Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows 7 : Wie entferne ich Do-Search?

Windows 7 : Wie entferne ich Do-Search?


Log-Analyse und Auswertung: Windows 7 : Wie entferne ich Do-Search?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 22.11.2013, 20:50   #1
Manira
 
Windows 7 : Wie entferne ich Do-Search? - Standard

Windows 7 : Wie entferne ich Do-Search?


Hi,
vielen Dank für die schnelle Antwort!

Code:
ATTFilter
ComboFix 13-11-22.01 - Nina 22.11.2013  20:29:12.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3894.2097 [GMT 1:00]
ausgeführt von:: c:\users\Nina\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Nina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0.localstorage-journal
c:\users\Nina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0.localstorage
c:\windows\SysWow64\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-10-22 bis 2013-11-22  ))))))))))))))))))))))))))))))
.
.
2013-11-22 19:40 . 2013-11-22 19:40	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-11-21 18:20 . 2013-11-21 18:20	--------	d-----w-	c:\program files (x86)\ESET
2013-11-21 18:12 . 2013-11-21 18:12	--------	d-----w-	c:\users\Nina\AppData\Roaming\Malwarebytes
2013-11-21 18:12 . 2013-11-21 18:12	--------	d-----w-	c:\programdata\Malwarebytes
2013-11-20 23:58 . 2013-11-20 23:58	--------	d-----w-	C:\FRST
2013-11-19 22:57 . 2013-11-20 23:18	--------	d-----w-	c:\users\Nina\AppData\Roaming\ShieldApps
2013-11-19 22:57 . 2013-03-04 13:15	21096	----a-w-	c:\windows\system32\roboot64.exe
2013-11-19 21:12 . 2013-11-20 23:40	--------	d-----w-	c:\programdata\eSafe
2013-11-19 21:12 . 2013-11-19 21:12	--------	d-----w-	c:\users\Nina\AppData\Roaming\DealPly
2013-11-13 23:42 . 2013-10-12 08:43	19269632	----a-w-	c:\windows\system32\mshtml.dll
2013-11-11 22:20 . 2013-11-11 22:20	--------	d-----w-	c:\program files\Uninstaller
2013-11-11 22:12 . 2013-11-11 22:13	--------	d-----w-	c:\program files (x86)\JFileManager
2013-11-11 22:12 . 2013-11-14 07:24	--------	d-----w-	c:\program files (x86)\MyPC Backup
2013-11-11 22:12 . 2013-11-11 22:13	--------	d-----w-	c:\program files (x86)\Feven 1.5
2013-11-11 22:12 . 2013-11-11 22:13	--------	d-----w-	c:\program files (x86)\Plus-HD-1.3
2013-11-11 22:11 . 2013-11-11 22:11	--------	d-----w-	c:\program files (x86)\SearchProtect
2013-11-11 22:11 . 2013-11-11 22:11	--------	d-----w-	c:\users\Nina\AppData\Local\SearchProtect
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-13 23:38 . 2012-07-14 00:52	82896128	----a-w-	c:\windows\system32\MRT.exe
2013-10-10 15:35 . 2012-04-11 19:47	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-25 14:25 . 2013-09-25 14:26	74272	----a-w-	c:\windows\system32\RtNicProp64.dll
2013-09-25 14:25 . 2013-09-25 14:26	565352	----a-w-	c:\windows\system32\drivers\Rt64win7.sys
2013-09-25 14:25 . 2011-02-20 00:38	107552	----a-w-	c:\windows\system32\RTNUninst64.dll
2013-09-08 02:30 . 2013-10-11 13:52	1903552	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-11 13:52	327168	----a-w-	c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-11 13:52	231424	----a-w-	c:\windows\SysWow64\mswsock.dll
2013-09-04 12:12 . 2013-10-14 21:07	343040	----a-w-	c:\windows\system32\drivers\usbhub.sys
2013-09-04 12:11 . 2013-10-14 21:07	325120	----a-w-	c:\windows\system32\drivers\usbport.sys
2013-09-04 12:11 . 2013-10-14 21:07	99840	----a-w-	c:\windows\system32\drivers\usbccgp.sys
2013-09-04 12:11 . 2013-10-14 21:07	52736	----a-w-	c:\windows\system32\drivers\usbehci.sys
2013-09-04 12:11 . 2013-10-14 21:07	30720	----a-w-	c:\windows\system32\drivers\usbuhci.sys
