Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Certified Toolbar nach download eingefangen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 04.09.2013, 16:10   #1
ÖmichlÖ
 
Certified Toolbar nach download eingefangen - Standard

Certified Toolbar nach download eingefangen



Hallo
ich habe vor ca. 2 Monaten mir bei einem Download das Programm "Certified Toolbar" eingefangen. Ich habe natürlich sofort versucht, es unter "Standartprogrammen" zu löschen, was leider ohne Erfolg war. Dass es ohne Erfolg war, hab ich anfangs nicht bemerkt (außer dass mein PC ansich langsamer war) doch nach einiger Zeit hat sich dann mein Browserfenster ohne zutun sich in die Startseite von "Certified Toolbar" umgeändert. Seit kurzen wird auch zu allem Übel das Browserfenster von allein geschlossen und ich habe beobachten wie sich für sehr kurze Zeit ein Daten-Transfer-Fenster geöffnet hat. Das sind die Merkmale die ich so beobachten konnte.
Ich möchte mich schon mal im Vorraus für die Hilfe bedanken.
mfg michl
Angehängte Dateien
Dateityp: log defogger_disable.log (476 Bytes, 152x aufgerufen)
Dateityp: txt Gmer.txt (6,5 KB, 136x aufgerufen)
Dateityp: txt FRST.txt (22,8 KB, 190x aufgerufen)
Dateityp: txt Addition.txt (74,7 KB, 163x aufgerufen)
Dateityp: log AVSCAN-20130902-223713-3E9DCEEB.LOG (25,8 KB, 143x aufgerufen)

Alt 04.09.2013, 16:38   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Certified Toolbar nach download eingefangen - Standard

Certified Toolbar nach download eingefangen



Hi,

Logs zur Not aufteilen und dann in den Thread posten.


So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 04.09.2013, 17:19   #3
ÖmichlÖ
 
Certified Toolbar nach download eingefangen - Standard

Certified Toolbar nach download eingefangen



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-09-2013 04
Ran by Michael at 2013-09-02 16:06:08
Running from C:\trojana_board_programme\RST
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
7-Zip 9.20 (x32)
8GadgetPack (x32 Version: 5.0.0)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader X (10.1.7) MUI (x32 Version: 10.1.7)
Allshare Play Link (x32 Version: 1.0.0)
AllSharePlayLink (x32 Version: 1.0.0)
AMD APP SDK Runtime (Version: 10.0.938.2)
AMD Catalyst Install Manager (Version: 8.0.881.0)
Avira Free Antivirus (x32 Version: 13.0.0.4052)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.0806.1156.19437)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0806.1156.19437)
Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1156.19437)
Catalyst Control Center Localization All (x32 Version: 2012.0806.1156.19437)
Catalyst Control Center Profiles Mobile (x32 Version: 2012.0806.1156.19437)
CCC Help Chinese Standard (x32 Version: 2012.0806.1155.19437)
CCC Help Chinese Traditional (x32 Version: 2012.0806.1155.19437)
CCC Help Czech (x32 Version: 2012.0806.1155.19437)
CCC Help Danish (x32 Version: 2012.0806.1155.19437)
CCC Help Dutch (x32 Version: 2012.0806.1155.19437)
CCC Help English (x32 Version: 2012.0806.1155.19437)
CCC Help Finnish (x32 Version: 2012.0806.1155.19437)
CCC Help French (x32 Version: 2012.0806.1155.19437)
CCC Help German (x32 Version: 2012.0806.1155.19437)
CCC Help Greek (x32 Version: 2012.0806.1155.19437)
CCC Help Hungarian (x32 Version: 2012.0806.1155.19437)
CCC Help Italian (x32 Version: 2012.0806.1155.19437)
CCC Help Japanese (x32 Version: 2012.0806.1155.19437)
CCC Help Korean (x32 Version: 2012.0806.1155.19437)
CCC Help Norwegian (x32 Version: 2012.0806.1155.19437)
CCC Help Polish (x32 Version: 2012.0806.1155.19437)
CCC Help Portuguese (x32 Version: 2012.0806.1155.19437)
CCC Help Russian (x32 Version: 2012.0806.1155.19437)
CCC Help Spanish (x32 Version: 2012.0806.1155.19437)
CCC Help Swedish (x32 Version: 2012.0806.1155.19437)
CCC Help Thai (x32 Version: 2012.0806.1155.19437)
CCC Help Turkish (x32 Version: 2012.0806.1155.19437)
ccc-utility64 (Version: 2012.0806.1156.19437)
CCleaner (Version: 4.03)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1912)
CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
dows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (07/27/2012 20.57.1.735) (Version: 07/27/2012 20.57.1.735)
Dropbox (HKCU Version: 2.0.22)
Easy File Share (x32 Version: 1.3.4)
E-POP (x32 Version: 1.0.1)
EPSON SX110 Series Printer Uninstall
Fotogalerie (x32 Version: 16.4.3503.0728)
Galerie de photos (x32 Version: 16.4.3503.0728)
Google Earth (x32 Version: 7.0.3.8542)
Help Desk (Version: 1.0.9)
HomeTab 4.6 (x32 Version: 4.6)
HS.R Netzlaufwerke (x32 Version: 1.0.0.0)
ImageJ 1.46r
Intel AppUp(SM) center (x32 Version: 3.6.1.33070.11)
Intel(R) Control Center (x32 Version: 1.2.1.1008)
Intel(R) Display Audio Driver (x32 Version: 6.14.00.3097)
Intel(R) Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.36354)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252)
Intel(R) Rapid Storage Technology (x32 Version: 11.6.0.1030)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
Juniper Installer Service (x32 Version: 7.1.0.18671)
Juniper Networks Network Connect 7.1.0 (x32 Version: 7.1.0.18671)
Juniper Networks Network Connect 7.1.14 (x32 Version: 7.1.14.23943)
Juniper Networks, Inc. Setup Client (HKCU Version: 7.1.10.21853)
Juniper Networks, Inc. Setup Client Activex Control (x32 Version: 2.1.1.1)
KeePass Password Safe 2.22 (x32)
MATLAB R2011b (Version: 7.13)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office (x32 Version: 14.0.6120.5004)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Movie Maker (x32 Version: 16.4.3503.0728)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
Mozilla Thunderbird 17.0.7 (x86 de) (x32 Version: 17.0.7)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1108.0727)
Photo Common (x32 Version: 16.4.3503.0728)
Photo Gallery (x32 Version: 16.4.3503.0728)
PunkBuster Services (x32 Version: 0.986)
PX Profile Update (x32 Version: 1.00.1.)
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.216)
Qualcomm Atheros Client Installation Program (x32 Version: 10.0)
Raccolta foto (x32 Version: 16.4.3503.0728)
Realtek Ethernet Controller Driver (x32 Version: 8.3.730.2012)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6702)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.39030)
Recovery (x32 Version: 6.0.9.6)
S Agent (Version: 1.1.40)
Secure Download Manager (x32 Version: 3.1.0)
Settings (x32 Version: 2.0.0)
Skype™ 6.6 (x32 Version: 6.6.106)
Solid Edge ST5 (x32 Version: 105.00.00102)
Support Center (Version: 2.1.100)
Support Center FAQ (x32 Version: 1.0.9)
SW Update (x32 Version: 2.1.15)
Synaptics Pointing Device Driver (Version: 16.2.14.2)
Unreal Tournament 2004 (x32 Version: 1.00.0000)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
User Guide (x32 Version: 1.2.00)
VLC media player 2.0.7 (x32 Version: 2.0.7)
Windows Live (x32 Version: 16.4.3503.0728)
Windows Live Communications Platform (x32 Version: 16.4.3503.0728)
Windows Live Essentials (x32 Version: 16.4.3503.0728)
Windows Live Installer (x32 Version: 16.4.3503.0728)
Windows Live Photo Common (x32 Version: 16.4.3503.0728)
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728)
Windows Live SOXE (x32 Version: 16.4.3503.0728)
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728)
Windows Live UX Platform (x32 Version: 16.4.3503.0728)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728)

==================== Restore Points  =========================

28-07-2013 11:11:43 Geplanter Prüfpunkt
05-08-2013 18:44:31 Microsoft Visual C++ 2005 Redistributable wird installiert

==================== Hosts content: ==========================

2012-07-26 07:26 - 2013-03-25 15:28 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {102BC395-2F8C-4EC0-A1EE-37D1E12B348A} - System32\Tasks\Browser Updater\Browser Updater => C:\Program Files (x86)\HomeTab\TBUpdater.dll [2013-08-22] (Simply Tech Ltd.)
Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation)
Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {18FAFEA4-D52F-4F01-95C8-4EB3DA7300CD} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2012-09-20] (Microsoft Corporation)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\System32\sysmain.dll [2013-05-04] (Microsoft Corporation)
Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\WSClient.dll [2012-09-20] (Microsoft Corporation)
Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {2F3B228A-4D8F-4AFB-A7B9-DAD172A33A5C} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {384BE781-5910-4849-8492-38CBD0AF0425} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {3B817D30-94B8-457E-A302-1DDA92A7F577} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {4221B98A-BF87-498C-887E-3C716BBE1CCE} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {425C79ED-80CD-40A3-B46F-71AFC1E159BF} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => start wuauserv
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-01] (Microsoft Corporation)
Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {4BE15633-30B7-4978-9521-4629C8D4E8B7} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-15] (Adobe Systems Incorporated)
Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation)
Task: {67B6AE9B-0A75-4FD0-BE5A-402B2B5BEF76} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation)
Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {780DCAE5-F40B-4A31-BF44-578117B5EEE6} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2678595623-4148133582-4009595467-1001
Task: {789305D1-A5DB-43A8-807C-0B0A8373272F} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe No File
Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {9419639C-B457-4D36-A7DB-3321B9E45408} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {99795111-B034-4740-BFF4-82E6B5D710EA} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => start osppsvc
Task: {9D7A52EA-F8A4-4DE5-B718-C0779A807865} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files (x86)\HomeTab\ProtectedSearch.exe [2013-08-13] (Simplygen)
Task: {9DCAE56A-934A-4476-8952-E3B213C0E1F2} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2013-02-26] (Samsung Electronics CO., LTD.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\WSClient.dll [2012-09-20] (Microsoft Corporation)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {B08067A5-E7F8-44D3-A51E-30AE38050839} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\System32\Windows.Storage.ApplicationData.dll [2012-07-26] (Microsoft Corporation)
Task: {C87E2939-AB5D-4007-963A-AB8E510C4B56} - System32\Tasks\MATLAB R2011b Startup Accelerator => C:\Programme UNI\bin\win64\MATLABStartupAccelerator.exe [2011-07-08] ()
Task: {CCAA43C7-A484-4D97-8B40-495CB3711C68} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-09-05] (Samsung Electronics CO., LTD.)
Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {D9B96D9B-307C-41B6-9CDE-A1130CF79F8A} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2013-03-12] (SEC)
Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {E223A711-C0AE-4F40-9D9E-0063450ECE19} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation)
Task: {EAD237E7-D276-4257-9F16-51DF41548733} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => start w32time task_started
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\System32\Startupscan.dll [2012-07-26] (Microsoft Corporation)
Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\MATLAB R2011b Startup Accelerator.job => C:\Programme UNI\bin\win64\MATLABStartupAccelerator.exe

