATA\TotalCare\Webfilter\AVKWebIEx64.dll (G Data Software AG)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G DATA\TotalCare\Webfilter\AVKWebIE.dll (G Data Software AG)
Toolbar: HKLM-x32 - Gutscheinmieze - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Walter\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Toolbar: HKLM-x32 - facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll (facemoods.com)
Toolbar: HKLM-x32 - Freeware.de Toolbar - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFre0.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File
Toolbar: HKCU - No Name - {7E111A5C-3D11-4F56-9463-5310C3C69025} - No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: 192.168.1.254 router
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
FireFox:
========
FF ProfilePath: C:\Users\Walter\AppData\Roaming\Mozilla\Firefox\Profiles\qrq2y0wx.default
FF Homepage: hxxp://www.google.at/
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=2&q=
FF NetworkProxy: "gopher", ""
FF NetworkProxy: "gopher_port", 0
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX OVS Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Walter\AppData\Roaming\Mozilla\Firefox\Profiles\qrq2y0wx.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\Walter\AppData\Roaming\Mozilla\Firefox\Profiles\qrq2y0wx.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src
FF Extension: Freeware.de - C:\Users\Walter\AppData\Roaming\Mozilla\Firefox\Profiles\qrq2y0wx.default\Extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}
FF Extension: No Name - C:\Users\Walter\AppData\Roaming\Mozilla\Firefox\Profiles\qrq2y0wx.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\Walter\AppData\Roaming\Mozilla\Firefox\Profiles\qrq2y0wx.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
FF Extension: G Data WebFilter - C:\Program Files (x86)\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
FF Extension: A1 Servicecenter - C:\Program Files (x86)\Mozilla Firefox\extensions\{B0BBFC8E-6697-4D2B-8FC4-B5AD9B3B1F11}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
==================== Services (Whitelisted) =================
R2 AVKProxy; C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1128008 2009-12-07] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G DATA\TotalCare\AVK\AVKService.exe [397896 2009-08-08] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G DATA\TotalCare\AVK\AVKWCtlX64.exe [1731504 2009-11-25] (G Data Software AG)
S3 G Data Backup Service; C:\Program Files (x86)\G DATA\TotalCare\AVKBackup\AVKBackupService.exe [865352 2009-10-21] (G Data Software AG)
S3 G Data Tuner Service; C:\Program Files (x86)\G DATA\TotalCare\AVKTuner\AVKTunerService.exe [918600 2009-04-20] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe [302152 2009-11-26] (G Data Software AG)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-03-18] ()
==================== Drivers (Whitelisted) ====================
S3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20552 2010-10-25] (Devguru Co., Ltd)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [34760 2010-01-28] (G Data Software AG)
S3 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [74184 2010-01-28] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\DRIVERS\gdwfpcd64.sys [48584 2010-04-23] (G DATA Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106224 2010-01-29] (G Data Software)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106224 2010-01-29] (G Data Software)
R3 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [42952 2010-01-28] (G Data Software AG)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-01-24] ()
S1 StarOpen; No ImagePath
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-22 09:59 - 2013-07-22 09:59 - 00000000 ____D C:\FRST
2013-07-22 09:58 - 2013-07-22 09:52 - 01779363 _____ (Farbar) C:\Users\Walter\Desktop\FRST64.exe
2013-07-21 17:17 - 2013-07-21 17:17 - 00000000 ____D C:\Users\Walter\AppData\Roaming\Malwarebytes
2013-07-21 17:16 - 2013-07-21 17:16 - 00001069 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-21 17:16 - 2013-07-21 17:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-21 17:16 - 2013-07-21 17:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-21 17:16 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-17 12:31 - 2013-07-17 12:31 - 01067456 _____ (Solid State Networks) C:\Users\Walter\Downloads\install_flashplayer11x32au_mssa_aaa_aih.exe
2013-07-11 20:46 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 20:46 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 20:46 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 20:46 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 20:46 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 20:46 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 20:46 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 20:46 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 20:46 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 20:46 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 20:46 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 20:46 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 20:46 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 20:46 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 20:46 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 20:46 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 20:46 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 20:46 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 20:46 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 20:46 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 20:46 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 20:46 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 20:46 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 20:46 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 20:46 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 20:46 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 20:46 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 20:46 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 20:46 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 20:46 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 20:46 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 08:43 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 08:43 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 08:43 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 08:43 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 08:43 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 08:43 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 08:43 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-03 13:15 - 2013-07-03 16:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-02 17:15 - 2013-07-02 17:15 - 00013522 _____ C:\Users\Walter\Desktop\PCB-Designer_in - Hardwareentwickler_in in TFronius - PCB.htm
2013-07-02 17:15 - 2013-07-02 17:15 - 00000000 ____D C:\Users\Walter\Desktop\PCB-Designer_in - Hardwareentwickler_in in TFronius - PCB-Dateien