2013-09-04 12:11 . 2013-10-14 21:07	25600	----a-w-	c:\windows\system32\drivers\usbohci.sys
2013-09-04 12:11 . 2013-10-14 21:07	7808	----a-w-	c:\windows\system32\drivers\usbd.sys
2013-08-29 02:17 . 2013-10-11 13:52	5549504	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-08-29 02:16 . 2013-10-11 13:51	1732032	----a-w-	c:\windows\system32\ntdll.dll
2013-08-29 02:16 . 2013-10-11 13:51	243712	----a-w-	c:\windows\system32\wow64.dll
2013-08-29 02:16 . 2013-10-11 13:52	859648	----a-w-	c:\windows\system32\tdh.dll
2013-08-29 02:13 . 2013-10-11 13:52	878080	----a-w-	c:\windows\system32\advapi32.dll
2013-08-29 01:51 . 2013-10-11 13:52	3969472	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-11 13:52	3914176	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-11 13:51	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-08-29 01:50 . 2013-10-11 13:51	1292192	----a-w-	c:\windows\SysWow64\ntdll.dll
2013-08-29 01:50 . 2013-10-11 13:51	619520	----a-w-	c:\windows\SysWow64\tdh.dll
2013-08-29 01:48 . 2013-10-11 13:51	640512	----a-w-	c:\windows\SysWow64\advapi32.dll
2013-08-29 01:48 . 2013-10-11 13:51	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2013-08-29 00:49 . 2013-10-11 13:51	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-08-29 00:49 . 2013-10-11 13:51	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-08-29 00:49 . 2013-10-11 13:51	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49 . 2013-10-11 13:51	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-08-28 01:21 . 2013-10-11 13:52	3155968	----a-w-	c:\windows\system32\win32k.sys
2013-08-28 01:12 . 2013-10-11 13:51	461312	----a-w-	c:\windows\system32\scavengeui.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110311121157}]
2013-11-11 22:12	641384	----a-w-	c:\program files (x86)\Plus-HD-1.3\Plus-HD-1.3-bho.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110311851132}]
2013-11-11 22:13	641384	----a-w-	c:\program files (x86)\Feven 1.5\Feven 1.5-bho.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-10-02 20472992]
"Facebook Update"="c:\users\Nina\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-04-19 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-17 336384]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2010-07-23 111640]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
.
c:\users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"LocalAccountTokenFilterPolicy"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Update-Service;Update-Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 BackupStack;Computer Backup (MyPC Backup);c:\program files (x86)\MyPC Backup\BackupStack.exe;c:\program files (x86)\MyPC Backup\BackupStack.exe [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - kwldqpow
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Update-Service-Installer-Service	REG_MULTI_SZ   	Update-Service-Installer-Service
Update-Service	REG_MULTI_SZ   	Update-Service
.
Inhalt des "geplante Tasks" Ordners
.
2013-11-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 15:35]
.
2013-11-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3930853845-1546403764-1166621345-1000Core.job
- c:\users\Nina\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-19 17:33]
.
2013-11-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3930853845-1546403764-1166621345-1000UA.job
- c:\users\Nina\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-19 17:33]
.
2013-11-22 c:\windows\Tasks\Feven 1.5-chromeinstaller.job
- c:\program files (x86)\Feven 1.5\Feven 1.5-chromeinstaller.exe [2013-11-11 22:12]
.
2013-11-22 c:\windows\Tasks\Feven 1.5-codedownloader.job