==================== Loaded Modules (whitelisted) =============

2012-11-16 15:33 - 2012-09-20 08:30 - 01743872 _____ (Microsoft Corporation) C:\windows\SYSTEM32\combase.dll
2012-11-18 22:23 - 2012-10-11 07:45 - 00590848 _____ (Microsoft Corporation) C:\windows\system32\SHCORE.dll
2012-07-26 01:55 - 2012-07-26 05:07 - 00180224 _____ (Microsoft Corporation) C:\windows\system32\WINMMBASE.dll
2012-07-26 01:31 - 2012-07-26 05:07 - 00050176 _____ (Microsoft Corporation) C:\windows\SYSTEM32\profext.dll
2012-11-18 22:23 - 2012-10-11 07:45 - 00590848 _____ (Microsoft Corporation) C:\windows\SYSTEM32\SHCORE.dll
2012-11-16 15:33 - 2012-09-20 08:33 - 00699392 _____ (Microsoft Corporation) C:\Windows\System32\twinapi.dll
2013-06-28 13:58 - 2013-05-04 08:57 - 00389120 _____ (Microsoft Corporation) C:\windows\SYSTEM32\Bcp47Langs.dll
2013-06-28 13:59 - 2013-05-04 08:58 - 10116096 _____ (Microsoft Corporation) C:\Windows\System32\twinui.dll
2012-11-18 22:23 - 2012-10-11 07:46 - 01395712 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Immersive.dll
2012-07-26 01:33 - 2012-07-26 05:07 - 00069632 _____ (Microsoft Corporation) C:\Windows\System32\windows.immersiveshell.serviceprovider.dll
2012-11-16 15:33 - 2012-09-20 08:33 - 00866304 _____ (Microsoft Corporation) C:\Windows\System32\WinTypes.dll
2013-05-20 19:18 - 2013-04-09 06:51 - 00456704 _____ (Microsoft Corporation) C:\windows\System32\wpncore.dll
2012-07-26 04:06 - 2012-07-26 05:07 - 00119296 _____ (Microsoft Corporation) C:\windows\SYSTEM32\sppc.dll
2012-08-01 19:10 - 2012-08-01 19:10 - 01111040 _____ (Advanced Micro Devices, Inc. ) C:\windows\SYSTEM32\aticfx64.dll
2012-08-01 18:08 - 2012-08-01 18:08 - 00129536 _____ (Advanced Micro Devices, Inc. ) C:\windows\SYSTEM32\atiuxp64.dll
2012-07-20 08:45 - 2012-07-20 08:45 - 08505856 _____ (Intel Corporation) C:\windows\SYSTEM32\igd10umd64.dll
2012-08-01 18:47 - 2012-08-01 18:47 - 07052288 _____ (Advanced Micro Devices, Inc. ) C:\windows\SYSTEM32\atidxx64.dll
2012-07-26 02:05 - 2012-07-26 05:05 - 00192000 _____ (Microsoft Corporation) C:\windows\SYSTEM32\dcomp.dll
2012-07-26 01:54 - 2012-07-26 05:05 - 00171008 _____ (Microsoft Corporation) C:\windows\System32\IDStore.dll
2012-07-26 01:31 - 2012-07-26 05:08 - 00343552 _____ (Microsoft Corporation) C:\windows\System32\wlidprov.dll
2012-07-26 01:24 - 2012-07-26 05:05 - 00186368 _____ (Microsoft Corporation) C:\Windows\System32\InputSwitch.dll
2012-07-26 03:51 - 2012-07-26 05:05 - 00063488 _____ (Microsoft Corporation) C:\windows\SYSTEM32\elscore.dll
2012-07-26 04:22 - 2012-07-26 05:05 - 00701952 _____ (Microsoft Corporation) C:\windows\system32\ElsLad.dll
2012-07-26 01:55 - 2012-07-26 05:07 - 01161216 _____ (Microsoft Corporation) C:\windows\SYSTEM32\UIAutomationCore.dll
2012-07-26 02:04 - 2012-07-26 05:07 - 00046592 _____ (Microsoft Corporation) C:\windows\SYSTEM32\windows.globalization.fontgroups.dll
2012-07-26 01:22 - 2012-07-26 05:06 - 00601600 _____ (Microsoft Corporation) C:\Windows\System32\MrmCoreR.dll
2013-04-19 10:18 - 2013-03-02 04:44 - 00128512 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncInfo.dll
2013-03-13 12:32 - 2013-02-02 10:23 - 00293376 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Networking.Connectivity.dll
2012-07-26 02:05 - 2012-07-26 05:07 - 00029184 _____ (Microsoft Corporation) C:\windows\SYSTEM32\wcmapi.dll
2012-07-26 02:06 - 2012-07-26 05:07 - 00013312 _____ (Microsoft Corporation) C:\windows\SYSTEM32\TimeBrokerClient.dll
2012-11-16 15:33 - 2012-09-20 08:33 - 00249344 _____ (Microsoft Corporation) C:\windows\System32\wpnprv.dll
2013-04-19 10:18 - 2013-03-02 04:45 - 00645120 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Security.Authentication.OnlineId.dll
2012-07-26 02:06 - 2012-07-26 05:07 - 00015360 _____ (Microsoft Corporation) C:\windows\SYSTEM32\SystemEventsBrokerClient.dll
2012-07-26 02:10 - 2012-07-26 05:05 - 00013824 _____ (Microsoft Corporation) C:\windows\SYSTEM32\DPAPI.dll
2012-07-26 02:26 - 2012-07-26 05:07 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\SettingMonitor.dll
2012-07-26 01:58 - 2012-07-26 05:07 - 00068096 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Networking.Sockets.PushEnabledApplication.dll
2012-07-26 04:09 - 2012-07-26 05:07 - 00044544 _____ (Microsoft Corporation) C:\Windows\System32\qmgrprxy.dll
2012-07-26 02:08 - 2012-07-26 05:06 - 00205312 _____ (Microsoft Corporation) C:\windows\SYSTEM32\NTASN1.dll
2013-01-10 12:16 - 2012-11-26 06:20 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\ncryptsslp.dll
2012-07-26 03:22 - 2012-07-26 05:05 - 00060416 _____ (Microsoft Corporation) C:\windows\System32\IME\SHARED\IMEROAMING.DLL
2012-07-26 03:37 - 2012-07-26 05:06 - 00024576 _____ (Microsoft Corporation) C:\windows\System32\NcaApi.dll
2012-07-26 01:33 - 2012-07-26 05:06 - 00083456 _____ (Microsoft Corporation) C:\windows\system32\NetworkStatus.dll
2012-07-26 01:54 - 2012-07-26 05:05 - 00101888 _____ (Microsoft Corporation) C:\Windows\System32\BluetoothApis.dll
2012-11-16 15:33 - 2012-09-20 08:32 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\PackageStateRoaming.dll
2012-07-26 02:51 - 2012-07-26 05:05 - 00123904 _____ (Microsoft Corporation) C:\windows\SYSTEM32\apprepapi.dll
2013-05-25 02:36 - 2013-05-25 02:36 - 00164016 _____ (Dropbox, Inc.) C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
2012-07-26 02:12 - 2012-07-26 06:55 - 01326784 _____ (Microsoft Corporation) C:\windows\SYSTEM32\webservices.dll
2012-07-26 04:19 - 2012-07-26 05:06 - 00023040 _____ (Microsoft Corporation) C:\windows\SYSTEM32\pcacli.dll
2013-03-16 15:13 - 2012-11-02 07:18 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\keepaliveprovider.dll
2012-07-26 01:55 - 2012-07-26 05:07 - 00180224 _____ (Microsoft Corporation) C:\windows\SYSTEM32\WINMMBASE.dll
2012-07-20 08:20 - 2012-07-20 08:20 - 00390144 _____ (Intel Corporation) C:\windows\system32\igfxpph.dll
2012-07-20 08:19 - 2012-07-20 08:19 - 00110592 _____ (Intel Corporation) C:\windows\system32\hccutils.DLL
2012-07-20 08:20 - 2012-07-20 08:20 - 00438784 _____ (Intel Corporation) C:\windows\system32\igfxrDEU.lrc
2012-07-20 08:20 - 2012-07-20 08:20 - 00062976 _____ (Intel Corporation) C:\windows\system32\igfxsrvc.dll
2012-07-20 08:19 - 2012-07-20 08:19 - 00439296 _____ (Intel Corporation) C:\windows\system32\igfxdev.dll
2012-08-06 04:46 - 2012-08-06 04:46 - 00837632 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll
2012-08-06 04:45 - 2012-08-06 04:45 - 00004608 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiamdeu.dll
2013-04-19 10:18 - 2013-03-02 04:45 - 00951808 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Globalization.dll
2012-07-26 02:35 - 2012-07-26 05:07 - 04243456 _____ (Microsoft Corporation) C:\windows\system32\UIRibbon.dll
2012-07-26 04:33 - 2012-07-26 04:33 - 00629760 _____ (Microsoft Corporation) C:\windows\SYSTEM32\UIRibbonRes.dll
2012-07-26 02:59 - 2012-07-26 05:05 - 00465408 _____ (Microsoft Corporation) C:\Windows\System32\dlnashext.dll
2012-11-16 15:33 - 2012-09-20 08:33 - 01304064 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Media.Streaming.dll
2013-04-19 10:18 - 2013-03-02 04:44 - 00049152 _____ (Microsoft Corporation) C:\Windows\System32\DevDispItemProvider.dll
2012-07-26 02:06 - 2012-07-26 05:07 - 00033792 _____ (Microsoft Corporation) C:\windows\SYSTEM32\VirtDisk.dll
2012-07-26 03:21 - 2012-07-26 05:06 - 02109440 _____ (Microsoft Corporation) C:\windows\System32\NLSData0007.dll
2012-07-26 04:09 - 2012-07-26 05:05 - 00124928 _____ (Microsoft Corporation) C:\windows\SYSTEM32\CHARTV.dll
2012-12-05 20:44 - 2012-12-05 20:44 - 00203392 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\FolderViewImpl.dll
2011-06-10 18:15 - 2011-06-10 18:15 - 00829264 _____ (Microsoft Corporation) C:\windows\SYSTEM32\MSVCR100.dll
2011-06-10 18:15 - 2011-06-10 18:15 - 00608080 _____ (Microsoft Corporation) C:\windows\SYSTEM32\MSVCP100.dll
2012-12-05 20:45 - 2012-12-05 20:45 - 00113280 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\utils.dll
2012-12-05 20:44 - 2012-12-05 20:44 - 00033408 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\CommApi.dll
2012-07-26 03:00 - 2012-07-26 05:05 - 00163328 _____ (Microsoft Corporation) C:\windows\SYSTEM32\credui.dll
2012-12-05 20:44 - 2012-12-05 20:44 - 00035456 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\ipc.dll
2012-12-05 20:45 - 2012-12-05 20:45 - 00027264 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\TCPConnection.dll
2012-12-15 15:13 - 2012-12-15 15:15 - 00849360 _____ (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.VCLibs.110.00_11.0.51106.1_x64__8wekyb3d8bbwe\MSVCR110.dll
2012-07-26 09:55 - 2012-07-26 09:53 - 00051056 _____ (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\wllog.dll
2012-07-26 09:55 - 2012-07-26 09:53 - 02361712 _____ (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Platform.Service.dll
2012-07-26 01:33 - 2012-07-26 05:07 - 00175616 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Storage.ApplicationData.dll
2012-11-16 15:33 - 2012-09-20 08:33 - 00699392 _____ (Microsoft Corporation) C:\windows\SYSTEM32\twinapi.dll
2012-11-18 22:23 - 2012-10-11 07:45 - 00590848 _____ (Microsoft Corporation) C:\windows\SYSTEM32\shcore.dll
2012-07-26 09:55 - 2012-07-26 09:53 - 00225648 _____ (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\shared\bici.dll
2012-07-26 01:59 - 2012-07-26 05:07 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\threadpoolwinrt.dll
2013-06-28 13:58 - 2013-05-04 08:57 - 00122368 _____ (Microsoft Corporation) C:\Windows\System32\biwinrt.dll
2012-07-26 09:55 - 2012-07-26 09:53 - 01740144 _____ (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Platform.dll
2013-01-12 11:22 - 2012-11-27 06:19 - 00244736 _____ (Microsoft Corporation) C:\windows\System32\wpnapps.dll
2013-05-20 19:18 - 2013-04-09 06:51 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll
2012-11-18 22:23 - 2012-10-11 07:43 - 00757760 _____ (Microsoft Corporation) C:\windows\SYSTEM32\FirewallAPI.dll
2012-07-26 09:55 - 2012-07-26 09:53 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-07-26 04:01 - 2012-07-26 05:07 - 00056320 _____ (Microsoft Corporation) C:\Windows\System32\Windows.ApplicationModel.dll
2012-07-26 09:55 - 2012-07-26 09:53 - 00054128 _____ (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Shared.Market.dll
2012-07-26 09:55 - 2012-07-26 09:53 - 00642416 _____ (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Platform.PresenceIM.dll
2012-07-26 09:55 - 2012-07-26 09:53 - 01282928 _____ (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Platform.Eas.dll
2012-07-26 09:55 - 2012-07-26 09:53 - 01274224 _____ (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Platform.Calendar.dll
2012-07-26 01:43 - 2012-07-26 05:07 - 00371200 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.dll
2012-07-26 01:45 - 2012-07-26 05:06 - 00300032 _____ (Microsoft Corporation) C:\windows\SYSTEM32\NInput.dll
2012-07-26 02:06 - 2012-07-26 05:05 - 00148480 _____ (Microsoft Corporation) C:\Windows\System32\CryptoWinRT.dll
2012-07-26 03:30 - 2012-07-26 05:05 - 00205312 _____ (Microsoft Corporation) C:\Windows\System32\easwrt.dll
2012-07-26 02:03 - 2012-07-26 05:07 - 00096768 _____ (Microsoft Corporation) C:\windows\SYSTEM32\winbio.dll
2012-07-26 02:05 - 2012-07-26 05:05 - 00274432 _____ (Microsoft Corporation) C:\windows\SYSTEM32\AUTHZ.dll
2012-11-18 22:23 - 2012-10-11 07:45 - 00590848 _____ (Microsoft Corporation) C:\windows\SYSTEM32\SHCORE.DLL
2012-07-20 08:19 - 2012-07-20 08:19 - 00110592 _____ (Intel Corporation) C:\Windows\System32\hccutils.DLL
2012-11-18 22:23 - 2012-10-11 07:45 - 00590848 _____ (Microsoft Corporation) C:\Windows\System32\SHCORE.dll
2012-07-20 08:19 - 2012-07-20 08:19 - 09007616 _____ (Intel Corporation) C:\Windows\System32\igfxress.dll
2012-07-20 08:16 - 2012-07-20 08:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-10-16 20:01 - 2012-10-16 20:01 - 01046840 _____ (Synaptics Incorporated) C:\windows\system32\SynCOM.dll
2012-10-16 20:01 - 2012-10-16 20:01 - 00229176 _____ (Synaptics Incorporated) C:\windows\SYSTEM32\SynTPAPI.dll
2012-10-16 20:02 - 2012-10-16 20:02 - 12377400 _____ (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPRes.dll
2013-07-10 13:26 - 2013-04-23 00:08 - 09808440 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
2012-07-25 22:13 - 2012-07-12 04:01 - 00856016 _____ (Microsoft Corporation) C:\windows\SYSTEM32\MSVCR110_CLR0400.dll
2013-07-12 13:27 - 2013-07-12 13:27 - 22589440 _____ (Microsoft Corporation) C:\windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ab0a8fc3d086a3aaf942f366a12a9185\mscorlib.ni.dll
2013-07-12 13:28 - 2013-07-12 13:28 - 13227520 _____ (Microsoft Corporation) C:\windows\assembly\NativeImages_v4.0.30319_64\System\a868e6efe8abc696ec355ae5721a066a\System.ni.dll
2013-07-12 13:28 - 2013-07-12 13:28 - 05458432 _____ (Microsoft Corporation) C:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\450cbc54d708a547c21b61cef8356a3e\WindowsBase.ni.dll
2013-07-12 13:29 - 2013-07-12 13:29 - 14784000 _____ (Microsoft Corporation) C:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\a1d00fee0f1e5b0923e2f34dda3c0988\PresentationCore.ni.dll
2013-07-12 13:40 - 2013-07-12 13:40 - 24338944 _____ (Microsoft Corporation) C:\windows\assembly\NativeImages_v4.0.30319_64\Presentatio5ae0f00f#\5a31dbec846561d2fa85e292cfbabe40\PresentationFramework.ni.dll
2013-07-12 13:44 - 2013-07-12 13:44 - 02561024 _____ (Microsoft Corporation) C:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\fcd538edf5a9ce801c84174fe42add61\System.Xaml.ni.dll
2012-12-05 20:44 - 2012-12-05 20:44 - 00010880 _____ (Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\ExtensionToolkit.dll
2013-06-30 21:19 - 2013-04-02 00:06 - 02123320 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\wpfgfx_v0400.dll
2012-07-25 22:13 - 2012-07-12 04:01 - 01079792 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationNative_v0400.dll
2013-06-30 21:18 - 2013-04-02 00:06 - 01237024 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll
2013-07-12 13:45 - 2013-07-12 13:45 - 10137088 _____ (Microsoft Corporation) C:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml\ece05aeeb68c0c14dec2136e8e176f0c\System.Xml.ni.dll
2013-07-12 13:41 - 2013-07-12 13:41 - 01259008 _____ (Microsoft Corporation) C:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\b4cc2c6435aff36f374e0b84e73c923e\System.Configuration.ni.dll
2012-11-16 15:32 - 2012-08-31 02:52 - 00283192 _____ (Microsoft Corporation) C:\windows\Microsoft.Net\assembly\GAC_MSIL\PresentationFramework.resources\v4.0_4.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
2012-12-05 20:44 - 2012-12-05 20:44 - 00034944 _____ (Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.Infrastructure.dll
2012-12-05 20:44 - 2012-12-05 20:44 - 00114816 _____ (Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\CommApiInterop.dll
2013-07-12 13:41 - 2013-07-12 13:41 - 02268672 _____ (Microsoft Corporation) C:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\d0820598259dfaa1026ee64c39cf2f5f\System.Drawing.ni.dll
2013-07-12 13:44 - 2013-07-12 13:44 - 16835072 _____ (Microsoft Corporation) C:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\77fb20230ed3bf0f06b755ca67677856\System.Windows.Forms.ni.dll
2013-07-12 13:42 - 2013-07-12 13:42 - 01001984 _____ (Microsoft Corporation) C:\windows\assembly\NativeImages_v4.0.30319_64\System.Runt73a1fc9d#\c3e296cb07731590a06c97ba59040f10\System.Runtime.Remoting.ni.dll
2012-07-26 01:54 - 2012-07-26 05:05 - 00101888 _____ (Microsoft Corporation) C:\windows\SYSTEM32\BluetoothApis.dll
2012-12-05 20:44 - 2012-12-05 20:44 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-11-18 23:00 - 2012-11-18 23:00 - 05104968 _____ (Microsoft Corporation) C:\windows\WinSxS\amd64_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_044aad0bab1eb146\mfc90u.dll
2012-07-25 22:11 - 2012-07-06 04:01 - 00245760 _____ (Microsoft Corporation) C:\windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6871_none_08e717a5a83adddf\msvcm90.dll
2012-11-18 23:00 - 2012-11-18 23:00 - 00063312 _____ (Microsoft Corporation) C:\windows\WinSxS\amd64_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_01c9581e60cbee58\MFC90DEU.DLL
2012-12-05 20:44 - 2012-12-05 20:44 - 00042112 _____ (Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.Toolkit.dll
2012-12-05 20:44 - 2012-12-05 20:44 - 00070784 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\CombineAgent.dll
2011-06-10 18:15 - 2011-06-10 18:15 - 05601616 _____ (Microsoft Corporation) C:\windows\SYSTEM32\mfc100u.dll
2012-12-05 20:44 - 2012-12-05 20:44 - 00253056 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvSdkDll.dll
2011-06-10 18:15 - 2011-06-10 18:15 - 00064336 _____ (Microsoft Corporation) C:\windows\SYSTEM32\MFC100DEU.DLL
2012-08-01 18:08 - 2012-08-01 18:08 - 00103936 _____ (Advanced Micro Devices, Inc. ) C:\windows\SYSTEM32\atiu9p64.dll
2012-07-20 08:48 - 2012-07-20 08:48 - 08281600 _____ (Intel Corporation) C:\windows\SYSTEM32\igdumd64.dll
2012-08-01 18:20 - 2012-08-01 18:20 - 06676480 _____ (Advanced Micro Devices, Inc. ) C:\windows\SYSTEM32\atiumd64.dll
2013-07-12 13:40 - 2013-07-12 13:40 - 00567296 _____ (Microsoft Corporation) C:\windows\assembly\NativeImages_v4.0.30319_64\Presentatioaec034ca#\df1034da8aa6771c23435bee97dea7f7\PresentationFramework.Aero2.ni.dll
2012-07-26 04:07 - 2012-07-26 05:06 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\msctfui.dll
2012-07-25 22:14 - 2012-07-12 04:02 - 00106448 _____ (Microsoft Corporation) C:\windows\Microsoft.Net\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
2012-12-05 20:39 - 2012-12-05 20:39 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll
2012-07-25 22:13 - 2012-07-12 04:02 - 00132656 _____ (Microsoft Corporation) C:\windows\Microsoft.Net\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
2013-06-30 17:58 - 2013-02-23 01:09 - 05413952 _____ (Microsoft Corporation) C:\windows\Microsoft.Net\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll
2012-12-05 20:45 - 2012-12-05 20:45 - 00063104 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\ModuleManager.dll
2012-12-05 20:41 - 2012-12-05 20:41 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-12-05 20:41 - 2012-12-05 20:41 - 00063488 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\Modules\RfcommLib\rfcommlib.dll
2012-12-05 20:39 - 2012-12-05 20:39 - 00196096 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\Modules\Audio\audio.dll
2012-12-05 20:44 - 2012-12-05 20:44 - 00083072 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\Handsfree.dll
2011-06-10 18:15 - 2011-06-10 18:15 - 00158536 _____ (Microsoft Corporation) C:\windows\SYSTEM32\ATL100.DLL
2012-12-05 20:41 - 2012-12-05 20:41 - 00090624 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\Modules\L2capLib\l2caplib.dll
2012-12-05 20:41 - 2012-12-05 20:41 - 00087552 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\Modules\SesMgr\sesmgr.dll