==================== One Month Modified Files and Folders =======
2013-07-22 10:00 - 2009-07-14 06:45 - 00020320 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-22 10:00 - 2009-07-14 06:45 - 00020320 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-22 09:59 - 2013-07-22 09:59 - 00000000 ____D C:\FRST
2013-07-22 09:59 - 2010-01-28 22:48 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-22 09:56 - 2010-01-28 22:48 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-22 09:56 - 2010-01-21 20:27 - 01896678 _____ C:\Windows\WindowsUpdate.log
2013-07-22 09:53 - 2012-11-29 20:04 - 00000000 ____D C:\Users\Walter\AppData\Local\A1TA
2013-07-22 09:53 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing
2013-07-22 09:52 - 2013-07-22 09:58 - 01779363 _____ (Farbar) C:\Users\Walter\Desktop\FRST64.exe
2013-07-22 09:52 - 2010-01-28 21:23 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-07-22 09:52 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-22 09:52 - 2009-07-14 06:51 - 00164848 _____ C:\Windows\setupact.log
2013-07-21 22:47 - 2012-03-29 10:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-21 21:32 - 2010-01-29 10:59 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A59BC4DB-8C7D-4290-803D-B10C3348780E}
2013-07-21 18:37 - 2010-01-21 21:11 - 00102174 _____ C:\Windows\PFRO.log
2013-07-21 17:17 - 2013-07-21 17:17 - 00000000 ____D C:\Users\Walter\AppData\Roaming\Malwarebytes
2013-07-21 17:17 - 2009-07-14 19:58 - 00664680 _____ C:\Windows\system32\perfh007.dat
2013-07-21 17:17 - 2009-07-14 19:58 - 00133052 _____ C:\Windows\system32\perfc007.dat
2013-07-21 17:17 - 2009-07-14 07:13 - 01524246 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-21 17:16 - 2013-07-21 17:16 - 00001069 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-21 17:16 - 2013-07-21 17:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-21 17:16 - 2013-07-21 17:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-20 18:38 - 2010-03-05 09:53 - 00000000 ____D C:\Users\Walter\Documents\Ingrid
2013-07-17 12:31 - 2013-07-17 12:31 - 01067456 _____ (Solid State Networks) C:\Users\Walter\Downloads\install_flashplayer11x32au_mssa_aaa_aih.exe
2013-07-13 09:51 - 2010-01-28 22:48 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 09:51 - 2010-01-28 22:48 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-12 08:39 - 2009-07-14 06:45 - 05047968 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-12 08:37 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 08:37 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 08:37 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-11 20:54 - 2010-01-21 20:46 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-11 20:47 - 2010-01-31 19:38 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-07 19:15 - 2012-01-09 17:57 - 00000000 ____D C:\Program Files (x86)\Freeware.de
2013-07-04 12:16 - 2012-05-04 09:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-03 16:43 - 2013-07-03 13:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-02 20:38 - 2011-01-14 19:54 - 00000000 ____D C:\Users\Walter\AppData\Local\TSVNCache
2013-07-02 17:15 - 2013-07-02 17:15 - 00013522 _____ C:\Users\Walter\Desktop\PCB-Designer_in - Hardwareentwickler_in in TFronius - PCB.htm
2013-07-02 17:15 - 2013-07-02 17:15 - 00000000 ____D C:\Users\Walter\Desktop\PCB-Designer_in - Hardwareentwickler_in in TFronius - PCB-Dateien
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-13 09:43
==================== End Of Log ============================
Addition.txt: Zitat:
|
|
22.07.2013, 10:53
| #4 |
| /// TB-Ausbilder | Nach Bluescreen Internetseiten laden nicht außer Facebook Hi, dann so weiter: Schritt 1
Schritt 2 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 3 Scan mit Combofix
Schritt 4 Starte noch einmal FRST.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
22.07.2013, 12:20
| #5 |
| | Nach Bluescreen Internetseiten laden nicht außer Facebook ok, zu Schritt 1: - DVDVideoSoftTB Toolbar passiert nichts wenn ich auf deinstallieren klicke auch im Programmverzeichnis bei uninstall.exe tut sich nix - Gutscheinmieze - Toolbar wird gestartet und ausgeführt, nur wird es nicht gelöscht obwohl bestätigt wird das es entfernt wurde, hab dies 3 mal ausgeführt - immer gleich zu Schritt 2: adwcleaner öffnet sich das Fenster erst 5min nach dem ausführen: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.306 - Datei am 22/07/2013 um 12:20:13 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Walter - WALTER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Walter\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll
Datei Gelöscht : C:\Users\Walter\AppData\Roaming\Mozilla\Firefox\Profiles\qrq2y0wx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Datei Gelöscht : C:\Users\Walter\AppData\Roaming\Mozilla\Firefox\Profiles\qrq2y0wx.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Users\Walter\AppData\Roaming\Mozilla\Firefox\Profiles\qrq2y0wx.default\searchplugins\SweetIm.xml
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\DVDVideoSoftTB
Ordner Gelöscht : C:\Users\Walter\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Walter\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Walter\AppData\Local\Temp\CT2736476
Ordner Gelöscht : C:\Users\Walter\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Walter\AppData\Local\Temp\OpenCandy
Ordner Gelöscht : C:\Users\Walter\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Walter\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Walter\AppData\LocalLow\facemoods.com
Ordner Gelöscht : C:\Users\Walter\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Walter\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Walter\AppData\Roaming\Mozilla\Firefox\Profiles\qrq2y0wx.default\CT2736476
Ordner Gelöscht : C:\Users\Walter\AppData\Roaming\Mozilla\Firefox\Profiles\qrq2y0wx.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}
Ordner Gelöscht : C:\Users\Walter\AppData\Roaming\Mozilla\Firefox\Profiles\qrq2y0wx.default\Smartbar
Ordner Gelöscht : C:\Users\Walter\AppData\Roaming\Mozilla\Firefox\Profiles\sdbbpnmd.default\extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
Ordner Gelöscht : C:\Users\Walter\AppData\Roaming\Mozilla\Firefox\Profiles\sdbbpnmd.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
Ordner Gelöscht : C:\Users\Walter\AppData\Roaming\Mozilla\Firefox\Profiles\sdbbpnmd.default\extensions\ffxtlbr@Facemoods.com
Ordner Gelöscht : C:\Users\Walter\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Web-Suche
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2736476
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2851647
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16635
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 --> hxxp://www.google.com
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\Walter\AppData\Roaming\Mozilla\Firefox\Profiles\qrq2y0wx.default\prefs.js
C:\Users\Walter\AppData\Roaming\Mozilla\Firefox\Profiles\qrq2y0wx.default\user.js ... Gelöscht !