- c:\program files (x86)\Feven 1.5\Feven 1.5-codedownloader.exe [2013-11-11 22:12]
.
2013-11-22 c:\windows\Tasks\Feven 1.5-enabler.job
- c:\program files (x86)\Feven 1.5\Feven 1.5-enabler.exe [2013-11-11 22:13]
.
2013-11-22 c:\windows\Tasks\Feven 1.5-firefoxinstaller.job
- c:\program files (x86)\Feven 1.5\Feven 1.5-firefoxinstaller.exe [2013-11-11 22:12]
.
2013-11-22 c:\windows\Tasks\Feven 1.5-updater.job
- c:\program files (x86)\Feven 1.5\Feven 1.5-updater.exe [2013-11-11 22:13]
.
2013-11-04 c:\windows\Tasks\HPCeeScheduleForNINA-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
2013-11-18 c:\windows\Tasks\HPCeeScheduleForNina.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
2013-11-22 c:\windows\Tasks\Plus-HD-1.3-chromeinstaller.job
- c:\program files (x86)\Plus-HD-1.3\Plus-HD-1.3-chromeinstaller.exe [2013-11-11 22:12]
.
2013-11-22 c:\windows\Tasks\Plus-HD-1.3-codedownloader.job
- c:\program files (x86)\Plus-HD-1.3\Plus-HD-1.3-codedownloader.exe [2013-11-11 22:12]
.
2013-11-22 c:\windows\Tasks\Plus-HD-1.3-enabler.job
- c:\program files (x86)\Plus-HD-1.3\Plus-HD-1.3-enabler.exe [2013-11-11 22:13]
.
2013-11-22 c:\windows\Tasks\Plus-HD-1.3-firefoxinstaller.job
- c:\program files (x86)\Plus-HD-1.3\Plus-HD-1.3-firefoxinstaller.exe [2013-11-11 22:12]
.
2013-11-22 c:\windows\Tasks\Plus-HD-1.3-updater.job
- c:\program files (x86)\Plus-HD-1.3\Plus-HD-1.3-updater.exe [2013-11-11 22:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-11-09 22:16	2238976	----a-w-	c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-11-09 22:16	2238976	----a-w-	c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-11-09 22:16	2238976	----a-w-	c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-11-09 22:16	2238976	----a-w-	c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-11-09 22:16	2238976	----a-w-	c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-11-29 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-29 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-29 417304]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-12-13 524800]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2013-11-19 21720]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://do-search.com/?type=hp&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX&q={searchTerms}
mDefault_Page_URL = hxxp://do-search.com/?type=hp&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX
mStart Page = hxxp://do-search.com/?type=hp&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://do-search.com/web/?type=ds&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX&q={searchTerms}
IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Nina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Nina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\k2krtde8.default-1375103848156\
FF - prefs.js: browser.search.selectedEngine - do-search
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
Wow6432Node-HKCU-Run-LightScribe Control Panel - c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKCU-Run-Apps Hat - c:\users\Nina\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe
Wow6432Node-HKLM-Run-Easybits Recovery - c:\program files (x86)\EasyBits For Kids\ezRecover.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
@="131473"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-11-22  20:46:55
ComboFix-quarantined-files.txt  2013-11-22 19:46
.
Vor Suchlauf: 9 Verzeichnis(se), 381.758.435.328 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 385.341.526.016 Bytes frei
.
- - End Of File - - 4613A7D416501C7813E562761637920C