2012-12-05 20:38 - 2012-12-05 20:38 - 00096768 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\Modules\goep\goep.dll
2012-12-05 20:42 - 2012-12-05 20:42 - 00161792 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\Modules\BasicPrintProfile\BPP.dll
2012-12-05 20:41 - 2012-12-05 20:41 - 00177152 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\Modules\BIP\BIP.dll
2012-12-05 20:39 - 2012-12-05 20:39 - 00059392 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\Modules\HumanInterfaceDevice\hid.dll
2012-12-05 20:41 - 2012-12-05 20:41 - 00421888 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\Modules\FileTransfer\FileTransfer.dll
2012-12-05 20:45 - 2012-12-05 20:45 - 01067648 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\OutlookLib.dll
2012-12-05 20:39 - 2012-12-05 20:39 - 00018432 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\Modules\DID\DId.dll
2012-12-05 20:39 - 2012-12-05 20:39 - 00303616 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\Modules\LE\LE.dll
2012-12-05 20:44 - 2012-12-05 20:44 - 00125568 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\gatts.DLL
2012-12-05 20:39 - 2012-12-05 20:39 - 00036352 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\Modules\FAX\Fax.dll
2012-12-05 20:41 - 2012-12-05 20:41 - 00091648 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\Modules\GapSdp\GapSdp.dll
2012-12-05 20:44 - 2012-12-05 20:44 - 00085632 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\GattI.dll
2012-12-05 20:39 - 2012-12-05 20:39 - 00029696 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\Modules\HCRP\Hcrp.dll
2012-12-05 20:41 - 2012-12-05 20:41 - 00097280 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\Modules\sap\sap.dll
2012-12-05 20:39 - 2012-12-05 20:39 - 00064512 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\Modules\Sync\Sync.dll
2012-12-05 20:42 - 2012-12-05 20:42 - 00066560 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\Modules\pbap\pbap.dll
2012-12-05 20:41 - 2012-12-05 20:41 - 00065024 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\Modules\OppOperation\OppOperation.dll
2012-12-05 20:41 - 2012-12-05 20:41 - 00055296 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\Modules\spp\spp.dll
2012-07-26 01:58 - 2012-07-26 05:08 - 00064000 _____ (Microsoft Corporation) C:\windows\System32\wshBth.dll
2012-12-05 20:38 - 2012-12-05 20:38 - 00181248 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\Modules\OppOperation\ObjPush.dll
2012-12-05 20:45 - 2012-12-05 20:45 - 00130176 _____ (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\skypeagent.dll
2011-06-10 18:15 - 2011-06-10 18:15 - 05574984 _____ (Microsoft Corporation) C:\windows\SYSTEM32\mfc100.dll
2012-07-26 02:06 - 2012-07-26 05:05 - 00136192 _____ (Microsoft Corporation) C:\windows\SYSTEM32\Cabinet.dll
2013-04-04 10:55 - 2013-01-19 23:13 - 00049152 _____ (Helmut Buhler) C:\Program Files\Windows Sidebar\dwmapi.dll
2013-07-10 13:26 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-11-16 15:33 - 2012-09-20 08:30 - 02219008 _____ (Microsoft Corporation) C:\windows\SYSTEM32\d3d10warp.dll
2012-07-26 03:21 - 2012-07-26 05:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\wshom.ocx
2012-07-26 03:23 - 2012-07-26 05:07 - 00194048 _____ (Microsoft Corporation) C:\Windows\System32\ScrRun.dll
2013-05-20 19:18 - 2013-04-09 06:51 - 14267904 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2012-11-16 15:33 - 2012-09-20 08:12 - 09374208 _____ (Microsoft Corporation) C:\windows\system32\wmploc.dll
2013-07-10 13:26 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-10 13:26 - 2013-06-12 01:26 - 01084928 _____ (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll
2013-07-10 13:26 - 2013-04-23 00:08 - 10004120 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
2013-07-12 13:45 - 2013-07-12 13:46 - 15577088 _____ (Microsoft Corporation) C:\windows\assembly\NativeImages_v2.0.50727_64\mscorlib\a77d877c214d5c7b4adbe2b8a9da3cf2\mscorlib.ni.dll
2013-04-04 10:56 - 2010-05-15 14:10 - 00006144 _____ () C:\Users\Michael\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter.gadget\CoreTempReader.dll
2013-01-10 12:16 - 2012-10-09 05:09 - 01574496 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
2013-04-04 10:56 - 2010-05-15 14:10 - 00008704 _____ () C:\Users\Michael\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter.gadget\GetCoreTempInfoNET.dll
2013-04-04 10:56 - 2010-05-15 14:10 - 00007680 _____ () C:\Users\Michael\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter.gadget\SystemInfo.dll
2012-11-16 15:32 - 2012-09-14 00:04 - 00315392 _____ (Microsoft Corporation) C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
2012-08-07 14:22 - 2012-07-26 10:08 - 00797776 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dll
2013-02-26 17:56 - 2013-02-26 17:56 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll
2013-01-12 11:22 - 2012-11-27 06:19 - 00244736 _____ (Microsoft Corporation) C:\Windows\System32\wpnapps.dll
2012-07-26 02:10 - 2012-07-26 05:05 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\DPAPI.dll
2013-06-28 13:58 - 2013-05-04 08:57 - 00389120 _____ (Microsoft Corporation) C:\Windows\System32\Bcp47Langs.dll
2012-07-26 02:28 - 2012-07-26 05:05 - 00096256 _____ (Microsoft Corporation) C:\Windows\System32\AuthBroker.dll
2012-08-06 04:52 - 2012-08-06 04:52 - 00097792 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.Implementation.dll
2012-08-06 04:51 - 2012-08-06 04:51 - 00031744 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.dll
2012-08-06 04:51 - 2012-08-06 04:51 - 00025088 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Private.dll
2012-08-06 04:52 - 2012-08-06 04:52 - 00048128 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.dll
2012-11-16 15:33 - 2012-08-31 02:52 - 00994312 _____ (Microsoft Corporation) C:\windows\Microsoft.Net\assembly\GAC_MSIL\mscorlib.resources\v4.0_4.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
2012-08-06 04:51 - 2012-08-06 04:51 - 00005632 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.Foundation.dll
2012-08-06 04:51 - 2012-08-06 04:51 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.Private.dll
2012-08-06 04:52 - 2012-08-06 04:52 - 00022016 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.Implementation.dll
2012-08-06 04:51 - 2012-08-06 04:51 - 00015360 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\NEWAEM.Foundation.dll
2012-08-06 04:51 - 2012-08-06 04:51 - 00061440 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.dll
2012-08-06 04:52 - 2012-08-06 04:52 - 00018432 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.XManifest.dll
2012-08-06 04:51 - 2012-08-06 04:51 - 00061440 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.dll
2012-08-06 04:51 - 2012-08-06 04:51 - 00038912 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Shared.Private.dll
2012-08-06 04:51 - 2012-08-06 04:51 - 00029184 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.Private.dll
2012-08-06 04:51 - 2012-08-06 04:51 - 00005632 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Shared.dll
2012-08-06 04:51 - 2012-08-06 04:51 - 00032768 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ATICCCom.dll
2012-07-11 23:56 - 2012-07-11 23:56 - 00175104 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ADL.Foundation.dll
2012-08-06 04:51 - 2012-08-06 04:51 - 00035328 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Server.dll
2012-08-06 04:51 - 2012-08-06 04:51 - 00006144 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Server.Shared.dll
2012-08-06 04:52 - 2012-08-06 04:52 - 00048128 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.Source.Kit.Server.dll
2012-08-06 04:52 - 2012-08-06 04:52 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.CoreAudioAPI.dll
2012-08-06 04:52 - 2012-08-06 04:52 - 00006656 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.DPPE.Shared.dll
2012-08-06 04:51 - 2012-08-06 04:51 - 00007168 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.Hotkeys.Shared.dll
2012-08-06 04:51 - 2012-08-06 04:51 - 00006656 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.WinMessages.Shared.dll
2013-07-12 13:28 - 2013-07-12 13:28 - 10137600 _____ (Microsoft Corporation) C:\windows\assembly\NativeImages_v4.0.30319_64\System.Core\b0c762ba51fa367fc98f795307a56402\System.Core.ni.dll
2011-10-17 09:48 - 2011-10-17 09:48 - 00045056 _____ (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0601.dll
2011-10-17 09:48 - 2011-10-17 09:48 - 00016384 _____ (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Foundation.dll
2012-08-06 04:51 - 2012-08-06 04:51 - 00006656 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.dll
2012-08-01 19:06 - 2012-08-01 19:06 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\windows\system32\ATIDEMGY.dll
2011-10-17 09:48 - 2011-10-17 09:48 - 00007680 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I1010.dll
2012-08-06 04:51 - 2012-08-06 04:51 - 00005632 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.REG.Shared.dll
2012-08-06 04:52 - 2012-08-06 04:52 - 00311296 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.dll
2012-08-06 04:51 - 2012-08-06 04:51 - 00196608 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Shared.dll
2011-10-17 09:48 - 2011-10-17 09:48 - 00006656 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0709.dll
2012-08-06 04:51 - 2012-08-06 04:51 - 00005632 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.GD.Shared.dll
2012-08-06 04:51 - 2012-08-06 04:51 - 00008704 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Actions.CCAA.Shared.dll
2012-08-06 04:51 - 2012-08-06 04:51 - 00008704 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ResourceManagement.Foundation.Private.dll
2011-10-17 09:48 - 2011-10-17 09:48 - 00007168 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0804.dll
2012-08-06 04:52 - 2012-08-06 04:52 - 00110592 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
2012-08-06 04:52 - 2012-08-06 04:52 - 00008704 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.Shared.Private.dll
2012-08-06 04:52 - 2012-08-06 04:52 - 00081920 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Radeon3D.Graphics.Shared.dll
2011-10-17 09:48 - 2011-10-17 09:48 - 00005120 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I1011.dll
2012-08-06 04:52 - 2012-08-06 04:52 - 00036352 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
2012-08-06 04:52 - 2012-08-06 04:52 - 00018432 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
2011-10-17 09:48 - 2011-10-17 09:48 - 00016384 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0712.dll
2012-08-06 04:52 - 2012-08-06 04:52 - 00086528 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.PowerXpress.Graphics.Runtime.dll
2012-08-06 04:52 - 2012-08-06 04:52 - 00038912 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.PowerXpress.Graphics.Shared.dll
2011-10-17 09:48 - 2011-10-17 09:48 - 00016384 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0702.dll
2011-10-17 09:48 - 2011-10-17 09:48 - 00016384 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0710.dll
2011-10-17 09:48 - 2011-10-17 09:48 - 00005120 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0901.dll
2012-08-06 04:53 - 2012-08-06 04:53 - 00013824 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.TransCode.Graphics.Runtime.dll
2012-08-06 04:52 - 2012-08-06 04:52 - 00045056 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.TransCode.Graphics.shared.dll
2011-10-18 15:08 - 2011-10-18 15:08 - 00007168 _____ ( ) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atixclib.dll
2012-08-06 04:55 - 2012-08-06 04:55 - 00014336 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.Runtime.dll
2012-08-06 04:55 - 2012-08-06 04:55 - 00008192 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.shared.dll
2012-08-06 04:52 - 2012-08-06 04:52 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
2012-08-06 04:51 - 2012-08-06 04:51 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
2012-08-06 04:55 - 2012-08-06 04:55 - 00016384 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.UpdateNotification.Graphics.Runtime.dll
2012-08-06 04:55 - 2012-08-06 04:55 - 00012288 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.UpdateNotification.Graphics.Shared.dll
2012-08-06 04:52 - 2012-08-06 04:52 - 00307200 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.Client.dll
2012-08-06 04:53 - 2012-08-06 04:53 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Runtime.dll
2012-08-06 04:53 - 2012-08-06 04:53 - 00010752 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Shared.dll
2012-08-06 04:53 - 2012-08-06 04:53 - 00013312 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Fuel.Foundation.dll
2012-08-06 04:55 - 2012-08-06 04:55 - 00011264 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Runtime.dll
2012-08-06 04:55 - 2012-08-06 04:55 - 00009216 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Shared.dll
2012-08-06 04:55 - 2012-08-06 04:55 - 00015360 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Runtime.dll
2012-08-06 04:53 - 2012-08-06 04:53 - 00012800 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Shared.dll
2012-08-06 04:55 - 2012-08-06 04:55 - 00019456 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CPUOverDrive.Fuel.Shared.dll
2012-08-06 04:53 - 2012-08-06 04:53 - 00050688 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.OverDrive5.Graphics.Shared.dll
2012-08-06 04:53 - 2012-08-06 04:53 - 00011776 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Runtime.dll
2012-08-06 04:53 - 2012-08-06 04:53 - 00008704 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Shared.dll
2012-08-06 04:51 - 2012-08-06 04:51 - 00066560 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\APM.Server.dll
2012-08-06 04:51 - 2012-08-06 04:51 - 00024576 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\APM.Foundation.dll
2012-08-06 04:51 - 2012-08-06 04:51 - 00007168 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Extension.EEU.dll
2012-08-06 04:51 - 2012-08-06 04:51 - 00005632 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.EEU.Shared.dll
2012-08-06 04:51 - 2012-08-06 04:51 - 00479744 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Localization.Foundation.Private.dll
2012-08-06 04:52 - 2012-08-06 04:52 - 00385024 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.dll
2012-08-06 04:52 - 2012-08-06 04:52 - 00036864 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Client.Shared.Private.dll
2012-08-06 04:51 - 2012-08-06 04:51 - 00341504 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Localization.Foundation.Implementation.de_Localization.dll
2012-08-06 04:51 - 2012-08-06 04:51 - 00008192 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Client.Shared.dll
2012-08-06 04:51 - 2012-08-06 04:51 - 00032768 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.Shared.dll
2012-08-06 04:52 - 2012-08-06 04:52 - 01395712 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.Shared.Private.dll
2012-08-06 04:52 - 2012-08-06 04:52 - 00176128 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Dashboard.dll
2012-08-06 04:52 - 2012-08-06 04:52 - 01007616 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Dashboard.Shared.dll
2012-08-06 04:55 - 2012-08-06 04:55 - 00028672 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.Dashboard.dll
2012-08-06 04:52 - 2012-08-06 04:52 - 00057344 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
2012-08-06 04:54 - 2012-08-06 04:54 - 01406464 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Combined.Graphics.Aspects1.Dashboard.dll
2012-08-06 04:53 - 2012-08-06 04:53 - 00444416 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
2012-08-06 04:54 - 2012-08-06 04:54 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-08-06 04:52 - 2012-08-06 04:52 - 00032768 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
2012-08-06 04:53 - 2012-08-06 04:53 - 02400256 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
2012-08-06 04:52 - 2012-08-06 04:52 - 00024576 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MultiVPU2.Graphics.Shared.dll
2012-08-06 04:53 - 2012-08-06 04:53 - 00160256 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.TransCode.Graphics.Dashboard.dll
2012-08-06 04:53 - 2012-08-06 04:53 - 00053248 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
2012-08-06 04:54 - 2012-08-06 04:54 - 00289792 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.PowerXpress.Graphics.Dashboard.dll
2012-08-06 04:54 - 2012-08-06 04:54 - 00035840 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossFireX.Graphics.Dashboard.dll
2012-08-06 04:55 - 2012-08-06 04:55 - 00021504 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.UpdateNotification.Graphics.Dashboard.dll
2012-08-06 04:55 - 2012-08-06 04:55 - 00045056 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Audio.Graphics.Dashboard.dll
2012-08-06 04:53 - 2012-08-06 04:53 - 00008704 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Dashboard.dll
2012-08-06 04:55 - 2012-08-06 04:55 - 00008192 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Dashboard.dll
2012-08-06 04:55 - 2012-08-06 04:55 - 00040448 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Dashboard.dll
2012-08-06 04:53 - 2012-08-06 04:53 - 00008704 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Dashboard.dll
2012-11-16 15:33 - 2012-08-31 02:52 - 00257024 _____ (Microsoft Corporation) C:\windows\Microsoft.Net\assembly\GAC_MSIL\System.resources\v4.0_4.0.0.0_de_b77a5c561934e089\System.resources.dll
2012-08-06 04:53 - 2012-08-06 04:53 - 00061440 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.ProfileManager2.dll
2012-08-06 04:53 - 2012-08-06 04:53 - 00175104 _____ (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ResourceManagement.Foundation.Implementation.dll
2012-11-16 15:32 - 2012-08-31 02:52 - 00124456 _____ (Microsoft Corporation) C:\windows\Microsoft.Net\assembly\GAC_MSIL\PresentationCore.resources\v4.0_4.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll
2012-07-25 22:13 - 2012-07-12 04:02 - 00024584 _____ (Microsoft Corporation) C:\windows\Microsoft.Net\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll
2013-07-10 13:27 - 2013-05-15 03:04 - 00103560 _____ (Microsoft Corporation) C:\windows\Microsoft.Net\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
2013-04-19 10:18 - 2013-03-02 04:44 - 00703488 _____ (Microsoft Corporation) C:\windows\SYSTEM32\drvstore.dll
2013-01-10 12:16 - 2012-08-31 02:52 - 00655928 _____ (Microsoft Corporation) C:\windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms.resources\v4.0_4.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
2013-06-30 21:18 - 2013-04-02 00:06 - 00277040 _____ (Microsoft Corporation) C:\windows\Microsoft.Net\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
2013-04-18 22:44 - 2013-04-05 12:41 - 00720384 _____ (Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePassLibC64.dll