Gelöscht : user_pref("CT2736476.1000082.currentList", "[{\"stationId\":\"21930450\",\"url\":\"hxxp://www.feedli[...]
Gelöscht : user_pref("CT2736476.1000082.isPlayDisplay", "true");
Gelöscht : user_pref("CT2736476.1000082.localStations", "[{\"stationId\":\"9962\",\"url\":\"hxxp://feedlive.net[...]
Gelöscht : user_pref("CT2736476.1000082.nowPlaying", "{\"stationId\":\"21930450\",\"url\":\"hxxp://www.feedlive[...]
Gelöscht : user_pref("CT2736476.1000082.publisherStations", "[{\"stationId\":\"21930450\",\"url\":\"hxxp://www.[...]
Gelöscht : user_pref("CT2736476.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Gelöscht : user_pref("CT2736476.2736476a129652188678262596000000paramsGK1", "{\"updateReqTime\":1342439287218,\[...]
Gelöscht : user_pref("CT2736476.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2736476.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gelöscht : user_pref("CT2736476.FirstTime", "true");
Gelöscht : user_pref("CT2736476.FirstTimeFF3", "true");
Gelöscht : user_pref("CT2736476.LoginRevertSettingsEnabled", true);
Gelöscht : user_pref("CT2736476.UserID", "UN66773174738114342");
Gelöscht : user_pref("CT2736476.addressBarTakeOverEnabledInHidden", "true");
Gelöscht : user_pref("CT2736476.autoDisableScopes", -1);
Gelöscht : user_pref("CT2736476.browser.search.defaultthis.engineName", true);
Gelöscht : user_pref("CT2736476.countryCode", "AT");
Gelöscht : user_pref("CT2736476.defaultSearch", "true");
Gelöscht : user_pref("CT2736476.enableAlerts", "always");
Gelöscht : user_pref("CT2736476.enableFix404", "true");
Gelöscht : user_pref("CT2736476.enableFix404ByUser", "true");
Gelöscht : user_pref("CT2736476.enableSearchFromAddressBar", "true");
Gelöscht : user_pref("CT2736476.firstTimeDialogOpened", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2736476.fixPageNotFoundErrorByUser", "TRUE");
Gelöscht : user_pref("CT2736476.fixPageNotFoundErrorInHidden", "true");
Gelöscht : user_pref("CT2736476.fixUrls", true);
Gelöscht : user_pref("CT2736476.fullUserID", "UN66773174738114342.UP.20130625185526");
Gelöscht : user_pref("CT2736476.installId", "ConduitNSISIntegration");
Gelöscht : user_pref("CT2736476.installType", "ConduitXPEIntegration");
Gelöscht : user_pref("CT2736476.isCheckedStartAsHidden", true);
Gelöscht : user_pref("CT2736476.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2736476.isFirstTimeToolbarLoading", "false");
Gelöscht : user_pref("CT2736476.isNewTabEnabled", false);
Gelöscht : user_pref("CT2736476.isPerformedSmartBarTransition", "true");
Gelöscht : user_pref("CT2736476.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT2736476.keyword", true);
Gelöscht : user_pref("CT2736476.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.condui[...]
Gelöscht : user_pref("CT2736476.lastVersion", "10.16.4.519");
Gelöscht : user_pref("CT2736476.migrateAppsAndComponents", true);
Gelöscht : user_pref("CT2736476.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"[...]