Antwort

Themen zu Windows 7 : Wie entferne ich Do-Search?
4d36e972-e325-11ce-bfc1-08002be10318, beste grüße, farbar recovery scan tool, install.exe, launch, malware bytes, minidump, newtab, plug-in, pup.crossfire.sa, pup.optional.adlyrics, pup.optional.babylon, pup.optional.babylontoolbar.a, pup.optional.bandoo, pup.optional.bundleinstaller.a, pup.optional.conduit.a, pup.optional.crossrider.a, pup.optional.dealply.a, pup.optional.domaiq, pup.optional.domaliq.a, pup.optional.dosearch.a, pup.optional.downloadsponsor.a, pup.optional.feven.a, pup.optional.installcore.a, pup.optional.jumpyapps, pup.optional.minibar.a, pup.optional.optimizepro.a, pup.optional.optimizerpro.a, pup.optional.plushd.a, pup.optional.qone8, pup.optional.solimba, pup.optional.somoto.a, pup.optional.wajam, pup.optional.wajam.a, pup.optional.wsys.a, safer networking, tunnel


« Abmahnungsmail von Urmann .Habe dummerweise den Anhang geöffnet | http://creative.m2pub.com/... »


Ähnliche Themen: Windows 7 : Wie entferne ich Do-Search?


  1. WINDOWS 7: C:\PROGRA~2\SEARCH~2\SEARCH~1\bin\VC32LO~1.DLL - ungültiges Bild
    Log-Analyse und Auswertung - 01.04.2015 (11)
  2. WINDOWS 7: C:\PROGRA~2\SEARCH~2\SEARCH~1\bin\VC64LO~1.DLL - ungültiges Bild
    Log-Analyse und Auswertung - 28.03.2015 (21)
  3. C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL ist entweder nicht für die Ausführung unter Windows vorgesehen...
    Plagegeister aller Art und deren Bekämpfung - 16.03.2015 (17)
  4. Windows 7 : Fehlermeldung : Bad Image C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL
    Plagegeister aller Art und deren Bekämpfung - 15.03.2015 (11)
  5. : ungültiges Bild (C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL) Windows 7
    Log-Analyse und Auswertung - 15.03.2015 (19)
  6. C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL ist entweder nicht für die Ausführung unter Windows vorgesehe
    Plagegeister aller Art und deren Bekämpfung - 06.02.2015 (5)
  7. Ungewollte Startseite in den Browsern - http://www.default-search.net - wie entferne ich das?
    Plagegeister aller Art und deren Bekämpfung - 23.09.2014 (17)
  8. Wie entferne ich tlb search von mozilla firefox, betriebssystem windows xp???
    Plagegeister aller Art und deren Bekämpfung - 23.09.2014 (12)
  9. Wie entferne ich Search Protect richtig?
    Plagegeister aller Art und deren Bekämpfung - 26.07.2014 (21)
  10. wie entferne ich unter Windows 7 Postbankrojaner ?
    Log-Analyse und Auswertung - 20.12.2013 (11)
  11. Delta Search und Babylon search - Malware durch Freeware, Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 16.07.2013 (37)
  12. wie entferne ich delta search?
    Log-Analyse und Auswertung - 21.03.2013 (24)
  13. wie entferne ich delta search II
    Log-Analyse und Auswertung - 14.03.2013 (13)
  14. Wie entferne ich den Firefox Claro search?
    Plagegeister aller Art und deren Bekämpfung - 13.12.2012 (11)
  15. Wie entferne ich Windows Vista 32bit
    Alles rund um Windows - 17.07.2012 (6)
  16. Windows Verschlüsselungs Trojaner wie entferne ich ?
    Plagegeister aller Art und deren Bekämpfung - 01.06.2012 (3)
  17. Hilfe! Wie entferne ich "Home Search" aus dem IE?
    Log-Analyse und Auswertung - 04.09.2004 (35)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows 7 : Wie entferne ich Do-Search? - Hi, vielen Dank für die schnelle Antwort! Code: Alles auswählen Aufklappen ATTFilter ComboFix 13-11-22.01 - Nina 22.11.2013 20:29:12.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3894.2097 [GMT 1:00] ausgeführt von:: - Windows 7 : Wie entferne ich Do-Search?...
Archiv
Du betrachtest: Windows 7 : Wie entferne ich Do-Search? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55