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\Users\Michael\Desktop\Thumbs.db:encryptable
AlternateDataStreams: C:\Users\Michael\Downloads\Thumbs.db:encryptable
AlternateDataStreams: C:\Users\Michael\Documents\Thumbs.db:encryptable
AlternateDataStreams: C:\Users\Public\Thumbs.db:encryptable


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/02/2013 03:36:50 PM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 22.0.0.4917 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1970

Startzeit: 01cea7e16337f62c

Endzeit: 0

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID: b457150c-13d4-11e3-bee5-50b7c3505830

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (08/07/2013 10:23:47 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: MICHIPC)
Description: Bei der Aktivierung der App „Microsoft.Bing_8wekyb3d8bbwe!Microsoft.Bing“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (08/07/2013 10:23:18 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: MICHIPC)
Description: Die App „Microsoft.Bing_8wekyb3d8bbwe!Microsoft.Bing“ wurde nicht innerhalb der vorgesehenen Zeit gestartet.

Error: (08/06/2013 10:18:20 PM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 22.0.0.4917 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 18b0

Startzeit: 01ce92cdf44ab50b

Endzeit: 76

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID: 52f10edf-fed5-11e2-bee4-50b7c3505830

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (08/06/2013 00:19:10 AM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 22.0.0.4917 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1268

Startzeit: 01ce920ebea47b49

Endzeit: 672

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID: 07908c40-fe1d-11e2-bee4-50b7c3505830

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (08/05/2013 10:19:43 AM) (Source: ATIeRecord) (User: )
Description: ATI EEU Client event error

Error: (07/28/2013 07:30:11 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU Client event error

Error: (07/28/2013 06:52:40 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU Client event error

Error: (07/27/2013 09:31:54 PM) (Source: Desktop Window Manager) (User: )
Description: Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8898008d) festgestellt.

Error: (07/25/2013 10:58:34 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU Client event error


System errors:
=============
Error: (08/07/2013 10:19:42 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎07.‎08.‎2013 um 00:29:30 unerwartet heruntergefahren.

Error: (08/05/2013 10:18:51 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (07/30/2013 00:46:38 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (07/28/2013 11:09:57 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SWUpdateService erreicht.

Error: (07/28/2013 06:52:33 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (07/27/2013 09:32:56 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SWUpdateService erreicht.

Error: (07/24/2013 03:23:33 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (07/22/2013 10:21:25 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Intel(R) Rapid Storage Technology" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (07/22/2013 10:21:25 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Intel(R) Rapid Storage Technology erreicht.

Error: (07/22/2013 10:18:31 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎22.‎07.‎2013 um 22:14:51 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================
Error: (09/02/2013 03:36:50 PM) (Source: Application Hang)(User: )
Description: firefox.exe22.0.0.4917197001cea7e16337f62c0C:\Program Files (x86)\Mozilla Firefox\firefox.exeb457150c-13d4-11e3-bee5-50b7c3505830

Error: (08/07/2013 10:23:47 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: MICHIPC)
Description: Microsoft.Bing_8wekyb3d8bbwe!Microsoft.Bing-2144927142

Error: (08/07/2013 10:23:18 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: MICHIPC)
Description: Microsoft.Bing_8wekyb3d8bbwe!Microsoft.Bing

Error: (08/06/2013 10:18:20 PM) (Source: Application Hang)(User: )
Description: firefox.exe22.0.0.491718b001ce92cdf44ab50b76C:\Program Files (x86)\Mozilla Firefox\firefox.exe52f10edf-fed5-11e2-bee4-50b7c3505830

Error: (08/06/2013 00:19:10 AM) (Source: Application Hang)(User: )
Description: firefox.exe22.0.0.4917126801ce920ebea47b49672C:\Program Files (x86)\Mozilla Firefox\firefox.exe07908c40-fe1d-11e2-bee4-50b7c3505830

Error: (08/05/2013 10:19:43 AM) (Source: ATIeRecord)(User: )
Description: 

Error: (07/28/2013 07:30:11 PM) (Source: ATIeRecord)(User: )
Description: 

Error: (07/28/2013 06:52:40 PM) (Source: ATIeRecord)(User: )
Description: 

Error: (07/27/2013 09:31:54 PM) (Source: Desktop Window Manager)(User: )
Description: 0x8898008d

Error: (07/25/2013 10:58:34 PM) (Source: ATIeRecord)(User: )
Description: 


==================== Memory info =========================== 

Percentage of memory in use: 31%
Total physical RAM: 8083.55 MB
Available physical RAM: 5563.08 MB
Total Pagefile: 9619.55 MB
Available Pagefile: 6955.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.76 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:673.74 GB) (Free:551.89 GB) NTFS
Drive d: (Crysis) (CDROM) (Total:5.47 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 4F494D44)

Partition: GPT Partition Type
==================== End Of Log ============================
         
Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 2. September 2013  22:37


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 8
Windowsversion : (plain)  [6.2.9200]
Boot Modus     : Normal gebootet
Benutzername   : Michael
Computername   : MICHIPC

Versionsinformationen:
BUILD.DAT      : 13.0.0.4052          Bytes  29.08.2013 17:56:00
AVSCAN.EXE     : 13.6.20.2100   639032 Bytes  02.09.2013 13:33:49
AVSCANRC.DLL   : 13.6.20.2174    63032 Bytes  02.09.2013 13:33:49
LUKE.DLL       : 13.6.20.2174    65080 Bytes  02.09.2013 13:33:59
AVSCPLR.DLL    : 13.6.20.2174    92216 Bytes  02.09.2013 13:33:49
AVREG.DLL      : 13.6.20.2174   250424 Bytes  02.09.2013 13:33:48
avlode.dll     : 13.6.20.2174   497720 Bytes  02.09.2013 13:33:47
avlode.rdf     : 13.0.1.42      26846 Bytes  02.09.2013 13:34:02
VBASE000.VDF   : 7.11.70.0   66736640 Bytes  04.04.2013 14:55:20
VBASE001.VDF   : 7.11.74.226  2201600 Bytes  30.04.2013 17:07:19
VBASE002.VDF   : 7.11.80.60   2751488 Bytes  28.05.2013 11:31:43
VBASE003.VDF   : 7.11.85.214  2162688 Bytes  21.06.2013 20:26:24
VBASE004.VDF   : 7.11.91.176  3903488 Bytes  23.07.2013 05:40:27
VBASE005.VDF   : 7.11.98.186  6822912 Bytes  29.08.2013 13:33:40
VBASE006.VDF   : 7.11.98.187     2048 Bytes  29.08.2013 13:33:41
VBASE007.VDF   : 7.11.98.188     2048 Bytes  29.08.2013 13:33:41
VBASE008.VDF   : 7.11.98.189     2048 Bytes  29.08.2013 13:33:41
VBASE009.VDF   : 7.11.98.190     2048 Bytes  29.08.2013 13:33:41
VBASE010.VDF   : 7.11.98.191     2048 Bytes  29.08.2013 13:33:41
VBASE011.VDF   : 7.11.98.192     2048 Bytes  29.08.2013 13:33:41
VBASE012.VDF   : 7.11.98.193     2048 Bytes  29.08.2013 13:33:41
VBASE013.VDF   : 7.11.99.52    270848 Bytes  30.08.2013 13:33:41
VBASE014.VDF   : 7.11.99.167   210944 Bytes  02.09.2013 13:33:41
VBASE015.VDF   : 7.11.99.168     2048 Bytes  02.09.2013 13:33:41
VBASE016.VDF   : 7.11.99.169     2048 Bytes  02.09.2013 13:33:41
VBASE017.VDF   : 7.11.99.170     2048 Bytes  02.09.2013 13:33:41
VBASE018.VDF   : 7.11.99.171     2048 Bytes  02.09.2013 13:33:41
VBASE019.VDF   : 7.11.99.172     2048 Bytes  02.09.2013 13:33:41
VBASE020.VDF   : 7.11.99.173     2048 Bytes  02.09.2013 13:33:41
VBASE021.VDF   : 7.11.99.174     2048 Bytes  02.09.2013 13:33:41
VBASE022.VDF   : 7.11.99.175     2048 Bytes  02.09.2013 13:33:41
VBASE023.VDF   : 7.11.99.176     2048 Bytes  02.09.2013 13:33:41
VBASE024.VDF   : 7.11.99.177     2048 Bytes  02.09.2013 13:33:41
VBASE025.VDF   : 7.11.99.178     2048 Bytes  02.09.2013 13:33:42
VBASE026.VDF   : 7.11.99.179     2048 Bytes  02.09.2013 13:33:42
VBASE027.VDF   : 7.11.99.180     2048 Bytes  02.09.2013 13:33:42
VBASE028.VDF   : 7.11.99.181     2048 Bytes  02.09.2013 13:33:42
VBASE029.VDF   : 7.11.99.182     2048 Bytes  02.09.2013 13:33:42
VBASE030.VDF   : 7.11.99.183     2048 Bytes  02.09.2013 13:33:42
VBASE031.VDF   : 7.11.99.206    72192 Bytes  02.09.2013 13:33:42
Engineversion  : 8.2.12.114
AEVDF.DLL      : 8.1.3.4       102774 Bytes  13.06.2013 16:40:51
AESCRIPT.DLL   : 8.1.4.146     512382 Bytes  02.09.2013 13:33:45
AESCN.DLL      : 8.1.10.4      131446 Bytes  26.03.2013 19:24:41
AESBX.DLL      : 8.2.16.26    1245560 Bytes  02.09.2013 13:33:45
AERDL.DLL      : 8.2.0.128     688504 Bytes  13.06.2013 16:40:50
AEPACK.DLL     : 8.3.2.24      749945 Bytes  20.06.2013 11:04:42
AEOFFICE.DLL   : 8.1.2.76      205181 Bytes  02.09.2013 13:33:44
AEHEUR.DLL     : 8.1.4.588    6091130 Bytes  02.09.2013 13:33:44
AEHELP.DLL     : 8.1.27.6      266617 Bytes  02.09.2013 13:33:42
AEGEN.DLL      : 8.1.7.12      442743 Bytes  02.09.2013 13:33:42
AEEXP.DLL      : 8.4.1.54      311671 Bytes  02.09.2013 13:33:45
AEEMU.DLL      : 8.1.3.2       393587 Bytes  19.09.2012 13:42:55
AECORE.DLL     : 8.1.32.0      201081 Bytes  02.09.2013 13:33:42
AEBB.DLL       : 8.1.1.4        53619 Bytes  05.11.2012 14:00:38
AVWINLL.DLL    : 13.6.20.2174    23608 Bytes  02.09.2013 13:33:35
AVPREF.DLL     : 13.6.20.2174    48184 Bytes  02.09.2013 13:33:48
AVREP.DLL      : 13.6.20.2174   175672 Bytes  02.09.2013 13:33:48
AVARKT.DLL     : 13.6.20.2174   258104 Bytes  02.09.2013 13:33:45
AVEVTLOG.DLL   : 13.6.20.2174   165432 Bytes  02.09.2013 13:33:46
SQLITE3.DLL    : 3.7.0.1       397088 Bytes  19.09.2012 17:17:40
AVSMTP.DLL     : 13.6.20.2174    60472 Bytes  02.09.2013 13:33:49
NETNT.DLL      : 13.6.20.2174    13368 Bytes  02.09.2013 13:33:59
RCIMAGE.DLL    : 13.6.20.2174  4786744 Bytes  02.09.2013 13:33:36
RCTEXT.DLL     : 13.6.20.2174    68152 Bytes  02.09.2013 13:33:36

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +GAME,+JOKE,+SPR,

Beginn des Suchlaufs: Montag, 2. September 2013  22:37

Der Suchlauf über die Masterbootsektoren wird begonnen:

Der Suchlauf über die Bootsektoren wird begonnen:

Der Suchlauf nach versteckten Objekten wird begonnen.
Fehler in der ARK Library

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '103' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '176' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '127' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'adminservice.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'dsNcService.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'dashost.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'EasyLauncher.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'E_S40STB.EXE' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'E_S40RPB.EXE' - '12' Modul(e) wurden durchsucht
Durchsuche Prozess 'HeciServer.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'jhi_service.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'dsAccessService.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'PnkBstrA.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'SWMAgent.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ath_CoexAgent.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '104' Modul(e) wurden durchsucht
Durchsuche Prozess 'IntelMeFWService.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'dwm.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhostex.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '256' Modul(e) wurden durchsucht
Durchsuche Prozess 'EasySettingsCmdServer.exe' - '99' Modul(e) wurden durchsucht
Durchsuche Prozess 'ismagent.exe' - '106' Modul(e) wurden durchsucht
Durchsuche Prozess 'LiveComm.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'sSettings.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxext.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'RAVCpl64.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxtray.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'updateui.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'BtTray.exe' - '104' Modul(e) wurden durchsucht
Durchsuche Prozess 'BtvStack.exe' - '111' Modul(e) wurden durchsucht
Durchsuche Prozess 'Skype.exe' - '129' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '110' Modul(e) wurden durchsucht
Durchsuche Prozess 'SYNTPHELPER.EXE' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'ActivateDesktop.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'ONENOTEM.EXE' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'PDVD10Serv.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLMLSvc_P2G8.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'CommonAgent.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'RuntimeBroker.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorIcon.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '202' Modul(e) wurden durchsucht
Durchsuche Prozess 'GuaranaAgent.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '102' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '108' Modul(e) wurden durchsucht
Durchsuche Prozess 'KeePass.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '130' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '106' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'WinLogon.exe' - '27' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '26099' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'


Ende des Suchlaufs: Dienstag, 3. September 2013  01:48
Benötigte Zeit:  3:11:17 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  42009 Verzeichnisse wurden überprüft
 1341073 Dateien wurden geprüft
      0 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 1341073 Dateien ohne Befall
  10519 Archive wurden durchsucht
      0 Warnungen
      0 Hinweise
     89 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden
         
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:58 on 02/09/2013 (Michael)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-09-2013 04
Ran by Michael (administrator) on MICHIPC on 02-09-2013 16:04:41
Running from C:\trojana_board_programme\RST
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\windows\system32\atiesrxx.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Microsoft Corporation) C:\windows\system32\dashost.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
() C:\windows\SysWOW64\PnkBstrA.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AMD) C:\windows\system32\atieclxx.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
() C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Dropbox, Inc.) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
() C:\trojana_board_programme\Defogger.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917688 2012-10-16] (Synaptics Incorporated)
HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-12-05] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [128640 2012-12-05] (Atheros Communications)
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [EPSON SX110 Series] - C:\windows\system32\spool\DRIVERS\x64\3\E_IATIFBE.EXE /FU "C:\windows\TEMP\E_SD1B9.tmp" /EF "HKCU" [x]
HKCU\...\Policies\system: [DisableLockWorkstation] 0
MountPoints2: {3804aa3f-4c5e-11e2-be93-50b7c3505830} - "E:\DTVP_Launcher.exe" 
MountPoints2: {7cc75bf7-aa91-11e2-beb3-806e6f6e6963} - "D:\AutoRunCD.exe" 
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [37960 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [1960448 2013-04-05] (Dominik Reichl)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.3&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&st=chrome&q=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.3&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&st=chrome&q=
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.3&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&st=chrome&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.3&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&st=chrome&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.3&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&st=chrome&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.3&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&st=chrome&q=
SearchScopes: HKLM - DefaultScope {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - DefaultScope {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.3&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&q={searchTerms}
SearchScopes: HKLM-x32 - {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.3&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&q={searchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.2&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&q={searchTerms}
SearchScopes: HKCU - DefaultScope {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.3&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&q={searchTerms}
SearchScopes: HKCU - {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.3&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.2&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&q={searchTerms}
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HomeTab - {19a395c9-823b-4700-b817-396fc84ffb16} - C:\Users\Michael\AppData\Roaming\HomeTab\HomeTab.dll (Simply Tech Ltd.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HomeTab - {ba696155-d96e-4281-b467-0367a0456474} - C:\Users\Michael\AppData\Roaming\HomeTab\HomeTab.dll (Simply Tech Ltd.)
Toolbar: HKLM-x32 - HomeTab - {ba696155-d96e-4281-b467-0367a0456474} - C:\Users\Michael\AppData\Roaming\HomeTab\HomeTab.dll (Simply Tech Ltd.)
Toolbar: HKLM-x32 - HomeTab - {19a395c9-823b-4700-b817-396fc84ffb16} - C:\Users\Michael\AppData\Roaming\HomeTab\HomeTab.dll (Simply Tech Ltd.)
DPF: HKLM-x32 {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hcoijgyh.default
FF DefaultSearchEngine: Web Search
FF SearchEngineOrder.1: Web Search
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.3&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&st=chrome&q=
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hcoijgyh.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hcoijgyh.default\Extensions\ad80235d-5e5a-4a1d-a891-51b66a3e70f8@8f877d80-6977-415f-ac14-b52043838c19.com
FF Extension: Super Start - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hcoijgyh.default\Extensions\superstart@enjoyfreeware.org
FF Extension: Yahoo! Toolbar - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hcoijgyh.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: 2.0 - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hcoijgyh.default\Extensions\2.0@disconnect.me.xpi
FF Extension: No Name - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hcoijgyh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-02] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231552 2012-12-05] (Qualcomm Atheros Commnucations)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2012-12-06] ()
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [2956336 2013-05-15] (Samsung Electronics CO., LTD.)
S3 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-07-03] (soft Xpansion)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-12-05] (Atheros)