Gelöscht : user_pref("CT2736476.openThankYouPage", "false");
Gelöscht : user_pref("CT2736476.openUninstallPage", "true");
Gelöscht : user_pref("CT2736476.search.searchAppId", "129257551953665476");
Gelöscht : user_pref("CT2736476.search.searchCount", "2");
Gelöscht : user_pref("CT2736476.searchInNewTabEnabled", "false");
Gelöscht : user_pref("CT2736476.searchInNewTabEnabledByUser", "false");
Gelöscht : user_pref("CT2736476.searchInNewTabEnabledInHidden", "true");
Gelöscht : user_pref("CT2736476.searchSuggestEnabledByUser", "true");
Gelöscht : user_pref("CT2736476.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2736476.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gelöscht : user_pref("CT2736476.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Gelöscht : user_pref("CT2736476.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gelöscht : user_pref("CT2736476.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2736476.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2736476.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gelöscht : user_pref("CT2736476.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Gelöscht : user_pref("CT2736476.serviceLayer_services_Configuration_lastUpdate", "1374230682818");
Gelöscht : user_pref("CT2736476.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1326124670422");
Gelöscht : user_pref("CT2736476.serviceLayer_services_appTracking_lastUpdate", "1326124689236");
Gelöscht : user_pref("CT2736476.serviceLayer_services_appsMetadata_lastUpdate", "1326124670433");
Gelöscht : user_pref("CT2736476.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1326124671795");
Gelöscht : user_pref("CT2736476.serviceLayer_services_location_lastUpdate", "1372176058969");
Gelöscht : user_pref("CT2736476.serviceLayer_services_login_10.10.20.14_lastUpdate", "1345562319141");
Gelöscht : user_pref("CT2736476.serviceLayer_services_login_10.10.27.6_lastUpdate", "1352638663994");
Gelöscht : user_pref("CT2736476.serviceLayer_services_login_10.13.40.15_lastUpdate", "1359731647739");
Gelöscht : user_pref("CT2736476.serviceLayer_services_login_10.14.42.7_lastUpdate", "1360771968826");
Gelöscht : user_pref("CT2736476.serviceLayer_services_login_10.14.65.43_lastUpdate", "1364150495323");
Gelöscht : user_pref("CT2736476.serviceLayer_services_login_10.15.0.562_lastUpdate", "1372175343274");
Gelöscht : user_pref("CT2736476.serviceLayer_services_login_10.15.2.523_lastUpdate", "1369306115071");
Gelöscht : user_pref("CT2736476.serviceLayer_services_login_10.16.4.519_lastUpdate", "1374305084949");
Gelöscht : user_pref("CT2736476.serviceLayer_services_login_10.6.0.900_lastUpdate", "1326124676248");
Gelöscht : user_pref("CT2736476.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1326124671811");
Gelöscht : user_pref("CT2736476.serviceLayer_services_searchAPI_lastUpdate", "1374230682831");
Gelöscht : user_pref("CT2736476.serviceLayer_services_serviceMap_lastUpdate", "1374230682622");
Gelöscht : user_pref("CT2736476.serviceLayer_services_toolbarContextMenu_lastUpdate", "1326124671839");
Gelöscht : user_pref("CT2736476.serviceLayer_services_toolbarSettings_lastUpdate", "1374305084713");
Gelöscht : user_pref("CT2736476.serviceLayer_services_translation_lastUpdate", "1374230683692");
Gelöscht : user_pref("CT2736476.settingsINI", true);
Gelöscht : user_pref("CT2736476.shouldFirstTimeDialog", "false");
Gelöscht : user_pref("CT2736476.showToolbarPermission", "false");
Gelöscht : user_pref("CT2736476.smartbar.CTID", "CT2736476");
Gelöscht : user_pref("CT2736476.smartbar.Uninstall", "0");
Gelöscht : user_pref("CT2736476.smartbar.homepage", true);
Gelöscht : user_pref("CT2736476.smartbar.isHidden", true);
Gelöscht : user_pref("CT2736476.smartbar.toolbarName", "Freeware.de ");
Gelöscht : user_pref("CT2736476.startPage", "userChanged");
Gelöscht : user_pref("CT2736476.toolbarBornServerTime", "9-01-2012");
Gelöscht : user_pref("CT2736476.toolbarCurrentServerTime", "20-7-2013");
Gelöscht : user_pref("CT2736476.toolbarLoginClientTime", "Mon Mar 25 2013 13:45:28 GMT+0100");
Gelöscht : user_pref("CT2736476.upgradeFromClearSBVersion", true);
Gelöscht : user_pref("CT2736476_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Gelöscht : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2736476&SearchSource=1[...]
Gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "");
Gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "");
Gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=2&q=[...]
Gelöscht : user_pref("smartbar.machineId", "YR7RQTQM8BYTHGZGT4SHXGEWLRIK4MRCOL/+VAFOBKFC072EGMX9FTQNVDPCYMRFWRZ[...]
*************************
AdwCleaner[S1].txt - [18904 octets] - [22/07/2013 12:20:13]
########## EOF - C:\AdwCleaner[S1].txt - [18965 octets] ##########
Schritt 3: Comofix jammert das GData noch aktiv ist, obwohl ich es nicht einmal aktivieren kann, hab GData dann im Taskmanager beendet Combofix Logfile: Code:
ATTFilter ComboFix 13-07-22.01 - Walter 22.07.2013 12:45:11.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.3957.2675 [GMT 2:00]
ausgeführt von:: c:\users\Walter\Desktop\ComboFix.exe
AV: G Data TotalCare 2010 *Enabled/Outdated* {54ACC2FC-837E-E665-7A92-5352D560D5EF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Walter\AppData\Local\assembly\tmp
c:\users\Walter\AppData\Local\Temp\9b93aee4-5d0f-43c6-98ae-ec0b1e7534ab\CliSecureRT.dll
c:\users\Walter\AppData\Roaming\Local
c:\users\Walter\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\Walter\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi
c:\users\Walter\AppData\Roaming\Local\Temp\DDM\Settings\40a1ef791e14f469056c576d452986ec.avi.ddr
c:\users\Walter\AppData\Roaming\Local\Temp\DDM\Settings\ba3f1aa6418634152f32de93dc6b1b3b.avi.ddr
c:\users\Walter\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Walter\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2).ddp
c:\users\Walter\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\users\Walter\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\40a1ef791e14f469056c576d452986ec.avi
c:\users\Walter\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\ba3f1aa6418634152f32de93dc6b1b3b.avi.ddp
c:\users\Walter\Documents\~WRL0802.tmp
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\winnt
c:\windows\SysWow64\winnt\atl.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-22 bis 2013-07-22 ))))))))))))))))))))))))))))))
.
.
2013-07-22 11:03 . 2013-07-22 11:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-22 07:59 . 2013-07-22 07:59 -------- d-----w- C:\FRST
2013-07-21 15:17 . 2013-07-21 15:17 -------- d-----w- c:\users\Walter\AppData\Roaming\Malwarebytes
2013-07-21 15:16 . 2013-07-21 15:16 -------- d-----w- c:\programdata\Malwarebytes
2013-07-21 15:16 . 2013-07-21 15:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-21 15:16 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-21 15:16 . 2013-07-21 15:16 -------- d-----w- c:\users\Walter\AppData\Local\Programs
2013-07-19 08:35 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3612D52D-A47E-479A-99CC-FEB72BC8E28C}\mpengine.dll
2013-07-11 06:43 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-11 18:47 . 2010-01-31 17:38 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-06-12 18:47 . 2012-03-29 08:33 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 18:47 . 2011-05-16 10:24 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-26 19:32 . 2013-05-26 19:32 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-26 19:32 . 2013-05-26 19:32 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-05-26 19:32 . 2013-05-26 19:32 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-05-26 19:32 . 2013-05-26 19:32 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-05-26 19:32 . 2013-05-26 19:32 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-05-26 19:32 . 2013-05-26 19:32 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-05-26 19:32 . 2013-05-26 19:32 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-05-26 19:32 . 2013-05-26 19:32 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-05-26 19:32 . 2013-05-26 19:32 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-05-26 19:32 . 2013-05-26 19:32 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-05-26 19:32 . 2013-05-26 19:32 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-05-26 19:32 . 2013-05-26 19:32 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-26 19:32 . 2013-05-26 19:32 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-05-26 19:32 . 2013-05-26 19:32 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-05-26 19:32 . 2013-05-26 19:32 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-05-26 19:32 . 2013-05-26 19:32 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-05-26 19:32 . 2013-05-26 19:32 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-05-26 19:32 . 2013-05-26 19:32 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-05-26 19:32 . 2013-05-26 19:32 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-26 19:32 . 2013-05-26 19:32 81408 ----a-w- c:\windows\system32\icardie.dll
2013-05-26 19:32 . 2013-05-26 19:32 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-05-26 19:32 . 2013-05-26 19:32 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-05-26 19:32 . 2013-05-26 19:32 441856 ----a-w- c:\windows\system32\html.iec
2013-05-26 19:32 . 2013-05-26 19:32 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-05-26 19:32 . 2013-05-26 19:32 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-26 19:32 . 2013-05-26 19:32 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-05-26 19:32 . 2013-05-26 19:32 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-05-26 19:32 . 2013-05-26 19:32 235008 ----a-w- c:\windows\system32\url.dll
2013-05-26 19:32 . 2013-05-26 19:32 216064 ----a-w- c:\windows\system32\msls31.dll
2013-05-26 19:32 . 2013-05-26 19:32 197120 ----a-w- c:\windows\system32\msrating.dll
2013-05-26 19:32 . 2013-05-26 19:32 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-26 19:32 . 2013-05-26 19:32 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-05-26 19:32 . 2013-05-26 19:32 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-05-26 19:32 . 2013-05-26 19:32 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-26 19:32 . 2013-05-26 19:32 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-05-26 19:32 . 2013-05-26 19:32 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-05-26 19:32 . 2013-05-26 19:32 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-05-26 19:32 . 2013-05-26 19:32 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-05-26 19:32 . 2013-05-26 19:32 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-26 19:32 . 2013-05-26 19:32 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-26 19:32 . 2013-05-26 19:32 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-05-26 19:32 . 2013-05-26 19:32 149504 ----a-w- c:\windows\system32\occache.dll
2013-05-26 19:32 . 2013-05-26 19:32 144896 ----a-w- c:\windows\system32\wextract.exe
2013-05-26 19:32 . 2013-05-26 19:32 13824 ----a-w- c:\windows\system32\mshta.exe
2013-05-26 19:32 . 2013-05-26 19:32 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-05-26 19:32 . 2013-05-26 19:32 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-26 19:32 . 2013-05-26 19:32 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-05-26 19:32 . 2013-05-26 19:32 102912 ----a-w- c:\windows\system32\inseng.dll
2013-05-26 19:32 . 2013-05-26 19:32 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-05-14 10:57 . 2011-03-28 17:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-13 05:51 . 2013-06-12 12:27 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 12:27 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 12:27 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 12:27 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 12:27 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 12:27 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 12:27 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-12 12:27 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 12:27 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 12:27 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-12 12:27 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-12 12:27 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-12 12:27 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-02 00:06 . 2010-01-28 19:35 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-26 05:51 . 2013-06-12 12:27 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-04-26 04:55 . 2013-06-12 12:27 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-04-25 23:30 . 2013-06-12 12:27 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-28 39408]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-20 719672]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office14\GROOVEMN.EXE" [2011-02-11 944520]
"AdobeBridge"="c:\program files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe" [2010-11-09 12001224]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-04-28 934800]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-04-28 3373968]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-04-28 19856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-04 98304]
"G DATA AntiVirus Trayapplication"="c:\program files (x86)\G DATA\TotalCare\AVKTray\AVKTray.exe" [2009-09-18 924232]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"A1Diagnose"="c:\program files (x86)\A1\A1 Diagnose\A1Diagnose.exe" [2012-08-03 20678872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 G Data Backup Service;G Data Backup Service;c:\program files (x86)\G DATA\TotalCare\AVKBackup\AVKBackupService.exe;c:\program files (x86)\G DATA\TotalCare\AVKBackup\AVKBackupService.exe [x]
R3 G Data Tuner Service;G Data Tuner Service;c:\program files (x86)\G DATA\TotalCare\AVKTuner\AVKTunerService.exe;c:\program files (x86)\G DATA\TotalCare\AVKTuner\AVKTunerService.exe [x]
R3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys;c:\windows\SYSNATIVE\drivers\MiniIcpt.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys;c:\windows\SYSNATIVE\drivers\GDBehave.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 gdwfpcd;G DATA WFP CD;c:\windows\system32\DRIVERS\gdwfpcd64.sys;c:\windows\SYSNATIVE\DRIVERS\gdwfpcd64.sys [x]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys;c:\windows\SYSNATIVE\drivers\GRD.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe;c:\program files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [x]
S2 AVKService;G Data Scheduler;c:\program files (x86)\G DATA\TotalCare\AVK\AVKService.exe;c:\program files (x86)\G DATA\TotalCare\AVK\AVKService.exe [x]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G DATA\TotalCare\AVK\AVKWCtlX64.exe;c:\program files (x86)\G DATA\TotalCare\AVK\AVKWCtlX64.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G DATA\GDScan\GDScan.exe;c:\program files (x86)\Common Files\G DATA\GDScan\GDScan.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys;c:\windows\SYSNATIVE\drivers\HookCentre.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 18:47]
.