==================== Drivers (Whitelisted) ====================

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.)
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132088 2013-09-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-04-02] (Avira Operations GmbH & Co. KG)
R3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [222360 2012-12-05] (Qualcomm Atheros)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-05] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-02 15:58 - 2013-09-02 15:58 - 00000000 _____ C:\Users\Michael\defogger_reenable
2013-09-02 15:55 - 2013-09-02 16:00 - 00000000 ____D C:\trojana_board_programme
2013-09-02 15:36 - 2013-08-13 08:38 - 00032328 _____ C:\windows\Launcher.exe
2013-09-02 15:29 - 2013-09-02 15:29 - 00000000 ___RD C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-08-05 21:13 - 2013-08-05 21:13 - 00055386 _____ C:\windows\DirectX.log

==================== One Month Modified Files and Folders =======

2013-09-02 16:04 - 2013-09-02 16:04 - 00000000 ____D C:\FRST
2013-09-02 16:02 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\sru
2013-09-02 16:00 - 2013-09-02 15:55 - 00000000 ____D C:\trojana_board_programme
2013-09-02 15:58 - 2013-09-02 15:58 - 00000000 _____ C:\Users\Michael\defogger_reenable
2013-09-02 15:58 - 2012-11-16 14:55 - 00000000 ____D C:\Users\Michael
2013-09-02 15:51 - 2012-11-16 21:03 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-09-02 15:36 - 2013-07-03 14:57 - 00000000 ____D C:\Users\Michael\AppData\Roaming\HomeTab
2013-09-02 15:36 - 2013-07-03 14:57 - 00000000 ____D C:\Program Files (x86)\HomeTab
2013-09-02 15:35 - 2012-09-18 13:06 - 00000000 ____D C:\ProgramData\WinClon
2013-09-02 15:34 - 2013-05-07 16:03 - 00082136 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2013-09-02 15:34 - 2013-04-02 19:29 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2013-09-02 15:34 - 2013-04-02 19:29 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2013-09-02 15:32 - 2012-11-22 19:31 - 00000510 _____ C:\windows\Tasks\MATLAB R2011b Startup Accelerator.job
2013-09-02 15:32 - 2012-09-19 03:58 - 00764178 _____ C:\windows\system32\perfh007.dat
2013-09-02 15:32 - 2012-09-19 03:58 - 00160770 _____ C:\windows\system32\perfc007.dat
2013-09-02 15:32 - 2012-07-26 09:28 - 01776012 _____ C:\windows\system32\PerfStringBackup.INI
2013-09-02 15:31 - 2013-03-20 16:10 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Skype
2013-09-02 15:31 - 2012-11-16 18:57 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Dropbox
2013-09-02 15:30 - 2012-11-16 18:59 - 00000000 ___RD C:\Users\Michael\Dropbox
2013-09-02 15:29 - 2013-09-02 15:29 - 00000000 ___RD C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-09-02 15:28 - 2012-09-18 12:55 - 00000868 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-09-01 01:00 - 2013-04-19 00:02 - 00000000 ____D C:\Users\Michael\AppData\Roaming\KeePass
2013-08-13 08:38 - 2013-09-02 15:36 - 00032328 _____ C:\windows\Launcher.exe
2013-08-07 10:50 - 2012-09-18 12:55 - 00000870 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-08-07 10:19 - 2013-07-18 21:00 - 00446744 _____ C:\windows\system32\FNTCACHE.DAT
2013-08-07 10:19 - 2012-07-26 09:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-08-06 22:43 - 2013-07-03 15:27 - 01887256 _____ C:\windows\WindowsUpdate.log
2013-08-06 09:52 - 2012-07-26 10:12 - 00000000 ____D C:\windows\AUInstallAgent
2013-08-05 21:15 - 2012-09-18 13:25 - 01778284 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2013-08-05 21:15 - 2012-07-26 10:12 - 00000000 ____D C:\windows\Registration
2013-08-05 21:13 - 2013-08-05 21:13 - 00055386 _____ C:\windows\DirectX.log
2013-08-05 21:13 - 2012-12-06 21:13 - 00669184 _____ C:\windows\SysWOW64\pbsvc.exe
2013-08-05 21:13 - 2012-12-06 21:13 - 00103736 _____ C:\windows\SysWOW64\PnkBstrB.exe

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe
C:\Users\Michael\GoogleEarthPluginSetup.exe
C:\Users\Michael\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Michael\AppData\Local\Temp\tbu20D8.exe
C:\Users\Michael\AppData\Local\Temp\tbu7DE.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-05 10:19

==================== End Of Log ============================
         
--- --- ---

--- --- ---
__________________

Alt 04.09.2013, 17:21   #4
ÖmichlÖ
 
Certified Toolbar nach download eingefangen - Standard

Certified Toolbar nach download eingefangen



GMER Logfile:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-02 22:25:19
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000032 ST750LM022_HN-M750MBB rev.2AR10002 698,64GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Michael\AppData\Local\Temp\pxloypow.sys


---- Kernel code sections - GMER 2.1 ----

.text   C:\windows\System32\win32k.sys!W32pServiceTable                                                                             fffff96000230d00 7 bytes [40, 6C, 82, 01, 00, 55, F2]
.text   C:\windows\System32\win32k.sys!W32pServiceTable + 8                                                                         fffff96000230d08 7 bytes [01, B1, C1, FF, 00, A1, DC]

---- Threads - GMER 2.1 ----

Thread  C:\windows\System32\svchost.exe [396:1392]                                                                                  000007f8e15fba00
Thread  C:\windows\System32\svchost.exe [396:4900]                                                                                  000007f8e3533fd0
Thread  C:\windows\System32\svchost.exe [396:5964]                                                                                  000007f8e053d594
Thread  C:\windows\System32\svchost.exe [396:5236]                                                                                  000007f8e0534150
Thread  C:\windows\System32\svchost.exe [396:8496]                                                                                  000007f8df8f54c0
Thread  C:\windows\System32\svchost.exe [396:5412]                                                                                  000007f8e6dc1c70
Thread  C:\windows\system32\svchost.exe [1712:1884]                                                                                 000007f8e056c4f0
Thread  C:\windows\system32\svchost.exe [1712:1936]                                                                                 000007f8e0578810
Thread  C:\windows\system32\svchost.exe [1712:1944]                                                                                 000007f8e0595170
Thread  C:\windows\system32\svchost.exe [1712:1948]                                                                                 000007f8e05784a0
Thread  C:\windows\system32\svchost.exe [1712:1736]                                                                                 000007f8e03731a0
Thread  C:\windows\system32\svchost.exe [1712:3340]                                                                                 000007f8e0379c68
Thread  C:\windows\system32\svchost.exe [1712:4356]                                                                                 000007f8d94f24e8
Thread  C:\windows\system32\svchost.exe [1712:4372]                                                                                 000007f8d94d4910
Thread  C:\windows\system32\svchost.exe [1712:4448]                                                                                 000007f8d94c1544
Thread  C:\windows\system32\svchost.exe [1712:4504]                                                                                 000007f8d69e55dc
Thread  C:\windows\system32\svchost.exe [1712:6508]                                                                                 000007f8d94d1044
Thread  C:\windows\SYSTEM32\ntdll.dll [2176:2180]                                                                                   00000000001ba912
Thread  C:\windows\SYSTEM32\ntdll.dll [852:3280]                                                                                    000000000027314e
Thread  C:\windows\SYSTEM32\ntdll.dll [4684:4360]                                                                                   000000000021e362
Thread  C:\windows\system32\DllHost.exe [3500:5936]                                                                                 000007f8dd8533c0
Thread  C:\windows\SYSTEM32\ntdll.dll [2404:3832]                                                                                   0000000001348fb2
Thread  C:\windows\system32\csrss.exe [7524:6160]                                                                                   fffff9600092a5e8
Thread  C:\windows\system32\taskhostex.exe [1892:8008]                                                                              000007f8e4dc2210
Thread  C:\windows\system32\taskhostex.exe [1892:7464]                                                                              000007f8e3a125d8
Thread  C:\windows\system32\taskhostex.exe [1892:7328]                                                                              000007f8e7ab46b0
Thread  C:\windows\system32\taskhostex.exe [1892:8244]                                                                              000007f8e2ca1130
Thread  C:\windows\system32\taskhostex.exe [1892:9000]                                                                              000007f8de6177b0
Thread  C:\windows\system32\taskhostex.exe [1892:1580]                                                                              000007f8de6177b0
Thread  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [3724:2716]  000007f8de6177b0
Thread  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [3724:8504]  000007f8de6177b0
Thread  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [3724:3388]  000007f8e999c648
Thread  C:\windows\SYSTEM32\ntdll.dll [5388:2672]                                                                                   0000000000408417
Thread  C:\windows\SYSTEM32\ntdll.dll [5388:5856]                                                                                   00000000004066c0
Thread  C:\windows\SYSTEM32\ntdll.dll [2452:84]                                                                                     000000000040ee72
Thread  C:\windows\SYSTEM32\ntdll.dll [2452:7716]                                                                                   0000000000402ff0
Thread  C:\windows\SYSTEM32\ntdll.dll [2452:4200]                                                                                   00000000735a97fe
Thread  C:\windows\SYSTEM32\ntdll.dll [2452:3436]                                                                                   000000000040c3b0

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                       unknown MBR code

---- EOF - GMER 2.1 ----
         
--- --- ---

Alt 04.09.2013, 21:04   #5
schrauber
/// the machine
/// TB-Ausbilder
 

Certified Toolbar nach download eingefangen - Standard

Certified Toolbar nach download eingefangen



Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 07.09.2013, 11:23   #6
ÖmichlÖ
 
Certified Toolbar nach download eingefangen - Standard

Certified Toolbar nach download eingefangen



hallo schrauber
also ich hab den kombofix zweimal angewendet.Nach dem ersten mal, musst ich feststellen, dass mein password generator "keepass 2" sich nicht mehr starten lässt und die Fehlermeldung "c:/programmfille x86... ein an das system angeschlossenes Gerät funktioniert nicht" erscheint...na muss ich mal schauen
darauf hin hab ich das zweite mal das programm gestartet, um zu schauen ob ich irgendwas vermasselt hab, einzustellen. Da ist natürlich das programm vollends nochmal durchgelaufen und hat die erste logdatei durch die zweite ersezt .nach dem ersten mal hat sich jedoch die browserseite wieder auf die von certified toolbar eingestellt.
auf jedenfall hier die zweite logdatei.
Code:
ATTFilter
ComboFix 13-09-06.01 - Michael 07.09.2013  10:56:40.2.8 - x64
Microsoft Windows 8  6.2.9200.0.1252.49.1031.18.8084.6252 [GMT 2:00]
ausgeführt von:: c:\trojana_board_programme\combofix\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Michael\AppData\Roaming\HomeTab\HomeTab.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-08-07 bis 2013-09-07  ))))))))))))))))))))))))))))))
.
.
2013-09-07 09:03 . 2013-09-07 09:03	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-09-03 01:04 . 2013-09-03 01:07	--------	d-----w-	c:\windows\system32\MRT
2013-09-03 00:58 . 2013-08-13 06:38	32328	----a-w-	c:\windows\Launcher.exe
2013-09-02 23:09 . 2013-05-23 23:02	1314816	----a-w-	c:\windows\system32\rpcrt4.dll
2013-09-02 23:09 . 2013-05-23 22:25	694272	----a-w-	c:\windows\SysWow64\rpcrt4.dll
2013-09-02 23:07 . 2013-07-26 05:13	915968	----a-w-	c:\windows\system32\uxtheme.dll
2013-09-02 23:06 . 2013-07-26 03:12	2877440	----a-w-	c:\windows\SysWow64\jscript9.dll
2013-09-02 23:06 . 2013-07-26 03:12	108032	----a-w-	c:\program files (x86)\Internet Explorer\jsdebuggeride.dll
2013-09-02 23:06 . 2013-07-13 06:16	1889280	----a-w-	c:\windows\system32\crypt32.dll
2013-09-02 23:06 . 2013-07-13 06:18	337408	----a-w-	c:\windows\system32\wintrust.dll
2013-09-02 23:06 . 2013-07-13 06:16	68096	----a-w-	c:\windows\system32\cryptsvc.dll
2013-09-02 23:06 . 2013-07-13 06:15	98304	----a-w-	c:\windows\system32\apprepsync.dll
2013-09-02 23:06 . 2013-07-13 06:15	124416	----a-w-	c:\windows\system32\apprepapi.dll
2013-09-02 23:06 . 2013-07-13 04:24	261120	----a-w-	c:\windows\SysWow64\wintrust.dll
2013-09-02 23:06 . 2013-07-13 04:23	1568256	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-09-02 23:06 . 2013-07-13 04:23	87040	----a-w-	c:\windows\SysWow64\apprepapi.dll
2013-09-02 23:06 . 2013-07-13 04:23	74240	----a-w-	c:\windows\SysWow64\apprepsync.dll
2013-09-02 14:26 . 2013-09-04 13:45	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2013-09-02 14:04 . 2013-09-02 14:04	--------	d-----w-	C:\FRST
2013-09-02 13:55 . 2013-09-07 08:05	--------	d-----w-	C:\trojana_board_programme
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-03 01:04 . 2012-12-16 11:59	78161360	----a-w-	c:\windows\system32\MRT.exe
2013-09-02 13:34 . 2013-05-07 14:03	82136	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-09-02 13:34 . 2013-04-02 17:29	132088	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-09-02 13:34 . 2013-04-02 17:29	105344	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-08-05 19:13 . 2012-12-06 19:13	103736	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2013-08-05 19:13 . 2012-12-06 19:13	669184	----a-w-	c:\windows\SysWow64\pbsvc.exe
2013-07-16 08:39 . 2013-07-16 08:39	17536	----a-w-	c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-07-03 12:54 . 2013-07-03 12:53	444400	----a-w-	c:\program files (x86)\DLG_free-pdf-perfect_chip_de-DE10.exe
2013-06-27 22:04 . 2013-07-11 21:37	78200	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-27 22:04 . 2013-07-11 21:37	693112	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-16 22:41 . 2013-07-19 15:30	997632	----a-w-	c:\windows\system32\drivers\ndis.sys
2013-03-13 14:11 . 2013-03-13 14:11	24449680	----a-w-	c:\program files\GoogleEarthWin703.exe
2012-11-22 16:17 . 2012-11-22 16:17	6208736	----a-w-	c:\program files\JuniperVpnClient.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{19a395c9-823b-4700-b817-396fc84ffb16}]
c:\users\Michael\AppData\Roaming\HomeTab\HomeTab.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ba696155-d96e-4281-b467-0367a0456474}]
c:\users\Michael\AppData\Roaming\HomeTab\HomeTab.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba696155-d96e-4281-b467-0367a0456474}"= "c:\users\Michael\AppData\Roaming\HomeTab\HomeTab.dll" [BU]
"{19a395c9-823b-4700-b817-396fc84ffb16}"= "c:\users\Michael\AppData\Roaming\HomeTab\HomeTab.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{ba696155-d96e-4281-b467-0367a0456474}]
[HKEY_CLASSES_ROOT\wtb.Band.1]
[HKEY_CLASSES_ROOT\TypeLib\{5b191ea7-f309-4d2f-aaa5-c77d84d29ccd}]
[HKEY_CLASSES_ROOT\wtb.Band]
.
[HKEY_CLASSES_ROOT\clsid\{19a395c9-823b-4700-b817-396fc84ffb16}]
[HKEY_CLASSES_ROOT\wtb.Band.1]
[HKEY_CLASSES_ROOT\TypeLib\{dabf9301-b3ea-4153-8e6b-06131356bfb8}]
[HKEY_CLASSES_ROOT\wtb.Band]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2012-05-19 1371648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-09-12 56128]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2013-05-10 37960]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-08-15 97392]
"CLMLServer_For_P2G8"="c:\program files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" [2012-06-08 111120]
"CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2012-07-12 491120]
"Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2012-07-13 155488]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-09-02 347192]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2013-07-20 2010624]
.
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-1-8 228448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 SWUpdateService;SW Update Service;c:\programdata\Samsung\SW Update Service\SWMAgent.exe;c:\programdata\Samsung\SW Update Service\SWMAgent.exe [x]
R3 androidusb;ADB Interface Driver;c:\windows\System32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SXDS10;soft Xpansion Dispatch Service;c:\program files (x86)\Common Files\soft Xpansion\sxds10.exe \Service;c:\program files (x86)\Common Files\soft Xpansion\sxds10.exe \Service [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\System32\drivers\amdkmpfd.sys;c:\windows\SYSNATIVE\drivers\amdkmpfd.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 Easy Launcher;Easy Launcher;c:\program files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe;c:\program files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 JuniperAccessService;Juniper Unified Network Service;c:\program files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe;c:\program files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
S3 BTATH_HID;Bluetooth HID Device;c:\windows\system32\DRIVERS\btath_hid.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hid.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 BthLEEnum;Treiber für energiearme Bluetooth-Geräte;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\System32\drivers\dc3d.sys;c:\windows\SYSNATIVE\drivers\dc3d.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 RadioHIDMini;Radio HID Mini-driver;c:\windows\System32\drivers\RadioHIDMini.sys;c:\windows\SYSNATIVE\drivers\RadioHIDMini.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-09-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-16 06:38]
.
2013-09-07 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16 02:54]
.
2013-09-07 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16 02:54]
.
2013-09-07 c:\windows\Tasks\MATLAB R2011b Startup Accelerator.job
- c:\programme uni\bin\win64\MATLABStartupAccelerator.exe [2012-11-22 14:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-08-10 13191824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-07-20 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-07-20 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-07-20 440640]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"BtTray"="c:\program files (x86)\Bluetooth Suite\BtTray.exe" [2012-12-05 766080]
"BtvStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-12-05 128640]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:newtab
uDefault_Search_URL = hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.6&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&st=chrome&q=
mDefault_Search_URL = hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.6&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&st=chrome&q=
mStart Page = about:newtab
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.6&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&st=chrome&q=
mSearch Bar = hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.6&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&st=chrome&q=
IE: An OneNote s&enden - c:\program files\Microsoft Office\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\program files\Microsoft Office\Office14\EXCEL.EXE/3000
IE: {{92808042-fb78-4fa0-bb4f-c9a95e0e9c10} - {ba696155-d96e-4281-b467-0367a0456474} - c:\users\Michael\AppData\Roaming\HomeTab\HomeTab.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hcoijgyh.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.6&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&st=chrome&q=
FF - ExtSQL: 2013-09-03 04:58; {24532715-4abc-47ee-bd4f-a6774d0723d2}; c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hcoijgyh.default\extensions\{24532715-4abc-47ee-bd4f-a6774d0723d2}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2678595623-4148133582-4009595467-1001CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ba696155-d96e-4281-b467-0367a0456474}]
@Denied: (A 2) (Administrators)
@Denied: (A 2) (S-1-5-21-2678595623-4148133582-4009595467-1001)
@Allowed: (Read) (S-1-15-3-4096)
@Allowed: (Read) (RestrictedCode)
"Flags"=dword:00000400
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Zeit der Fertigstellung: 2013-09-07  11:06:48
ComboFix-quarantined-files.txt  2013-09-07 09:06
ComboFix2.txt  2013-09-07 08:25
.
Vor Suchlauf: 19 Verzeichnis(se), 599.983.697.920 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 599.922.335.744 Bytes frei
.
- - End Of File - - D6B1BF9A2093823B618621CA63113F46
         