2013-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-28 20:48]
.
2013-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-28 20:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-16 8114720]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 2328944]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.at/
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearchAssistant = hxxp://www.google.com
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\Walter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Walter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: leagueoflegends.com\ll
Trusted Zone: raiffeisen.at\banking
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{B3AF6752-9E75-4E97-A386-A684F8C01323}: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Walter\AppData\Roaming\Mozilla\Firefox\Profiles\qrq2y0wx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2010-09-24 15:03; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-DVDVideoSoftTB Toolbar - c:\progra~2\DVDVID~2\UNINST~1.EXE
AddRemove-Shockwave - c:\windows\System32\macromed\SHOCKW~1\UNWISE.EXE
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4116551179-2422448422-664753324-1000\Software\SecuROM\License information*]
"datasecu"=hex:5f,fd,ec,f6,c2,55,ee,99,91,2f,f7,ec,1e,d9,e7,f4,b2,de,67,a0,ef,
bb,62,6d,70,ae,ad,92,07,6d,ca,f9,67,6d,ad,07,fc,a8,8e,fb,bf,de,dc,eb,fa,f5,\
"rkeysecu"=hex:2b,38,a4,1b,32,68,83,69,c6,71,57,61,c2,15,e9,79
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:9e,89,28,cc,2f,44,04,87,ff,27,7e,e9,1f,04,30,62,81,cf,6c,3f,ab,
89,ab,85,62,c9,0e,35,44,5b,ed,2c,e4,cb,6a,f1,65,1f,fc,c7,6b,b7,86,60,b6,7d,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:9e,89,28,cc,2f,44,04,87,ff,27,7e,e9,1f,04,30,62,81,cf,6c,3f,ab,
89,ab,85,62,c9,0e,35,44,5b,ed,2c,e4,cb,6a,f1,65,1f,fc,c7,6b,b7,86,60,b6,7d,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-07-22 13:11:21 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-07-22 11:11
.
Vor Suchlauf: 18 Verzeichnis(se), 767.234.768.896 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 773.586.280.448 Bytes frei
.
- - End Of File - - 0FA764E373084120CEB71982B28E4115
A36C5E4F47E84449FF07ED3517B43A31 [/QUOTE] FRST: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2013
Ran by Walter (administrator) on 22-07-2013 13:14:03
Running from C:\Users\Walter\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\TotalCare\AVK\AVKService.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\TotalCare\AVK\AVKWCtlX64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Adobe Systems, Inc.) C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\TotalCare\AVKTray\AVKTray.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(DivX, LLC) C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
(mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at) C:\Program Files (x86)\A1\A1 Diagnose\A1Diagnose.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8114720 2009-09-16] (Realtek Semiconductor)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2328944 2011-01-07] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-01-28] (Google Inc.)
HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [719672 2012-01-20] (Microsoft Corporation)
HKCU\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEMN.EXE [944520 2011-02-12] (Microsoft Corporation)
HKCU\...\Run: [AdobeBridge] - C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe [12001224 2010-11-10] (Adobe Systems, Inc.)
HKCU\...\Run: [KiesHelper] - C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [934800 2011-04-29] (Samsung)
HKCU\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3373968 2011-04-29] (Samsung Electronics Co., Ltd.)
HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [19856 2011-04-29] ()
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [G DATA AntiVirus Trayapplication] - C:\Program Files (x86)\G DATA\TotalCare\AVKTray\AVKTray.exe [924232 2009-09-18] (G Data Software AG)
HKLM-x32\...\Run: [DivXUpdate] - "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1226608 2010-12-09] ()
HKLM-x32\...\Run: [DivX Download Manager] - "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start [63360 2010-12-08] (DivX, LLC)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [A1Diagnose] - C:\Program Files (x86)\A1\A1 Diagnose\A1Diagnose.exe /auto [20678872 2012-08-03] (mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {B3AB01ED-5478-429A-AD22-232105350A20} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
BHO: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G DATA\TotalCare\Webfilter\AVKWebIEx64.dll (G Data Software AG)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G DATA\TotalCare\Webfilter\AVKWebIE.dll (G Data Software AG)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G DATA\TotalCare\Webfilter\AVKWebIEx64.dll (G Data Software AG)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G DATA\TotalCare\Webfilter\AVKWebIE.dll (G Data Software AG)
Toolbar: HKLM-x32 - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
FireFox:
========
FF ProfilePath: C:\Users\Walter\AppData\Roaming\Mozilla\Firefox\Profiles\qrq2y0wx.default
FF Homepage: hxxp://www.google.at/
FF NetworkProxy: "gopher", ""
FF NetworkProxy: "gopher_port", 0
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX OVS Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src
FF Extension: No Name - C:\Users\Walter\AppData\Roaming\Mozilla\Firefox\Profiles\qrq2y0wx.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: G Data WebFilter - C:\Program Files (x86)\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
FF Extension: A1 Servicecenter - C:\Program Files (x86)\Mozilla Firefox\extensions\{B0BBFC8E-6697-4D2B-8FC4-B5AD9B3B1F11}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
==================== Services (Whitelisted) =================
R2 AVKProxy; C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1128008 2009-12-07] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G DATA\TotalCare\AVK\AVKService.exe [397896 2009-08-08] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G DATA\TotalCare\AVK\AVKWCtlX64.exe [1731504 2009-11-25] (G Data Software AG)
S3 G Data Backup Service; C:\Program Files (x86)\G DATA\TotalCare\AVKBackup\AVKBackupService.exe [865352 2009-10-21] (G Data Software AG)
S3 G Data Tuner Service; C:\Program Files (x86)\G DATA\TotalCare\AVKTuner\AVKTunerService.exe [918600 2009-04-20] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe [302152 2009-11-26] (G Data Software AG)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-03-18] ()
==================== Drivers (Whitelisted) ====================
S3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20552 2010-10-25] (Devguru Co., Ltd)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [34760 2010-01-28] (G Data Software AG)
S3 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [74184 2010-01-28] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\DRIVERS\gdwfpcd64.sys [48584 2010-04-23] (G DATA Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106224 2010-01-29] (G Data Software)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106224 2010-01-29] (G Data Software)
R3 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [42952 2010-01-28] (G Data Software AG)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-01-24] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S1 StarOpen; No ImagePath
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-22 13:11 - 2013-07-22 13:11 - 00029988 _____ C:\ComboFix.txt
2013-07-22 12:43 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-22 12:43 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-22 12:43 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-22 12:43 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-22 12:43 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-22 12:43 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-22 12:43 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-22 12:43 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-22 12:33 - 2013-07-22 13:11 - 00000000 ____D C:\ComboFix
2013-07-22 12:30 - 2013-07-22 13:11 - 00000000 ____D C:\Qoobox
2013-07-22 12:29 - 2013-07-22 13:10 - 00000000 ____D C:\Windows\erdnt
2013-07-22 12:29 - 2013-07-22 11:55 - 05091940 ____R (Swearware) C:\Users\Walter\Desktop\ComboFix.exe
2013-07-22 12:07 - 2013-07-21 17:27 - 00666633 _____ C:\Users\Walter\Desktop\adwcleaner.exe
2013-07-22 09:59 - 2013-07-22 09:59 - 00000000 ____D C:\FRST
2013-07-22 09:58 - 2013-07-22 09:52 - 01779363 _____ (Farbar) C:\Users\Walter\Desktop\FRST64.exe
2013-07-21 17:17 - 2013-07-21 17:17 - 00000000 ____D C:\Users\Walter\AppData\Roaming\Malwarebytes
2013-07-21 17:16 - 2013-07-21 17:16 - 00001069 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-21 17:16 - 2013-07-21 17:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-21 17:16 - 2013-07-21 17:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-21 17:16 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-17 12:31 - 2013-07-17 12:31 - 01067456 _____ (Solid State Networks) C:\Users\Walter\Downloads\install_flashplayer11x32au_mssa_aaa_aih.exe
2013-07-11 20:46 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 20:46 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 20:46 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 20:46 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 20:46 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 20:46 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 20:46 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 20:46 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 20:46 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 20:46 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 20:46 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 20:46 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 20:46 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 20:46 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 20:46 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 20:46 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 20:46 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 20:46 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 20:46 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 20:46 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 20:46 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 20:46 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 20:46 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 20:46 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 20:46 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 20:46 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 20:46 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 20:46 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 20:46 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 20:46 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 20:46 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 08:43 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 08:43 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 08:43 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 08:43 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 08:43 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 08:43 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 08:43 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-03 13:15 - 2013-07-03 16:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-02 17:15 - 2013-07-02 17:15 - 00013522 _____ C:\Users\Walter\Desktop\PCB-Designer_in - Hardwareentwickler_in in TFronius - PCB.htm
2013-07-02 17:15 - 2013-07-02 17:15 - 00000000 ____D C:\Users\Walter\Desktop\PCB-Designer_in - Hardwareentwickler_in in TFronius - PCB-Dateien
==================== One Month Modified Files and Folders =======
2013-07-22 13:11 - 2013-07-22 13:11 - 00029988 _____ C:\ComboFix.txt
2013-07-22 13:11 - 2013-07-22 12:33 - 00000000 ____D C:\ComboFix
2013-07-22 13:11 - 2013-07-22 12:30 - 00000000 ____D C:\Qoobox
2013-07-22 13:11 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-07-22 13:10 - 2013-07-22 12:29 - 00000000 ____D C:\Windows\erdnt
2013-07-22 13:10 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing
2013-07-22 13:05 - 2012-11-29 20:04 - 00000000 ____D C:\Users\Walter\AppData\Local\A1TA
2013-07-22 13:05 - 2010-01-28 22:48 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-22 13:05 - 2010-01-28 21:23 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-07-22 13:05 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-22 13:05 - 2009-07-14 06:51 - 00165016 _____ C:\Windows\setupact.log
2013-07-22 13:05 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-07-22 13:04 - 2010-01-21 21:11 - 00103588 _____ C:\Windows\PFRO.log
2013-07-22 13:04 - 2010-01-21 20:27 - 01926208 _____ C:\Windows\WindowsUpdate.log
2013-07-22 12:56 - 2010-01-28 22:48 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-22 12:47 - 2012-03-29 10:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-22 12:29 - 2009-07-14 06:45 - 00020320 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-22 12:29 - 2009-07-14 06:45 - 00020320 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-22 12:06 - 2010-11-22 22:10 - 00000000 ____D C:\Users\Walter\AppData\Roaming\Gutscheinmieze
2013-07-22 11:55 - 2013-07-22 12:29 - 05091940 ____R (Swearware) C:\Users\Walter\Desktop\ComboFix.exe
2013-07-22 10:13 - 2010-01-29 10:59 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A59BC4DB-8C7D-4290-803D-B10C3348780E}
2013-07-22 09:59 - 2013-07-22 09:59 - 00000000 ____D C:\FRST
2013-07-22 09:52 - 2013-07-22 09:58 - 01779363 _____ (Farbar) C:\Users\Walter\Desktop\FRST64.exe
2013-07-21 17:27 - 2013-07-22 12:07 - 00666633 _____ C:\Users\Walter\Desktop\adwcleaner.exe
2013-07-21 17:17 - 2013-07-21 17:17 - 00000000 ____D C:\Users\Walter\AppData\Roaming\Malwarebytes
2013-07-21 17:17 - 2009-07-14 19:58 - 00664680 _____ C:\Windows\system32\perfh007.dat
2013-07-21 17:17 - 2009-07-14 19:58 - 00133052 _____ C:\Windows\system32\perfc007.dat
2013-07-21 17:17 - 2009-07-14 07:13 - 01524246 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-21 17:16 - 2013-07-21 17:16 - 00001069 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-21 17:16 - 2013-07-21 17:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-21 17:16 - 2013-07-21 17:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-20 18:38 - 2010-03-05 09:53 - 00000000 ____D C:\Users\Walter\Documents\Ingrid
2013-07-17 12:31 - 2013-07-17 12:31 - 01067456 _____ (Solid State Networks) C:\Users\Walter\Downloads\install_flashplayer11x32au_mssa_aaa_aih.exe
2013-07-13 09:51 - 2010-01-28 22:48 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 09:51 - 2010-01-28 22:48 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-12 08:39 - 2009-07-14 06:45 - 05047968 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-12 08:37 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 08:37 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 08:37 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-11 20:54 - 2010-01-21 20:46 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-11 20:47 - 2010-01-31 19:38 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-04 12:16 - 2012-05-04 09:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-03 16:43 - 2013-07-03 13:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-02 20:38 - 2011-01-14 19:54 - 00000000 ____D C:\Users\Walter\AppData\Local\TSVNCache
2013-07-02 17:15 - 2013-07-02 17:15 - 00013522 _____ C:\Users\Walter\Desktop\PCB-Designer_in - Hardwareentwickler_in in TFronius - PCB.htm
2013-07-02 17:15 - 2013-07-02 17:15 - 00000000 ____D C:\Users\Walter\Desktop\PCB-Designer_in - Hardwareentwickler_in in TFronius - PCB-Dateien
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-13 09:43
==================== End Of Log ============================
--- --- --- Wäre is eigentlich damit gelöst wenn ich eine Systemwiederherstllung mache? Die Daten die da verloren gehen wären mir egal! LG |
|
22.07.2013, 13:30
| #6 |
| /// TB-Ausbilder | Nach Bluescreen Internetseiten laden nicht außer Facebook Wie ist denn der Zustand jetzt? Immer noch unverändert?
__________________ --> Nach Bluescreen Internetseiten laden nicht außer Facebook |
|
22.07.2013, 17:58
| #7 |
| | Nach Bluescreen Internetseiten laden nicht außer Facebook Ja noch immer nach wie vor! Sonst noch welche Tipps sonst probier ich es mit einer Systemwiederherstellung!? |
|
22.07.2013, 18:41
| #8 |
| /// TB-Ausbilder | Nach Bluescreen Internetseiten laden nicht außer Facebook Ok. Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ cheers, Leo |
|
22.07.2013, 18:48
| #9 |
| | Nach Bluescreen Internetseiten laden nicht außer Facebook ich kann keine Datenbank aktualisieren, da irgendetwas mein Internet fast lahmlegt |
|
| Themen zu Nach Bluescreen Internetseiten laden nicht außer Facebook |
| aktivieren, aufsetzen, bluescreen, firefox, gelöscht, h.264/mpeg-4, hilfreich, interne, internet, internetseite, laden, langsam, malwarebytes, neustart, nicht mehr, plötzlich, problem, pup.loadtubes, pws.dybalom, sehr langsam, seite, seiten, seiten laden nicht, software, surfen, tipps, trojan.fakealert |
WARNUNG an die MITLESER: 
Hybrid-Darstellung