Alt 07.09.2013, 15:36   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Certified Toolbar nach download eingefangen - Standard

Certified Toolbar nach download eingefangen



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.09.2013, 14:00   #8
ÖmichlÖ
 
Certified Toolbar nach download eingefangen - Standard

Certified Toolbar nach download eingefangen



hey
logfile malwarebytes:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.08.02

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16660
Michael :: MICHIPC [Administrator]

Schutz: Aktiviert

08.09.2013 10:19:55
mbam-log-2013-09-08 (10-19-55).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 234942
Laufzeit: 5 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 3
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3a4935b3-b7a0-4065-8ccc-0030471b33f1}_is1 (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 6
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.6&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.6&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&st=chrome&q=) Gut: (hxxp://www.google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.6&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.6&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.6&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.6&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&st=chrome&q=) Gut: (hxxp://www.google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 8
C:\Users\Michael\AppData\Roaming\SIMPLYTECH\home (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\PROGRAM FILES (X86)\HomeTab (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\PROGRAM FILES (X86)\HomeTab\chrome (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\PROGRAM FILES (X86)\HomeTab\support@HomeTab.com (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\PROGRAM FILES (X86)\HomeTab\SUPPORT@HOMETAB.COM\chrome (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\PROGRAM FILES (X86)\HomeTab\SUPPORT@HOMETAB.COM\components (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\PROGRAM FILES (X86)\HomeTab\SUPPORT@HOMETAB.COM\plugins (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\PROGRAMDATA\MICROSOFT\Windows\START MENU\Programs\HomeTab (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 31
C:\Users\Michael\AppData\Roaming\SIMPLYTECH\home\home.htm (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Michael\AppData\Roaming\SIMPLYTECH\home\jquery-ui-1.10.1.custom.min.js (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Michael\AppData\Roaming\SIMPLYTECH\home\jquiso.js (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Michael\AppData\Roaming\SIMPLYTECH\home\socket.io.js (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Michael\AppData\Roaming\SIMPLYTECH\home\style.css (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Michael\AppData\Roaming\SIMPLYTECH\home\vars.js (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\PROGRAM FILES (X86)\HomeTab\MICROSOFT.WIN32.TASKSCHEDULER.XML (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\PROGRAM FILES (X86)\HomeTab\cinshlpr.dll (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\PROGRAM FILES (X86)\HomeTab\hometab_icon.ico (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\PROGRAM FILES (X86)\HomeTab\InstallHelper.dll (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\PROGRAM FILES (X86)\HomeTab\Interop.IWshRuntimeLibrary.dll (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\PROGRAM FILES (X86)\HomeTab\Microsoft.Win32.TaskScheduler.dll (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\PROGRAM FILES (X86)\HomeTab\ProtectedSearch.exe (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\PROGRAM FILES (X86)\HomeTab\ProtectedSearch.ico (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\PROGRAM FILES (X86)\HomeTab\STInst64.dll (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\PROGRAM FILES (X86)\HomeTab\STInst64.exe (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\PROGRAM FILES (X86)\HomeTab\System.Data.SQLite.dll (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\PROGRAM FILES (X86)\HomeTab\TaskSchedulerCreator.exe (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\PROGRAM FILES (X86)\HomeTab\TBUpdater.dll (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\PROGRAM FILES (X86)\HomeTab\ToolbarUninstall.exe (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\PROGRAM FILES (X86)\HomeTab\unins000.dat (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\PROGRAM FILES (X86)\HomeTab\unins000.exe (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\PROGRAM FILES (X86)\HomeTab\chrome\HomeTab.crx (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\PROGRAM FILES (X86)\HomeTab\SUPPORT@HOMETAB.COM\chrome.manifest (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\PROGRAM FILES (X86)\HomeTab\SUPPORT@HOMETAB.COM\install.js (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\PROGRAM FILES (X86)\HomeTab\SUPPORT@HOMETAB.COM\install.rdf (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\PROGRAM FILES (X86)\HomeTab\SUPPORT@HOMETAB.COM\pop.htm (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\PROGRAM FILES (X86)\HomeTab\SUPPORT@HOMETAB.COM\chrome\HomeTab_3869.jar (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\PROGRAM FILES (X86)\HomeTab\SUPPORT@HOMETAB.COM\COMPONENTS\wtb_complete.js (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\PROGRAM FILES (X86)\HomeTab\SUPPORT@HOMETAB.COM\plugins\npwiddit.dll (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\PROGRAMDATA\MICROSOFT\Windows\START MENU\Programs\HomeTab\PROTECTED SEARCH SETTINGS.LNK (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Code:
ATTFilter
# AdwCleaner v3.003 - Bericht erstellt am 08/09/2013 um 11:35:10
# Updated 07/09/2013 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Michael - MICHIPC
# Gestartet von : C:\trojana_board_programme\adwarecleaner\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\SoftwareUpdater
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Users\Michael\AppData\Local\DownloadGuide
Ordner Gelöscht : C:\Users\Michael\AppData\LocalLow\HomeTab
Ordner Gelöscht : C:\Users\Michael\AppData\LocalLow\SimplyTech
Ordner Gelöscht : C:\Users\Michael\AppData\Roaming\HomeTab
Ordner Gelöscht : C:\Users\Michael\AppData\Roaming\SimplyTech
Ordner Gelöscht : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hcoijgyh.default\Extensions\{24532715-4abc-47ee-bd4f-a6774d0723d2}
Ordner Gelöscht : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hcoijgyh.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Datei Gelöscht : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hcoijgyh.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hcoijgyh.default\searchplugins\Web Search.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Web Search.xml
Datei Gelöscht : C:\windows\System32\Tasks\Browser Updater

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\HomeTab.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wtb.NotificationSource
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wtb.NotificationSource.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3FC27B34-0C19-49DA-875E-1875DDD4A6B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19A395C9-823B-4700-B817-396FC84FFB16}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A928E66C-F501-4E66-9953-855C712F93B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BA696155-D96E-4281-B467-0367A0456474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{19A395C9-823B-4700-B817-396FC84FFB16}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA696155-D96E-4281-B467-0367A0456474}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{19A395C9-823B-4700-B817-396FC84FFB16}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA696155-D96E-4281-B467-0367A0456474}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{19A395C9-823B-4700-B817-396FC84FFB16}
[#] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA696155-D96E-4281-B467-0367A0456474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{19A395C9-823B-4700-B817-396FC84FFB16}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BA696155-D96E-4281-B467-0367A0456474}]
Schlüssel Gelöscht : HKCU\Software\FoxyDeal
Schlüssel Gelöscht : HKCU\Software\HomeTab
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\simplytech
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\simplytech
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16660

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Search Bar]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [(Default)]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [(Default)]

-\\ Mozilla Firefox v23.0.1 (de)

[ Datei : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hcoijgyh.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaultengine", "Web Search");
Zeile gelöscht : user_pref("browser.search.order.1", "Web Search");
Zeile gelöscht : user_pref("extensions.aad80235d5e5a4a1da89151b66a3e70f88f877d806977415fac14b52043838c19com33434.33434.backgroundjs", "\n\n/*****************************************************************************[...]
Zeile gelöscht : user_pref("extensions.aad80235d5e5a4a1da89151b66a3e70f88f877d806977415fac14b52043838c19com33434.33434.js", "\n\n  /************************************************************************************\[...]
Zeile gelöscht : user_pref("extensions.aad80235d5e5a4a1da89151b66a3e70f88f877d806977415fac14b52043838c19com33434.33434.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return app[...]
Zeile gelöscht : user_pref("extensions.aad80235d5e5a4a1da89151b66a3e70f88f877d806977415fac14b52043838c19com33434.33434.plugins.plugin_104.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAP[...]
Zeile gelöscht : user_pref("extensions.aad80235d5e5a4a1da89151b66a3e70f88f877d806977415fac14b52043838c19com33434.33434.plugins.plugin_119.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAP[...]
Zeile gelöscht : user_pref("extensions.aad80235d5e5a4a1da89151b66a3e70f88f877d806977415fac14b52043838c19com33434.33434.plugins.plugin_120.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAP[...]
Zeile gelöscht : user_pref("extensions.aad80235d5e5a4a1da89151b66a3e70f88f877d806977415fac14b52043838c19com33434.33434.plugins.plugin_123.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAP[...]
Zeile gelöscht : user_pref("extensions.aad80235d5e5a4a1da89151b66a3e70f88f877d806977415fac14b52043838c19com33434.33434.plugins.plugin_13.name", "CrossriderAppUtils");
Zeile gelöscht : user_pref("extensions.aad80235d5e5a4a1da89151b66a3e70f88f877d806977415fac14b52043838c19com33434.33434.plugins.plugin_138.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAP[...]
Zeile gelöscht : user_pref("extensions.aad80235d5e5a4a1da89151b66a3e70f88f877d806977415fac14b52043838c19com33434.33434.plugins.plugin_14.name", "CrossriderUtils");
Zeile gelöscht : user_pref("extensions.aad80235d5e5a4a1da89151b66a3e70f88f877d806977415fac14b52043838c19com33434.33434.plugins.plugin_155.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAP[...]
Zeile gelöscht : user_pref("extensions.aad80235d5e5a4a1da89151b66a3e70f88f877d806977415fac14b52043838c19com33434.33434.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _[...]
Zeile gelöscht : user_pref("extensions.aad80235d5e5a4a1da89151b66a3e70f88f877d806977415fac14b52043838c19com33434.33434.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1[...]
Zeile gelöscht : user_pref("extensions.aad80235d5e5a4a1da89151b66a3e70f88f877d806977415fac14b52043838c19com33434.33434.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.a[...]
Zeile gelöscht : user_pref("extensions.aad80235d5e5a4a1da89151b66a3e70f88f877d806977415fac14b52043838c19com33434.33434.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.que[...]
Zeile gelöscht : user_pref("extensions.aad80235d5e5a4a1da89151b66a3e70f88f877d806977415fac14b52043838c19com33434.33434.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_con[...]
Zeile gelöscht : user_pref("extensions.aad80235d5e5a4a1da89151b66a3e70f88f877d806977415fac14b52043838c19com33434.33434.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a};}()var [...]
Zeile gelöscht : user_pref("extensions.aad80235d5e5a4a1da89151b66a3e70f88f877d806977415fac14b52043838c19com33434.33434.plugins.plugin_78.name", "CrossriderInfo");
Zeile gelöscht : user_pref("extensions.aad80235d5e5a4a1da89151b66a3e70f88f877d806977415fac14b52043838c19com33434.33434.plugins.plugin_87.code", "var CROSSRIDER_PLATFORM=true;var JQ=bbrsJQ=$jquery;if(appAPI.platform==\[...]
Zeile gelöscht : user_pref("extensions.aad80235d5e5a4a1da89151b66a3e70f88f877d806977415fac14b52043838c19com33434.33434.plugins.plugin_91.code", "(function(h){var p=(function(){var R=0;var Z=\"\";function Q(ac){return [...]
Zeile gelöscht : user_pref("extensions.aad80235d5e5a4a1da89151b66a3e70f88f877d806977415fac14b52043838c19com33434.33434.plugins.plugin_92.code", "if(typeof appAPI.internal.monetization===\"undefined\"){appAPI.internal.[...]
Zeile gelöscht : user_pref("extensions.crossrider.bic", "13fa49da2393562e80dd0a110b17808b");
Zeile gelöscht : user_pref("iminent.webbooster.scripts.minibar.SOFTONICREFRESHRATE", "140000");
Zeile gelöscht : user_pref("iminent.webbooster.scripts.sslminibar.SOFTONICREFRESHRATE", "140000");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=4.6&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&st=chrome&q=");

*************************

AdwCleaner[R0].txt - [16588 octets] - [08/09/2013 11:33:24]
AdwCleaner[S0].txt - [15152 octets] - [08/09/2013 11:35:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15213 octets] ##########
         
die junkware logfile:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.9 (09.07.2013:1)
OS: Windows 8 x64
Ran by Michael on 08.09.2013 at 13:21:36,07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\microsoft\Internet Explorer\SearchScopes\{4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Michael\AppData\Roaming\mozilla\firefox\profiles\hcoijgyh.default\prefs.js

user_pref("extensions.aad80235d5e5a4a1da89151b66a3e70f88f877d806977415fac14b52043838c19com33434.33434.plugins.plugin_102.code", "if (typeof appAPI.internal.monetization === \"
user_pref("iminent.webbooster.scripts.minibar.LayoutId", "1");
user_pref("iminent.webbooster.scripts.minibar.ROOTEXTENSION", "chrome://iminentwebbooster/content/minibar");
user_pref("iminent.webbooster.scripts.minibar.Services.BHPCode", "01");
user_pref("iminent.webbooster.scripts.minibar.Services.DefaultEvent", "000");
user_pref("iminent.webbooster.scripts.minibar.Services.DefaultWebSite", "000");
user_pref("iminent.webbooster.scripts.minibar.Services.IminentClientCode", "11");
user_pref("iminent.webbooster.scripts.minibar.Services.SmartFavCode", "02");
user_pref("iminent.webbooster.scripts.minibar.ShowThankyouPixel", "0");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent102", "1372864787113");
user_pref("iminent.webbooster.scripts.sslminibar.LayoutId", "1");
user_pref("iminent.webbooster.scripts.sslminibar.ROOTEXTENSION", "chrome://iminentwebbooster/content/minibar");
user_pref("iminent.webbooster.scripts.sslminibar.Services.BHPCode", "01");
user_pref("iminent.webbooster.scripts.sslminibar.Services.DefaultEvent", "000");
user_pref("iminent.webbooster.scripts.sslminibar.Services.DefaultWebSite", "000");
user_pref("iminent.webbooster.scripts.sslminibar.Services.IminentClientCode", "11");
user_pref("iminent.webbooster.scripts.sslminibar.Services.SmartFavCode", "02");
Emptied folder: C:\Users\Michael\AppData\Roaming\mozilla\firefox\profiles\hcoijgyh.default\minidumps [9 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.09.2013 at 13:29:58,58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
und noch die rstdatei:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-09-2013
Ran by Michael (administrator) on MICHIPC on 08-09-2013 13:41:33
Running from C:\trojana_board_programme\RST
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\windows\system32\atiesrxx.exe
(AMD) C:\windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Microsoft Corporation) C:\windows\system32\dashost.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Malwarebytes Corporation) C:\trojana_board_programme\ Malwarebytes Anti-Malware \Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\trojana_board_programme\ Malwarebytes Anti-Malware \Malwarebytes' Anti-Malware\mbamservice.exe
() C:\windows\SysWOW64\PnkBstrA.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Malwarebytes Corporation) C:\trojana_board_programme\ Malwarebytes Anti-Malware \Malwarebytes' Anti-Malware\mbamgui.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Dropbox, Inc.) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16613_none_6273bd8950d6cae2\TiWorker.exe
(Microsoft Corporation) C:\windows\system32\msiexec.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917688 2012-10-16] (Synaptics Incorporated)
HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-12-05] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [128640 2012-12-05] (Atheros Communications)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [37960 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2010624 2013-07-20] (Dominik Reichl)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.6&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&q={searchTerms}
SearchScopes: HKCU - DefaultScope {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = 
SearchScopes: HKCU - {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = 
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hcoijgyh.default
FF NewTab: about:home
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hcoijgyh.default\Extensions\ad80235d-5e5a-4a1d-a891-51b66a3e70f8@8f877d80-6977-415f-ac14-b52043838c19.com
FF Extension: Super Start - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hcoijgyh.default\Extensions\superstart@enjoyfreeware.org
FF Extension: 2.0 - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hcoijgyh.default\Extensions\2.0@disconnect.me.xpi
FF Extension: No Name - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hcoijgyh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-02] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231552 2012-12-05] (Qualcomm Atheros Commnucations)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMScheduler; C:\trojana_board_programme\ Malwarebytes Anti-Malware \Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\trojana_board_programme\ Malwarebytes Anti-Malware \Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2012-12-06] ()
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [2956336 2013-05-15] (Samsung Electronics CO., LTD.)
S3 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-07-03] (soft Xpansion)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-12-05] (Atheros)

==================== Drivers (Whitelisted) ====================

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.)
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132088 2013-09-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-04-02] (Avira Operations GmbH & Co. KG)
R3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [222360 2012-12-05] (Qualcomm Atheros)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-05] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-08 13:21 - 2013-09-08 13:21 - 00000000 ____D C:\windows\ERUNT
2013-09-08 12:41 - 2013-09-08 12:41 - 00001080 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-09-08 11:41 - 2013-09-08 11:41 - 00000000 ___RD C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-09-08 11:33 - 2013-09-08 11:35 - 00000000 ____D C:\AdwCleaner
2013-09-08 11:27 - 2013-09-08 11:27 - 01037278 _____ C:\Users\Michael\Downloads\adwcleaner.exe
2013-09-08 10:13 - 2013-09-08 10:13 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Malwarebytes
2013-09-08 10:13 - 2013-09-08 10:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-08 10:13 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-09-07 11:06 - 2013-09-07 11:06 - 00020205 _____ C:\ComboFix.txt
2013-09-07 10:40 - 2013-09-07 10:40 - 02513520 _____ (Dominik Reichl                                              ) C:\Users\Michael\Downloads\KeePass-2.23-Setup.exe
2013-09-07 10:40 - 2013-09-07 10:40 - 00001133 _____ C:\Users\Michael\Desktop\KeePass 2.lnk
2013-09-07 10:39 - 2013-09-07 10:39 - 01850306 _____ (Dominik Reichl                                              ) C:\Users\Michael\Downloads\KeePass-1.26-Setup.exe
2013-09-07 10:10 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2013-09-07 10:10 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2013-09-07 10:10 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-09-07 10:10 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-09-07 10:10 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-09-07 10:10 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\windows\SWXCACLS.exe
2013-09-07 10:10 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2013-09-07 10:10 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2013-09-07 10:10 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2013-09-07 10:09 - 2013-09-07 11:06 - 00000000 ____D C:\Qoobox
2013-09-07 10:09 - 2013-09-07 10:22 - 00000000 ____D C:\windows\erdnt
2013-09-04 17:04 - 2013-09-04 17:10 - 00000000 ____D C:\Users\Michael\Desktop\Neuer Ordner
2013-09-03 03:04 - 2013-09-03 03:07 - 00000000 ____D C:\windows\system32\MRT
2013-09-03 02:58 - 2013-08-13 08:38 - 00032328 _____ C:\windows\Launcher.exe
2013-09-03 01:09 - 2013-05-24 01:02 - 01314816 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2013-09-03 01:09 - 2013-05-24 00:25 - 00694272 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2013-09-03 01:08 - 2013-07-09 08:07 - 02233168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-09-03 01:08 - 2013-07-02 02:44 - 00036288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
2013-09-03 01:08 - 2013-07-02 00:08 - 00247216 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
2013-09-03 01:07 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-09-03 01:07 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-09-03 01:07 - 2013-07-26 07:13 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2013-09-03 01:07 - 2013-07-26 07:13 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2013-09-03 01:07 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-09-03 01:07 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-09-03 01:07 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-09-03 01:07 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-09-03 01:07 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-09-03 01:07 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-09-03 01:07 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-09-03 01:07 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-09-03 01:07 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-09-03 01:07 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-09-03 01:07 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-09-03 01:07 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-09-03 01:07 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-09-03 01:07 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-09-03 01:07 - 2013-07-26 05:13 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2013-09-03 01:07 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-09-03 01:07 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-09-03 01:07 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-09-03 01:07 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-09-03 01:07 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-09-03 01:07 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-09-03 01:07 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-09-03 01:07 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-09-03 01:07 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-09-03 01:07 - 2013-07-26 02:54 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2013-09-03 01:06 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-09-03 01:06 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-09-03 01:06 - 2013-07-13 08:18 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2013-09-03 01:06 - 2013-07-13 08:16 - 01889280 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-09-03 01:06 - 2013-07-13 08:16 - 00068096 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2013-09-03 01:06 - 2013-07-13 08:15 - 00124416 _____ (Microsoft Corporation) C:\windows\system32\apprepapi.dll
2013-09-03 01:06 - 2013-07-13 08:15 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\apprepsync.dll
2013-09-03 01:06 - 2013-07-13 06:24 - 00261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2013-09-03 01:06 - 2013-07-13 06:23 - 01568256 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2013-09-03 01:06 - 2013-07-13 06:23 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\apprepapi.dll
2013-09-03 01:06 - 2013-07-13 06:23 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\apprepsync.dll
2013-09-02 16:26 - 2013-09-04 15:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-09-02 16:04 - 2013-09-02 16:04 - 00000000 ____D C:\FRST
2013-09-02 15:58 - 2013-09-02 15:58 - 00000000 _____ C:\Users\Michael\defogger_reenable
2013-09-02 15:55 - 2013-09-08 12:09 - 00000000 ____D C:\trojana_board_programme

==================== One Month Modified Files and Folders =======

2013-09-08 13:29 - 2013-09-08 13:29 - 00003279 _____ C:\Users\Michael\Desktop\JRT.txt
2013-09-08 13:21 - 2013-09-08 13:21 - 00000000 ____D C:\windows\ERUNT
2013-09-08 13:20 - 2013-03-20 16:10 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Skype
2013-09-08 13:02 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\sru
2013-09-08 13:00 - 2012-11-22 19:31 - 00000510 _____ C:\windows\Tasks\MATLAB R2011b Startup Accelerator.job
2013-09-08 12:51 - 2012-11-16 21:03 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-09-08 12:42 - 2013-04-23 08:57 - 00000000 ____D C:\Users\Michael\AppData\Roaming\vlc
2013-09-08 12:41 - 2013-09-08 12:41 - 00001080 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-09-08 12:09 - 2013-09-02 15:55 - 00000000 ____D C:\trojana_board_programme
2013-09-08 12:04 - 2013-07-03 15:27 - 01639875 _____ C:\windows\WindowsUpdate.log
2013-09-08 11:49 - 2012-11-16 15:06 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2678595623-4148133582-4009595467-1001
2013-09-08 11:44 - 2012-11-16 18:59 - 00000000 ___RD C:\Users\Michael\Dropbox
2013-09-08 11:44 - 2012-11-16 18:57 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Dropbox
2013-09-08 11:42 - 2012-09-18 13:06 - 00000000 ____D C:\ProgramData\WinClon
2013-09-08 11:41 - 2013-09-08 11:41 - 00000000 ___RD C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-09-08 11:39 - 2012-09-18 12:55 - 00000868 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-09-08 11:37 - 2012-07-26 09:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-09-08 11:36 - 2012-07-26 07:26 - 00524288 ___SH C:\windows\system32\config\BBI
2013-09-08 11:35 - 2013-09-08 11:33 - 00000000 ____D C:\AdwCleaner
2013-09-08 11:35 - 2013-07-03 14:57 - 00000000 ____D C:\windows\System32\Tasks\Browser Updater
2013-09-08 11:27 - 2013-09-08 11:27 - 01037278 _____ C:\Users\Michael\Downloads\adwcleaner.exe
2013-09-08 10:50 - 2012-09-18 12:55 - 00000870 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-09-08 10:39 - 2013-07-05 08:05 - 00014194 _____ C:\windows\PFRO.log
2013-09-08 10:39 - 2013-01-17 23:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-08 10:13 - 2013-09-08 10:13 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Malwarebytes
2013-09-08 10:13 - 2013-09-08 10:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-08 09:51 - 2012-09-19 03:58 - 00764178 _____ C:\windows\system32\perfh007.dat
2013-09-08 09:51 - 2012-09-19 03:58 - 00160770 _____ C:\windows\system32\perfc007.dat
2013-09-08 09:51 - 2012-07-26 09:28 - 01776012 _____ C:\windows\system32\PerfStringBackup.INI
2013-09-07 11:06 - 2013-09-07 11:06 - 00020205 _____ C:\ComboFix.txt
2013-09-07 11:06 - 2013-09-07 10:09 - 00000000 ____D C:\Qoobox
2013-09-07 11:03 - 2012-07-26 07:26 - 00000215 _____ C:\windows\system.ini
2013-09-07 10:40 - 2013-09-07 10:40 - 02513520 _____ (Dominik Reichl                                              ) C:\Users\Michael\Downloads\KeePass-2.23-Setup.exe
2013-09-07 10:40 - 2013-09-07 10:40 - 00001133 _____ C:\Users\Michael\Desktop\KeePass 2.lnk
2013-09-07 10:40 - 2013-04-18 22:44 - 00000000 ____D C:\Program Files (x86)\KeePass Password Safe 2
2013-09-07 10:39 - 2013-09-07 10:39 - 01850306 _____ (Dominik Reichl                                              ) C:\Users\Michael\Downloads\KeePass-1.26-Setup.exe
2013-09-07 10:25 - 2012-09-18 13:01 - 00000000 ____D C:\Users\EasySurvey
2013-09-07 10:25 - 2012-07-26 07:37 - 00000000 __RHD C:\Users\Default
2013-09-07 10:22 - 2013-09-07 10:09 - 00000000 ____D C:\windows\erdnt
2013-09-07 10:20 - 2012-11-16 14:55 - 00000000 ____D C:\Users\Michael
2013-09-07 10:01 - 2013-07-26 11:55 - 00001592 _____ C:\windows\setupact.log
2013-09-06 23:30 - 2012-07-26 10:12 - 00000000 ____D C:\windows\rescache
2013-09-06 23:00 - 2012-11-16 14:58 - 00000000 ____D C:\Users\Michael\AppData\Local\CrashDumps
2013-09-04 17:10 - 2013-09-04 17:04 - 00000000 ____D C:\Users\Michael\Desktop\Neuer Ordner
2013-09-04 15:48 - 2013-04-19 00:02 - 00000000 ____D C:\Users\Michael\AppData\Roaming\KeePass
2013-09-04 15:45 - 2013-09-02 16:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-09-04 15:37 - 2013-07-03 14:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-04 15:34 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender
2013-09-04 15:34 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-09-03 15:57 - 2012-07-26 10:12 - 00000000 ____D C:\windows\AUInstallAgent
2013-09-03 03:07 - 2013-09-03 03:04 - 00000000 ____D C:\windows\system32\MRT
2013-09-03 03:04 - 2012-12-16 13:59 - 78161360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-09-02 22:17 - 2013-04-19 00:02 - 00003870 _____ C:\Users\Michael\Documents\NewDatabase.kdbx
2013-09-02 16:04 - 2013-09-02 16:04 - 00000000 ____D C:\FRST
2013-09-02 15:58 - 2013-09-02 15:58 - 00000000 _____ C:\Users\Michael\defogger_reenable
2013-09-02 15:34 - 2013-05-07 16:03 - 00082136 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2013-09-02 15:34 - 2013-04-02 19:29 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2013-09-02 15:34 - 2013-04-02 19:29 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2013-08-13 08:38 - 2013-09-03 02:58 - 00032328 _____ C:\windows\Launcher.exe

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe
C:\Users\Michael\AppData\Local\Temp\Quarantine.exe
C:\Users\Michael\AppData\Local\Temp\vlc-2.0.8-win32.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-02 16:16

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Alt 09.09.2013, 06:58   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Certified Toolbar nach download eingefangen - Standard

Certified Toolbar nach download eingefangen




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.09.2013, 20:52   #10
ÖmichlÖ
 
Certified Toolbar nach download eingefangen - Standard

Certified Toolbar nach download eingefangen



guten abend,
ich hab jetzt das problem, dass sich bei mir der link zu smartinstaller nicht öffnen lässt.dabei geht für kurze zeit ein neuer reiter auf aber schließ sich darauf sofort wieder.ich habe es dann auch direkt bei eset versucht was sich mit mozilla ebenfalls nicht bewerkstelligen lies.bin dann auf den internet explorer umgestiegen und siehe da hat geklappt. soweit so gut.Programm durchlaufen lassen hat mir aber keine logdatei hinterlassen...wieder internet explorer aufgemacht und da is mir wieder certified toolbar begegnet
im allgemeinen is der pc jetzt schon deutlich schnell aber dieser certified is schon n hartnäckiges ding...
und was mag denn das problem sein, dass ich deinen link zu smartinstaller nicht öffnen kann?
grüße

Alt 11.09.2013, 08:32   #11
schrauber
/// the machine
/// TB-Ausbilder
 

Certified Toolbar nach download eingefangen - Standard

Certified Toolbar nach download eingefangen



Könnte en Schluckauf sein. Poste mal SecurityCheck und ein frisches FRST log.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.09.2013, 16:23   #12
ÖmichlÖ
 
Certified Toolbar nach download eingefangen - Standard

Certified Toolbar nach download eingefangen



Code:
ATTFilter
 Results of screen317's Security Check version 0.99.73  
   x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender   
Avira Desktop      
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Adobe Flash Player 	11.8.800.168  
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Mozilla Firefox (23.0.1) 
 Mozilla Thunderbird (17.0.8) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Malwarebytes Anti-Malware Malwarebytes' Anti-Malware mbamscheduler.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-09-2013
Ran by Michael (administrator) on MICHIPC on 11-09-2013 16:21:28
Running from C:\trojana_board_programme\RST
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\windows\system32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Microsoft Corporation) C:\windows\system32\dashost.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Malwarebytes Corporation) C:\trojana_board_programme\ Malwarebytes Anti-Malware \Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\trojana_board_programme\ Malwarebytes Anti-Malware \Malwarebytes' Anti-Malware\mbamservice.exe
() C:\windows\SysWOW64\PnkBstrA.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(AMD) C:\windows\system32\atieclxx.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Malwarebytes Corporation) C:\trojana_board_programme\ Malwarebytes Anti-Malware \Malwarebytes' Anti-Malware\mbamgui.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\windows\SysWOW64\notepad.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917688 2012-10-16] (Synaptics Incorporated)
HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-12-05] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [128640 2012-12-05] (Atheros Communications)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [37960 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2010624 2013-07-20] (Dominik Reichl)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.6&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&q={searchTerms}
SearchScopes: HKCU - DefaultScope {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = 
SearchScopes: HKCU - {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = 
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hcoijgyh.default
FF NewTab: about:home
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hcoijgyh.default\Extensions\ad80235d-5e5a-4a1d-a891-51b66a3e70f8@8f877d80-6977-415f-ac14-b52043838c19.com
FF Extension: Super Start - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hcoijgyh.default\Extensions\superstart@enjoyfreeware.org
FF Extension: 2.0 - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hcoijgyh.default\Extensions\2.0@disconnect.me.xpi
FF Extension: No Name - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hcoijgyh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-02] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231552 2012-12-05] (Qualcomm Atheros Commnucations)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMScheduler; C:\trojana_board_programme\ Malwarebytes Anti-Malware \Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\trojana_board_programme\ Malwarebytes Anti-Malware \Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2012-12-06] ()
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [2956336 2013-05-15] (Samsung Electronics CO., LTD.)
S3 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-07-03] (soft Xpansion)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-12-05] (Atheros)

==================== Drivers (Whitelisted) ====================

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.)
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132088 2013-09-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-04-02] (Avira Operations GmbH & Co. KG)
R3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [222360 2012-12-05] (Qualcomm Atheros)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-05] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-10 16:27 - 2013-09-10 16:27 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-08 15:53 - 2013-09-11 16:02 - 97124766 _____ C:\windows\SysWOW64\᯾瞧㺀Ä߿
2013-09-08 13:29 - 2013-09-08 13:29 - 00003279 _____ C:\Users\Michael\Desktop\JRT.txt
2013-09-08 13:21 - 2013-09-08 13:21 - 00000000 ____D C:\windows\ERUNT
2013-09-08 12:41 - 2013-09-08 12:41 - 00001080 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-09-08 11:33 - 2013-09-08 11:35 - 00000000 ____D C:\AdwCleaner
2013-09-08 11:27 - 2013-09-08 11:27 - 01037278 _____ C:\Users\Michael\Downloads\adwcleaner.exe
2013-09-08 10:13 - 2013-09-08 10:13 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Malwarebytes
2013-09-08 10:13 - 2013-09-08 10:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-08 10:13 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-09-07 11:06 - 2013-09-07 11:06 - 00020205 _____ C:\ComboFix.txt
2013-09-07 10:40 - 2013-09-07 10:40 - 02513520 _____ (Dominik Reichl                                              ) C:\Users\Michael\Downloads\KeePass-2.23-Setup.exe
2013-09-07 10:40 - 2013-09-07 10:40 - 00001133 _____ C:\Users\Michael\Desktop\KeePass 2.lnk
2013-09-07 10:39 - 2013-09-07 10:39 - 01850306 _____ (Dominik Reichl                                              ) C:\Users\Michael\Downloads\KeePass-1.26-Setup.exe
2013-09-07 10:10 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2013-09-07 10:10 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2013-09-07 10:10 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-09-07 10:10 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-09-07 10:10 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-09-07 10:10 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\windows\SWXCACLS.exe
2013-09-07 10:10 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2013-09-07 10:10 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2013-09-07 10:10 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2013-09-07 10:09 - 2013-09-07 11:06 - 00000000 ____D C:\Qoobox
2013-09-07 10:09 - 2013-09-07 10:22 - 00000000 ____D C:\windows\erdnt
2013-09-04 17:04 - 2013-09-04 17:10 - 00000000 ____D C:\Users\Michael\Desktop\Neuer Ordner
2013-09-03 03:04 - 2013-09-03 03:07 - 00000000 ____D C:\windows\system32\MRT
2013-09-03 02:58 - 2013-08-13 08:38 - 00032328 _____ C:\windows\Launcher.exe
2013-09-03 01:09 - 2013-05-24 01:02 - 01314816 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2013-09-03 01:09 - 2013-05-24 00:25 - 00694272 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2013-09-03 01:08 - 2013-07-09 08:07 - 02233168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-09-03 01:08 - 2013-07-02 02:44 - 00036288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
2013-09-03 01:08 - 2013-07-02 00:08 - 00247216 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
2013-09-03 01:07 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-09-03 01:07 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-09-03 01:07 - 2013-07-26 07:13 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2013-09-03 01:07 - 2013-07-26 07:13 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2013-09-03 01:07 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-09-03 01:07 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-09-03 01:07 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-09-03 01:07 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-09-03 01:07 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-09-03 01:07 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-09-03 01:07 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-09-03 01:07 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-09-03 01:07 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-09-03 01:07 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-09-03 01:07 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-09-03 01:07 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-09-03 01:07 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-09-03 01:07 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-09-03 01:07 - 2013-07-26 05:13 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2013-09-03 01:07 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-09-03 01:07 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-09-03 01:07 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-09-03 01:07 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-09-03 01:07 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-09-03 01:07 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-09-03 01:07 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-09-03 01:07 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-09-03 01:07 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-09-03 01:07 - 2013-07-26 02:54 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2013-09-03 01:06 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-09-03 01:06 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-09-03 01:06 - 2013-07-13 08:18 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2013-09-03 01:06 - 2013-07-13 08:16 - 01889280 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-09-03 01:06 - 2013-07-13 08:16 - 00068096 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2013-09-03 01:06 - 2013-07-13 08:15 - 00124416 _____ (Microsoft Corporation) C:\windows\system32\apprepapi.dll
2013-09-03 01:06 - 2013-07-13 08:15 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\apprepsync.dll
2013-09-03 01:06 - 2013-07-13 06:24 - 00261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2013-09-03 01:06 - 2013-07-13 06:23 - 01568256 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2013-09-03 01:06 - 2013-07-13 06:23 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\apprepapi.dll
2013-09-03 01:06 - 2013-07-13 06:23 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\apprepsync.dll
2013-09-02 16:26 - 2013-09-04 15:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-09-02 16:04 - 2013-09-02 16:04 - 00000000 ____D C:\FRST
2013-09-02 15:58 - 2013-09-02 15:58 - 00000000 _____ C:\Users\Michael\defogger_reenable
2013-09-02 15:55 - 2013-09-11 16:10 - 00000000 ____D C:\trojana_board_programme

==================== One Month Modified Files and Folders =======

2013-09-11 16:19 - 2013-07-03 15:27 - 01127270 _____ C:\windows\WindowsUpdate.log
2013-09-11 16:14 - 2013-04-19 00:02 - 00000000 ____D C:\Users\Michael\AppData\Roaming\KeePass
2013-09-11 16:10 - 2013-09-02 15:55 - 00000000 ____D C:\trojana_board_programme
2013-09-11 16:05 - 2012-07-26 10:12 - 00000000 ____D C:\windows\AUInstallAgent
2013-09-11 16:04 - 2012-09-18 13:06 - 00000000 ____D C:\ProgramData\WinClon
2013-09-11 16:02 - 2013-09-08 15:53 - 97124766 _____ C:\windows\SysWOW64\᯾瞧㺀Ä߿
2013-09-11 16:02 - 2012-11-22 19:31 - 00000510 _____ C:\windows\Tasks\MATLAB R2011b Startup Accelerator.job
2013-09-11 16:01 - 2012-11-16 18:57 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Dropbox
2013-09-11 16:00 - 2013-09-11 16:00 - 00000000 ___RD C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-09-11 16:00 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\sru
2013-09-11 15:59 - 2012-09-18 12:55 - 00000868 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-09-11 15:57 - 2012-09-19 03:58 - 00764178 _____ C:\windows\system32\perfh007.dat
2013-09-11 15:57 - 2012-09-19 03:58 - 00160770 _____ C:\windows\system32\perfc007.dat
2013-09-11 15:57 - 2012-07-26 09:28 - 01776012 _____ C:\windows\system32\PerfStringBackup.INI
2013-09-10 20:51 - 2012-11-16 21:03 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-09-10 18:51 - 2012-11-16 21:03 - 00003772 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-09-10 16:27 - 2013-09-10 16:27 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-09 16:49 - 2013-03-20 16:10 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Skype
2013-09-08 21:19 - 2013-04-19 00:02 - 00003950 _____ C:\Users\Michael\Documents\NewDatabase.kdbx
2013-09-08 13:29 - 2013-09-08 13:29 - 00003279 _____ C:\Users\Michael\Desktop\JRT.txt
2013-09-08 13:21 - 2013-09-08 13:21 - 00000000 ____D C:\windows\ERUNT
2013-09-08 12:42 - 2013-04-23 08:57 - 00000000 ____D C:\Users\Michael\AppData\Roaming\vlc
2013-09-08 12:41 - 2013-09-08 12:41 - 00001080 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-09-08 11:49 - 2012-11-16 15:06 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2678595623-4148133582-4009595467-1001
2013-09-08 11:44 - 2012-11-16 18:59 - 00000000 ___RD C:\Users\Michael\Dropbox
2013-09-08 11:37 - 2012-07-26 09:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-09-08 11:36 - 2012-07-26 07:26 - 00524288 ___SH C:\windows\system32\config\BBI
2013-09-08 11:35 - 2013-09-08 11:33 - 00000000 ____D C:\AdwCleaner
2013-09-08 11:35 - 2013-07-03 14:57 - 00000000 ____D C:\windows\System32\Tasks\Browser Updater
2013-09-08 11:27 - 2013-09-08 11:27 - 01037278 _____ C:\Users\Michael\Downloads\adwcleaner.exe
2013-09-08 10:50 - 2012-09-18 12:55 - 00000870 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-09-08 10:39 - 2013-07-05 08:05 - 00014194 _____ C:\windows\PFRO.log
2013-09-08 10:39 - 2013-01-17 23:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-08 10:13 - 2013-09-08 10:13 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Malwarebytes
2013-09-08 10:13 - 2013-09-08 10:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-07 11:06 - 2013-09-07 11:06 - 00020205 _____ C:\ComboFix.txt
2013-09-07 11:06 - 2013-09-07 10:09 - 00000000 ____D C:\Qoobox
2013-09-07 11:03 - 2012-07-26 07:26 - 00000215 _____ C:\windows\system.ini
2013-09-07 10:40 - 2013-09-07 10:40 - 02513520 _____ (Dominik Reichl                                              ) C:\Users\Michael\Downloads\KeePass-2.23-Setup.exe
2013-09-07 10:40 - 2013-09-07 10:40 - 00001133 _____ C:\Users\Michael\Desktop\KeePass 2.lnk
2013-09-07 10:40 - 2013-04-18 22:44 - 00000000 ____D C:\Program Files (x86)\KeePass Password Safe 2
2013-09-07 10:39 - 2013-09-07 10:39 - 01850306 _____ (Dominik Reichl                                              ) C:\Users\Michael\Downloads\KeePass-1.26-Setup.exe
2013-09-07 10:25 - 2012-09-18 13:01 - 00000000 ____D C:\Users\EasySurvey
2013-09-07 10:25 - 2012-07-26 07:37 - 00000000 __RHD C:\Users\Default
2013-09-07 10:22 - 2013-09-07 10:09 - 00000000 ____D C:\windows\erdnt
2013-09-07 10:20 - 2012-11-16 14:55 - 00000000 ____D C:\Users\Michael
2013-09-07 10:01 - 2013-07-26 11:55 - 00001592 _____ C:\windows\setupact.log
2013-09-06 23:30 - 2012-07-26 10:12 - 00000000 ____D C:\windows\rescache
2013-09-06 23:00 - 2012-11-16 14:58 - 00000000 ____D C:\Users\Michael\AppData\Local\CrashDumps
2013-09-04 17:10 - 2013-09-04 17:04 - 00000000 ____D C:\Users\Michael\Desktop\Neuer Ordner
2013-09-04 15:45 - 2013-09-02 16:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-09-04 15:37 - 2013-07-03 14:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-04 15:34 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender
2013-09-04 15:34 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-09-03 03:07 - 2013-09-03 03:04 - 00000000 ____D C:\windows\system32\MRT
2013-09-03 03:04 - 2012-12-16 13:59 - 78161360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-09-02 16:04 - 2013-09-02 16:04 - 00000000 ____D C:\FRST
2013-09-02 15:58 - 2013-09-02 15:58 - 00000000 _____ C:\Users\Michael\defogger_reenable
2013-09-02 15:34 - 2013-05-07 16:03 - 00082136 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2013-09-02 15:34 - 2013-04-02 19:29 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2013-09-02 15:34 - 2013-04-02 19:29 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2013-08-13 08:38 - 2013-09-03 02:58 - 00032328 _____ C:\windows\Launcher.exe

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe
C:\Users\Michael\AppData\Local\Temp\vlc-2.0.8-win32.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-09 16:07

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 11.09.2013, 20:37   #13
schrauber
/// the machine
/// TB-Ausbilder
 

Certified Toolbar nach download eingefangen - Standard

Certified Toolbar nach download eingefangen



Adobe updaten.

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
SearchScopes: HKLM-x32 - {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.6&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&q={searchTerms}
SearchScopes: HKCU - DefaultScope {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = 
SearchScopes: HKCU - {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL =
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.09.2013, 15:39   #14
ÖmichlÖ
 
Certified Toolbar nach download eingefangen - Standard

Certified Toolbar nach download eingefangen



hallo
so hab mal wieder zwei erstellt da das erste mal mit netz ...
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-09-2013
Ran by Michael at 2013-09-16 15:26:37 Run:1
Running from C:\trojana_board_programme\RST
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKLM-x32 - {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.6&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&q={searchTerms}
SearchScopes: HKCU - DefaultScope {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = 
SearchScopes: HKCU - {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL =
         




*****************

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} => Key deleted successfully.
HKCR\CLSID\{4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} => Key not found.

==== End of Fixlog ====
         
und das zweite dann ohne netz
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-09-2013
Ran by Michael at 2013-09-16 15:34:43 Run:2
Running from C:\trojana_board_programme\RST
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKLM-x32 - {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=4.6&ts=1372856194327.000002&tguid=46364-3869-1372856194327-079796FBFCE9CFB8A1FF00DA8FBFC992&q={searchTerms}
SearchScopes: HKCU - DefaultScope {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL = 
SearchScopes: HKCU - {4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} URL =
         





*****************

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} => Key not found.
HKCR\Wow6432Node\CLSID\{4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} => Key not found.
HKCR\CLSID\{4C6B4EEC-05FF-4DA8-9174-CB11AA2F4B6C} => Key not found.

==== End of Fixlog ====
         

Alt 16.09.2013, 20:37   #15
schrauber
/// the machine
/// TB-Ausbilder
 

Certified Toolbar nach download eingefangen - Standard

Certified Toolbar nach download eingefangen



Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Certified Toolbar nach download eingefangen
browserfenster, certified, certified toolbar, download, eingefangen, gefangen, geschlossen, hijack.searchpage, kurze, langsamer, löschen, nach download, programm, programme, programmen, pup.optional.hometab.a, pup.optional.iminent.a, sofort, standartprogramme, startseite, toolbar, versuch



Ähnliche Themen: Certified Toolbar nach download eingefangen


  1. PUP.Optional.SearchCertifiedTB.A / search.certified-toolbar
    Plagegeister aller Art und deren Bekämpfung - 06.03.2014 (23)
  2. Hijacker? -> search.certified-toolbar / ständig download wünsche von unbekannten programmen
    Plagegeister aller Art und deren Bekämpfung - 19.10.2013 (20)
  3. certified-toolbar.com entfernen
    Anleitungen, FAQs & Links - 10.10.2013 (2)
  4. search.certified-toolbar.com einfach gelöscht in Firefox
    Log-Analyse und Auswertung - 05.10.2013 (3)
  5. Selbstständiges Öffnen von Webseiten & Certified-Toolbar-Search
    Plagegeister aller Art und deren Bekämpfung - 29.09.2013 (14)
  6. Browser von Highjacker (Certified Toolbar) befallen?
    Log-Analyse und Auswertung - 21.09.2013 (3)
  7. Certified Toolbar: wie kann ich sie löschen?
    Plagegeister aller Art und deren Bekämpfung - 14.09.2013 (7)
  8. Windows 7, search.certified-toolbar.com
    Log-Analyse und Auswertung - 14.09.2013 (21)
  9. Windows 7: Hijackerbefall search.certified-toolbar.com
    Log-Analyse und Auswertung - 11.09.2013 (9)
  10. search.certified-toolbar entfernen?
    Log-Analyse und Auswertung - 01.09.2013 (19)
  11. Windows 7: HomeTab und Certified Toolbar
    Log-Analyse und Auswertung - 16.08.2013 (11)
  12. Search.certified-toolbar.com... Logfile Auswertung
    Log-Analyse und Auswertung - 30.06.2013 (11)
  13. Certified-toolbar -Search Startseite Problem
    Log-Analyse und Auswertung - 16.02.2013 (8)
  14. certified-toolbar entfernen
    Log-Analyse und Auswertung - 31.01.2013 (9)
  15. Certified-toolbar - bekommt man die weg ?
    Mülltonne - 31.01.2013 (0)
  16. certified toolbar eingefangen - Browser hijacker
    Log-Analyse und Auswertung - 29.01.2013 (19)
  17. Certified Toolbar Infektion
    Plagegeister aller Art und deren Bekämpfung - 24.01.2013 (1)

Zum Thema Certified Toolbar nach download eingefangen - Hallo ich habe vor ca. 2 Monaten mir bei einem Download das Programm "Certified Toolbar" eingefangen. Ich habe natürlich sofort versucht, es unter "Standartprogrammen" zu löschen, was leider ohne Erfolg - Certified Toolbar nach download eingefangen...
Archiv
Du betrachtest: Certified Toolbar nach download eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.